add local backups

2025-11-17 16:03:47 -06:00
parent 9d51efc2be
commit 977061ea51
2 changed files with 59 additions and 10 deletions
--- a/clusters/cl01tl/applications/booklore/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/booklore/templates/external-secret.yaml
@@ -81,10 +81,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: booklore-mariadb-cluster-backup-secret
+  name: booklore-mariadb-cluster-backup-secret-external
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret
+    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -92,17 +92,47 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: access-key-id
+    - secretKey: access
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/mariadb-backups
        metadataPolicy: None
        property: access
-    - secretKey: secret-access-key
+    - secretKey: secret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/mariadb-backups
        metadataPolicy: None
        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-mariadb-cluster-backup-secret-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: access
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: secret
--- a/clusters/cl01tl/applications/booklore/values.yaml
+++ b/clusters/cl01tl/applications/booklore/values.yaml
@@ -103,9 +103,9 @@ mariadb-cluster:
      requeueInterval: 10h
      retryInterval: 30s
  physicalBackups:
-    - name: backup
+    - name: backup-external
      schedule:
-        cron: "0 0 * * *"
+        cron: "0 0 * * 0"
        suspend: true
        immediate: true
      compression: gzip
@@ -117,8 +117,27 @@ mariadb-cluster:
          endpoint: nyc3.digitaloceanspaces.com
          region: us-east-1
          accessKeyIdSecretKeyRef:
-            name: booklore-mariadb-cluster-backup-secret
-            key: access-key-id
+            name: booklore-mariadb-cluster-backup-secret-external
+            key: access
          secretAccessKeySecretKeyRef:
-            name: booklore-mariadb-cluster-backup-secret
-            key: secret-access-key
+            name: booklore-mariadb-cluster-backup-secret-external
+            key: secret
+    - name: backup-garage
+      schedule:
+        cron: "0 0 * * *"
+        suspend: false
+        immediate: true
+      compression: gzip
+      maxRetention: 360h
+      storage:
+        s3:
+          bucket: mariadb-backups
+          prefix: cl01tl
+          endpoint: garage-main.garage:3900
+          region: us-east-1
+          accessKeyIdSecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-garage
+            key: access
+          secretAccessKeySecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-garage
+            key: secret