From 1ba0b9714b7e801a909c2ba732414577d5bdae9d Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 6 Mar 2025 23:05:06 -0600 Subject: [PATCH] enable backups --- .../headlamp/templates/external-secret.yaml | 59 ------ .../templates/replication-source.yaml | 27 --- .../grafana/templates/external-secret.yaml | 116 ++++++------ .../grafana/templates/replication-source.yaml | 60 +++--- .../templates/replication-source.yaml | 82 ++++---- .../ollama/templates/external-secret.yaml | 175 ++++++------------ .../ollama/templates/replication-source.yaml | 89 +++------ .../stalwart/templates/external-secret.yaml | 116 ++++++------ .../templates/replication-source.yaml | 54 +++--- .../pgadmin/templates/external-secret.yaml | 116 ++++++------ .../pgadmin/templates/replication-source.yaml | 60 +++--- 11 files changed, 390 insertions(+), 564 deletions(-) delete mode 100644 clusters/cl01tl/management/headlamp/templates/replication-source.yaml diff --git a/clusters/cl01tl/management/headlamp/templates/external-secret.yaml b/clusters/cl01tl/management/headlamp/templates/external-secret.yaml index 0a2f7d1c4..2c6a45439 100644 --- a/clusters/cl01tl/management/headlamp/templates/external-secret.yaml +++ b/clusters/cl01tl/management/headlamp/templates/external-secret.yaml @@ -42,62 +42,3 @@ spec: key: /authentik/oidc/headlamp metadataPolicy: None property: scopes - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: headlamp-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: headlamp-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/headlamp/headlamp" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl/management/headlamp/templates/replication-source.yaml b/clusters/cl01tl/management/headlamp/templates/replication-source.yaml deleted file mode 100644 index 847d33af9..000000000 --- a/clusters/cl01tl/management/headlamp/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: headlamp-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: headlamp-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: headlamp -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: headlamp-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml b/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml index 1a0d1f9b4..3e4825a45 100644 --- a/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml +++ b/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml @@ -61,61 +61,61 @@ spec: metadataPolicy: None property: secret -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: grafana-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: grafana-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: grafana-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: grafana-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml b/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml index 04b72bd8a..e33b91638 100644 --- a/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml +++ b/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: grafana-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: grafana-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: grafana -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: grafana-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 472 -# runAsGroup: 472 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: grafana-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: grafana-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: grafana + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: grafana-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 472 + runAsGroup: 472 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml index b264a6144..ad0f26e31 100644 --- a/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml +++ b/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: matrix-synapse-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: matrix-synapse-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: matrix-synapse -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: matrix-synapse-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: matrix-synapse-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: matrix-synapse + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: matrix-synapse-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot # --- # apiVersion: volsync.backube/v1alpha1 @@ -41,16 +41,16 @@ # spec: # sourcePVC: mautrix-discord-data # trigger: -# schedule: 0 0 */3 * * +# schedule: 0 4 * * * # restic: -# pruneIntervalDays: 14 +# pruneIntervalDays: 7 # repository: mautrix-discord-data-backup-secret # retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 + # hourly: 1 + # daily: 3 + # weekly: 2 + # monthly: 2 + # yearly: 4 # moverSecurityContext: # runAsUser: 1337 # runAsGroup: 1337 @@ -73,16 +73,16 @@ # spec: # sourcePVC: mautrix-whatsapp-data # trigger: -# schedule: 0 0 */3 * * +# schedule: 0 4 * * * # restic: -# pruneIntervalDays: 14 +# pruneIntervalDays: 7 # repository: mautrix-whatsapp-data-backup-secret # retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 + # hourly: 1 + # daily: 3 + # weekly: 2 + # monthly: 2 + # yearly: 4 # moverSecurityContext: # runAsUser: 1337 # runAsGroup: 1337 diff --git a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml index 59df6090b..25f51b11c 100644 --- a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml @@ -55,123 +55,64 @@ spec: metadataPolicy: None property: secret -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: ollama-root-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-root-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-root" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: ollama-web-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-web-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-web-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml index a531ac9a4..775f8761d 100644 --- a/clusters/cl01tl/platform/ollama/templates/replication-source.yaml +++ b/clusters/cl01tl/platform/ollama/templates/replication-source.yaml @@ -1,59 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: ollama-root-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-root-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: ollama-root -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: ollama-root-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: ollama-web-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-web-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: ollama-web-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: ollama-web-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: ollama-web-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: ollama-web-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: ollama-web-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1337 + runAsGroup: 1337 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml b/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml index 933057d0c..658a05a75 100644 --- a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml @@ -22,64 +22,64 @@ spec: metadataPolicy: None property: ELASTIC_PASSWORD -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: stalwart-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: stalwart-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/stalwart/stalwart-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: stalwart-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stalwart-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/stalwart/stalwart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml b/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml index cca7da74e..abe32de37 100644 --- a/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml +++ b/clusters/cl01tl/platform/stalwart/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: stalwart-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: stalwart-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: stalwart-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: stalwart-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: stalwart-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stalwart-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: stalwart-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: stalwart-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml b/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml index 8410211b8..f4aca6820 100644 --- a/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml +++ b/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml @@ -61,61 +61,61 @@ spec: metadataPolicy: None property: PGADMIN_CONFIG_OAUTH2_CONFIG -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: pgadmin-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: pgadmin-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pgadmin-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: pgadmin-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml b/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml index 2df835b78..4dd211667 100644 --- a/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml +++ b/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: pgadmin-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: pgadmin-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: pgadmin-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: pgadmin-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 5050 -# runAsGroup: 5050 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: pgadmin-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: pgadmin-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: pgadmin-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: pgadmin-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 5050 + runAsGroup: 5050 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot