From 3ff086685fc5fa2e5585a8ac716ab7a239ed287d Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Wed, 11 Mar 2026 16:15:14 -0500
Subject: [PATCH] feat: migrated to garage

---
 .../karakeep/templates/external-secret.yaml   | 37 +++++++++++++++++++
 clusters/cl01tl/helm/karakeep/values.yaml     | 20 +++++-----
 2 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
index 261851166..485dbff60 100644
--- a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
@@ -57,6 +57,43 @@ spec:
         metadataPolicy: None
         property: secret
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: karakeep-bucket-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: karakeep-bucket-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_REGION
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
diff --git a/clusters/cl01tl/helm/karakeep/values.yaml b/clusters/cl01tl/helm/karakeep/values.yaml
index cac0761d3..6ebce30b6 100644
--- a/clusters/cl01tl/helm/karakeep/values.yaml
+++ b/clusters/cl01tl/helm/karakeep/values.yaml
@@ -29,24 +29,24 @@ karakeep:
                   name: karakeep-key-secret
                   key: prometheus-token
             - name: ASSET_STORE_S3_ENDPOINT
-              value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
+              value: http://garage-main.garage:3900
             - name: ASSET_STORE_S3_REGION
-              value: us-east-1
-            - name: ASSET_STORE_S3_BUCKET
               valueFrom:
-                configMapKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: BUCKET_NAME
+                secretKeyRef:
+                  name: karakeep-bucket-garage
+                  key: ACCESS_REGION
+            - name: ASSET_STORE_S3_BUCKET
+              value: karakeep-assets
             - name: ASSET_STORE_S3_ACCESS_KEY_ID
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: AWS_ACCESS_KEY_ID
+                  name: karakeep-bucket-garage
+                  key: ACCESS_KEY_ID
             - name: ASSET_STORE_S3_SECRET_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: AWS_SECRET_ACCESS_KEY
+                  name: karakeep-bucket-garage
+                  key: ACCESS_SECRET_KEY
             - name: ASSET_STORE_S3_FORCE_PATH_STYLE
               value: true
             - name: MEILI_ADDR