From f269912cec14e9fe10871948da9235dfa2c38f58 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Wed, 11 Mar 2026 15:21:47 -0500
Subject: [PATCH] feat: change backing storage to garage

---
 .../directus/templates/external-secret.yaml   | 37 +++++++++++++++++++
 clusters/cl01tl/helm/directus/values.yaml     | 22 +++++------
 2 files changed, 48 insertions(+), 11 deletions(-)

diff --git a/clusters/cl01tl/helm/directus/templates/external-secret.yaml b/clusters/cl01tl/helm/directus/templates/external-secret.yaml
index a01d2194e..fc2426951 100644
--- a/clusters/cl01tl/helm/directus/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/directus/templates/external-secret.yaml
@@ -94,6 +94,43 @@ spec:
         metadataPolicy: None
         property: metric-token
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: directus-bucket-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: directus-bucket-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/directus/config
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/directus/config
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/directus/config
+        metadataPolicy: None
+        property: ACCESS_REGION
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
diff --git a/clusters/cl01tl/helm/directus/values.yaml b/clusters/cl01tl/helm/directus/values.yaml
index 5e2d432f3..0a3de7b1b 100644
--- a/clusters/cl01tl/helm/directus/values.yaml
+++ b/clusters/cl01tl/helm/directus/values.yaml
@@ -90,22 +90,22 @@ directus:
             - name: STORAGE_S3_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-directus
-                  key: AWS_ACCESS_KEY_ID
+                  name: directus-bucket-garage
+                  key: ACCESS_KEY_ID
             - name: STORAGE_S3_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-directus
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: STORAGE_S3_BUCKET
-              valueFrom:
-                configMapKeyRef:
-                  name: ceph-bucket-directus
-                  key: BUCKET_NAME
+                  name: directus-bucket-garage
+                  key: ACCESS_SECRET_KEY
             - name: STORAGE_S3_REGION
-              value: us-east-1
+              valueFrom:
+                secretKeyRef:
+                  name: directus-bucket-garage
+                  key: ACCESS_REGION
+            - name: STORAGE_S3_BUCKET
+              value: directus-assets
             - name: STORAGE_S3_ENDPOINT
-              value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
+              value: http://garage-main.garage:3000
             - name: STORAGE_S3_FORCE_PATH_STYLE
               value: true
             - name: AUTH_PROVIDERS