diff --git a/clusters/cl01tl/helm/talos/templates/config.yaml b/clusters/cl01tl/helm/talos/templates/config.yaml index 5669d167b..31fe2fac9 100644 --- a/clusters/cl01tl/helm/talos/templates/config.yaml +++ b/clusters/cl01tl/helm/talos/templates/config.yaml @@ -1,14 +1,14 @@ apiVersion: v1 kind: ConfigMap metadata: - name: vault-backup-script + name: talos-prune-script namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-backup-script + app.kubernetes.io/name: talos-prune-script app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} data: - backup.sh: | + prune.sh: | export DATE_RANGE=$(date -d @$(( $(date +%s) - ${DATE_RANGE_SECONDS} )) +%Y-%m-%dT%H:%M:%SZ); export FILE_MATCH="${BUCKET}/cl01tl/etcd/cl01tl-${DATE_RANGE}.snap.age" diff --git a/clusters/cl01tl/helm/talos/templates/external-secret.yaml b/clusters/cl01tl/helm/talos/templates/external-secret.yaml index d8eb6405e..26d138d64 100644 --- a/clusters/cl01tl/helm/talos/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/talos/templates/external-secret.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/name: talos-etcd-backup-local-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - kubernetes.io/service-account.name: talos-backup-secrets spec: secretStoreRef: kind: ClusterSecretStore @@ -60,8 +58,6 @@ metadata: app.kubernetes.io/name: talos-etcd-backup-remote-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - kubernetes.io/service-account.name: talos-backup-secrets spec: secretStoreRef: kind: ClusterSecretStore @@ -113,8 +109,6 @@ metadata: app.kubernetes.io/name: talos-etcd-backup-external-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - kubernetes.io/service-account.name: talos-backup-secrets spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/talos/values.yaml b/clusters/cl01tl/helm/talos/values.yaml index 38c617d91..e0acb4b21 100644 --- a/clusters/cl01tl/helm/talos/values.yaml +++ b/clusters/cl01tl/helm/talos/values.yaml @@ -65,7 +65,7 @@ etcd-backup: name: talos-etcd-backup-local-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE - value: "false" + value: "true" remote: image: repository: ghcr.io/siderolabs/talos-backup @@ -111,11 +111,11 @@ etcd-backup: name: talos-etcd-backup-remote-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE - value: "false" + value: "true" external: image: repository: ghcr.io/siderolabs/talos-backup - tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 + tag: v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b pullPolicy: IfNotPresent command: - /talos-backup @@ -225,10 +225,34 @@ etcd-backup: name: talos-backup-secrets advancedMounts: main: - main: + local: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None + remote: + - path: /var/run/secrets/talos.dev + readOnly: true + mountPropagation: None + external: + - path: /var/run/secrets/talos.dev + readOnly: true + mountPropagation: None + prune-script: + enabled: true + type: configMap + name: talos-prune-script + defaultMode: 0755 + advancedMounts: + snapshot: + s3-prune-local: + - path: /scripts/prune.sh + subPath: backup.sh + s3-prune-remote: + - path: /scripts/prune.sh + subPath: backup.sh + s3-prune-external: + - path: /scripts/prune.sh + subPath: backup.sh s3cmd-config-local: enabled: true type: secret