From df84dcf172da2f7ef4c8a74db3f91d4a4a33bffc Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Thu, 9 Apr 2026 02:07:42 +0000 Subject: [PATCH] chore: Update manifests after change --- .../Cluster-kyoo-postgresql-18-cluster.yaml | 15 ++++- .../manifests/kyoo/Deployment-kyoo-api.yaml | 4 +- ...oo-apimetadata-backup-secret-external.yaml | 58 +++++++++++++++++++ ...-kyoo-apimetadata-backup-secret-local.yaml | 58 +++++++++++++++++++ ...kyoo-apimetadata-backup-secret-remote.yaml | 58 +++++++++++++++++++ .../kyoo/ExternalSecret-kyoo-oidc-secret.yaml | 4 +- .../cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml | 14 ++--- ...oo-apimetadata-backup-source-external.yaml | 29 ++++++++++ ...-kyoo-apimetadata-backup-source-local.yaml | 29 ++++++++++ ...kyoo-apimetadata-backup-source-remote.yaml | 29 ++++++++++ 10 files changed, 284 insertions(+), 14 deletions(-) create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-external.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-remote.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-external.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-remote.yaml diff --git a/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml index 2cff006c5..7f7012e0c 100644 --- a/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml @@ -34,7 +34,7 @@ spec: primaryUpdateMethod: switchover primaryUpdateStrategy: unsupervised logLevel: info - enableSuperuserAccess: false + enableSuperuserAccess: true enablePDB: true postgresql: parameters: @@ -52,6 +52,15 @@ spec: barmanObjectName: "kyoo-postgresql-18-backup-garage-local" serverName: "kyoo-postgresql-18-backup-1" bootstrap: - initdb: + recovery: database: app - owner: app + source: kyoo-postgresql-18-backup-1 + externalClusters: + - name: kyoo-postgresql-18-backup-1 + plugin: + name: barman-cloud.cloudnative-pg.io + enabled: true + isWALArchiver: false + parameters: + barmanObjectName: "kyoo-postgresql-18-recovery" + serverName: kyoo-postgresql-18-backup-1 diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml index 4870c725c..15ccdd1ab 100644 --- a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml @@ -53,12 +53,12 @@ spec: valueFrom: secretKeyRef: key: user - name: kyoo-postgresql-18-cluster-app + name: kyoo-postgresql-18-cluster-superuser - name: PGPASSWORD valueFrom: secretKeyRef: key: password - name: kyoo-postgresql-18-cluster-app + name: kyoo-postgresql-18-cluster-superuser - name: PGDATABASE value: "kyoo_api" - name: PGHOST diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-external.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-external.yaml new file mode 100644 index 000000000..fc2a0f82c --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-external.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-apimetadata-backup-secret-external + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup-secret-external +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/kyoo/kyoo-apimetadata" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-local.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-local.yaml new file mode 100644 index 000000000..298fd60df --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-apimetadata-backup-secret-local + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/kyoo/kyoo-apimetadata" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-remote.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-remote.yaml new file mode 100644 index 000000000..80a339a83 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-apimetadata-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-apimetadata-backup-secret-remote + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/kyoo/kyoo-apimetadata" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml index 7a02f621f..257c67457 100644 --- a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-oidc-secret.yaml @@ -12,11 +12,11 @@ spec: kind: ClusterSecretStore name: vault data: - - secretKey: rsa-private + - secretKey: client remoteRef: key: /authentik/oidc/kyoo property: client - - secretKey: scanner-apikey + - secretKey: secret remoteRef: key: /authentik/oidc/kyoo property: secret diff --git a/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml b/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml index b3d1145af..f21d26ebc 100644 --- a/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml +++ b/clusters/cl01tl/manifests/kyoo/HTTPRoute-kyoo.yaml @@ -23,7 +23,7 @@ spec: backendRefs: - group: '' kind: Service - name: front + name: kyoo-front port: 8901 weight: 100 - matches: @@ -33,7 +33,7 @@ spec: backendRefs: - group: '' kind: Service - name: transcoder + name: kyoo-transcoder port: 7666 weight: 100 - matches: @@ -43,7 +43,7 @@ spec: backendRefs: - group: '' kind: Service - name: auth + name: kyoo-auth port: 4568 weight: 100 - matches: @@ -53,7 +53,7 @@ spec: backendRefs: - group: '' kind: Service - name: auth + name: kyoo-auth port: 4568 weight: 100 - matches: @@ -63,7 +63,7 @@ spec: backendRefs: - group: '' kind: Service - name: api + name: kyoo-api port: 3567 weight: 100 - matches: @@ -73,7 +73,7 @@ spec: backendRefs: - group: '' kind: Service - name: api + name: kyoo-api port: 3567 weight: 100 - matches: @@ -83,6 +83,6 @@ spec: backendRefs: - group: '' kind: Service - name: scanner + name: kyoo-scanner port: 4389 weight: 100 diff --git a/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-external.yaml b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-external.yaml new file mode 100644 index 000000000..af8a2d5b8 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: kyoo-apimetadata-backup-source-external + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup +spec: + sourcePVC: kyoo-apimetadata + trigger: + schedule: 26 10 * * * + restic: + pruneIntervalDays: 7 + repository: kyoo-apimetadata-backup-secret-external + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-local.yaml b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-local.yaml new file mode 100644 index 000000000..4978b80cb --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: kyoo-apimetadata-backup-source-local + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup +spec: + sourcePVC: kyoo-apimetadata + trigger: + schedule: 26 8 * * * + restic: + pruneIntervalDays: 7 + repository: kyoo-apimetadata-backup-secret-local + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-remote.yaml b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-remote.yaml new file mode 100644 index 000000000..0504b5915 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ReplicationSource-kyoo-apimetadata-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: kyoo-apimetadata-backup-source-remote + namespace: kyoo + labels: + helm.sh/chart: volsync-target-metadata-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kyoo-apimetadata-backup +spec: + sourcePVC: kyoo-apimetadata + trigger: + schedule: 26 9 * * * + restic: + pruneIntervalDays: 7 + repository: kyoo-apimetadata-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi