Automated Manifest Update (#2582)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2582
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>

clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-external.yaml

@@ -23,6 +23,11 @@ spec:
       monthly: 2
       weekly: 2
       yearly: 4
+    moverSecurityContext:
+      fsGroup: 1000
+      fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 1000
+      runAsUser: 1000
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-local.yaml

@@ -23,6 +23,11 @@ spec:
       monthly: 2
       weekly: 2
       yearly: 4
+    moverSecurityContext:
+      fsGroup: 1000
+      fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 1000
+      runAsUser: 1000
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-remote.yaml

@@ -23,6 +23,11 @@ spec:
       monthly: 2
       weekly: 2
       yearly: 4
+    moverSecurityContext:
+      fsGroup: 1000
+      fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 1000
+      runAsUser: 1000
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/manifests/ephemera/ExternalSecret-ephemera-backup-secret-external.yaml

@@ -1,12 +1,15 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: ephemera-config-backup-secret
+  name: ephemera-backup-secret-external
   namespace: ephemera
   labels:
-    app.kubernetes.io/name: ephemera-config-backup-secret
+    helm.sh/chart: volsync-target-config-0.3.0
     app.kubernetes.io/instance: ephemera
     app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup-secret-external
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -16,27 +19,27 @@ spec:
       mergePolicy: Merge
       engineVersion: v2
       data:
-        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/ephemera/ephemera-config"
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/ephemera/ephemera"
   data:
     - secretKey: BUCKET_ENDPOINT
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
+        property: BUCKET_ENDPOINT
     - secretKey: RESTIC_PASSWORD
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
         property: RESTIC_PASSWORD
     - secretKey: AWS_DEFAULT_REGION
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
         property: AWS_DEFAULT_REGION
     - secretKey: AWS_ACCESS_KEY_ID
@@ -45,11 +48,11 @@ spec:
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: access_key
+        property: AWS_ACCESS_KEY_ID
     - secretKey: AWS_SECRET_ACCESS_KEY
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: secret_key
+        property: AWS_SECRET_ACCESS_KEY

clusters/cl01tl/manifests/ephemera/ExternalSecret-ephemera-backup-secret-local.yaml

@@ -0,0 +1,58 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ephemera-backup-secret-local
+  namespace: ephemera
+  labels:
+    helm.sh/chart: volsync-target-config-0.3.0
+    app.kubernetes.io/instance: ephemera
+    app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup-secret-local
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/ephemera/ephemera"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/ephemera/ExternalSecret-ephemera-backup-secret-remote.yaml

@@ -0,0 +1,58 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ephemera-backup-secret-remote
+  namespace: ephemera
+  labels:
+    helm.sh/chart: volsync-target-config-0.3.0
+    app.kubernetes.io/instance: ephemera
+    app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup-secret-remote
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/ephemera/ephemera"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/ephemera/ReplicationSource-ephemera-backup-source-external.yaml

@@ -1,26 +1,29 @@
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: ephemera-config-backup-source
+  name: ephemera-backup-source-external
   namespace: ephemera
   labels:
-    app.kubernetes.io/name: ephemera-config-backup-source
+    helm.sh/chart: volsync-target-config-0.3.0
     app.kubernetes.io/instance: ephemera
     app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup
 spec:
   sourcePVC: ephemera
   trigger:
     schedule: 0 4 * * *
   restic:
     pruneIntervalDays: 7
-    repository: ephemera-config-backup-secret
+    repository: ephemera-backup-secret-external
     retain:
-      hourly: 1
       daily: 3
-      weekly: 2
+      hourly: 1
       monthly: 2
+      weekly: 2
       yearly: 4
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
-    cacheCapacity: 10Gi
+    cacheCapacity: 1Gi

clusters/cl01tl/manifests/ephemera/ReplicationSource-ephemera-backup-source-local.yaml

@@ -0,0 +1,29 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: ephemera-backup-source-local
+  namespace: ephemera
+  labels:
+    helm.sh/chart: volsync-target-config-0.3.0
+    app.kubernetes.io/instance: ephemera
+    app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup
+spec:
+  sourcePVC: ephemera
+  trigger:
+    schedule: 0 2 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: ephemera-backup-secret-local
+    retain:
+      daily: 3
+      hourly: 1
+      monthly: 2
+      weekly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi

clusters/cl01tl/manifests/ephemera/ReplicationSource-ephemera-backup-source-remote.yaml

@@ -0,0 +1,29 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: ephemera-backup-source-remote
+  namespace: ephemera
+  labels:
+    helm.sh/chart: volsync-target-config-0.3.0
+    app.kubernetes.io/instance: ephemera
+    app.kubernetes.io/part-of: ephemera
+    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ephemera-backup
+spec:
+  sourcePVC: ephemera
+  trigger:
+    schedule: 0 3 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: ephemera-backup-secret-remote
+    retain:
+      daily: 3
+      hourly: 1
+      monthly: 2
+      weekly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi

clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-external.yaml

@@ -1,12 +1,15 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: freshrss-data-backup-secret
+  name: freshrss-data-backup-secret-external
   namespace: freshrss
   labels:
-    app.kubernetes.io/name: freshrss-data-backup-secret
+    helm.sh/chart: volsync-target-data-0.5.0
     app.kubernetes.io/instance: freshrss
     app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup-secret-external
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -22,21 +25,21 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
+        property: BUCKET_ENDPOINT
     - secretKey: RESTIC_PASSWORD
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
         property: RESTIC_PASSWORD
     - secretKey: AWS_DEFAULT_REGION
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
         property: AWS_DEFAULT_REGION
     - secretKey: AWS_ACCESS_KEY_ID
@@ -45,11 +48,11 @@ spec:
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: access_key
+        property: AWS_ACCESS_KEY_ID
     - secretKey: AWS_SECRET_ACCESS_KEY
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: secret_key
+        property: AWS_SECRET_ACCESS_KEY

clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-local.yaml

@@ -0,0 +1,58 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: freshrss-data-backup-secret-local
+  namespace: freshrss
+  labels:
+    helm.sh/chart: volsync-target-data-0.5.0
+    app.kubernetes.io/instance: freshrss
+    app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup-secret-local
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/freshrss/freshrss-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-remote.yaml

@@ -0,0 +1,58 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: freshrss-data-backup-secret-remote
+  namespace: freshrss
+  labels:
+    helm.sh/chart: volsync-target-data-0.5.0
+    app.kubernetes.io/instance: freshrss
+    app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup-secret-remote
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/freshrss/freshrss-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY

clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml

@@ -1,30 +1,33 @@
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: freshrss-data-backup-source
+  name: freshrss-data-backup-source-external
   namespace: freshrss
   labels:
-    app.kubernetes.io/name: freshrss-data-backup-source
+    helm.sh/chart: volsync-target-data-0.5.0
     app.kubernetes.io/instance: freshrss
     app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup
 spec:
   sourcePVC: freshrss-data
   trigger:
     schedule: 0 4 * * *
   restic:
     pruneIntervalDays: 7
-    repository: freshrss-data-backup-secret
+    repository: freshrss-data-backup-secret-external
     retain:
-      hourly: 1
       daily: 3
-      weekly: 2
+      hourly: 1
       monthly: 2
+      weekly: 2
       yearly: 4
     moverSecurityContext:
-      runAsUser: 568
-      runAsGroup: 568
       fsGroup: 568
       fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 568
+      runAsUser: 568
       supplementalGroups:
         - 44
         - 100
@@ -33,3 +36,4 @@ spec:
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi

clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-local.yaml

@@ -0,0 +1,39 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: freshrss-data-backup-source-local
+  namespace: freshrss
+  labels:
+    helm.sh/chart: volsync-target-data-0.5.0
+    app.kubernetes.io/instance: freshrss
+    app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup
+spec:
+  sourcePVC: freshrss-data
+  trigger:
+    schedule: 0 2 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: freshrss-data-backup-secret-local
+    retain:
+      daily: 3
+      hourly: 1
+      monthly: 2
+      weekly: 2
+      yearly: 4
+    moverSecurityContext:
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 568
+      runAsUser: 568
+      supplementalGroups:
+        - 44
+        - 100
+        - 109
+        - 65539
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi

clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml

@@ -0,0 +1,39 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: freshrss-data-backup-source-remote
+  namespace: freshrss
+  labels:
+    helm.sh/chart: volsync-target-data-0.5.0
+    app.kubernetes.io/instance: freshrss
+    app.kubernetes.io/part-of: freshrss
+    app.kubernetes.io/version: "0.5.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: freshrss-data-backup
+spec:
+  sourcePVC: freshrss-data
+  trigger:
+    schedule: 0 3 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: freshrss-data-backup-secret-remote
+    retain:
+      daily: 3
+      hourly: 1
+      monthly: 2
+      weekly: 2
+      yearly: 4
+    moverSecurityContext:
+      fsGroup: 568
+      fsGroupChangePolicy: OnRootMismatch
+      runAsGroup: 568
+      runAsUser: 568
+      supplementalGroups:
+        - 44
+        - 100
+        - 109
+        - 65539
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi