From a8e3cc0d9c997c34b51bd8e2dc374ba1e6daf0d7 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 11 Mar 2026 23:21:01 +0000 Subject: [PATCH] chore: Update manifests after change --- .../manifests/rclone/CronJob-rclone.yaml | 107 ++++++++++++++++++ ...ExternalSecret-garage-directus-secret.yaml | 49 ++++++++ 2 files changed, 156 insertions(+) create mode 100644 clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml create mode 100644 clusters/cl01tl/manifests/rclone/ExternalSecret-garage-directus-secret.yaml diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml new file mode 100644 index 000000000..4cd735faa --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone.yaml @@ -0,0 +1,107 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: rclone + labels: + app.kubernetes.io/controller: directus-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rclone + helm.sh/chart: rclone-4.6.2 + namespace: rclone +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 0 6 * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: directus-assets + app.kubernetes.io/instance: rclone + app.kubernetes.io/name: rclone + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + containers: + - args: + - sync + - src:directus-assets + - dest:directus-assets + - --s3-no-check-bucket + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-directus-secret + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-directus-secret + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-directus-secret + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + key: SRC_ENDPOINT + name: garage-directus-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-directus-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-directus-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-directus-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-directus-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: main diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-directus-secret.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-directus-secret.yaml new file mode 100644 index 000000000..92d1a2cfe --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-directus-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-directus-secret + namespace: rclone + labels: + app.kubernetes.io/name: garage-directus-secret + app.kubernetes.io/instance: rclone + app.kubernetes.io/part-of: rclone +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/directus-assets + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/directus-assets + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/directus-assets + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT