From 098513db8ad451fabae9d5f8a40c7104520ca038 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 25 Apr 2026 21:00:14 -0500 Subject: [PATCH] feat: move to chart and namespace --- clusters/cl01tl/helm/directus/Chart.lock | 7 +- clusters/cl01tl/helm/directus/Chart.yaml | 5 + clusters/cl01tl/helm/directus/values.yaml | 21 +++ .../rclone/templates/external-secret.yaml | 66 ++++---- clusters/cl01tl/helm/rclone/values.yaml | 156 +++++++++--------- 5 files changed, 142 insertions(+), 113 deletions(-) diff --git a/clusters/cl01tl/helm/directus/Chart.lock b/clusters/cl01tl/helm/directus/Chart.lock index 2d844d12b..eecb664e0 100644 --- a/clusters/cl01tl/helm/directus/Chart.lock +++ b/clusters/cl01tl/helm/directus/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: valkey repository: oci://harbor.alexlebens.net/helm-charts version: 0.6.1 -digest: sha256:e3d9d7bc069b79ec37769f77d691cda3b8bd92e37a9d1dd2ef8279dc6d2b6cde -generated: "2026-04-24T21:50:43.755575922Z" +- name: rclone-bucket + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.2.0 +digest: sha256:b95c228173eb2e4914c37d5c8b3753ad644a90dc9f7f4357dbc1cbf15004961b +generated: "2026-04-25T20:59:03.456994-05:00" diff --git a/clusters/cl01tl/helm/directus/Chart.yaml b/clusters/cl01tl/helm/directus/Chart.yaml index 24e9562c1..d0cf0f4f3 100644 --- a/clusters/cl01tl/helm/directus/Chart.yaml +++ b/clusters/cl01tl/helm/directus/Chart.yaml @@ -12,6 +12,7 @@ sources: - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket maintainers: - name: alexlebens dependencies: @@ -27,6 +28,10 @@ dependencies: alias: valkey version: 0.6.1 repository: oci://harbor.alexlebens.net/helm-charts + - name: rclone-bucket + alias: rclone-directus-assets-remote + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.2.0 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png # renovate: datasource=github-releases depName=directus/directus appVersion: 11.17.3 diff --git a/clusters/cl01tl/helm/directus/values.yaml b/clusters/cl01tl/helm/directus/values.yaml index 547bac830..caaff04a8 100644 --- a/clusters/cl01tl/helm/directus/values.yaml +++ b/clusters/cl01tl/helm/directus/values.yaml @@ -214,3 +214,24 @@ valkey: # https://github.com/valkey-io/valkey-helm/issues/135 metrics: enabled: false +rclone-directus-assets-remote: + cronJob: + suspend: false + schedule: 0 0 * * * + rclone: + source: + bucketName: directus-assets + destination: + bucketName: directus-assets + secret: + externalSecret: + source: + credentials: + path: /garage/home-infra/directus-assets + config: + path: /garage/config + destination: + credentials: + path: /garage/home-infra/directus-assets + config: + path: /garage/config diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml index 0aa6def48..1cef10a17 100644 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml @@ -1,36 +1,36 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-directus-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-directus-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/directus-assets - property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/directus-assets - property: ACCESS_REGION - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/directus-assets - property: ACCESS_SECRET_KEY - - secretKey: SRC_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL - - secretKey: DEST_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE +# apiVersion: external-secrets.io/v1 +# kind: ExternalSecret +# metadata: +# name: garage-directus-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: garage-directus-secret +# {{- include "custom.labels" . | nindent 4 }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: openbao +# data: +# - secretKey: ACCESS_KEY_ID +# remoteRef: +# key: /garage/home-infra/directus-assets +# property: ACCESS_KEY_ID +# - secretKey: ACCESS_REGION +# remoteRef: +# key: /garage/home-infra/directus-assets +# property: ACCESS_REGION +# - secretKey: ACCESS_SECRET_KEY +# remoteRef: +# key: /garage/home-infra/directus-assets +# property: ACCESS_SECRET_KEY +# - secretKey: SRC_ENDPOINT +# remoteRef: +# key: /garage/config +# property: ENDPOINT_LOCAL +# - secretKey: DEST_ENDPOINT +# remoteRef: +# key: /garage/config +# property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 diff --git a/clusters/cl01tl/helm/rclone/values.yaml b/clusters/cl01tl/helm/rclone/values.yaml index 22765c63f..8f0c243dd 100644 --- a/clusters/cl01tl/helm/rclone/values.yaml +++ b/clusters/cl01tl/helm/rclone/values.yaml @@ -1,83 +1,83 @@ rclone: controllers: - directus-assets: - type: cronjob - cronjob: - suspend: false - timeZone: America/Chicago - schedule: 0 0 * * * - backoffLimit: 3 - parallelism: 1 - containers: - sync: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - sync - - src:directus-assets - - dest:directus-assets - - --s3-no-check-bucket - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: false - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: SRC_ENDPOINT - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-directus-secret - key: DEST_ENDPOINT - - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE - value: true + # directus-assets: + # type: cronjob + # cronjob: + # suspend: false + # timeZone: America/Chicago + # schedule: 0 0 * * * + # backoffLimit: 3 + # parallelism: 1 + # containers: + # sync: + # image: + # repository: rclone/rclone + # tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 + # args: + # - sync + # - src:directus-assets + # - dest:directus-assets + # - --s3-no-check-bucket + # - --verbose + # env: + # - name: RCLONE_S3_PROVIDER + # value: Other + # - name: RCLONE_CONFIG_SRC_TYPE + # value: s3 + # - name: RCLONE_CONFIG_SRC_PROVIDER + # value: Other + # - name: RCLONE_CONFIG_SRC_ENV_AUTH + # value: false + # - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_KEY_ID + # - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_SECRET_KEY + # - name: RCLONE_CONFIG_SRC_REGION + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_REGION + # - name: RCLONE_CONFIG_SRC_ENDPOINT + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: SRC_ENDPOINT + # - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + # value: true + # - name: RCLONE_CONFIG_DEST_TYPE + # value: s3 + # - name: RCLONE_CONFIG_DEST_PROVIDER + # value: Other + # - name: RCLONE_CONFIG_DEST_ENV_AUTH + # value: false + # - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_KEY_ID + # - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_SECRET_KEY + # - name: RCLONE_CONFIG_DEST_REGION + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: ACCESS_REGION + # - name: RCLONE_CONFIG_DEST_ENDPOINT + # valueFrom: + # secretKeyRef: + # name: garage-directus-secret + # key: DEST_ENDPOINT + # - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE + # value: true karakeep-assets: type: cronjob cronjob: