feat: move rclone to chart and namespace

2026-04-26 13:48:24 -05:00
parent 2e908dac22
commit 8ff42e33b3
4 changed files with 26 additions and 113 deletions
--- a/clusters/cl01tl/helm/karakeep/Chart.yaml
+++ b/clusters/cl01tl/helm/karakeep/Chart.yaml
@@ -15,6 +15,7 @@ sources:
  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
 maintainers:
  - name: alexlebens
 dependencies:
@@ -32,6 +33,10 @@ dependencies:
    alias: volsync-target-data
    version: 1.0.0
    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: rclone-bucket
+    alias: rclone-karakeep-assets-remote
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 0.2.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
 # renovate: datasource=github-releases depName=karakeep-app/karakeep
 appVersion: 0.31.0
--- a/clusters/cl01tl/helm/karakeep/values.yaml
+++ b/clusters/cl01tl/helm/karakeep/values.yaml
@@ -172,3 +172,24 @@ volsync-target-data:
  external:
    enabled: true
    schedule: 30 10 * * *
+rclone-karakeep-assets-remote:
+  cronJob:
+    suspend: false
+    schedule: 10 0 * * *
+  rclone:
+    source:
+      bucketName: karakeep-assets
+    destination:
+      bucketName: karakeep-assets
+  secret:
+    externalSecret:
+      source:
+        credentials:
+          path: /garage/home-infra/karakeep-assets
+        config:
+          path: /garage/config
+      destination:
+        credentials:
+          path: /garage/home-infra/karakeep-assets
+        config:
+          path: /garage/config
--- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml
@@ -1,40 +1,5 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
-metadata:
-  name: garage-karakeep-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: garage-karakeep-secret
-    {{- include "custom.labels" . | nindent 4 }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: openbao
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        key: /garage/home-infra/karakeep-assets
-        property: ACCESS_KEY_ID
-    - secretKey: ACCESS_REGION
-      remoteRef:
-        key: /garage/home-infra/karakeep-assets
-        property: ACCESS_REGION
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        key: /garage/home-infra/karakeep-assets
-        property: ACCESS_SECRET_KEY
-    - secretKey: SRC_ENDPOINT
-      remoteRef:
-        key: /garage/config
-        property: ENDPOINT_LOCAL
-    - secretKey: DEST_ENDPOINT
-      remoteRef:
-        key: /garage/config
-        property: ENDPOINT_REMOTE
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
 metadata:
  name: garage-talos-backups-secret
  namespace: {{ .Release.Namespace }}
--- a/clusters/cl01tl/helm/rclone/values.yaml
+++ b/clusters/cl01tl/helm/rclone/values.yaml
@@ -1,83 +1,5 @@
 rclone:
  controllers:
-    karakeep-assets:
-      type: cronjob
-      cronjob:
-        suspend: false
-        timeZone: America/Chicago
-        schedule: 10 0 * * *
-        backoffLimit: 3
-        parallelism: 1
-      containers:
-        sync:
-          image:
-            repository: rclone/rclone
-            tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
-          args:
-            - sync
-            - src:karakeep-assets
-            - dest:karakeep-assets
-            - --s3-no-check-bucket
-            - --verbose
-          env:
-            - name: RCLONE_S3_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_SRC_TYPE
-              value: s3
-            - name: RCLONE_CONFIG_SRC_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_SRC_ENV_AUTH
-              value: false
-            - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_KEY_ID
-            - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_SECRET_KEY
-            - name: RCLONE_CONFIG_SRC_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_REGION
-            - name: RCLONE_CONFIG_SRC_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: SRC_ENDPOINT
-            - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
-              value: true
-            - name: RCLONE_CONFIG_DEST_TYPE
-              value: s3
-            - name: RCLONE_CONFIG_DEST_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_DEST_ENV_AUTH
-              value: false
-            - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_KEY_ID
-            - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_SECRET_KEY
-            - name: RCLONE_CONFIG_DEST_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: ACCESS_REGION
-            - name: RCLONE_CONFIG_DEST_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: garage-karakeep-secret
-                  key: DEST_ENDPOINT
-            - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
-              value: true
    talos-backups:
      type: cronjob
      cronjob: