From 95f667f4296d4e15f045f5f614d6a310ddf245a2 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 29 Oct 2025 18:43:54 -0500 Subject: [PATCH] migrate to local backups --- .../management/argo-workflows/values.yaml | 3 +- .../komodo/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/management/komodo/values.yaml | 36 ++++++++++++++++-- .../gatus/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/monitoring/gatus/values.yaml | 34 +++++++++++++++-- .../templates/external-secret.yaml | 37 +++++++++++++++++++ .../monitoring/grafana-operator/values.yaml | 34 +++++++++++++++-- .../authentik/templates/external-secret.yaml | 37 +++++++++++++++++++ .../cl01tl/platform/authentik/values.yaml | 32 +++++++++++++++- .../gitea/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/platform/gitea/values.yaml | 32 +++++++++++++++- .../templates/external-secret.yaml | 37 +++++++++++++++++++ .../platform/matrix-synapse/values.yaml | 34 +++++++++++++++-- .../n8n/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/platform/n8n/values.yaml | 34 +++++++++++++++-- .../ollama/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/platform/ollama/values.yaml | 33 ++++++++++++++++- .../stalwart/templates/external-secret.yaml | 37 +++++++++++++++++++ clusters/cl01tl/platform/stalwart/values.yaml | 32 +++++++++++++++- clusters/cl01tl/services/harbor/values.yaml | 34 +++++++++++++++-- 20 files changed, 643 insertions(+), 28 deletions(-) diff --git a/clusters/cl01tl/management/argo-workflows/values.yaml b/clusters/cl01tl/management/argo-workflows/values.yaml index 983fb5c0b..8b7fdd57c 100644 --- a/clusters/cl01tl/management/argo-workflows/values.yaml +++ b/clusters/cl01tl/management/argo-workflows/values.yaml @@ -106,12 +106,13 @@ postgres-17-cluster: destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster index: 1 - retentionPolicy: "2d" + retentionPolicy: "7d" isWALArchiver: false - name: garage-local destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster diff --git a/clusters/cl01tl/management/komodo/templates/external-secret.yaml b/clusters/cl01tl/management/komodo/templates/external-secret.yaml index 52c2d3139..73541fdf6 100644 --- a/clusters/cl01tl/management/komodo/templates/external-secret.yaml +++ b/clusters/cl01tl/management/komodo/templates/external-secret.yaml @@ -77,3 +77,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: komodo-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: komodo-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/management/komodo/values.yaml b/clusters/cl01tl/management/komodo/values.yaml index b315f78fb..a0b5ac4ac 100644 --- a/clusters/cl01tl/management/komodo/values.yaml +++ b/clusters/cl01tl/management/komodo/values.yaml @@ -192,17 +192,45 @@ postgresql-17-fdb-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/komodo/komodo-postgresql-17-fdb-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-fdb-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/komodo/komodo-postgresql-17-fdb-cluster index: 2 - retentionPolicy: "1d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/komodo/komodo-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: komodo-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false - schedule: "0 0 */12 * * *" + schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml b/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml index df3089ee7..5669abdb8 100644 --- a/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml +++ b/clusters/cl01tl/monitoring/gatus/templates/external-secret.yaml @@ -79,3 +79,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gatus-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/monitoring/gatus/values.yaml b/clusters/cl01tl/monitoring/gatus/values.yaml index c0b903f3d..74438d58f 100644 --- a/clusters/cl01tl/monitoring/gatus/values.yaml +++ b/clusters/cl01tl/monitoring/gatus/values.yaml @@ -385,17 +385,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster index: 2 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml b/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml index 3d9b499a8..db74a2440 100644 --- a/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml +++ b/clusters/cl01tl/monitoring/grafana-operator/templates/external-secret.yaml @@ -86,3 +86,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: grafana-operator-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: grafana-operator-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/monitoring/grafana-operator/values.yaml b/clusters/cl01tl/monitoring/grafana-operator/values.yaml index 127e1fe85..0def90db6 100644 --- a/clusters/cl01tl/monitoring/grafana-operator/values.yaml +++ b/clusters/cl01tl/monitoring/grafana-operator/values.yaml @@ -26,17 +26,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster index: 2 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/authentik/templates/external-secret.yaml b/clusters/cl01tl/platform/authentik/templates/external-secret.yaml index c7d2d836d..a7a5e73b9 100644 --- a/clusters/cl01tl/platform/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/authentik/templates/external-secret.yaml @@ -72,3 +72,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: authentik-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/authentik/values.yaml b/clusters/cl01tl/platform/authentik/values.yaml index d07310cf4..568137d1b 100644 --- a/clusters/cl01tl/platform/authentik/values.yaml +++ b/clusters/cl01tl/platform/authentik/values.yaml @@ -64,17 +64,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster index: 1 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml index ddb3076c0..bd9610a22 100644 --- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml @@ -279,3 +279,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gitea-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml index debadf782..51930b571 100644 --- a/clusters/cl01tl/platform/gitea/values.yaml +++ b/clusters/cl01tl/platform/gitea/values.yaml @@ -334,17 +334,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster index: 1 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml index 5764fb233..d3a8c9f91 100644 --- a/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml @@ -442,3 +442,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: matrix-synapse-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/matrix-synapse/values.yaml b/clusters/cl01tl/platform/matrix-synapse/values.yaml index 659bbfefd..f17c6b27a 100644 --- a/clusters/cl01tl/platform/matrix-synapse/values.yaml +++ b/clusters/cl01tl/platform/matrix-synapse/values.yaml @@ -311,17 +311,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster index: 2 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/n8n/templates/external-secret.yaml b/clusters/cl01tl/platform/n8n/templates/external-secret.yaml index 068c708d7..136c7dd02 100644 --- a/clusters/cl01tl/platform/n8n/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/n8n/templates/external-secret.yaml @@ -49,3 +49,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: n8n-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: n8n-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/n8n/values.yaml b/clusters/cl01tl/platform/n8n/values.yaml index 5a5a817ff..5444e8423 100644 --- a/clusters/cl01tl/platform/n8n/values.yaml +++ b/clusters/cl01tl/platform/n8n/values.yaml @@ -327,17 +327,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-17-cluster index: 2 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml index 0c6404968..42036ae77 100644 --- a/clusters/cl01tl/platform/ollama/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/ollama/templates/external-secret.yaml @@ -137,3 +137,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: ollama-web-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/ollama/values.yaml b/clusters/cl01tl/platform/ollama/values.yaml index 001dd6c89..b84d943af 100644 --- a/clusters/cl01tl/platform/ollama/values.yaml +++ b/clusters/cl01tl/platform/ollama/values.yaml @@ -251,17 +251,46 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster index: 1 - retentionPolicy: "2d" + endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml b/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml index 84b8a3865..04bda8915 100644 --- a/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/stalwart/templates/external-secret.yaml @@ -124,3 +124,40 @@ spec: key: /digital-ocean/home-infra/postgres-backups metadataPolicy: None property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-postgresql-17-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stalwart-postgresql-17-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/platform/stalwart/values.yaml b/clusters/cl01tl/platform/stalwart/values.yaml index c84a844b9..8df7a3131 100644 --- a/clusters/cl01tl/platform/stalwart/values.yaml +++ b/clusters/cl01tl/platform/stalwart/values.yaml @@ -68,17 +68,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-17-cluster index: 1 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: stalwart-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote diff --git a/clusters/cl01tl/services/harbor/values.yaml b/clusters/cl01tl/services/harbor/values.yaml index 46d59b0fe..e4cc1f0de 100644 --- a/clusters/cl01tl/services/harbor/values.yaml +++ b/clusters/cl01tl/services/harbor/values.yaml @@ -108,17 +108,45 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster index: 2 - retentionPolicy: "2d" + retentionPolicy: "7d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 scheduledBackups: - name: daily-backup suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote