diff --git a/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-config-backup-secret-remote.yaml new file mode 100644 index 000000000..585a9cc74 --- /dev/null +++ b/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: audiobookshelf-config-backup-secret-remote + namespace: audiobookshelf + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: audiobookshelf + app.kubernetes.io/part-of: audiobookshelf + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: audiobookshelf-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/audiobookshelf/audiobookshelf-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-metadata-backup-secret-remote.yaml b/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-metadata-backup-secret-remote.yaml new file mode 100644 index 000000000..9c6cfe803 --- /dev/null +++ b/clusters/cl01tl/manifests/audiobookshelf/ExternalSecret-audiobookshelf-metadata-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: audiobookshelf-metadata-backup-secret-remote + namespace: audiobookshelf + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: audiobookshelf + app.kubernetes.io/part-of: audiobookshelf + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: audiobookshelf-metadata-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/audiobookshelf/audiobookshelf-metadata" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-external.yaml b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-external.yaml index 1b5a7e052..097462f06 100644 --- a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: audiobookshelf-config trigger: - schedule: 2 9 * * * + schedule: 2 10 * * * restic: pruneIntervalDays: 7 repository: audiobookshelf-config-backup-secret-external diff --git a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-remote.yaml new file mode 100644 index 000000000..93af0f489 --- /dev/null +++ b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: audiobookshelf-config-backup-source-remote + namespace: audiobookshelf + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: audiobookshelf + app.kubernetes.io/part-of: audiobookshelf + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: audiobookshelf-config-backup +spec: + sourcePVC: audiobookshelf-config + trigger: + schedule: 2 9 * * * + restic: + pruneIntervalDays: 7 + repository: audiobookshelf-config-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-external.yaml b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-external.yaml index f861f3a5d..f688cd6ed 100644 --- a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: audiobookshelf-metadata trigger: - schedule: 4 9 * * * + schedule: 4 10 * * * restic: pruneIntervalDays: 7 repository: audiobookshelf-metadata-backup-secret-external diff --git a/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-remote.yaml b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-remote.yaml new file mode 100644 index 000000000..3404679c6 --- /dev/null +++ b/clusters/cl01tl/manifests/audiobookshelf/ReplicationSource-audiobookshelf-metadata-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: audiobookshelf-metadata-backup-source-remote + namespace: audiobookshelf + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: audiobookshelf + app.kubernetes.io/part-of: audiobookshelf + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: audiobookshelf-metadata-backup +spec: + sourcePVC: audiobookshelf-metadata + trigger: + schedule: 4 9 * * * + restic: + pruneIntervalDays: 7 + repository: audiobookshelf-metadata-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-config-backup-secret-remote.yaml new file mode 100644 index 000000000..ca6998e0a --- /dev/null +++ b/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: backrest-config-backup-secret-remote + namespace: backrest + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: backrest + app.kubernetes.io/part-of: backrest + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: backrest-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-data-backup-secret-remote.yaml new file mode 100644 index 000000000..b3de70eeb --- /dev/null +++ b/clusters/cl01tl/manifests/backrest/ExternalSecret-backrest-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: backrest-data-backup-secret-remote + namespace: backrest + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: backrest + app.kubernetes.io/part-of: backrest + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: backrest-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-external.yaml b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-external.yaml index 4de39a806..19b0f4663 100644 --- a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: backrest-config trigger: - schedule: 8 9 * * * + schedule: 8 10 * * * restic: pruneIntervalDays: 7 repository: backrest-config-backup-secret-external diff --git a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-remote.yaml new file mode 100644 index 000000000..720161f12 --- /dev/null +++ b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: backrest-config-backup-source-remote + namespace: backrest + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: backrest + app.kubernetes.io/part-of: backrest + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: backrest-config-backup +spec: + sourcePVC: backrest-config + trigger: + schedule: 8 9 * * * + restic: + pruneIntervalDays: 7 + repository: backrest-config-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-external.yaml b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-external.yaml index 39135e942..89b1e0128 100644 --- a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: backrest-data trigger: - schedule: 6 9 * * * + schedule: 6 10 * * * restic: pruneIntervalDays: 7 repository: backrest-data-backup-secret-external diff --git a/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-remote.yaml new file mode 100644 index 000000000..ba937074d --- /dev/null +++ b/clusters/cl01tl/manifests/backrest/ReplicationSource-backrest-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: backrest-data-backup-source-remote + namespace: backrest + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: backrest + app.kubernetes.io/part-of: backrest + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: backrest-data-backup +spec: + sourcePVC: backrest-data + trigger: + schedule: 6 9 * * * + restic: + pruneIntervalDays: 7 + repository: backrest-data-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/bazarr/ExternalSecret-bazarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/bazarr/ExternalSecret-bazarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..97b8a92b5 --- /dev/null +++ b/clusters/cl01tl/manifests/bazarr/ExternalSecret-bazarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: bazarr-config-backup-secret-remote + namespace: bazarr + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: bazarr + app.kubernetes.io/part-of: bazarr + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: bazarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/bazarr/bazarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-external.yaml b/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-external.yaml index 57f5fd48e..ecc6c8e07 100644 --- a/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: bazarr-config trigger: - schedule: 10 9 * * * + schedule: 10 10 * * * restic: pruneIntervalDays: 7 repository: bazarr-config-backup-secret-external diff --git a/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..3a727c44c --- /dev/null +++ b/clusters/cl01tl/manifests/bazarr/ReplicationSource-bazarr-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: bazarr-config-backup-source-remote + namespace: bazarr + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: bazarr + app.kubernetes.io/part-of: bazarr + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: bazarr-config-backup +spec: + sourcePVC: bazarr-config + trigger: + schedule: 10 9 * * * + restic: + pruneIntervalDays: 7 + repository: bazarr-config-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/booklore/ExternalSecret-booklore-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/booklore/ExternalSecret-booklore-config-backup-secret-remote.yaml new file mode 100644 index 000000000..7b3662a94 --- /dev/null +++ b/clusters/cl01tl/manifests/booklore/ExternalSecret-booklore-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: booklore-config-backup-secret-remote + namespace: booklore + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: booklore + app.kubernetes.io/part-of: booklore + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: booklore-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/booklore/booklore-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-external.yaml b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-external.yaml index 603fcb053..273db0cb7 100644 --- a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: booklore-config trigger: - schedule: 12 9 * * * + schedule: 12 10 * * * restic: pruneIntervalDays: 7 repository: booklore-config-backup-secret-external diff --git a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-remote.yaml new file mode 100644 index 000000000..809b649bd --- /dev/null +++ b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: booklore-config-backup-source-remote + namespace: booklore + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: booklore + app.kubernetes.io/part-of: booklore + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: booklore-config-backup +spec: + sourcePVC: booklore-config + trigger: + schedule: 12 9 * * * + restic: + pruneIntervalDays: 7 + repository: booklore-config-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-external.yaml b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-external.yaml index 625e30be4..69e28abba 100644 --- a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: booklore-data trigger: - schedule: 14 9 * * * + schedule: 14 10 * * * restic: pruneIntervalDays: 7 repository: booklore-data-backup-secret-external diff --git a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-remote.yaml index b9e87be96..29b1a1c6a 100644 --- a/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/booklore/ReplicationSource-booklore-data-backup-source-remote.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: booklore-data trigger: - schedule: 14 10 * * * + schedule: 14 9 * * * restic: pruneIntervalDays: 7 repository: booklore-data-backup-secret-remote diff --git a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-config-backup-secret-remote.yaml new file mode 100644 index 000000000..79669c434 --- /dev/null +++ b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: code-server-config-backup-secret-remote + namespace: code-server + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: code-server + app.kubernetes.io/part-of: code-server + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: code-server-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/code-server/code-server-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-external.yaml b/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-external.yaml index 986b19ef0..56fd3af0b 100644 --- a/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: code-server-config trigger: - schedule: 16 9 * * * + schedule: 16 10 * * * restic: pruneIntervalDays: 7 repository: code-server-config-backup-secret-external diff --git a/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-remote.yaml new file mode 100644 index 000000000..8744aa60a --- /dev/null +++ b/clusters/cl01tl/manifests/code-server/ReplicationSource-code-server-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: code-server-config-backup-source-remote + namespace: code-server + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: code-server + app.kubernetes.io/part-of: code-server + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: code-server-config-backup +spec: + sourcePVC: code-server-config + trigger: + schedule: 16 9 * * * + restic: + pruneIntervalDays: 7 + repository: code-server-config-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-remote.yaml new file mode 100644 index 000000000..9d5948700 --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: freshrss-data-backup-secret-remote + namespace: freshrss + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: freshrss + app.kubernetes.io/part-of: freshrss + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: freshrss-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/freshrss/freshrss-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml index 699181716..a0a6c89ee 100644 --- a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: freshrss-data trigger: - schedule: 18 9 * * * + schedule: 18 10 * * * restic: pruneIntervalDays: 7 repository: freshrss-data-backup-secret-external diff --git a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml new file mode 100644 index 000000000..c58f9f79b --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml @@ -0,0 +1,39 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: freshrss-data-backup-source-remote + namespace: freshrss + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: freshrss + app.kubernetes.io/part-of: freshrss + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: freshrss-data-backup +spec: + sourcePVC: freshrss-data + trigger: + schedule: 18 9 * * * + restic: + pruneIntervalDays: 7 + repository: freshrss-data-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + moverSecurityContext: + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 568 + runAsUser: 568 + supplementalGroups: + - 44 + - 100 + - 109 + - 65539 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/gatus/ExternalSecret-gatus-backup-secret-remote.yaml b/clusters/cl01tl/manifests/gatus/ExternalSecret-gatus-backup-secret-remote.yaml new file mode 100644 index 000000000..5a4ebe5a3 --- /dev/null +++ b/clusters/cl01tl/manifests/gatus/ExternalSecret-gatus-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gatus-backup-secret-remote + namespace: gatus + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: gatus + app.kubernetes.io/part-of: gatus + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gatus-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/gatus/gatus" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-external.yaml b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-external.yaml index f1566b567..090323f90 100644 --- a/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-external.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: gatus trigger: - schedule: 22 9 * * * + schedule: 20 10 * * * restic: pruneIntervalDays: 7 repository: gatus-backup-secret-external diff --git a/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-local.yaml b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-local.yaml index 0621a50f4..61e2d83a9 100644 --- a/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-local.yaml @@ -13,7 +13,7 @@ metadata: spec: sourcePVC: gatus trigger: - schedule: 22 8 * * * + schedule: 20 8 * * * restic: pruneIntervalDays: 7 repository: gatus-backup-secret-local diff --git a/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-remote.yaml b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-remote.yaml new file mode 100644 index 000000000..1ba3c523e --- /dev/null +++ b/clusters/cl01tl/manifests/gatus/ReplicationSource-gatus-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: gatus-backup-source-remote + namespace: gatus + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: gatus + app.kubernetes.io/part-of: gatus + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gatus-backup +spec: + sourcePVC: gatus + trigger: + schedule: 20 9 * * * + restic: + pruneIntervalDays: 7 + repository: gatus-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi