change to use restic

2024-07-02 19:10:55 -05:00
parent 10e9981898
commit bc19ec1f38
2 changed files with 108 additions and 19 deletions
--- a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml
@@ -1,10 +1,10 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: rclone-backup-secret
+  name: audiobookshelf-config-backup-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: rclone-backup-secret
+    app.kubernetes.io/name: audiobookshelf-config-backup-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: backup
@@ -13,11 +13,90 @@ spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
+  target:
+    name: RESTIC_REPOSITORY
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-config"
  data:
-    - secretKey: rclone.conf
+    - secretKey: bucketEndpoint
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/volsync/rclone/config
+        key: /cl01tl/volsync/restic/config
        metadataPolicy: None
-        property: rclone.conf
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: secret_key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: audiobookshelf-config-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: audiobookshelf-config-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: RESTIC_REPOSITORY
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-metadata"
+  data:
+    - secretKey: bucketEndpoint
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: secret_key
--- a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml
@@ -1,10 +1,10 @@
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: audiobookshelf-config-source
+  name: audiobookshelf-config-backup-source
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-config-source
+    app.kubernetes.io/name: audiobookshelf-config-backup-source
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: backup
@@ -12,11 +12,16 @@ metadata:
 spec:
  sourcePVC: audiobookshelf-config
  trigger:
-    schedule: "*/10 * * * *"
-  rclone:
-    rcloneConfigSection: aws-s3-bucket
-    rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-config
-    rcloneConfig: rclone-backup-secret
+    schedule: 0 */6 * * *
+  restic:
+    pruneIntervalDays: 14
+    repository: restic-backup-secret
+    retain:
+      hourly: 1
+      daily: 1
+      weekly: 7
+      monthly: 4
+      yearly: 1
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -25,10 +30,10 @@ spec:
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: audiobookshelf-metadata-source
+  name: audiobookshelf-metadata-backup-source
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-metadata-source
+    app.kubernetes.io/name: audiobookshelf-metadata-backup-source
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: backup
@@ -36,11 +41,16 @@ metadata:
 spec:
  sourcePVC: audiobookshelf-metadata
  trigger:
-    schedule: "*/10 * * * *"
-  rclone:
-    rcloneConfigSection: aws-s3-bucket
-    rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-metadata
-    rcloneConfig: rclone-backup-secret
+    schedule: 0 */6 * * *
+  restic:
+    pruneIntervalDays: 14
+    repository: restic-backup-secret
+    retain:
+      hourly: 1
+      daily: 1
+      weekly: 7
+      monthly: 4
+      yearly: 1
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot