From bdc793cc2d01743eababce1f59f5dc869ec4c59c Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 11 Mar 2026 23:51:50 +0000 Subject: [PATCH] Automated Manifest Update (#4657) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4657 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../CronJob-rclone-postgres-backups.yaml | 151 ++++++++++++++++++ ...Secret-garage-postgres-backups-secret.yaml | 49 ++++++ 2 files changed, 200 insertions(+) create mode 100644 clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml create mode 100644 clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml diff --git a/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml b/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml new file mode 100644 index 000000000..3ba5dc1f8 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/CronJob-rclone-postgres-backups.yaml @@ -0,0 +1,151 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: rclone-postgres-backups + labels: + app.kubernetes.io/controller: postgres-backups + app.kubernetes.io/instance: rclone + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rclone + helm.sh/chart: rclone-4.6.2 + namespace: rclone +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "40 0 * * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: postgres-backups + app.kubernetes.io/instance: rclone + app.kubernetes.io/name: rclone + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + containers: + - args: + - delete + - dest:postgres-backups + - --min-age + - 30d + - --verbose + env: + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: prune + - args: + - sync + - src:postgres-backups + - dest:postgres-backups + - --s3-no-check-bucket + - --max-age + - 30d + - --include + - /cl01tl/*/*/*/base/** + - --exclude + - '**/walls/**' + - --verbose + env: + - name: RCLONE_S3_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_TYPE + value: s3 + - name: RCLONE_CONFIG_SRC_PROVIDER + value: Other + - name: RCLONE_CONFIG_SRC_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_ENDPOINT + valueFrom: + secretKeyRef: + key: SRC_ENDPOINT + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE + value: "true" + - name: RCLONE_CONFIG_DEST_TYPE + value: s3 + - name: RCLONE_CONFIG_DEST_PROVIDER + value: Other + - name: RCLONE_CONFIG_DEST_ENV_AUTH + value: "false" + - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ACCESS_KEY_ID + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ACCESS_SECRET_KEY + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_REGION + valueFrom: + secretKeyRef: + key: ACCESS_REGION + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_DEST_ENDPOINT + valueFrom: + secretKeyRef: + key: DEST_ENDPOINT + name: garage-postgres-backups-secret + - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE + value: "true" + image: rclone/rclone:1.73.2 + imagePullPolicy: IfNotPresent + name: sync diff --git a/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml new file mode 100644 index 000000000..086d8ef83 --- /dev/null +++ b/clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: garage-postgres-backups-secret + namespace: rclone + labels: + app.kubernetes.io/name: garage-postgres-backups-secret + app.kubernetes.io/instance: rclone + app.kubernetes.io/part-of: rclone +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: SRC_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/local + metadataPolicy: None + property: ENDPOINT + - secretKey: DEST_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/config/remote + metadataPolicy: None + property: ENDPOINT