feat: add more
This commit is contained in:
@@ -1,15 +1,15 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: talos-etcd-backup-local-secret
|
||||
name: talos-etcd-backup-local-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-local-secret
|
||||
app.kubernetes.io/name: talos-etcd-backup-local-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
@@ -19,14 +19,10 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: .s3cfg
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: s3cfg-local
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: BUCKET
|
||||
property: BUCKET_PATH
|
||||
- secretKey: AGE_X25519_PUBLIC_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/talos/etcd-backup
|
||||
@@ -36,15 +32,15 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: talos-etcd-backup-remote-secret
|
||||
name: talos-etcd-backup-remote-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-remote-secret
|
||||
app.kubernetes.io/name: talos-etcd-backup-remote-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
@@ -54,14 +50,10 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: .s3cfg
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: s3cfg-remote
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/talos-backups
|
||||
property: BUCKET
|
||||
property: BUCKET_PATH
|
||||
- secretKey: AGE_X25519_PUBLIC_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/talos/etcd-backup
|
||||
@@ -71,32 +63,28 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: talos-etcd-backup-external-secret
|
||||
name: talos-etcd-backup-external-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-external-secret
|
||||
app.kubernetes.io/name: talos-etcd-backup-external-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/etcd-backup
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: AWS_ACCESS_KEY_ID
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/etcd-backup
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: AWS_SECRET_ACCESS_KEY
|
||||
- secretKey: .s3cfg
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/etcd-backup
|
||||
property: s3cfg
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/etcd-backup
|
||||
property: BUCKET
|
||||
key: /digital-ocean/home-infra/talos-backups
|
||||
property: BUCKET_PATH
|
||||
- secretKey: AGE_X25519_PUBLIC_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/talos/etcd-backup
|
||||
@@ -106,44 +94,25 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: talos-backup-ntfy-secret
|
||||
name: talos-ntfy-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-backup-ntfy-secret
|
||||
app.kubernetes.io/name: talos-ntfy-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: NTFY_TOKEN
|
||||
remoteRef:
|
||||
key: /ntfy/user/cl01tl
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: token
|
||||
- secretKey: NTFY_ENDPOINT
|
||||
remoteRef:
|
||||
key: /ntfy/user/cl01tl
|
||||
property: endpoint
|
||||
key: /cl01tl/ntfy/config
|
||||
property: internal-endpoint
|
||||
- secretKey: NTFY_TOPIC
|
||||
remoteRef:
|
||||
key: /cl01tl/talos/etcd-backup
|
||||
property: NTFY_TOPIC
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: talos-etcd-defrag-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-defrag-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: config
|
||||
remoteRef:
|
||||
key: /cl01tl/talos/etcd-defrag
|
||||
property: config
|
||||
key: /cl01tl/talos/ntfy
|
||||
property: topic
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: talos-etcd-backup-local-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-local-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: slskd
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
secretPath: secret/data/garage/home-infra/talos-backups
|
||||
secretKey: s3cfg-local
|
||||
|
||||
---
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: talos-etcd-backup-remote-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-remote-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: slskd
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
secretPath: secret/data/garage/home-infra/talos-backups
|
||||
secretKey: s3cfg-remote
|
||||
|
||||
---
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: talos-etcd-backup-external-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-external-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: slskd
|
||||
objects: |
|
||||
- objectName: .s3cfg
|
||||
fileName: .s3cfg
|
||||
secretPath: secret/data/digital-ocean/home-infra/talos-backups
|
||||
secretKey: s3cfg
|
||||
|
||||
---
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: talos-etcd-defrag-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-defrag-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider: openbao
|
||||
parameters:
|
||||
baoAddress: "http://openbao-internal.openbao:8200"
|
||||
roleName: slskd
|
||||
objects: |
|
||||
- objectName: config
|
||||
fileName: config
|
||||
secretPath: secret/data/cl01tl/talos/talosconfig
|
||||
secretKey: config
|
||||
Reference in New Issue
Block a user