From 85aff4c3b0b354d299cd05f8521141c948d39590 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Tue, 7 Apr 2026 02:33:46 +0000 Subject: [PATCH] chore: Update manifests after change --- ...utrix-whatsapp-backup-source-external.yaml | 3 + ...-mautrix-whatsapp-backup-source-local.yaml | 3 + ...mautrix-whatsapp-backup-source-remote.yaml | 3 + .../Deployment-operator.yaml | 4 +- .../ExternalSecret-operator-oauth.yaml | 6 - .../talos/ConfigMap-talos-prune-script.yaml | 137 ++++++++++++------ .../talos/CronJob-etcd-defrag-defrag-1.yaml | 7 +- .../talos/CronJob-etcd-defrag-defrag-2.yaml | 7 +- .../talos/CronJob-etcd-defrag-defrag-3.yaml | 7 +- .../talos/CronJob-talos-external.yaml | 10 +- .../manifests/talos/CronJob-talos-local.yaml | 10 +- .../manifests/talos/CronJob-talos-remote.yaml | 12 +- ...ternalSecret-talos-backup-ntfy-secret.yaml | 9 -- ...ret-talos-etcd-backup-external-secret.yaml | 15 -- ...Secret-talos-etcd-backup-local-secret.yaml | 15 -- ...ecret-talos-etcd-backup-remote-secret.yaml | 15 -- ...ternalSecret-talos-etcd-defrag-secret.yaml | 3 - .../vault/CronJob-vault-snapshot.yaml | 3 - 18 files changed, 125 insertions(+), 144 deletions(-) diff --git a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-external.yaml b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-external.yaml index e62aa025c..25e420611 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-external.yaml @@ -23,6 +23,9 @@ spec: monthly: 3 weekly: 4 yearly: 1 + moverSecurityContext: + runAsGroup: 1337 + runAsUser: 1337 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-local.yaml b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-local.yaml index cd4b2656c..6258f311a 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-local.yaml @@ -23,6 +23,9 @@ spec: monthly: 3 weekly: 4 yearly: 1 + moverSecurityContext: + runAsGroup: 1337 + runAsUser: 1337 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-remote.yaml b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-remote.yaml index a6d52a31a..490aaa1b5 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-backup-source-remote.yaml @@ -23,6 +23,9 @@ spec: monthly: 3 weekly: 4 yearly: 1 + moverSecurityContext: + runAsGroup: 1337 + runAsUser: 1337 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/tailscale-operator/Deployment-operator.yaml b/clusters/cl01tl/manifests/tailscale-operator/Deployment-operator.yaml index 217b9e0c3..b34d1c99f 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/Deployment-operator.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/Deployment-operator.yaml @@ -22,7 +22,7 @@ spec: secretName: operator-oauth containers: - name: operator - image: tailscale/k8s-operator:v1.94.2 + image: tailscale/k8s-operator@sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067 imagePullPolicy: Always env: - name: OPERATOR_INITIAL_TAGS @@ -46,7 +46,7 @@ spec: - name: CLIENT_SECRET_FILE value: /oauth/client_secret - name: PROXY_IMAGE - value: tailscale/tailscale:v1.94.2 + value: tailscale/tailscale@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 - name: PROXY_TAGS value: tag:k8s - name: APISERVER_PROXY diff --git a/clusters/cl01tl/manifests/tailscale-operator/ExternalSecret-operator-oauth.yaml b/clusters/cl01tl/manifests/tailscale-operator/ExternalSecret-operator-oauth.yaml index c378443fc..8744b4f9c 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/ExternalSecret-operator-oauth.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/ExternalSecret-operator-oauth.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: client_id remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /tailscale/k8s-operator - metadataPolicy: None property: clientId - secretKey: client_secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /tailscale/k8s-operator - metadataPolicy: None property: clientSecret diff --git a/clusters/cl01tl/manifests/talos/ConfigMap-talos-prune-script.yaml b/clusters/cl01tl/manifests/talos/ConfigMap-talos-prune-script.yaml index 13a872c2d..d8322fbcc 100644 --- a/clusters/cl01tl/manifests/talos/ConfigMap-talos-prune-script.yaml +++ b/clusters/cl01tl/manifests/talos/ConfigMap-talos-prune-script.yaml @@ -12,91 +12,138 @@ data: DATE_RANGE=$(date -d @$(( $(date +%s) - $DATE_RANGE_SECONDS )) +%Y-%m-%dT%H:%M:%SZ); FILE_MATCH="${BUCKET}/cl01tl/etcd/cl01tl-${DATE_RANGE}.snap.age"; ERROR=false; + MESSAGE=""; - echo " "; + echo ""; echo ">> Running S3 prune for Talos backup repository ${TARGET} ..."; - echo " "; + echo ""; echo ">> Configured Date Range is $(date -u -d @${DATE_RANGE_SECONDS} +"%j days, %H hours, %M minutes")"; echo ">> Backups prior to '$DATE_RANGE' will be removed"; + echo ""; + FILES=$(s3cmd ls --no-check-certificate ${BUCKET}/cl01tl/etcd/ | awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'); if [ $? -ne 0 ]; then - ERROR=true; - echo " "; + echo ""; echo ">> Detected error, will send message to ntfy"; + + ERROR=true; + MESSAGE="Error collecting files to delete from '${TARGET}'"; + elif [ -n "${FILES}" ]; then - echo " "; + echo ""; echo ">> Backups to be removed:"; - echo "$FILES" - echo " "; + echo ""; + echo "$FILES"; + echo ""; echo ">> Deleting ..."; - $FILES | while read file; do - s3cmd del --no-check-certificate -v "$file"; + + for file in $FILES; do + s3cmd del --no-check-certificate -v "${file}"; + if [ $? -ne 0 ]; then - ERROR=true; echo ">> Detected error, will send message to ntfy"; + + ERROR=true; + MESSAGE="Error deleting file from '${TARGET}'"; + fi; done; + else - echo " "; + echo ""; echo ">> No backups to remove"; + + exit 0; + fi; - if [ "$ERROR" = "true" ]; then + MAX_RETRIES=5; + SUCCESS=false; - MAX_RETRIES=5; - SUCCESS=false; + echo ""; + echo ">> Sending message to ntfy using curl ..."; - echo " "; - echo ">> Sending message to ntfy using curl ..."; + echo ""; + echo ">> Verifying required commands ..."; - echo " "; - echo ">> Verifying required commands ..."; + for i in $(seq 1 "$MAX_RETRIES"); do + if apk update >/dev/null 2>&1; then + echo ">> Attempt $i: Repositories are reachable"; - for i in $(seq 1 "$MAX_RETRIES"); do - if apk update 2>&1 >/dev/null; then - echo ">> Attempt $i: Repositories are reachable"; - SUCCESS=true; - break; - else - echo ">> Attempt $i: Connection failed, retrying in 5 seconds ..."; - sleep 5; - fi; - done; + SUCCESS=true; - if [ "$SUCCESS" = false ]; then - echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ..."; - exit 1; - fi + break; + + else + echo ">> Attempt $i: Connection failed, retrying in 5 seconds ..."; + + sleep 5; - if ! command -v curl 2>&1 >/dev/null; then - echo ">> Command curl could not be found, installing"; - apk add --no-cache -q curl; - if [ $? -eq 0 ]; then - echo ">> Installation successful"; - else - echo ">> Installation failed with exit code $?"; - exit 1; - fi; fi; + done; - echo " "; - echo ">> Sending to NTFY ..."; + if [ "$SUCCESS" = false ]; then + echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ..."; + + exit 1; + + fi + + if ! command -v curl >/dev/null 2>&1; then + echo ">> Command curl could not be found, installing"; + + apk add --no-cache -q curl; + + if [ $? -eq 0 ]; then + echo ">> Installation successful"; + + else + echo ">> Installation failed with exit code $?"; + + exit 1; + + fi; + fi; + + echo ""; + echo ">> Sending to NTFY ..."; + + if [ "$ERROR" = "true" ]; then HTTP_STATUS=$(curl \ --silent \ --write-out '%{http_code}' \ -H "Authorization: Bearer ${NTFY_TOKEN}" \ -H "X-Priority: 5" \ -H "X-Tags: warning" \ - -H "X-Title: Talos Backup Failed for ${TARGET}" \ + -H "X-Title: Talos Backup Prune Failed for ${TARGET}" \ -d "$MESSAGE" \ ${NTFY_ENDPOINT}/${NTFY_TOPIC} ); + + echo ">> HTTP Status Code: $HTTP_STATUS"; + + exit 1; + + else + MESSAGE="Pruned $(echo "$FILES" | wc -l) files" + + HTTP_STATUS=$(curl \ + --silent \ + --write-out '%{http_code}' \ + -H "Authorization: Bearer ${NTFY_TOKEN}" \ + -H "X-Priority: 5" \ + -H "X-Tags: warning" \ + -H "X-Title: Talos Backup Prune Success for ${TARGET}" \ + -d "$MESSAGE" \ + ${NTFY_ENDPOINT}/${NTFY_TOPIC} + ); + echo ">> HTTP Status Code: $HTTP_STATUS"; fi; - echo " "; + echo ""; echo ">> Completed S3 prune for Talos backup repository ${TARGET}"; diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml index 37fd25e60..674da173f 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml @@ -12,8 +12,8 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "0 0 * * 0" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -51,8 +51,7 @@ spec: env: - name: TALOSCONFIG value: /tmp/.talos/config - image: ghcr.io/siderolabs/talosctl:v1.12.6 - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talosctl:v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 name: main volumeMounts: - mountPath: /tmp/.talos/config diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml index 412343117..b16df8f4b 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml @@ -12,8 +12,8 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "10 0 * * 0" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -51,8 +51,7 @@ spec: env: - name: TALOSCONFIG value: /tmp/.talos/config - image: ghcr.io/siderolabs/talosctl:v1.12.6 - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talosctl:v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 name: main volumeMounts: - mountPath: /tmp/.talos/config diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml index 2c2c05fa6..16b594950 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml @@ -12,8 +12,8 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "20 0 * * 0" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -51,8 +51,7 @@ spec: env: - name: TALOSCONFIG value: /tmp/.talos/config - image: ghcr.io/siderolabs/talosctl:v1.12.6 - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talosctl:v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 name: main volumeMounts: - mountPath: /tmp/.talos/config diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml index 949d25a7c..97163f2e9 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml @@ -12,8 +12,8 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "0 4 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -73,8 +73,7 @@ spec: name: talos-etcd-backup-external-secret - name: USE_PATH_STYLE value: "false" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 name: backup securityContext: allowPrivilegeEscalation: false @@ -111,8 +110,7 @@ spec: name: talos-etcd-backup-external-secret - secretRef: name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent + image: d3fk/s3cmd:latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 name: s3-prune volumeMounts: - mountPath: /scripts/prune.sh diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml index bc696732b..52f66bbaa 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml @@ -12,8 +12,8 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "0 2 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -73,8 +73,7 @@ spec: name: talos-etcd-backup-local-secret - name: USE_PATH_STYLE value: "false" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 name: backup securityContext: allowPrivilegeEscalation: false @@ -111,8 +110,7 @@ spec: name: talos-etcd-backup-local-secret - secretRef: name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent + image: d3fk/s3cmd:latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 name: s3-prune volumeMounts: - mountPath: /scripts/prune.sh diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml index 1223830a7..13e7f12e2 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml @@ -10,10 +10,10 @@ metadata: helm.sh/chart: etcd-backup-4.6.2 namespace: talos spec: - suspend: true + suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "0 3 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -73,8 +73,7 @@ spec: name: talos-etcd-backup-remote-secret - name: USE_PATH_STYLE value: "false" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 - imagePullPolicy: IfNotPresent + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 name: backup securityContext: allowPrivilegeEscalation: false @@ -111,8 +110,7 @@ spec: name: talos-etcd-backup-remote-secret - secretRef: name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent + image: d3fk/s3cmd:latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 name: s3-prune volumeMounts: - mountPath: /scripts/prune.sh diff --git a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-backup-ntfy-secret.yaml b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-backup-ntfy-secret.yaml index 8c1ddad52..396e672aa 100644 --- a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-backup-ntfy-secret.yaml +++ b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-backup-ntfy-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: NTFY_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: token - secretKey: NTFY_ENDPOINT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: endpoint - secretKey: NTFY_TOPIC remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/talos/etcd-backup - metadataPolicy: None property: NTFY_TOPIC diff --git a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-external-secret.yaml b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-external-secret.yaml index 6d988befe..0c81d8549 100644 --- a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-external-secret.yaml +++ b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-external-secret.yaml @@ -14,36 +14,21 @@ spec: data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None property: AWS_SECRET_ACCESS_KEY - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None property: s3cfg - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/etcd-backup - metadataPolicy: None property: BUCKET - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/talos/etcd-backup - metadataPolicy: None property: AGE_X25519_PUBLIC_KEY diff --git a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-local-secret.yaml b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-local-secret.yaml index b54660cd5..6ae33cb10 100644 --- a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-local-secret.yaml +++ b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-local-secret.yaml @@ -14,36 +14,21 @@ spec: data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: s3cfg-local - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: BUCKET - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/talos/etcd-backup - metadataPolicy: None property: AGE_X25519_PUBLIC_KEY diff --git a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-remote-secret.yaml b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-remote-secret.yaml index 24212870e..52819ba43 100644 --- a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-remote-secret.yaml +++ b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-backup-remote-secret.yaml @@ -14,36 +14,21 @@ spec: data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: s3cfg-remote - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/talos-backups - metadataPolicy: None property: BUCKET - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/talos/etcd-backup - metadataPolicy: None property: AGE_X25519_PUBLIC_KEY diff --git a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-defrag-secret.yaml b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-defrag-secret.yaml index 034ef17a1..57cf62745 100644 --- a/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-defrag-secret.yaml +++ b/clusters/cl01tl/manifests/talos/ExternalSecret-talos-etcd-defrag-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: config remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/talos/etcd-defrag - metadataPolicy: None property: config diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index 442cc100d..2bcb4b0ea 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -75,7 +75,6 @@ spec: - secretRef: name: vault-backup-ntfy-secret image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent name: s3-backup-external volumeMounts: - mountPath: /opt/backup @@ -105,7 +104,6 @@ spec: - secretRef: name: vault-backup-ntfy-secret image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent name: s3-backup-local volumeMounts: - mountPath: /opt/backup @@ -135,7 +133,6 @@ spec: - secretRef: name: vault-backup-ntfy-secret image: d3fk/s3cmd:latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be - imagePullPolicy: IfNotPresent name: s3-backup-remote volumeMounts: - mountPath: /opt/backup