From bc19ec1f38c4dd593ff424a6ace56e4782a3bdef Mon Sep 17 00:00:00 2001 From: alexlebens Date: Tue, 2 Jul 2024 19:10:55 -0500 Subject: [PATCH] change to use restic --- .../templates/external-secret.yaml | 89 +++++++++++++++++-- .../templates/replication-source.yaml | 38 +++++--- 2 files changed, 108 insertions(+), 19 deletions(-) diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml index 654790e03..d87e1e324 100644 --- a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml @@ -1,10 +1,10 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: rclone-backup-secret + name: audiobookshelf-config-backup-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: rclone-backup-secret + app.kubernetes.io/name: audiobookshelf-config-backup-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: backup @@ -13,11 +13,90 @@ spec: secretStoreRef: kind: ClusterSecretStore name: vault + target: + name: RESTIC_REPOSITORY + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-config" data: - - secretKey: rclone.conf + - secretKey: bucketEndpoint remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/rclone/config + key: /cl01tl/volsync/restic/config metadataPolicy: None - property: rclone.conf + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: audiobookshelf-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: audiobookshelf-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + name: RESTIC_REPOSITORY + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-metadata" + data: + - secretKey: bucketEndpoint + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml b/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml index 66ae1c607..33e787aed 100644 --- a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml +++ b/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml @@ -1,10 +1,10 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: audiobookshelf-config-source + name: audiobookshelf-config-backup-source namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-config-source + app.kubernetes.io/name: audiobookshelf-config-backup-source app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: backup @@ -12,11 +12,16 @@ metadata: spec: sourcePVC: audiobookshelf-config trigger: - schedule: "*/10 * * * *" - rclone: - rcloneConfigSection: aws-s3-bucket - rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-config - rcloneConfig: rclone-backup-secret + schedule: 0 */6 * * * + restic: + pruneIntervalDays: 14 + repository: restic-backup-secret + retain: + hourly: 1 + daily: 1 + weekly: 7 + monthly: 4 + yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot @@ -25,10 +30,10 @@ spec: apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: audiobookshelf-metadata-source + name: audiobookshelf-metadata-backup-source namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: audiobookshelf-metadata-source + app.kubernetes.io/name: audiobookshelf-metadata-backup-source app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: backup @@ -36,11 +41,16 @@ metadata: spec: sourcePVC: audiobookshelf-metadata trigger: - schedule: "*/10 * * * *" - rclone: - rcloneConfigSection: aws-s3-bucket - rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-metadata - rcloneConfig: rclone-backup-secret + schedule: 0 */6 * * * + restic: + pruneIntervalDays: 14 + repository: restic-backup-secret + retain: + hourly: 1 + daily: 1 + weekly: 7 + monthly: 4 + yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot