alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

feat: add s3 and init postgres
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m2s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 44s
Details
render-manifests / render-manifests (pull_request) Successful in 1m34s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-04 19:20:43 -05:00
parent 9d3a39bfe3
commit b405bb8976
6 changed files with 200 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
clusters/cl01tl/helm/rclone/templates/external-secret.yaml
View File

@@ -251,3 +251,54 @@ spec:
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-ntfy-attachments-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ntfy-attachments-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT

83
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -503,3 +503,86 @@ rclone:
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
ntfy-attachments:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:ntfy-attachments
- dest:ntfy-attachments
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-ntfy-attachments-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true