From 60682fc97cd76e6c19d52abca77231a8a3bfe68d Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 6 Mar 2025 22:39:47 -0600 Subject: [PATCH] add applications --- .../templates/external-secret.yaml | 116 ++++----- .../templates/replication-source.yaml | 60 ++--- .../freshrss/templates/external-secret.yaml | 116 ++++----- .../templates/replication-source.yaml | 74 +++--- .../hoarder/templates/external-secret.yaml | 116 ++++----- .../hoarder/templates/replication-source.yaml | 54 ++-- .../jellyfin/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 54 ++-- .../jellystat/templates/external-secret.yaml | 116 ++++----- .../templates/replication-source.yaml | 54 ++-- .../lidarr/templates/external-secret.yaml | 114 ++++----- .../lidarr/templates/replication-source.yaml | 60 ++--- .../overseerr/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 54 ++-- .../prowlarr/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 74 +++--- .../radarr-4k/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 64 ++--- .../templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 60 ++--- .../templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 64 ++--- .../radarr/templates/external-secret.yaml | 114 ++++----- .../radarr/templates/replication-source.yaml | 64 ++--- .../roundcube/templates/external-secret.yaml | 116 ++++----- .../templates/replication-source.yaml | 54 ++-- .../searxng/templates/external-secret.yaml | 59 +++++ .../searxng/templates/replication-source.yaml | 27 ++ .../sonarr-4k/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 70 +++--- .../templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 70 +++--- .../sonarr/templates/external-secret.yaml | 114 ++++----- .../sonarr/templates/replication-source.yaml | 70 +++--- .../tautulli/templates/external-secret.yaml | 114 ++++----- .../templates/replication-source.yaml | 54 ++-- .../tdarr/templates/external-secret.yaml | 230 +++++++++--------- .../tdarr/templates/replication-source.yaml | 110 ++++----- .../templates/external-secret.yaml | 116 ++++----- .../templates/replication-source.yaml | 54 ++-- 40 files changed, 1842 insertions(+), 1756 deletions(-) create mode 100644 clusters/cl01tl/applications/searxng/templates/replication-source.yaml diff --git a/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml b/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml index 8c65bc4b2..191997cb9 100644 --- a/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml @@ -22,61 +22,61 @@ spec: metadataPolicy: None property: gmail.json -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: calibre-web-automated-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: calibre-web-automated-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: calibre-web-automated-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: calibre-web-automated-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml b/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml index c99f22a68..146692072 100644 --- a/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: calibre-web-automated-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: calibre-web-automated-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: calibre-web-automated-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: calibre-web-automated-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 100 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: calibre-web-automated-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: calibre-web-automated-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: calibre-web-automated-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: calibre-web-automated-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 100 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml b/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml index d905dfadc..2d67309e0 100644 --- a/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml @@ -100,64 +100,64 @@ spec: metadataPolicy: None property: token -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: freshrss-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: freshrss-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: freshrss-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: freshrss-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml b/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml index 1145aad49..077e93396 100644 --- a/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml @@ -1,37 +1,37 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: freshrss-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: freshrss-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: freshrss-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: freshrss-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 568 -# runAsGroup: 568 -# fsGroup: 568 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: freshrss-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: freshrss-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: freshrss-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: freshrss-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml b/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml index e37107825..ce3c52b2f 100644 --- a/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml @@ -104,61 +104,61 @@ spec: metadataPolicy: None property: token -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: hoarder-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: hoarder-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: hoarder-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: hoarder-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml b/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml index e8b1c82cc..44aa158db 100644 --- a/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: hoarder-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: hoarder-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: hoarder-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: hoarder-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: hoarder-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: hoarder-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: hoarder-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: hoarder-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml b/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml index 625a7b9e9..ec6dfb58e 100644 --- a/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml @@ -1,57 +1,57 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: jellyfin-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellyfin-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: jellyfin-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: jellyfin-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml b/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml index 3f069b2ef..53cf0976d 100644 --- a/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: jellyfin-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellyfin-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: jellyfin-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: jellyfin-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: jellyfin-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: jellyfin-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: jellyfin-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: jellyfin-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml b/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml index aaebffeee..863db8240 100644 --- a/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml @@ -36,64 +36,64 @@ spec: metadataPolicy: None property: password -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: jellystat-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellystat-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: jellystat-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: jellystat-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml b/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml index 4f536eac3..4c0738600 100644 --- a/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: jellystat-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellystat-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: jellystat-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: jellystat-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: jellystat-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: jellystat-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: jellystat-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: jellystat-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml b/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml index 71015a499..0b30ce700 100644 --- a/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/lidarr/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: lidarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: lidarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: lidarr-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: lidarr-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml b/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml index 8d74fdb51..1125306aa 100644 --- a/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/lidarr/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: lidarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: lidarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: lidarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: lidarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: lidarr-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: lidarr-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: lidarr-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: lidarr-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml b/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml index 7bd972059..57061203c 100644 --- a/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml @@ -1,57 +1,57 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: overseerr-main-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: overseerr-main-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: overseerr-main-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: overseerr-main-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml b/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml index 8056fdae7..77a59c87c 100644 --- a/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: overseerr-main-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: overseerr-main-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: overseerr-main -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: overseerr-main-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: overseerr-main-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: overseerr-main-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: overseerr-main + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: overseerr-main-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml b/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml index 2b258e6a1..0333f58f6 100644 --- a/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml @@ -1,57 +1,57 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: prowlarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: prowlarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prowlarr-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: prowlarr-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml b/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml index 18a6b9806..49fe58ff9 100644 --- a/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml @@ -1,37 +1,37 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: prowlarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: prowlarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: prowlarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: prowlarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 568 -# runAsGroup: 568 -# fsGroup: 568 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block-delete -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: prowlarr-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: prowlarr-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: prowlarr-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: prowlarr-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block-delete + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml index 0f75d48e2..0f42dd66f 100644 --- a/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr-4k-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-4k-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr-4k-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-4k-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml index b75ac9d79..31baeaa18 100644 --- a/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/radarr-4k/templates/replication-source.yaml @@ -1,32 +1,32 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr-4k-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-4k-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr-4k-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr-4k-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-4k-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-4k-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: radarr-4k-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-4k-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml index f75c9b540..ba2539c11 100644 --- a/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr-anime-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-anime-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr-anime-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-anime-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml index f586457e8..edcc92e57 100644 --- a/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/radarr-anime/templates/replication-source.yaml @@ -1,30 +1,30 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr-anime-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-anime-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr-anime-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr-anime-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-anime-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-anime-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: radarr-anime-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-anime-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml index 2c01378c2..79a8dccad 100644 --- a/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr-standup-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-standup-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr-standup-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-standup-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml index 665de72fa..e55f71de3 100644 --- a/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/radarr-standup/templates/replication-source.yaml @@ -1,32 +1,32 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr-standup-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-standup-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr-standup-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr-standup-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-standup-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-standup-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: radarr-standup-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-standup-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/radarr/templates/external-secret.yaml b/clusters/cl01tl/applications/radarr/templates/external-secret.yaml index 4f78a51e3..930612d66 100644 --- a/clusters/cl01tl/applications/radarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/radarr/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/radarr/templates/replication-source.yaml b/clusters/cl01tl/applications/radarr/templates/replication-source.yaml index ed02062d5..bc1ed258e 100644 --- a/clusters/cl01tl/applications/radarr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/radarr/templates/replication-source.yaml @@ -1,32 +1,32 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: radarr-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: radarr-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml index 671db9665..3d89c55ef 100644 --- a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml @@ -22,64 +22,64 @@ spec: metadataPolicy: None property: DES_KEY -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: roundcube-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: roundcube-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: roundcube-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml b/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml index a15375a82..a695223dd 100644 --- a/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/roundcube/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: roundcube-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: roundcube-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: roundcube-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: roundcube-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: roundcube-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: roundcube-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: roundcube-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/searxng/templates/external-secret.yaml b/clusters/cl01tl/applications/searxng/templates/external-secret.yaml index 7351e83bb..8864a13f0 100644 --- a/clusters/cl01tl/applications/searxng/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/searxng/templates/external-secret.yaml @@ -28,3 +28,62 @@ spec: key: /cl01tl/searxng/api/config metadataPolicy: None property: limiter.toml + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: searxng-browser-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: searxng-browser-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/searxng/searxng-browser-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/searxng/templates/replication-source.yaml b/clusters/cl01tl/applications/searxng/templates/replication-source.yaml new file mode 100644 index 000000000..d67ec0cf3 --- /dev/null +++ b/clusters/cl01tl/applications/searxng/templates/replication-source.yaml @@ -0,0 +1,27 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: searxng-browser-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: searxng-browser-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: searxng-browser-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: searxng-browser-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml index 59fc1b744..9624c4763 100644 --- a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr-4k-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-4k-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr-4k-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-4k-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml index e2b4cc656..1a3400112 100644 --- a/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/sonarr-4k/templates/replication-source.yaml @@ -1,35 +1,35 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr-4k-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-4k-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr-4k-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr-4k-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-4k-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-4k-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: sonarr-4k-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-4k-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml index 1b8cc34c0..abc5ad4d5 100644 --- a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr-anime-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-anime-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr-anime-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-anime-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml index cb580244d..a937d5656 100644 --- a/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/sonarr-anime/templates/replication-source.yaml @@ -1,35 +1,35 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr-anime-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-anime-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr-anime-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr-anime-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-anime-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-anime-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: sonarr-anime-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-anime-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml index ddb5d4fee..0aca25605 100644 --- a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml @@ -1,60 +1,60 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml b/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml index 189c39e75..0f047bdee 100644 --- a/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/sonarr/templates/replication-source.yaml @@ -1,35 +1,35 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: sonarr-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: sonarr-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml b/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml index e8be5d186..92cbd847d 100644 --- a/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/tautulli/templates/external-secret.yaml @@ -1,57 +1,57 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: tautulli-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tautulli-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tautulli-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tautulli-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tautulli/tautulli-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml b/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml index 64e17ed01..94bf45348 100644 --- a/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/tautulli/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: tautulli-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tautulli-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: tautulli-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: tautulli-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tautulli-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tautulli-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: tautulli-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: tautulli-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml b/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml index 9a1b87a8a..1ed4178ff 100644 --- a/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/tdarr/templates/external-secret.yaml @@ -1,116 +1,116 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: tdarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tdarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tdarr-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tdarr-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: tdarr-server-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tdarr-server-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tdarr-server-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tdarr-server-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/tdarr/tdarr-server" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml b/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml index ca16e9393..9e133371a 100644 --- a/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/tdarr/templates/replication-source.yaml @@ -1,56 +1,56 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: tdarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tdarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: tdarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: tdarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-config-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tdarr-config-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: tdarr-config + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-config-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: tdarr-server-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: tdarr-server-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: tdarr-server -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: tdarr-server-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +--- +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-server-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: tdarr-server-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: tdarr-server + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-server-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml index 23f35a21e..f4a9c136d 100644 --- a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml @@ -22,64 +22,64 @@ spec: metadataPolicy: None property: token -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: vaultwarden-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vaultwarden-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: vaultwarden-data-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vaultwarden-data-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml b/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml index b178ab7ea..23780c708 100644 --- a/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/vaultwarden/templates/replication-source.yaml @@ -1,27 +1,27 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: vaultwarden-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vaultwarden-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: vaultwarden-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: vaultwarden-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: vaultwarden-data-backup-source + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vaultwarden-data-backup-source + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + sourcePVC: vaultwarden-data + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: vaultwarden-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot