alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 12 Actions Activity

feat: add more
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 42s
Details
lint-test-helm / lint-helm (pull_request) Successful in 15m53s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 16m48s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-23 16:40:37 -05:00
parent 4cda238587
commit 3d58df753b
10 changed files with 172 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml
View File

@@ -9,36 +9,36 @@ metadata:
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: api_encryption_key - secretKey: api_encryption_key
remoteRef: remoteRef:
key: /cl01tl/sparkyfitness/key key: /cl01tl/sparkyfitness/key
property: api_encryption_key property: api-encryption-key
- secretKey: better_auth_secret - secretKey: better_auth_secret
remoteRef: remoteRef:
key: /cl01tl/sparkyfitness/key key: /cl01tl/sparkyfitness/key
property: better_auth_secret property: better-auth-secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: sparkyfitness-oidc-secret name: sparkyfitness-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: sparkyfitness-oidc-secret app.kubernetes.io/name: sparkyfitness-oidc-authentik
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: client_id - secretKey: client_id
remoteRef: remoteRef:
key: /authentik/oidc/sparkyfitness key: /cl01tl/authentik/oidc/sparkyfitness
property: client property: client
- secretKey: client_secret - secretKey: client_secret
remoteRef: remoteRef:
key: /authentik/oidc/sparkyfitness key: /cl01tl/authentik/oidc/sparkyfitness
property: secret property: secret

2
clusters/cl01tl/helm/sparkyfitness/values.yaml
View File

@@ -10,7 +10,7 @@ sparkyfitness:
issuerUrl: https://authentik.alexlebens.net/application/o/sparky-fitness issuerUrl: https://authentik.alexlebens.net/application/o/sparky-fitness
logoUrl: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp logoUrl: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
secrets: secrets:
existingSecret: sparkyfitness-oidc-secret existingSecret: sparkyfitness-oidc-authentik
httpRoute: httpRoute:
enabled: true enabled: true
hostname: sparkyfitness.alexlebens.net hostname: sparkyfitness.alexlebens.net

2
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -11,7 +11,7 @@ spec:
version: 9.3.3 version: 9.3.3
auth: auth:
fileRealm: fileRealm:
- secretName: stalwart-elasticsearch-secret - secretName: stalwart-elasticsearch-config
nodeSets: nodeSets:
- name: default - name: default
count: 2 count: 2

6
clusters/cl01tl/helm/stalwart/templates/external-secret.yaml
View File

@@ -1,15 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: stalwart-elasticsearch-secret name: stalwart-elasticsearch-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: stalwart-elasticsearch-secret app.kubernetes.io/name: stalwart-elasticsearch-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:

4
clusters/cl01tl/helm/stalwart/templates/namespace.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: stalwart name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: stalwart app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged

10
clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml
View File

@@ -9,13 +9,13 @@ metadata:
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: client_id - secretKey: client_id
remoteRef: remoteRef:
key: /tailscale/k8s-operator key: /tailscale/credentials/k8s-operator
property: clientId property: client-id
- secretKey: client_secret - secretKey: client_secret
remoteRef: remoteRef:
key: /tailscale/k8s-operator key: /tailscale/credentials/k8s-operator
property: clientSecret property: client-secret

4
clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: tailscale-operator name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: tailscale-operator app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged

77
clusters/cl01tl/helm/talos/templates/external-secret.yaml
View File

@@ -1,15 +1,15 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: talos-etcd-backup-local-secret name: talos-etcd-backup-local-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: talos-etcd-backup-local-secret app.kubernetes.io/name: talos-etcd-backup-local-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: AWS_ACCESS_KEY_ID - secretKey: AWS_ACCESS_KEY_ID
remoteRef: remoteRef:
@@ -19,14 +19,10 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
key: /garage/home-infra/talos-backups
property: s3cfg-local
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: BUCKET property: BUCKET_PATH
- secretKey: AGE_X25519_PUBLIC_KEY - secretKey: AGE_X25519_PUBLIC_KEY
remoteRef: remoteRef:
key: /cl01tl/talos/etcd-backup key: /cl01tl/talos/etcd-backup
@@ -36,15 +32,15 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: talos-etcd-backup-remote-secret name: talos-etcd-backup-remote-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: talos-etcd-backup-remote-secret app.kubernetes.io/name: talos-etcd-backup-remote-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: AWS_ACCESS_KEY_ID - secretKey: AWS_ACCESS_KEY_ID
remoteRef: remoteRef:
@@ -54,14 +50,10 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
key: /garage/home-infra/talos-backups
property: s3cfg-remote
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
property: BUCKET property: BUCKET_PATH
- secretKey: AGE_X25519_PUBLIC_KEY - secretKey: AGE_X25519_PUBLIC_KEY
remoteRef: remoteRef:
key: /cl01tl/talos/etcd-backup key: /cl01tl/talos/etcd-backup
@@ -71,32 +63,28 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: talos-etcd-backup-external-secret name: talos-etcd-backup-external-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: talos-etcd-backup-external-secret app.kubernetes.io/name: talos-etcd-backup-external-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: AWS_ACCESS_KEY_ID - secretKey: AWS_ACCESS_KEY_ID
remoteRef: remoteRef:
key: /digital-ocean/home-infra/etcd-backup key: /digital-ocean/home-infra/talos-backups
property: AWS_ACCESS_KEY_ID property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY - secretKey: AWS_SECRET_ACCESS_KEY
remoteRef: remoteRef:
key: /digital-ocean/home-infra/etcd-backup key: /digital-ocean/home-infra/talos-backups
property: AWS_SECRET_ACCESS_KEY property: AWS_SECRET_ACCESS_KEY
- secretKey: .s3cfg
remoteRef:
key: /digital-ocean/home-infra/etcd-backup
property: s3cfg
- secretKey: BUCKET - secretKey: BUCKET
remoteRef: remoteRef:
key: /digital-ocean/home-infra/etcd-backup key: /digital-ocean/home-infra/talos-backups
property: BUCKET property: BUCKET_PATH
- secretKey: AGE_X25519_PUBLIC_KEY - secretKey: AGE_X25519_PUBLIC_KEY
remoteRef: remoteRef:
key: /cl01tl/talos/etcd-backup key: /cl01tl/talos/etcd-backup
@@ -106,44 +94,25 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: talos-backup-ntfy-secret name: talos-ntfy-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: talos-backup-ntfy-secret app.kubernetes.io/name: talos-ntfy-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
key: /ntfy/user/cl01tl key: /cl01tl/ntfy/users/cl01tl
property: token property: token
- secretKey: NTFY_ENDPOINT - secretKey: NTFY_ENDPOINT
remoteRef: remoteRef:
key: /ntfy/user/cl01tl key: /cl01tl/ntfy/config
property: endpoint property: internal-endpoint
- secretKey: NTFY_TOPIC - secretKey: NTFY_TOPIC
remoteRef: remoteRef:
key: /cl01tl/talos/etcd-backup key: /cl01tl/talos/ntfy
property: NTFY_TOPIC property: topic
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: talos-etcd-defrag-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-etcd-defrag-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config
remoteRef:
key: /cl01tl/talos/etcd-defrag
property: config

78
clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml Normal file
View File

@@ -0,0 +1,78 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: talos-etcd-backup-local-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-etcd-backup-local-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd
objects: |
- objectName: .s3cfg
fileName: .s3cfg
secretPath: secret/data/garage/home-infra/talos-backups
secretKey: s3cfg-local
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: talos-etcd-backup-remote-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-etcd-backup-remote-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd
objects: |
- objectName: .s3cfg
fileName: .s3cfg
secretPath: secret/data/garage/home-infra/talos-backups
secretKey: s3cfg-remote
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: talos-etcd-backup-external-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-etcd-backup-external-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd
objects: |
- objectName: .s3cfg
fileName: .s3cfg
secretPath: secret/data/digital-ocean/home-infra/talos-backups
secretKey: s3cfg
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: talos-etcd-defrag-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: talos-etcd-defrag-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd
objects: |
- objectName: config
fileName: config
secretPath: secret/data/cl01tl/talos/talosconfig
secretKey: config

114
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -37,12 +37,12 @@ etcd-backup:
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-local-secret name: talos-etcd-backup-local-config
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-local-secret name: talos-etcd-backup-local-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: us-east-1 value: us-east-1
@@ -57,7 +57,7 @@ etcd-backup:
- name: AGE_X25519_PUBLIC_KEY - name: AGE_X25519_PUBLIC_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-local-secret name: talos-etcd-backup-local-config
key: AGE_X25519_PUBLIC_KEY key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE - name: USE_PATH_STYLE
value: "false" value: "false"
@@ -72,9 +72,9 @@ etcd-backup:
- /scripts/prune.sh - /scripts/prune.sh
envFrom: envFrom:
- secretRef: - secretRef:
name: talos-etcd-backup-local-secret name: talos-etcd-backup-local-config
- secretRef: - secretRef:
name: talos-backup-ntfy-secret name: talos-ntfy-config
env: env:
- name: TARGET - name: TARGET
value: Local value: Local
@@ -117,12 +117,12 @@ etcd-backup:
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-remote-secret name: talos-etcd-backup-remote-config
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-remote-secret name: talos-etcd-backup-remote-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: us-east-1 value: us-east-1
@@ -137,7 +137,7 @@ etcd-backup:
- name: AGE_X25519_PUBLIC_KEY - name: AGE_X25519_PUBLIC_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-remote-secret name: talos-etcd-backup-remote-config
key: AGE_X25519_PUBLIC_KEY key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE - name: USE_PATH_STYLE
value: "false" value: "false"
@@ -152,9 +152,9 @@ etcd-backup:
- /scripts/prune.sh - /scripts/prune.sh
envFrom: envFrom:
- secretRef: - secretRef:
name: talos-etcd-backup-remote-secret name: talos-etcd-backup-remote-config
- secretRef: - secretRef:
name: talos-backup-ntfy-secret name: talos-ntfy-config
env: env:
- name: TARGET - name: TARGET
value: Remote value: Remote
@@ -197,12 +197,12 @@ etcd-backup:
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-external-secret name: talos-etcd-backup-external-config
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-external-secret name: talos-etcd-backup-external-config
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: nyc3 value: nyc3
@@ -217,7 +217,7 @@ etcd-backup:
- name: AGE_X25519_PUBLIC_KEY - name: AGE_X25519_PUBLIC_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: talos-etcd-backup-external-secret name: talos-etcd-backup-external-config
key: AGE_X25519_PUBLIC_KEY key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE - name: USE_PATH_STYLE
value: "false" value: "false"
@@ -232,9 +232,9 @@ etcd-backup:
- /scripts/prune.sh - /scripts/prune.sh
envFrom: envFrom:
- secretRef: - secretRef:
name: talos-etcd-backup-external-secret name: talos-etcd-backup-external-config
- secretRef: - secretRef:
name: talos-backup-ntfy-secret name: talos-ntfy-config
env: env:
- name: TARGET - name: TARGET
value: External value: External
@@ -280,9 +280,13 @@ etcd-backup:
- path: /scripts/prune.sh - path: /scripts/prune.sh
subPath: prune.sh subPath: prune.sh
s3cmd-config-local: s3cmd-config-local:
enabled: true type: custom
type: secret volumeSpec:
name: talos-etcd-backup-local-secret csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: talos-etcd-backup-local-config
advancedMounts: advancedMounts:
local: local:
s3-prune: s3-prune:
@@ -291,9 +295,13 @@ etcd-backup:
mountPropagation: None mountPropagation: None
subPath: .s3cfg subPath: .s3cfg
s3cmd-config-remote: s3cmd-config-remote:
enabled: true type: custom
type: secret volumeSpec:
name: talos-etcd-backup-remote-secret csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: talos-etcd-backup-remote-config
advancedMounts: advancedMounts:
remote: remote:
s3-prune: s3-prune:
@@ -302,9 +310,13 @@ etcd-backup:
mountPropagation: None mountPropagation: None
subPath: .s3cfg subPath: .s3cfg
s3cmd-config-external: s3cmd-config-external:
enabled: true type: custom
type: secret volumeSpec:
name: talos-etcd-backup-external-secret csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: talos-etcd-backup-external-config
advancedMounts: advancedMounts:
external: external:
s3-prune: s3-prune:
@@ -312,7 +324,7 @@ etcd-backup:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: .s3cfg subPath: .s3cfg
tmp-local: tmp:
type: emptyDir type: emptyDir
medium: Memory medium: Memory
advancedMounts: advancedMounts:
@@ -320,23 +332,15 @@ etcd-backup:
backup: backup:
- path: /tmp - path: /tmp
readOnly: false readOnly: false
tmp-remote:
type: emptyDir
medium: Memory
advancedMounts:
remote: remote:
backup: backup:
- path: /tmp - path: /tmp
readOnly: false readOnly: false
tmp-external:
type: emptyDir
medium: Memory
advancedMounts:
external: external:
backup: backup:
- path: /tmp - path: /tmp
readOnly: false readOnly: false
talos-local: talos:
type: emptyDir type: emptyDir
medium: Memory medium: Memory
advancedMounts: advancedMounts:
@@ -344,18 +348,10 @@ etcd-backup:
backup: backup:
- path: /.talos - path: /.talos
readOnly: false readOnly: false
talos-remote:
type: emptyDir
medium: Memory
advancedMounts:
remote: remote:
backup: backup:
- path: /.talos - path: /.talos
readOnly: false readOnly: false
talos-external:
type: emptyDir
medium: Memory
advancedMounts:
external: external:
backup: backup:
- path: /.talos - path: /.talos
@@ -449,36 +445,24 @@ etcd-defrag:
- name: TALOSCONFIG - name: TALOSCONFIG
value: /tmp/.talos/config value: /tmp/.talos/config
persistence: persistence:
talos-config-1: config:
enabled: true type: custom
type: secret volumeSpec:
name: talos-etcd-defrag-secret csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: talos-etcd-defrag-config
advancedMounts: advancedMounts:
defrag-1: defrag-1:
main: main:
- path: /tmp/.talos/config - path: /tmp/.talos/
readOnly: true readOnly: true
mountPropagation: None
subPath: config
talos-config-2:
enabled: true
type: secret
name: talos-etcd-defrag-secret
advancedMounts:
defrag-2: defrag-2:
main: main:
- path: /tmp/.talos/config - path: /tmp/.talos/
readOnly: true readOnly: true
mountPropagation: None
subPath: config
talos-config-3:
enabled: true
type: secret
name: talos-etcd-defrag-secret
advancedMounts:
defrag-3: defrag-3:
main: main:
- path: /tmp/.talos/config - path: /tmp/.talos/
readOnly: true readOnly: true
mountPropagation: None
subPath: config