diff --git a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml index dfedb5af0..7ce8f3216 100644 --- a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml +++ b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2025.11.1 - helm.sh/chart: cloudflared-1.23.2 + helm.sh/chart: cloudflared-2.0.0 namespace: code-server spec: revisionHistoryLimit: 3 diff --git a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml index 87b98f6af..d991a454b 100644 --- a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml @@ -4,9 +4,12 @@ metadata: name: code-server-cloudflared-secret namespace: code-server labels: - app.kubernetes.io/name: code-server-cloudflared-secret + helm.sh/chart: cloudflared-2.0.0 app.kubernetes.io/instance: code-server app.kubernetes.io/part-of: code-server + app.kubernetes.io/version: "2.0.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: code-server-cloudflared-secret spec: secretStoreRef: kind: ClusterSecretStore @@ -16,6 +19,6 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cloudflare/tunnels/codeserver + key: /cloudflare/tunnels//code-server metadataPolicy: None property: token diff --git a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml index 61c27e5d1..09af5107f 100644 --- a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml +++ b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml @@ -11,7 +11,7 @@ metadata: namespace: jellyfin spec: revisionHistoryLimit: 3 - replicas: 3 + replicas: 1 strategy: type: Recreate selector: diff --git a/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml b/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml index aa8d1877f..88623328b 100644 --- a/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml +++ b/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "30 4 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml b/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml index b085107be..4c8d4ef2f 100644 --- a/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml +++ b/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 0 1 1 *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml index 4567db6dc..b2c14f863 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml index 2f49bf45a..9af778704 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml index e1b5c4c46..27d702d67 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml index 818102207..7ed723890 100644 --- a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-4k-config-backup-secret + name: radarr-4k-config-backup-secret-external namespace: radarr-4k labels: - app.kubernetes.io/name: radarr-4k-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-4k app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-4k/radarr5-4k-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml new file mode 100644 index 000000000..e52266ab3 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-4k-config-backup-secret-local + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml new file mode 100644 index 000000000..6615f636c --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-4k-config-backup-secret-remote + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml index 0d9deb9d4..c286ba4ec 100644 --- a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-4k-config-backup-source + name: radarr-4k-config-backup-source-external namespace: radarr-4k labels: - app.kubernetes.io/name: radarr-4k-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-4k app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup spec: sourcePVC: radarr-4k-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-4k-config-backup-secret + repository: radarr-4k-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml new file mode 100644 index 000000000..dc7ee132b --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-4k-config-backup-source-local + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup +spec: + sourcePVC: radarr-4k-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-4k-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml new file mode 100644 index 000000000..40d8df4c8 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-4k-config-backup-source-remote + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup +spec: + sourcePVC: radarr-4k-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-4k-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml index b1894b01d..23b624cd4 100644 --- a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-anime-config-backup-secret + name: radarr-anime-config-backup-secret-external namespace: radarr-anime labels: - app.kubernetes.io/name: radarr-anime-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-anime app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-anime/radarr5-anime-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml new file mode 100644 index 000000000..744bc7061 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-anime-config-backup-secret-local + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml new file mode 100644 index 000000000..2a1bc6762 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-anime-config-backup-secret-remote + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml index 0dd650bfa..a47c3449a 100644 --- a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-anime-config-backup-source + name: radarr-anime-config-backup-source-external namespace: radarr-anime labels: - app.kubernetes.io/name: radarr-anime-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-anime app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup spec: sourcePVC: radarr-anime-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-anime-config-backup-secret + repository: radarr-anime-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml new file mode 100644 index 000000000..b5dd5e417 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-anime-config-backup-source-local + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup +spec: + sourcePVC: radarr-anime-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-anime-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml new file mode 100644 index 000000000..9514045a3 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-anime-config-backup-source-remote + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup +spec: + sourcePVC: radarr-anime-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-anime-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml index e958877cc..ff77ac582 100644 --- a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-standup-config-backup-secret + name: radarr-standup-config-backup-secret-external namespace: radarr-standup labels: - app.kubernetes.io/name: radarr-standup-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-standup app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-standup/radarr5-standup-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml new file mode 100644 index 000000000..720f77e56 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-standup-config-backup-secret-local + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml new file mode 100644 index 000000000..e4c040939 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-standup-config-backup-secret-remote + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml index f5f2e7819..28c11efcc 100644 --- a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-standup-config-backup-source + name: radarr-standup-config-backup-source-external namespace: radarr-standup labels: - app.kubernetes.io/name: radarr-standup-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-standup app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup spec: sourcePVC: radarr-standup-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-standup-config-backup-secret + repository: radarr-standup-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml new file mode 100644 index 000000000..833c81809 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-standup-config-backup-source-local + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup +spec: + sourcePVC: radarr-standup-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-standup-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml new file mode 100644 index 000000000..6842b9c97 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-standup-config-backup-source-remote + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup +spec: + sourcePVC: radarr-standup-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-standup-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml similarity index 69% rename from clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml index bea7b3399..5012a0d1c 100644 --- a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-config-backup-secret + name: radarr-config-backup-secret-external namespace: radarr labels: - app.kubernetes.io/name: radarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5/radarr5-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..c4faa37ab --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-config-backup-secret-local + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..76f5b9e2e --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-config-backup-secret-remote + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml index 02c38eab5..b0860b52c 100644 --- a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-config-backup-source + name: radarr-config-backup-source-external namespace: radarr labels: - app.kubernetes.io/name: radarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup spec: sourcePVC: radarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-config-backup-secret + repository: radarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml new file mode 100644 index 000000000..1d5f0b386 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-config-backup-source-local + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup +spec: + sourcePVC: radarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..4b0e6d340 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-config-backup-source-remote + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup +spec: + sourcePVC: radarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml b/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml index 05c8baf84..0f985a351 100644 --- a/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml +++ b/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "30 4 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml rename to clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml index d7ff5bdc7..2c35d2deb 100644 --- a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: roundcube-data-backup-secret + name: roundcube-data-backup-secret-external namespace: roundcube labels: - app.kubernetes.io/name: roundcube-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: roundcube app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml new file mode 100644 index 000000000..6bd406880 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: roundcube-data-backup-secret-local + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml new file mode 100644 index 000000000..620753948 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: roundcube-data-backup-secret-remote + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml rename to clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml index 34c8e7977..e3bb76cbc 100644 --- a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: roundcube-data-backup-source + name: roundcube-data-backup-source-external namespace: roundcube labels: - app.kubernetes.io/name: roundcube-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: roundcube app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup spec: sourcePVC: roundcube-data trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: roundcube-data-backup-secret + repository: roundcube-data-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml new file mode 100644 index 000000000..711484942 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: roundcube-data-backup-source-local + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup +spec: + sourcePVC: roundcube-data + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: roundcube-data-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml new file mode 100644 index 000000000..fdb09a036 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: roundcube-data-backup-source-remote + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup +spec: + sourcePVC: roundcube-data + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: roundcube-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml similarity index 72% rename from clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml rename to clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml index 31e1b4d7e..ad2df0690 100644 --- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: searxng-browser-data-backup-secret + name: searxng-browser-data-backup-secret-external namespace: searxng labels: - app.kubernetes.io/name: searxng-browser-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml new file mode 100644 index 000000000..8611d9966 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: searxng-browser-data-backup-secret-local + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml new file mode 100644 index 000000000..c6268dde5 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: searxng-browser-data-backup-secret-remote + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml similarity index 61% rename from clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml rename to clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml index 32e64ba9a..c41aaa481 100644 --- a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: searxng-browser-data-backup-source + name: searxng-browser-data-backup-source-external namespace: searxng labels: - app.kubernetes.io/name: searxng-browser-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup spec: sourcePVC: searxng-browser-data trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: searxng-browser-data-backup-secret + repository: searxng-browser-data-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml new file mode 100644 index 000000000..aadd8bc77 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: searxng-browser-data-backup-source-local + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup +spec: + sourcePVC: searxng-browser-data + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: searxng-browser-data-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml new file mode 100644 index 000000000..28def92c0 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: searxng-browser-data-backup-source-remote + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup +spec: + sourcePVC: searxng-browser-data + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: searxng-browser-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml index e0cabb226..0c116da4b 100644 --- a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: seerr-config-backup-secret + name: seerr-seerr-chart-config-backup-secret-external namespace: seerr labels: - app.kubernetes.io/name: seerr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml new file mode 100644 index 000000000..e4abfc993 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: seerr-seerr-chart-config-backup-secret-local + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml new file mode 100644 index 000000000..dfaaa3d25 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: seerr-seerr-chart-config-backup-secret-remote + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml similarity index 60% rename from clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml rename to clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml index 04b925b57..8b6ba7f3a 100644 --- a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml @@ -1,26 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: seerr-config-backup-source + name: seerr-seerr-chart-config-backup-source-external namespace: seerr labels: - app.kubernetes.io/name: seerr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup spec: sourcePVC: seerr-seerr-chart-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: seerr-config-backup-secret + repository: seerr-seerr-chart-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml new file mode 100644 index 000000000..46fcd1bb3 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: seerr-seerr-chart-config-backup-source-local + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup +spec: + sourcePVC: seerr-seerr-chart-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: seerr-seerr-chart-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml new file mode 100644 index 000000000..1912bd29a --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: seerr-seerr-chart-config-backup-source-remote + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup +spec: + sourcePVC: seerr-seerr-chart-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: seerr-seerr-chart-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml index 2c785991c..1fbbf5892 100644 --- a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-4k-config-backup-secret + name: sonarr-4k-config-backup-secret-external namespace: sonarr-4k labels: - app.kubernetes.io/name: sonarr-4k-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-4k app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4-4k/sonarr4-4k-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml new file mode 100644 index 000000000..615c24ca4 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-4k-config-backup-secret-local + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml new file mode 100644 index 000000000..332f0f8b3 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-4k-config-backup-secret-remote + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml index 21ce41fde..c76838bc4 100644 --- a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-4k-config-backup-source + name: sonarr-4k-config-backup-source-external namespace: sonarr-4k labels: - app.kubernetes.io/name: sonarr-4k-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-4k app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup spec: sourcePVC: sonarr-4k-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-4k-config-backup-secret + repository: sonarr-4k-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml new file mode 100644 index 000000000..43f96ea38 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-4k-config-backup-source-local + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup +spec: + sourcePVC: sonarr-4k-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-4k-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml new file mode 100644 index 000000000..f8705678f --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-4k-config-backup-source-remote + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup +spec: + sourcePVC: sonarr-4k-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-4k-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml index 8bb07e89d..359ccf910 100644 --- a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-anime-config-backup-secret + name: sonarr-anime-config-backup-secret-external namespace: sonarr-anime labels: - app.kubernetes.io/name: sonarr-anime-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-anime app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4-anime/sonarr4-anime-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml new file mode 100644 index 000000000..f0b3355ac --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-anime-config-backup-secret-local + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml new file mode 100644 index 000000000..53e2ecba3 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-anime-config-backup-secret-remote + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml index dcfef0986..3eb2268fa 100644 --- a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-anime-config-backup-source + name: sonarr-anime-config-backup-source-external namespace: sonarr-anime labels: - app.kubernetes.io/name: sonarr-anime-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-anime app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup spec: sourcePVC: sonarr-anime-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-anime-config-backup-secret + repository: sonarr-anime-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml new file mode 100644 index 000000000..d41ab5b5c --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-anime-config-backup-source-local + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup +spec: + sourcePVC: sonarr-anime-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-anime-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml new file mode 100644 index 000000000..c5c155024 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-anime-config-backup-source-remote + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup +spec: + sourcePVC: sonarr-anime-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-anime-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml similarity index 69% rename from clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml index a108c5937..1f0e08a03 100644 --- a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-config-backup-secret + name: sonarr-config-backup-secret-external namespace: sonarr labels: - app.kubernetes.io/name: sonarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4/sonarr4-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..2a15ca862 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-config-backup-secret-local + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..a0e0680ad --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-config-backup-secret-remote + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml index cee111b2e..f1c2dc915 100644 --- a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-config-backup-source + name: sonarr-config-backup-source-external namespace: sonarr labels: - app.kubernetes.io/name: sonarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup spec: sourcePVC: sonarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-config-backup-secret + repository: sonarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml new file mode 100644 index 000000000..0422cccfa --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-config-backup-source-local + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup +spec: + sourcePVC: sonarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..a286a727e --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-config-backup-source-remote + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup +spec: + sourcePVC: sonarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml rename to clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml index 01add9a45..9debc7e98 100644 --- a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml @@ -1,14 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: stalwart-config-backup-secret + name: stalwart-config-backup-secret-external namespace: stalwart labels: - app.kubernetes.io/name: stalwart-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: stalwart - app.kubernetes.io/version: v0.14.1 - app.kubernetes.io/component: backup app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -24,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -47,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml new file mode 100644 index 000000000..e968ffa94 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-config-backup-secret-local + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/stalwart/stalwart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml new file mode 100644 index 000000000..a75118a12 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-config-backup-secret-remote + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/stalwart/stalwart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml rename to clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml index 4a2621ab3..8f6348509 100644 --- a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: stalwart-config-backup-source + name: stalwart-config-backup-source-external namespace: stalwart labels: - app.kubernetes.io/name: stalwart-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: stalwart app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup spec: sourcePVC: stalwart-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: stalwart-config-backup-secret + repository: stalwart-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml new file mode 100644 index 000000000..c94edacaa --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: stalwart-config-backup-source-local + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup +spec: + sourcePVC: stalwart-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: stalwart-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml new file mode 100644 index 000000000..9fb07c78f --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: stalwart-config-backup-source-remote + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup +spec: + sourcePVC: stalwart-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: stalwart-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml index e2f573b2a..5d793b38f 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml index 45209e08b..8ba4fef2a 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "10 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml index 76eb35a68..10515c9f2 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "20 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos.yaml index 21150ef80..e42fd2139 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 2 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml rename to clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml index 8a309f470..a88749ccf 100644 --- a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tautulli-config-backup-secret + name: tautulli-config-backup-secret-external namespace: tautulli labels: - app.kubernetes.io/name: tautulli-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tautulli app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml new file mode 100644 index 000000000..2b6663d0f --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tautulli-config-backup-secret-local + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tautulli/tautulli-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml new file mode 100644 index 000000000..6e93f70cb --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tautulli-config-backup-secret-remote + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tautulli/tautulli-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml rename to clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml index 33a351e33..167874cd2 100644 --- a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tautulli-config-backup-source + name: tautulli-config-backup-source-external namespace: tautulli labels: - app.kubernetes.io/name: tautulli-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tautulli app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup spec: sourcePVC: tautulli-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tautulli-config-backup-secret + repository: tautulli-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml new file mode 100644 index 000000000..d561677ec --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tautulli-config-backup-source-local + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup +spec: + sourcePVC: tautulli-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tautulli-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml new file mode 100644 index 000000000..f557f246a --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tautulli-config-backup-source-remote + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup +spec: + sourcePVC: tautulli-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tautulli-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml index 6f9068153..108abfcdf 100644 --- a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tdarr-config-backup-secret + name: tdarr-config-backup-secret-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..acad7e3cd --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-config-backup-secret-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..0d86e41a7 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-config-backup-secret-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml rename to clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml index ea7923616..c1a33473d 100644 --- a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tdarr-server-backup-secret + name: tdarr-server-backup-secret-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-server-backup-secret + helm.sh/chart: volsync-target-server-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml new file mode 100644 index 000000000..6b954213a --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-server-backup-secret-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-server" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml new file mode 100644 index 000000000..3572b0d6d --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-server-backup-secret-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-server" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml index 4d6b8a832..3bbf2970e 100644 --- a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tdarr-config-backup-source + name: tdarr-config-backup-source-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup spec: sourcePVC: tdarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tdarr-config-backup-secret + repository: tdarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml new file mode 100644 index 000000000..8b13ee1f2 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-config-backup-source-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup +spec: + sourcePVC: tdarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..c9cb60d58 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-config-backup-source-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup +spec: + sourcePVC: tdarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml rename to clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml index 433668a58..a178b213e 100644 --- a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tdarr-server-backup-source + name: tdarr-server-backup-source-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-server-backup-source + helm.sh/chart: volsync-target-server-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup spec: sourcePVC: tdarr-server trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tdarr-server-backup-secret + repository: tdarr-server-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml new file mode 100644 index 000000000..b17d232bb --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-server-backup-source-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup +spec: + sourcePVC: tdarr-server + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-server-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml new file mode 100644 index 000000000..823c57599 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-server-backup-source-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup +spec: + sourcePVC: tdarr-server + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-server-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index 73237534d..87a48a5ff 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -15,7 +15,7 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 4 * * *" - successfulJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml rename to clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml index ba6421e8f..b4d985dd4 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vaultwarden-data-backup-secret + name: vaultwarden-data-backup-secret-external namespace: vaultwarden labels: - app.kubernetes.io/name: vaultwarden-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml new file mode 100644 index 000000000..35b7f9e70 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: vaultwarden-data-backup-secret-local + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/vaultwarden/vaultwarden-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml new file mode 100644 index 000000000..a8560db23 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: vaultwarden-data-backup-secret-remote + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/vaultwarden/vaultwarden-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml new file mode 100644 index 000000000..8c4d45611 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: vaultwarden-data-backup-source-external + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup +spec: + sourcePVC: vaultwarden-data + trigger: + schedule: 0 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: vaultwarden-data-backup-secret-external + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml similarity index 59% rename from clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml rename to clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml index be2c3590b..b461ebb38 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: vaultwarden-data-backup-source + name: vaultwarden-data-backup-source-local namespace: vaultwarden labels: - app.kubernetes.io/name: vaultwarden-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup spec: sourcePVC: vaultwarden-data trigger: - schedule: 0 4 * * * + schedule: 0 0 0 * * * restic: pruneIntervalDays: 7 - repository: vaultwarden-data-backup-secret + repository: vaultwarden-data-backup-secret-local retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml new file mode 100644 index 000000000..bfff5fc85 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: vaultwarden-data-backup-source-remote + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup +spec: + sourcePVC: vaultwarden-data + trigger: + schedule: 0 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: vaultwarden-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi