diff --git a/clusters/cl01tl/helm/talos/templates/_helpers.tpl b/clusters/cl01tl/helm/talos/templates/_helpers.tpl index e107ee6de..10688fcef 100644 --- a/clusters/cl01tl/helm/talos/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/talos/templates/_helpers.tpl @@ -12,13 +12,3 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} - -{{/* -ServiceAccount names -*/}} -{{- define "custom.serviceAccountName" -}} -talos-backup -{{- end -}} -{{- define "custom.serviceAccountSecretsName" -}} -talos-backup-secrets -{{- end -}} diff --git a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml index 2f839bc05..846de0382 100644 --- a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml +++ b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml @@ -10,7 +10,7 @@ spec: provider: openbao parameters: baoAddress: "http://openbao-internal.openbao:8200" - roleName: {{ include "custom.serviceAccountName" . }} + roleName: talos-backup objects: | - objectName: .s3cfg fileName: .s3cfg @@ -30,7 +30,7 @@ spec: provider: openbao parameters: baoAddress: "http://openbao-internal.openbao:8200" - roleName: {{ include "custom.serviceAccountName" . }} + roleName: talos-backup objects: | - objectName: .s3cfg fileName: .s3cfg @@ -50,7 +50,7 @@ spec: provider: openbao parameters: baoAddress: "http://openbao-internal.openbao:8200" - roleName: {{ include "custom.serviceAccountName" . }} + roleName: talos-backup objects: | - objectName: .s3cfg fileName: .s3cfg @@ -70,7 +70,7 @@ spec: provider: openbao parameters: baoAddress: "http://openbao-internal.openbao:8200" - roleName: {{ include "custom.serviceAccountName" . }} + roleName: talos-defrag objects: | - objectName: config fileName: config diff --git a/clusters/cl01tl/helm/talos/templates/service-account.yaml b/clusters/cl01tl/helm/talos/templates/service-account.yaml index d051e37b6..605a45acd 100644 --- a/clusters/cl01tl/helm/talos/templates/service-account.yaml +++ b/clusters/cl01tl/helm/talos/templates/service-account.yaml @@ -1,20 +1,10 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "custom.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }} - {{- include "custom.labels" . | nindent 4 }} - ---- apiVersion: talos.dev/v1alpha1 kind: ServiceAccount metadata: - name: {{ include "custom.serviceAccountSecretsName" . }} + name: talos-backup-secrets namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "custom.serviceAccountSecretsName" . }} + app.kubernetes.io/name: talos-backup-secrets {{- include "custom.labels" . | nindent 4 }} spec: roles: diff --git a/clusters/cl01tl/helm/talos/values.yaml b/clusters/cl01tl/helm/talos/values.yaml index 477c10926..9e49b2b6b 100644 --- a/clusters/cl01tl/helm/talos/values.yaml +++ b/clusters/cl01tl/helm/talos/values.yaml @@ -264,6 +264,9 @@ etcd-backup: value: External - name: DATE_RANGE_SECONDS value: "1209600" + serviceAccount: + talos-backup: + enabled: true persistence: secret: enabled: true @@ -399,6 +402,8 @@ etcd-defrag: schedule: 0 0 * * 0 backoffLimit: 3 parallelism: 1 + serviceAccount: + name: talos-defrag containers: main: image: @@ -427,6 +432,8 @@ etcd-defrag: schedule: 10 0 * * 0 backoffLimit: 3 parallelism: 1 + serviceAccount: + name: talos-defrag containers: main: image: @@ -455,6 +462,8 @@ etcd-defrag: schedule: 20 0 * * 0 backoffLimit: 3 parallelism: 1 + serviceAccount: + name: talos-defrag containers: main: image: @@ -468,6 +477,9 @@ etcd-defrag: env: - name: TALOSCONFIG value: /tmp/.talos/config + serviceAccount: + talos-defrag: + enabled: true persistence: config: type: custom