diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-directus-assets.yaml similarity index 96% rename from clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml rename to clusters/cl01tl/manifests/rclone/CronJob-rclone-directus-assets.yaml index 4cd735faa..10a2ea72a 100644 --- a/clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-directus-assets.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: rclone + name: rclone-directus-assets labels: app.kubernetes.io/controller: directus-assets app.kubernetes.io/instance: rclone @@ -100,8 +100,8 @@ spec: secretKeyRef: key: DEST_ENDPOINT name: garage-directus-secret - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent - name: main + name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-karakeep-assets.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-karakeep-assets.yaml new file mode 100644 index 000000000..beb5e7e14 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-karakeep-assets.yaml @@ -0,0 +1,107 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: rclone-karakeep-assets + labels: + app.kubernetes.io/controller: karakeep-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rclone + helm.sh/chart: rclone-4.6.2 + namespace: rclone +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 10 6 * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: karakeep-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/name: rclone + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + containers: + - args: + - sync + - src:karakeep-assets + - dest:karakeep-assets + - --s3-no-check-bucket + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-karakeep-secret + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-karakeep-secret + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-karakeep-secret + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + key: SRC_ENDPOINT + name: garage-karakeep-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-karakeep-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-karakeep-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-karakeep-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-karakeep-secret + - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml new file mode 100644 index 000000000..3a5bfe5c0 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-talos-backups.yaml @@ -0,0 +1,147 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: rclone-talos-backups + labels: + app.kubernetes.io/controller: talos-backups + app.kubernetes.io/instance: rclone + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rclone + helm.sh/chart: rclone-4.6.2 + namespace: rclone +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 20 6 * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: talos-backups + app.kubernetes.io/instance: rclone + app.kubernetes.io/name: rclone + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + containers: + - args: + - delete + - dest:talos-backups + - --min-age + - 90d + - --verbose + env: + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: prune + - args: + - sync + - src:talos-backups + - dest:talos-backups + - --s3-no-check-bucket + - --max-age + - 90d + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + key: SRC_ENDPOINT + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-talos-backups-secret + - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: sync diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets.yaml new file mode 100644 index 000000000..57244e411 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-web-assets.yaml @@ -0,0 +1,107 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: rclone-web-assets + labels: + app.kubernetes.io/controller: web-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rclone + helm.sh/chart: rclone-4.6.2 + namespace: rclone +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 30 6 * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: web-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/name: rclone + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + containers: + - args: + - sync + - src:web-assets + - dest:web-assets + - --s3-no-check-bucket + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-web-assets-secret + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-web-assets-secret + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-web-assets-secret + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + key: SRC_ENDPOINT + name: garage-web-assets-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-web-assets-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-web-assets-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-web-assets-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-web-assets-secret + - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: sync diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-karakeep-secret.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-karakeep-secret.yaml new file mode 100644 index 000000000..e2a42791e --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-karakeep-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-karakeep-secret + namespace: rclone + labels: + app.kubernetes.io/name: garage-karakeep-secret + app.kubernetes.io/instance: rclone + app.kubernetes.io/part-of: rclone +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/karakeep-assets + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/karakeep-assets + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/karakeep-assets + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml new file mode 100644 index 000000000..cdf0899b8 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-talos-backups-secret + namespace: rclone + labels: + app.kubernetes.io/name: garage-talos-backups-secret + app.kubernetes.io/instance: rclone + app.kubernetes.io/part-of: rclone +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/talos-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/talos-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/talos-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-web-assets-secret.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-web-assets-secret.yaml new file mode 100644 index 000000000..aef7dcfe8 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-web-assets-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-web-assets-secret + namespace: rclone + labels: + app.kubernetes.io/name: garage-web-assets-secret + app.kubernetes.io/instance: rclone + app.kubernetes.io/part-of: rclone +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/web-assets + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/web-assets + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/web-assets + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT