alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-20 19:56:56 +00:00
parent 6adec043ea
commit fd88c75b0e
9 changed files with 397 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
clusters/cl01tl/manifests/talos/CronJob-talos.yaml
View File

@@ -50,12 +50,12 @@ spec:
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: talos-etcd-backup-secret
name: talos-etcd-backup-external-secret
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: talos-etcd-backup-secret
name: talos-etcd-backup-external-secret
- name: AWS_REGION
value: nyc3
- name: CUSTOM_S3_ENDPOINT
@@ -70,16 +70,12 @@ spec:
valueFrom:
secretKeyRef:
key: AGE_X25519_PUBLIC_KEY
name: talos-etcd-backup-secret
name: talos-etcd-backup-external-secret
- name: USE_PATH_STYLE
value: "false"
image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 100m
memory: 128Mi
name: external
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -91,63 +87,191 @@ spec:
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/secrets/talos.dev
mountPropagation: None
name: secret
readOnly: true
- mountPath: /.talos
name: talos
name: talos-external
- mountPath: /tmp
name: tmp
name: tmp-external
workingDir: /tmp
- command:
- /talos-backup
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: talos-etcd-backup-local-secret
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: talos-etcd-backup-local-secret
- name: AWS_REGION
value: us-east-1
- name: CUSTOM_S3_ENDPOINT
value: http://garage-main.garage:3900
- name: BUCKET
value: talos-backups
- name: S3_PREFIX
value: cl01tl/etcd
- name: CLUSTER_NAME
value: cl01tl
- name: AGE_X25519_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: AGE_X25519_PUBLIC_KEY
name: talos-etcd-backup-local-secret
- name: USE_PATH_STYLE
value: "false"
image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
imagePullPolicy: IfNotPresent
name: local
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /.talos
name: talos-local
- mountPath: /tmp
name: tmp-local
workingDir: /tmp
- command:
- /talos-backup
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: talos-etcd-backup-remote-secret
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: talos-etcd-backup-remote-secret
- name: AWS_REGION
value: us-east-1
- name: CUSTOM_S3_ENDPOINT
value: https://garage-ps10rp.boreal-beaufort.ts.net:3900
- name: BUCKET
value: talos-backups
- name: S3_PREFIX
value: cl01tl/etcd
- name: CLUSTER_NAME
value: cl01tl
- name: AGE_X25519_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: AGE_X25519_PUBLIC_KEY
name: talos-etcd-backup-remote-secret
- name: USE_PATH_STYLE
value: "false"
image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
imagePullPolicy: IfNotPresent
name: remote
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /.talos
name: talos-remote
- mountPath: /tmp
name: tmp-remote
workingDir: /tmp
- args:
- -ec
- |
export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ);
export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age"
echo ">> Running S3 prune for Talos backup repository"
echo ">> Backups prior to '$DATE_RANGE' will be removed"
echo ">> Backups to be removed:"
s3cmd ls ${BUCKET}/cl01tl/etcd/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
echo ">> Deleting ..."
s3cmd ls ${BUCKET}/cl01tl/etcd/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
while read file; do
s3cmd del "$file";
done;
echo ">> Completed S3 prune for Talos backup repository"
- /scripts/prune.sh
command:
- /bin/sh
env:
- name: BUCKET
valueFrom:
secretKeyRef:
key: BUCKET
name: talos-etcd-backup-secret
- name: TARGET
value: External
- name: DATE_RANGE_SECONDS
value: "1.2096e+06"
envFrom:
- secretRef:
name: talos-etcd-backup-external-secret
- secretRef:
name: talos-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent
name: s3-prune
resources:
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /root/.s3cfg
mountPropagation: None
name: s3cmd-config
readOnly: true
subPath: .s3cfg
name: s3-prune-external
- args:
- -ec
- /scripts/prune.sh
command:
- /bin/sh
env:
- name: TARGET
value: Local
- name: DATE_RANGE_SECONDS
value: "2.4192e+06"
envFrom:
- secretRef:
name: talos-etcd-backup-local-secret
- secretRef:
name: talos-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent
name: s3-prune-local
- args:
- -ec
- /scripts/prune.sh
command:
- /bin/sh
env:
- name: TARGET
value: Remote
- name: DATE_RANGE_SECONDS
value: "2.4192e+06"
envFrom:
- secretRef:
name: talos-etcd-backup-remote-secret
- secretRef:
name: talos-backup-ntfy-secret
image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
imagePullPolicy: IfNotPresent
name: s3-prune-remote
volumes:
- name: s3cmd-config
- name: s3cmd-config-external
secret:
secretName: talos-etcd-backup-secret
secretName: talos-etcd-backup-external-secret
- name: s3cmd-config-local
secret:
secretName: talos-etcd-backup-local-secret
- name: s3cmd-config-remote
secret:
secretName: talos-etcd-backup-remote-secret
- name: secret
secret:
secretName: talos-backup-secrets
- emptyDir:
medium: Memory
name: talos
name: talos-external
- emptyDir:
medium: Memory
name: tmp
name: talos-local
- emptyDir:
medium: Memory
name: talos-remote
- emptyDir:
medium: Memory
name: tmp-external
- emptyDir:
medium: Memory
name: tmp-local
- emptyDir:
medium: Memory
name: tmp-remote