From 752f67f052fb722a1aeb05331e92775d5e27c301 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 8 Jul 2025 17:56:25 -0500 Subject: [PATCH] update config --- .../gitea/templates/external-secret.yaml | 46 ++++--------------- clusters/cl01tl/platform/gitea/values.yaml | 24 ++++++---- 2 files changed, 23 insertions(+), 47 deletions(-) diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml index d69e33729..ddb3076c0 100644 --- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml @@ -168,43 +168,6 @@ spec: metadataPolicy: None property: id_rsa.pub ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-backup-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - - secretKey: S3_REPOSITORY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: S3_REPOSITORY - --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -224,9 +187,16 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/gitea/backup + key: /digital-ocean/home-infra/gitea-backup metadataPolicy: None property: s3cfg + - secretKey: BUCKET + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/gitea-backup + metadataPolicy: None + property: BUCKET --- apiVersion: external-secrets.io/v1 diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml index cdda9b4d4..50d4145f4 100644 --- a/clusters/cl01tl/platform/gitea/values.yaml +++ b/clusters/cl01tl/platform/gitea/values.yaml @@ -200,12 +200,15 @@ backup: - -ec - | echo ">> Running S3 backup for Gitea" - s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${S3_REPOSITORY}/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; + s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; echo ">> Completed S3 backup for Gitea" - envFrom: - - secretRef: - name: gitea-backup-s3 + env: + - name: BUCKET + valueFrom: + secretKeyRef: + name: gitea-s3cmd-config + key: BUCKET resources: requests: cpu: 100m @@ -226,18 +229,21 @@ backup: echo ">> Running S3 prune for Gitea backup repository" echo ">> Backups prior to '$TIME_RANGE' will be removed" echo ">> File list:" - s3cmd ls -v $S3_REPOSITORY + s3cmd ls -v ${BUCKET}/cl01tl/ echo ">> Deleting ..." - s3cmd ls -v $S3_REPOSITORY | + s3cmd ls -v ${BUCKET}/cl01tl/ | awk -v time_range="$TIME_RANGE" '$1 < time_range {print $4}' | while read file; do s3cmd del -v "$file"; echo ">> Deleted $file"; done; echo ">> Completed S3 prune for Gitea backup repository" - envFrom: - - secretRef: - name: gitea-backup-s3 + env: + - name: BUCKET + valueFrom: + secretKeyRef: + name: gitea-s3cmd-config + key: BUCKET resources: requests: cpu: 100m