From f0416ad5f2e62aaa8bf3b551dfbf966a0c55324b Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 26 Apr 2026 14:21:37 -0500 Subject: [PATCH] feat: migrate to new chart --- .../cl01tl/helm/cloudnative-pg/Chart.yaml | 9 + .../cl01tl/helm/cloudnative-pg/values.yaml | 57 +++ clusters/cl01tl/helm/directus/Chart.yaml | 2 +- clusters/cl01tl/helm/karakeep/Chart.yaml | 2 +- clusters/cl01tl/helm/ntfy/Chart.yaml | 3 +- clusters/cl01tl/helm/openbao/Chart.yaml | 9 + clusters/cl01tl/helm/openbao/values.yaml | 50 +++ clusters/cl01tl/helm/rclone/Chart.yaml | 8 +- .../rclone/templates/external-secret.yaml | 130 ------- clusters/cl01tl/helm/rclone/values.yaml | 352 ------------------ 10 files changed, 130 insertions(+), 492 deletions(-) delete mode 100644 clusters/cl01tl/helm/rclone/templates/external-secret.yaml diff --git a/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml b/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml index 913f90db5..f696b2d40 100644 --- a/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml +++ b/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml @@ -13,6 +13,7 @@ sources: - https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket maintainers: - name: alexlebens dependencies: @@ -22,6 +23,14 @@ dependencies: - name: plugin-barman-cloud version: 0.6.0 repository: https://cloudnative-pg.io/charts/ + - name: rclone-bucket + alias: rclone-postgres-backups-remote + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.4.1 + - name: rclone-bucket + alias: rclone-postgres-backups-external + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.4.1 icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg appVersion: 1.29.0 diff --git a/clusters/cl01tl/helm/cloudnative-pg/values.yaml b/clusters/cl01tl/helm/cloudnative-pg/values.yaml index 75f1099c7..bd7510afa 100644 --- a/clusters/cl01tl/helm/cloudnative-pg/values.yaml +++ b/clusters/cl01tl/helm/cloudnative-pg/values.yaml @@ -14,3 +14,60 @@ plugin-barman-cloud: requests: cpu: 1m memory: 20Mi +rclone-postgres-backups-remote: + cronJob: + suspend: false + schedule: 0 1 * * * + rclone: + source: + bucketName: postgres-backups + destination: + bucketName: postgres-backups + prune: + enabled: true + ageToPrune: 45d + include: "/cl01tl/*/*/*/base/**" + exclude: "**/walls/**" + secret: + externalSecret: + source: + credentials: + path: /garage/home-infra/postgres-backups + config: + path: /garage/config + destination: + credentials: + path: /garage/home-infra/postgres-backups + config: + path: /garage/config +rclone-postgres-backups-external: + cronJob: + suspend: true + schedule: 20 1 * * * + rclone: + source: + bucketName: openbao-backups + destination: + bucketName: postgres-backups-ecc1010276b61716 + providerType: DigitalOcean + prune: + enabled: true + ageToPrune: 45d + include: "/cl01tl/*/*/*/base/**" + exclude: "**/walls/**" + secret: + externalSecret: + source: + credentials: + path: /garage/home-infra/postgres-backups + config: + path: /garage/config + destination: + credentials: + path: /digital-ocean/home-infra/postgres-backups + keyIdProperty: AWS_ACCESS_KEY_ID + secretKeyProperty: AWS_SECRET_ACCESS_KEY + regionProperty: AWS_REGION + config: + path: /digital-ocean/config + endpointProperty: ENDPOINT diff --git a/clusters/cl01tl/helm/directus/Chart.yaml b/clusters/cl01tl/helm/directus/Chart.yaml index d0cf0f4f3..9d1c296c3 100644 --- a/clusters/cl01tl/helm/directus/Chart.yaml +++ b/clusters/cl01tl/helm/directus/Chart.yaml @@ -31,7 +31,7 @@ dependencies: - name: rclone-bucket alias: rclone-directus-assets-remote repository: oci://harbor.alexlebens.net/helm-charts - version: 0.2.0 + version: 0.4.1 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png # renovate: datasource=github-releases depName=directus/directus appVersion: 11.17.3 diff --git a/clusters/cl01tl/helm/karakeep/Chart.yaml b/clusters/cl01tl/helm/karakeep/Chart.yaml index 336f5cf00..644ac5ff8 100644 --- a/clusters/cl01tl/helm/karakeep/Chart.yaml +++ b/clusters/cl01tl/helm/karakeep/Chart.yaml @@ -36,7 +36,7 @@ dependencies: - name: rclone-bucket alias: rclone-karakeep-assets-remote repository: oci://harbor.alexlebens.net/helm-charts - version: 0.2.0 + version: 0.4.1 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png # renovate: datasource=github-releases depName=karakeep-app/karakeep appVersion: 0.31.0 diff --git a/clusters/cl01tl/helm/ntfy/Chart.yaml b/clusters/cl01tl/helm/ntfy/Chart.yaml index feb05a0ec..83538f685 100644 --- a/clusters/cl01tl/helm/ntfy/Chart.yaml +++ b/clusters/cl01tl/helm/ntfy/Chart.yaml @@ -10,6 +10,7 @@ sources: - https://github.com/binwiederhier/ntfy - https://hub.docker.com/r/binwiederhier/ntfy - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket maintainers: - name: alexlebens dependencies: @@ -24,7 +25,7 @@ dependencies: - name: rclone-bucket alias: rclone-ntfy-attachments-remote repository: oci://harbor.alexlebens.net/helm-charts - version: 0.2.0 + version: 0.4.1 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png # renovate: datasource=github-releases depName=binwiederhier/ntfy appVersion: 2.22.0 diff --git a/clusters/cl01tl/helm/openbao/Chart.yaml b/clusters/cl01tl/helm/openbao/Chart.yaml index 756206d40..87c0acb67 100644 --- a/clusters/cl01tl/helm/openbao/Chart.yaml +++ b/clusters/cl01tl/helm/openbao/Chart.yaml @@ -15,6 +15,7 @@ sources: - https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal - https://github.com/openbao/openbao-helm/tree/main/charts/openbao - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket maintainers: - name: alexlebens dependencies: @@ -25,6 +26,14 @@ dependencies: alias: unseal repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 + - name: rclone-bucket + alias: rclone-openbao-backups-remote + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.4.1 + - name: rclone-bucket + alias: rclone-openbao-backups-external + repository: oci://harbor.alexlebens.net/helm-charts + version: 0.4.1 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png # renovate: datasource=github-releases depName=openbao/openbao appVersion: v2.5.3 diff --git a/clusters/cl01tl/helm/openbao/values.yaml b/clusters/cl01tl/helm/openbao/values.yaml index df3fc92ea..721d8821a 100644 --- a/clusters/cl01tl/helm/openbao/values.yaml +++ b/clusters/cl01tl/helm/openbao/values.yaml @@ -207,3 +207,53 @@ unseal: requests: cpu: 1m memory: 10Mi +rclone-openbao-backups-remote: + cronJob: + suspend: false + schedule: 0 1 * * * + rclone: + source: + bucketName: openbao-backups + destination: + bucketName: openbao-backups + prune: + enabled: true + ageToPrune: 90d + secret: + externalSecret: + source: + credentials: + path: /garage/home-infra/openbao-backups + config: + path: /garage/config + destination: + credentials: + path: /garage/home-infra/openbao-backups + config: + path: /garage/config +rclone-openbao-backups-external: + cronJob: + suspend: false + schedule: 10 1 * * * + rclone: + source: + bucketName: openbao-backups + destination: + bucketName: openbao-backups-6e088aad5fad110b + providerType: DigitalOcean + prune: + enabled: true + ageToPrune: 90d + secret: + externalSecret: + source: + credentials: + path: /garage/home-infra/openbao-backups + config: + path: /garage/config + destination: + credentials: + path: /digital-ocean/home-infra/openbao-backups + config: + path: /digital-ocean/config + endpointProperty: ENDPOINT diff --git a/clusters/cl01tl/helm/rclone/Chart.yaml b/clusters/cl01tl/helm/rclone/Chart.yaml index 5db5a9ef3..a64f5091e 100644 --- a/clusters/cl01tl/helm/rclone/Chart.yaml +++ b/clusters/cl01tl/helm/rclone/Chart.yaml @@ -9,20 +9,14 @@ keywords: home: https://docs.alexlebens.dev/applications/rclone/ sources: - https://github.com/rclone/rclone - - https://hub.docker.com/r/rclone/rclone - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket maintainers: - name: alexlebens dependencies: - - name: app-template - alias: rclone - repository: https://bjw-s-labs.github.io/helm-charts/ - version: 4.6.2 - name: rclone-bucket alias: rclone-web-assets-remote repository: oci://harbor.alexlebens.net/helm-charts - version: 0.2.0 + version: 0.4.1 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png # renovate: datasource=github-releases depName=rclone/rclone appVersion: v1.73.5 diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml deleted file mode 100644 index 0b1920d07..000000000 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-talos-backups-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-talos-backups-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/talos-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/talos-backups - property: ACCESS_REGION - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/talos-backups - property: ACCESS_SECRET_KEY - - secretKey: SRC_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL - - secretKey: DEST_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-postgres-backups-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-postgres-backups-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_REGION - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_SECRET_KEY - - secretKey: SRC_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL - - secretKey: DEST_ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: garage-openbao-backups-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: garage-openbao-backups-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/openbao-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/openbao-backups - property: ACCESS_REGION - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/openbao-backups - property: ACCESS_SECRET_KEY - - secretKey: ENDPOINT_LOCAL - remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL - - secretKey: ENDPOINT_REMOTE - remoteRef: - key: /garage/config - property: ENDPOINT_REMOTE - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: external-openbao-backups-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: external-openbao-backups-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_REGION - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ACCESS_REGION - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/helm/rclone/values.yaml b/clusters/cl01tl/helm/rclone/values.yaml index 060285c90..c1a4e2efb 100644 --- a/clusters/cl01tl/helm/rclone/values.yaml +++ b/clusters/cl01tl/helm/rclone/values.yaml @@ -1,125 +1,5 @@ rclone: controllers: - talos-backups: - type: cronjob - cronjob: - suspend: false - timeZone: America/Chicago - schedule: 20 0 * * * - backoffLimit: 3 - parallelism: 1 - containers: - sync: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - sync - - src:talos-backups - - dest:talos-backups - - --s3-no-check-bucket - - --max-age - - 90d - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: false - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: SRC_ENDPOINT - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: DEST_ENDPOINT - - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE - value: true - prune: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - delete - - dest:talos-backups - - --min-age - - 90d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-talos-backups-secret - key: DEST_ENDPOINT - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - postgres-backups: type: cronjob cronjob: @@ -243,238 +123,6 @@ rclone: key: DEST_ENDPOINT - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: true - openbao-backups-remote: - type: cronjob - cronjob: - suspend: false - timeZone: America/Chicago - schedule: 0 1 * * * - backoffLimit: 3 - parallelism: 1 - containers: - sync: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - sync - - src:openbao-backups - - dest:openbao-backups - - --s3-no-check-bucket - - --max-age - - 90d - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: false - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ENDPOINT_LOCAL - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ENDPOINT_REMOTE - - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE - value: true - prune: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - delete - - dest:openbao-backups - - --min-age - - 90d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: Other - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ENDPOINT_REMOTE - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - openbao-backups-external: - type: cronjob - cronjob: - suspend: false - timeZone: America/Chicago - schedule: 10 1 * * * - backoffLimit: 3 - parallelism: 1 - containers: - sync: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - sync - - src:openbao-backups - - dest:openbao-backups-6e088aad5fad110b - - --s3-no-check-bucket - - --max-age - - 90d - - --verbose - env: - - name: RCLONE_S3_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_TYPE - value: s3 - - name: RCLONE_CONFIG_SRC_PROVIDER - value: Other - - name: RCLONE_CONFIG_SRC_ENV_AUTH - value: false - - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_SRC_REGION - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_SRC_ENDPOINT - valueFrom: - secretKeyRef: - name: garage-openbao-backups-secret - key: ENDPOINT_LOCAL - - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE - value: true - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: DigitalOcean - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE - value: true - prune: - image: - repository: rclone/rclone - tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96 - args: - - delete - - dest:openbao-backups-6e088aad5fad110b - - --min-age - - 90d - - --verbose - env: - - name: RCLONE_CONFIG_DEST_TYPE - value: s3 - - name: RCLONE_CONFIG_DEST_PROVIDER - value: DigitalOcean - - name: RCLONE_CONFIG_DEST_ENV_AUTH - value: false - - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_KEY_ID - - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_SECRET_KEY - - name: RCLONE_CONFIG_DEST_REGION - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ACCESS_REGION - - name: RCLONE_CONFIG_DEST_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE - value: true rclone-web-assets-remote: cronJob: suspend: false