Kamil Krzywicki camaeel

## tasks.yaml

- name: create ~/.docker/config.json file
  copy:
    content: "{}"
    dest: ~/.docker/config.json
    force: false

- name: Load file
  ansible.builtin.slurp:
    src: ~/.docker/config.json

## Dockerfile
FROM alpine AS lambdarie

RUN apk add curl && \
    mkdir -p /.aws-lambda-rie && \
    curl -Lo /.aws-lambda-rie/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-arm64 && \
    chmod +x /.aws-lambda-rie/aws-lambda-rie

FROM golang:1.23 AS builder

ADD go.mod go.sum /app/

## ansible-apt-repo.yml
    - name: Add repos
      deb822_repository:
        name: "{{ item.name }}"
        types: "{{ item.repo.split()[0] }}"
        uris: "{{ item.repo.split()[1] }}"
        suites: "{{ item.repo.split()[2] }}"
        components: "{{ item.repo.split()[3] }}"
        architectures: "{{ item.architecture | default(omit) }}"
        signed_by: "{{ item.key }}"
      loop:

## template-restore.yml
---
# Source: example-app/charts/cnpgdb/templates/backup-sa.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: example-app-cnpgdb-db-backup-aws-creds
---
# Source: example-app/templates/service.yaml
apiVersion: v1
kind: Service

## crunchydata pgo
```
apiVersion: v1
items:
- apiVersion: postgres-operator.crunchydata.com/v1beta1
  kind: PostgresCluster
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"postgres-operator.crunchydata.com/v1beta1","kind":"PostgresCluster","metadata":{"annotations":{},"name":"demo","namespace":"test-crunchy-pgsql"},"spec":{"backups":{"pgbackrest":{"repos":[{"name":"repo1","volume":{"volumeClaimSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"nas-nfs-ephemeral"}}}]}},"instances":[{"containers":[{"name":"postgres-startup","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"database","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"nss-wrapper-init","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"replication-cert-copy","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}}],"dataVolumeClaimSpec":{"accessModes":["ReadWriteOnce"],"resources"

## go.mod
module dummy

go 1.19

require github.com/hashicorp/vault v1.11.3

require (
	cloud.google.com/go v0.102.1 // indirect
	cloud.google.com/go/compute v1.7.0 // indirect
	cloud.google.com/go/iam v0.3.0 // indirect

## generate_cert.sh
#!/bin/bash

set -e

NAMESPACE=vault
SERVICE=vault
DIRECTORY=certs
CSR_NAME=vault
SECRET_NAME=vault-server-tls

	- name: create ~/.docker/config.json file
	copy:
	content: "{}"
	dest: ~/.docker/config.json
	force: false

	- name: Load file
	ansible.builtin.slurp:
	src: ~/.docker/config.json
	FROM alpine AS lambdarie

	RUN apk add curl && \
	mkdir -p /.aws-lambda-rie && \
	curl -Lo /.aws-lambda-rie/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-arm64 && \
	chmod +x /.aws-lambda-rie/aws-lambda-rie

	FROM golang:1.23 AS builder

	ADD go.mod go.sum /app/
	- name: Add repos
	deb822_repository:
	name: "{{ item.name }}"
	types: "{{ item.repo.split()[0] }}"
	uris: "{{ item.repo.split()[1] }}"
	suites: "{{ item.repo.split()[2] }}"
	components: "{{ item.repo.split()[3] }}"
	architectures: "{{ item.architecture \| default(omit) }}"
	signed_by: "{{ item.key }}"
	loop:
	---
	# Source: example-app/charts/cnpgdb/templates/backup-sa.yml
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: example-app-cnpgdb-db-backup-aws-creds
	---
	# Source: example-app/templates/service.yaml
	apiVersion: v1
	kind: Service
	```
	apiVersion: v1
	items:
	- apiVersion: postgres-operator.crunchydata.com/v1beta1
	kind: PostgresCluster
	metadata:
	annotations:
	kubectl.kubernetes.io/last-applied-configuration: \|
	{"apiVersion":"postgres-operator.crunchydata.com/v1beta1","kind":"PostgresCluster","metadata":{"annotations":{},"name":"demo","namespace":"test-crunchy-pgsql"},"spec":{"backups":{"pgbackrest":{"repos":[{"name":"repo1","volume":{"volumeClaimSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"nas-nfs-ephemeral"}}}]}},"instances":[{"containers":[{"name":"postgres-startup","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"database","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"nss-wrapper-init","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}},{"name":"replication-cert-copy","securityContext":{"seccompProfile":{"type":"RuntimeDefault"}}}],"dataVolumeClaimSpec":{"accessModes":["ReadWriteOnce"],"resources"
	module dummy

	go 1.19

	require github.com/hashicorp/vault v1.11.3

	require (
	cloud.google.com/go v0.102.1 // indirect
	cloud.google.com/go/compute v1.7.0 // indirect
	cloud.google.com/go/iam v0.3.0 // indirect
	#!/bin/bash

	set -e

	NAMESPACE=vault
	SERVICE=vault
	DIRECTORY=certs
	CSR_NAME=vault
	SECRET_NAME=vault-server-tls