- and CNPG infrastructure components Add three critical infrastructure components via GitOps: - Velero: Backup and disaster recovery solution - Configured with Minio S3 backend - Daily full cluster backups (30-day retention) - Hourly backups for critical namespaces (7-day retention) - Credentials managed via External Secrets from Vault - Falco: Runtime security monitoring - eBPF-based threat detection - Custom rules for container security - Falcosidekick for alert forwarding - Prometheus metrics enabled - CNPG (CloudNativePG): PostgreSQL operator - Kubernetes-native PostgreSQL management - Automated failover and backups - Will replace Bitnami PostgreSQL All components follow existing GitOps patterns: - Helm charts deployed via ArgoCD - Values managed in Git - Automated sync with selfHeal enabled
- for vault-backend - Create cluster-wide secret store for External Secrets Operator - Configure Kubernetes auth with external-secrets service account - Enable all namespaces to access Vault secrets via ClusterSecretStore
- Update repoURL to cluster-infrastructure repo - Change source repository reference
