alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-04-18 22:59:40 +00:00
committed by Alex Lebens
parent aef7ceebed
commit fd1b4c279e
10 changed files with 350 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-external.yaml Normal file
View File

@@ -0,0 +1,141 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: rclone-openbao-backups-external
labels:
app.kubernetes.io/controller: openbao-backups-external
app.kubernetes.io/instance: rclone
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: rclone
helm.sh/chart: rclone-4.6.2
namespace: rclone
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
timeZone: America/Chicago
schedule: "10 1 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
parallelism: 1
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/controller: openbao-backups-external
app.kubernetes.io/instance: rclone
app.kubernetes.io/name: rclone
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
restartPolicy: Never
containers:
- args:
- delete
- dest:openbao-backups-6e088aad5fad110b
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: DigitalOcean
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT
name: external-openbao-backups-secret
image: rclone/rclone:1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
name: prune
- args:
- sync
- src:openbao-backups
- dest:openbao-backups-6e088aad5fad110b
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT_LOCAL
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: "true"
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: DigitalOcean
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: external-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT
name: external-openbao-backups-secret
image: rclone/rclone:1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
name: sync

145
clusters/cl01tl/manifests/rclone/CronJob-rclone-openbao-backups-remote.yaml Normal file
View File

@@ -0,0 +1,145 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: rclone-openbao-backups-remote
labels:
app.kubernetes.io/controller: openbao-backups-remote
app.kubernetes.io/instance: rclone
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: rclone
helm.sh/chart: rclone-4.6.2
namespace: rclone
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
timeZone: America/Chicago
schedule: "0 1 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
parallelism: 1
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/controller: openbao-backups-remote
app.kubernetes.io/instance: rclone
app.kubernetes.io/name: rclone
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
restartPolicy: Never
containers:
- args:
- delete
- dest:openbao-backups
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT_REMOTE
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: "true"
image: rclone/rclone:1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
name: prune
- args:
- sync
- src:openbao-backups
- dest:openbao-backups
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT_LOCAL
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: "true"
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: "false"
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: ACCESS_SECRET_KEY
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
key: ACCESS_REGION
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
key: ENDPOINT_REMOTE
name: garage-openbao-backups-secret
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: "true"
image: rclone/rclone:1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
name: sync

30
clusters/cl01tl/manifests/rclone/ExternalSecret-external-openbao-backups-secret.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: external-openbao-backups-secret
namespace: rclone
labels:
app.kubernetes.io/name: external-openbao-backups-secret
app.kubernetes.io/instance: rclone
app.kubernetes.io/part-of: rclone
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ACCESS_SECRET_KEY
- secretKey: ENDPOINT
remoteRef:
key: /digital-ocean/home-infra/openbao-backups
property: ENDPOINT

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-directus-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-karakeep-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-ntfy-attachments-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/ntfy-attachments key: /garage/home-infra/ntfy-attachments
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT

34
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-openbao-backups-secret.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-openbao-backups-secret
namespace: rclone
labels:
app.kubernetes.io/name: garage-openbao-backups-secret
app.kubernetes.io/instance: rclone
app.kubernetes.io/part-of: rclone
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/openbao-backups
property: ACCESS_SECRET_KEY
- secretKey: ENDPOINT_LOCAL
remoteRef:
key: /garage/home-infra/openbao-backups
property: ENDPOINT_LOCAL
- secretKey: ENDPOINT_REMOTE
remoteRef:
key: /garage/home-infra/openbao-backups
property: ENDPOINT_REMOTE

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-postgres-backups-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-talos-backups-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT

15
clusters/cl01tl/manifests/rclone/ExternalSecret-garage-web-assets-secret.yaml
View File

@@ -14,36 +14,21 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT - secretKey: SRC_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local key: /garage/config/local
metadataPolicy: None
property: ENDPOINT property: ENDPOINT
- secretKey: DEST_ENDPOINT - secretKey: DEST_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT property: ENDPOINT