add cred

2025-02-17 20:31:31 -06:00
parent e3bc94b203
commit 69e6998f3c
2 changed files with 73 additions and 50 deletions
--- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
+++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
@@ -86,51 +86,62 @@ spec:
        metadataPolicy: None
        property: token

-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: gitea-backup-s3
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: gitea-backup-s3
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   data:
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/gitea-backup
-#         metadataPolicy: None
-#         property: AWS_ACCESS_KEY_ID
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/gitea-backup
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ENDPOINT_URL
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/gitea-backup
-#         metadataPolicy: None
-#         property: AWS_ENDPOINT_URL
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/gitea-backup
-#         metadataPolicy: None
-#         property: AWS_SECRET_ACCESS_KEY
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitea-backup-s3
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: gitea-backup-s3
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/gitea-backup
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/gitea-backup
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitea-s3cmd-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: gitea-s3cmd-s3
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: .s3cfg
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/gitea/backup
+        metadataPolicy: None
+        property: s3cfg

 ---
 apiVersion: external-secrets.io/v1beta1
--- a/clusters/cl01tl/platform/gitea/values.yaml
+++ b/clusters/cl01tl/platform/gitea/values.yaml
@@ -118,7 +118,7 @@ backup:
        failedJobsHistory: 3
        backoffLimit: 3
        parallelism: 1
-      containers:
+      initContainers:
        backup:
          image:
            repository: bitnami/kubectl
@@ -135,18 +135,18 @@ backup:
            requests:
              cpu: 100m
              memory: 128Mi
+      containers:
        s3:
          image:
-            repository: amazon/aws-cli
-            tag: 2.24.0
+            repository: d3fk/s3cmd
+            tag: latest@sha256:ae12ef40440ee069dac63d98a3590da0e02acc56ea4f60e9e4c5353d585a9140
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
          args:
            - -ec
            - |
-              until [ -f /opt/backup/gitea-backup.zip ]; do sleep 5; done;
-              aws s3 cp /opt/backup/gitea-backup.zip s3://cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
+              s3cmd put --no-check-md5 --no-check-certificate /opt/backup/gitea-backup.zip s3://gitea-backups-8ba8dae3674a2f53354c600e/cl01tl/cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
              mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
          envFrom:
            - secretRef:
@@ -165,6 +165,17 @@ backup:
          s3:
            - path: /opt/backup
              readOnly: false
+    s3cmd-config:
+      enabled: true
+      type: secret
+      name: gitea-s3cmd-config
+      advancedMounts:
+        backup:
+          s3:
+            - path: /root/.s3cfg
+              readOnly: true
+              mountPropagation: None
+              subPath: .s3cfg
 postgres-17-cluster:
  mode: recovery
  cluster:
@@ -177,6 +188,7 @@ postgres-17-cluster:
  recovery:
    endpointURL: https://nyc3.digitaloceanspaces.com
    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
+    endpointCredentials: gitea-postgresql-17-cluster-backup-secret
    recoveryIndex: 1
  backup:
    enabled: false