From 2b017c37f5af7203691f6ded13a665d0c90bfc5b Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Fri, 8 May 2026 17:10:50 -0500 Subject: [PATCH 1/2] fix: wrong path --- clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml index fcba8c4c8..bd6e8713e 100644 --- a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml +++ b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml @@ -54,7 +54,7 @@ spec: objects: | - objectName: .s3cfg fileName: .s3cfg - secretPath: secret/data/digital-ocean/home-infra/talos-backups + secretPath: secret/data/backblaze/home-infra/talos-backups secretKey: s3cfg --- From 4c70291ebaa0c917338a08a57b8fb3f199822b4c Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Fri, 8 May 2026 17:11:00 -0500 Subject: [PATCH 2/2] feat: remove external backup --- .../helm/vault/templates/external-secret.yaml | 19 ------------------ .../templates/secret-provider-class.yaml | 20 ------------------- clusters/cl01tl/helm/vault/values.yaml | 20 ------------------- 3 files changed, 59 deletions(-) diff --git a/clusters/cl01tl/helm/vault/templates/external-secret.yaml b/clusters/cl01tl/helm/vault/templates/external-secret.yaml index 27e9bd300..197c31f01 100644 --- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml @@ -77,25 +77,6 @@ spec: key: /garage/home-infra/vault-backups property: BUCKET_PATH ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-backup-external-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-backup-external-config - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: BUCKET - remoteRef: - key: /digital-ocean/home-infra/vault-backups - property: BUCKET_PATH - --- apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml index c6dd28bd9..f0844281a 100644 --- a/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml +++ b/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml @@ -36,23 +36,3 @@ spec: fileName: .s3cfg secretPath: secret/data/garage/home-infra/vault-backups secretKey: s3cfg-remote - ---- -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - name: vault-backup-external-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-backup-external-config - {{- include "custom.labels" . | nindent 4 }} -spec: - provider: openbao - parameters: - baoAddress: "http://openbao-internal.openbao:8200" - roleName: vault - objects: | - - objectName: .s3cfg - fileName: .s3cfg - secretPath: secret/data/digital-ocean/home-infra/vault-backups - secretKey: s3cfg diff --git a/clusters/cl01tl/helm/vault/values.yaml b/clusters/cl01tl/helm/vault/values.yaml index aa0c75734..034712de8 100644 --- a/clusters/cl01tl/helm/vault/values.yaml +++ b/clusters/cl01tl/helm/vault/values.yaml @@ -166,26 +166,6 @@ snapshot: key: BUCKET - name: TARGET value: Remote - s3-backup-external: - image: - repository: d3fk/s3cmd - tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 - command: - - /bin/sh - args: - - -ec - - /scripts/backup.sh - envFrom: - - secretRef: - name: vault-ntfy-config - env: - - name: BUCKET - valueFrom: - secretKeyRef: - name: vault-backup-external-config - key: BUCKET - - name: TARGET - value: External persistence: snapshot-script: enabled: true