From d7ade8fc42736da05461a500f4f8164be6940ede Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 29 Oct 2025 18:01:15 -0500 Subject: [PATCH] migrate to local backups --- .../roundcube/templates/external-secret.yaml | 11 ++++++-- .../cl01tl/applications/roundcube/values.yaml | 25 +++++++++++++++---- .../sonarr-4k/templates/external-secret.yaml | 11 ++++++-- .../cl01tl/applications/sonarr-4k/values.yaml | 24 ++++++++++++++---- .../templates/external-secret.yaml | 11 ++++++-- .../applications/sonarr-anime/values.yaml | 24 ++++++++++++++---- .../sonarr/templates/external-secret.yaml | 11 ++++++-- .../cl01tl/applications/sonarr/values.yaml | 24 ++++++++++++++---- .../templates/external-secret.yaml | 11 ++++++-- .../applications/vaultwarden/values.yaml | 23 ++++++++++++++--- .../yamtrack/templates/external-secret.yaml | 11 ++++++-- .../cl01tl/applications/yamtrack/values.yaml | 25 +++++++++++++++---- 12 files changed, 170 insertions(+), 41 deletions(-) diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml index 5987dc761..23419d874 100644 --- a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml @@ -111,10 +111,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: roundcube-postgresql-17-cluster-backup-secret-weekly + name: roundcube-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -136,3 +136,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/roundcube/values.yaml b/clusters/cl01tl/applications/roundcube/values.yaml index fae2312a5..b6882c572 100644 --- a/clusters/cl01tl/applications/roundcube/values.yaml +++ b/clusters/cl01tl/applications/roundcube/values.yaml @@ -219,20 +219,30 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster index: 2 retentionPolicy: "2d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -242,7 +252,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 24 4 * * SAT" - # backupName: garage + # backupName: garage-remote diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml index 6dbca9188..423b502df 100644 --- a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml @@ -88,10 +88,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-4k-postgresql-17-cluster-backup-secret-weekly + name: sonarr-4k-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -113,3 +113,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr-4k/values.yaml b/clusters/cl01tl/applications/sonarr-4k/values.yaml index 0510e7cae..a1854b45b 100644 --- a/clusters/cl01tl/applications/sonarr-4k/values.yaml +++ b/clusters/cl01tl/applications/sonarr-4k/values.yaml @@ -103,9 +103,10 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret + endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external @@ -113,12 +114,20 @@ postgres-17-cluster: index: 1 endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret retentionPolicy: "2d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -128,7 +137,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 28 4 * * SAT" - # backupName: garage + # backupName: garage-remote diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml index f9c902f3f..781cce519 100644 --- a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml @@ -88,10 +88,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-anime-postgresql-17-cluster-backup-secret-weekly + name: sonarr-anime-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -113,3 +113,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr-anime/values.yaml b/clusters/cl01tl/applications/sonarr-anime/values.yaml index 9a9a600b2..65b1cd677 100644 --- a/clusters/cl01tl/applications/sonarr-anime/values.yaml +++ b/clusters/cl01tl/applications/sonarr-anime/values.yaml @@ -103,9 +103,10 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret + endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external @@ -113,12 +114,20 @@ postgres-17-cluster: index: 1 endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret retentionPolicy: "2d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -128,7 +137,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 30 4 * * SAT" - # backupName: garage + # backupName: garage-remote diff --git a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml index 7368d3468..71e637fa0 100644 --- a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml @@ -88,10 +88,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-postgresql-17-cluster-backup-secret-weekly + name: sonarr-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -113,3 +113,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/sonarr/values.yaml b/clusters/cl01tl/applications/sonarr/values.yaml index 80ba0cf05..bea62c5c6 100644 --- a/clusters/cl01tl/applications/sonarr/values.yaml +++ b/clusters/cl01tl/applications/sonarr/values.yaml @@ -104,9 +104,10 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: sonarr-postgresql-17-cluster-backup-secret + endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external @@ -114,12 +115,20 @@ postgres-17-cluster: index: 1 endpointCredentials: sonarr-postgresql-17-cluster-backup-secret retentionPolicy: "1d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -129,7 +138,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 */12 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 26 4 * * SAT" - # backupName: garage + # backupName: garage-remote diff --git a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml index d761f32cf..30d1165b4 100644 --- a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml @@ -111,10 +111,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret-weekly + name: vaultwarden-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -136,3 +136,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/vaultwarden/values.yaml b/clusters/cl01tl/applications/vaultwarden/values.yaml index 9a83d5d56..a5a96adfa 100644 --- a/clusters/cl01tl/applications/vaultwarden/values.yaml +++ b/clusters/cl01tl/applications/vaultwarden/values.yaml @@ -63,20 +63,30 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster + destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 index: 1 + endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster index: 1 retentionPolicy: "2d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -86,7 +96,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 32 4 * * SAT" - # backupName: garage + # backupName: garage-remote diff --git a/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml index 15d63c5db..9ef41c193 100644 --- a/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml @@ -77,10 +77,10 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: yamtrack-postgresql-17-cluster-backup-secret-weekly + name: yamtrack-postgresql-17-cluster-backup-secret-garage namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-weekly + app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-garage app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: @@ -102,3 +102,10 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/applications/yamtrack/values.yaml b/clusters/cl01tl/applications/yamtrack/values.yaml index 671cc3c37..fa8d41dae 100644 --- a/clusters/cl01tl/applications/yamtrack/values.yaml +++ b/clusters/cl01tl/applications/yamtrack/values.yaml @@ -83,20 +83,30 @@ postgres-17-cluster: recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/yamtrack/yamtrack-postgresql-17-cluster - index: 2 + destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage backup: objectStore: - name: external destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/yamtrack/yamtrack-postgresql-17-cluster index: 2 retentionPolicy: "2d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "7d" isWALArchiver: true - # - name: garage + # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/yamtrack/yamtrack-postgresql-17-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-weekly + # endpointCredentials: yamtrack-postgresql-17-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 @@ -106,7 +116,12 @@ postgres-17-cluster: suspend: false schedule: "0 0 0 * * *" backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local # - name: weekly-backup # suspend: false # schedule: "0 34 4 * * SAT" - # backupName: garage + # backupName: garage-remote