From 0e1bac3d0cb11c7c0689fa2749129d18f2a252f3 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 17 Dec 2025 22:25:04 +0000 Subject: [PATCH 1/2] chore: Update manifests after change --- .../Deployment-code-server-cloudflared.yaml | 2 +- ...Secret-code-server-cloudflared-secret.yaml | 7 ++- .../jellyfin/Deployment-jellyfin-vue.yaml | 2 +- .../CronJob-kubernetes-cloudflare-ddns.yaml | 4 +- .../libation/CronJob-libation-main.yaml | 4 +- ...nt-config-data-backup-source-external.yaml | 4 +- ...rrent-config-data-backup-source-local.yaml | 4 +- ...rent-config-data-backup-source-remote.yaml | 4 +- ...arr-4k-config-backup-secret-external.yaml} | 21 ++++--- ...-radarr-4k-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...radarr-4k-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...arr-4k-config-backup-source-external.yaml} | 18 +++--- ...-radarr-4k-config-backup-source-local.yaml | 34 +++++++++++ ...radarr-4k-config-backup-source-remote.yaml | 34 +++++++++++ ...-anime-config-backup-secret-external.yaml} | 21 ++++--- ...darr-anime-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...arr-anime-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-anime-config-backup-source-external.yaml} | 18 +++--- ...darr-anime-config-backup-source-local.yaml | 34 +++++++++++ ...arr-anime-config-backup-source-remote.yaml | 34 +++++++++++ ...tandup-config-backup-secret-external.yaml} | 21 ++++--- ...rr-standup-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...r-standup-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...tandup-config-backup-source-external.yaml} | 18 +++--- ...rr-standup-config-backup-source-local.yaml | 34 +++++++++++ ...r-standup-config-backup-source-remote.yaml | 34 +++++++++++ ...radarr-config-backup-secret-external.yaml} | 21 ++++--- ...ret-radarr-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...et-radarr-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...radarr-config-backup-source-external.yaml} | 18 +++--- ...rce-radarr-config-backup-source-local.yaml | 34 +++++++++++ ...ce-radarr-config-backup-source-remote.yaml | 34 +++++++++++ .../roundcube/CronJob-roundcube-cleandb.yaml | 4 +- ...oundcube-data-backup-secret-external.yaml} | 19 +++--- ...et-roundcube-data-backup-secret-local.yaml | 58 +++++++++++++++++++ ...t-roundcube-data-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...oundcube-data-backup-source-external.yaml} | 14 +++-- ...ce-roundcube-data-backup-source-local.yaml | 29 ++++++++++ ...e-roundcube-data-backup-source-remote.yaml | 29 ++++++++++ ...-browser-data-backup-secret-external.yaml} | 19 +++--- ...rxng-browser-data-backup-secret-local.yaml | 58 +++++++++++++++++++ ...xng-browser-data-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-browser-data-backup-source-external.yaml} | 14 +++-- ...rxng-browser-data-backup-source-local.yaml | 29 ++++++++++ ...xng-browser-data-backup-source-remote.yaml | 29 ++++++++++ ...-chart-config-backup-secret-external.yaml} | 21 ++++--- ...eerr-chart-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...err-chart-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-chart-config-backup-source-external.yaml} | 15 +++-- ...eerr-chart-config-backup-source-local.yaml | 29 ++++++++++ ...err-chart-config-backup-source-remote.yaml | 29 ++++++++++ ...arr-4k-config-backup-secret-external.yaml} | 21 ++++--- ...-sonarr-4k-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...sonarr-4k-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...arr-4k-config-backup-source-external.yaml} | 18 +++--- ...-sonarr-4k-config-backup-source-local.yaml | 34 +++++++++++ ...sonarr-4k-config-backup-source-remote.yaml | 34 +++++++++++ ...-anime-config-backup-secret-external.yaml} | 21 ++++--- ...narr-anime-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...arr-anime-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-anime-config-backup-source-external.yaml} | 18 +++--- ...narr-anime-config-backup-source-local.yaml | 34 +++++++++++ ...arr-anime-config-backup-source-remote.yaml | 34 +++++++++++ ...sonarr-config-backup-secret-external.yaml} | 21 ++++--- ...ret-sonarr-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...et-sonarr-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...sonarr-config-backup-source-external.yaml} | 18 +++--- ...rce-sonarr-config-backup-source-local.yaml | 34 +++++++++++ ...ce-sonarr-config-backup-source-remote.yaml | 34 +++++++++++ ...alwart-config-backup-secret-external.yaml} | 21 +++---- ...t-stalwart-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...-stalwart-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...alwart-config-backup-source-external.yaml} | 14 +++-- ...e-stalwart-config-backup-source-local.yaml | 29 ++++++++++ ...-stalwart-config-backup-source-remote.yaml | 29 ++++++++++ .../talos/CronJob-etcd-defrag-defrag-1.yaml | 4 +- .../talos/CronJob-etcd-defrag-defrag-2.yaml | 4 +- .../talos/CronJob-etcd-defrag-defrag-3.yaml | 4 +- .../cl01tl/manifests/talos/CronJob-talos.yaml | 4 +- ...utulli-config-backup-secret-external.yaml} | 19 +++--- ...t-tautulli-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...-tautulli-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...utulli-config-backup-source-external.yaml} | 14 +++-- ...e-tautulli-config-backup-source-local.yaml | 29 ++++++++++ ...-tautulli-config-backup-source-remote.yaml | 29 ++++++++++ ...-tdarr-config-backup-secret-external.yaml} | 19 +++--- ...cret-tdarr-config-backup-secret-local.yaml | 58 +++++++++++++++++++ ...ret-tdarr-config-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-tdarr-server-backup-secret-external.yaml} | 19 +++--- ...cret-tdarr-server-backup-secret-local.yaml | 58 +++++++++++++++++++ ...ret-tdarr-server-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...-tdarr-config-backup-source-external.yaml} | 14 +++-- ...urce-tdarr-config-backup-source-local.yaml | 29 ++++++++++ ...rce-tdarr-config-backup-source-remote.yaml | 29 ++++++++++ ...-tdarr-server-backup-source-external.yaml} | 14 +++-- ...urce-tdarr-server-backup-source-local.yaml | 29 ++++++++++ ...rce-tdarr-server-backup-source-remote.yaml | 29 ++++++++++ .../vault/CronJob-vault-snapshot.yaml | 2 +- ...ltwarden-data-backup-secret-external.yaml} | 19 +++--- ...-vaultwarden-data-backup-secret-local.yaml | 58 +++++++++++++++++++ ...vaultwarden-data-backup-secret-remote.yaml | 58 +++++++++++++++++++ ...ultwarden-data-backup-source-external.yaml | 29 ++++++++++ ...vaultwarden-data-backup-source-local.yaml} | 16 +++-- ...vaultwarden-data-backup-source-remote.yaml | 29 ++++++++++ 104 files changed, 3031 insertions(+), 246 deletions(-) rename clusters/cl01tl/manifests/radarr-4k/{ExternalSecret-radarr-4k-config-backup-secret.yaml => ExternalSecret-radarr-4k-config-backup-secret-external.yaml} (68%) create mode 100644 clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/radarr-4k/{ReplicationSource-radarr-4k-config-backup-source.yaml => ReplicationSource-radarr-4k-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/radarr-anime/{ExternalSecret-radarr-anime-config-backup-secret.yaml => ExternalSecret-radarr-anime-config-backup-secret-external.yaml} (68%) create mode 100644 clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/radarr-anime/{ReplicationSource-radarr-anime-config-backup-source.yaml => ReplicationSource-radarr-anime-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/radarr-standup/{ExternalSecret-radarr-standup-config-backup-secret.yaml => ExternalSecret-radarr-standup-config-backup-secret-external.yaml} (68%) create mode 100644 clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/radarr-standup/{ReplicationSource-radarr-standup-config-backup-source.yaml => ReplicationSource-radarr-standup-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/radarr/{ExternalSecret-radarr-config-backup-secret.yaml => ExternalSecret-radarr-config-backup-secret-external.yaml} (69%) create mode 100644 clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/radarr/{ReplicationSource-radarr-config-backup-source.yaml => ReplicationSource-radarr-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/roundcube/{ExternalSecret-roundcube-data-backup-secret.yaml => ExternalSecret-roundcube-data-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml rename clusters/cl01tl/manifests/roundcube/{ReplicationSource-roundcube-data-backup-source.yaml => ReplicationSource-roundcube-data-backup-source-external.yaml} (62%) create mode 100644 clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml rename clusters/cl01tl/manifests/searxng/{ExternalSecret-searxng-browser-data-backup-secret.yaml => ExternalSecret-searxng-browser-data-backup-secret-external.yaml} (72%) create mode 100644 clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml rename clusters/cl01tl/manifests/searxng/{ReplicationSource-searxng-browser-data-backup-source.yaml => ReplicationSource-searxng-browser-data-backup-source-external.yaml} (61%) create mode 100644 clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml rename clusters/cl01tl/manifests/seerr/{ExternalSecret-seerr-config-backup-secret.yaml => ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/seerr/{ReplicationSource-seerr-config-backup-source.yaml => ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml} (60%) create mode 100644 clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/sonarr-4k/{ExternalSecret-sonarr-4k-config-backup-secret.yaml => ExternalSecret-sonarr-4k-config-backup-secret-external.yaml} (68%) create mode 100644 clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/sonarr-4k/{ReplicationSource-sonarr-4k-config-backup-source.yaml => ReplicationSource-sonarr-4k-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/sonarr-anime/{ExternalSecret-sonarr-anime-config-backup-secret.yaml => ExternalSecret-sonarr-anime-config-backup-secret-external.yaml} (68%) create mode 100644 clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/sonarr-anime/{ReplicationSource-sonarr-anime-config-backup-source.yaml => ReplicationSource-sonarr-anime-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/sonarr/{ExternalSecret-sonarr-config-backup-secret.yaml => ExternalSecret-sonarr-config-backup-secret-external.yaml} (69%) create mode 100644 clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/sonarr/{ReplicationSource-sonarr-config-backup-source.yaml => ReplicationSource-sonarr-config-backup-source-external.yaml} (67%) create mode 100644 clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/stalwart/{ExternalSecret-stalwart-config-backup-secret.yaml => ExternalSecret-stalwart-config-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/stalwart/{ReplicationSource-stalwart-config-backup-source.yaml => ReplicationSource-stalwart-config-backup-source-external.yaml} (62%) create mode 100644 clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/tautulli/{ExternalSecret-tautulli-config-backup-secret.yaml => ExternalSecret-tautulli-config-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/tautulli/{ReplicationSource-tautulli-config-backup-source.yaml => ReplicationSource-tautulli-config-backup-source-external.yaml} (62%) create mode 100644 clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/tdarr/{ExternalSecret-tdarr-config-backup-secret.yaml => ExternalSecret-tdarr-config-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml rename clusters/cl01tl/manifests/tdarr/{ExternalSecret-tdarr-server-backup-secret.yaml => ExternalSecret-tdarr-server-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml rename clusters/cl01tl/manifests/tdarr/{ReplicationSource-tdarr-config-backup-source.yaml => ReplicationSource-tdarr-config-backup-source-external.yaml} (62%) create mode 100644 clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml rename clusters/cl01tl/manifests/tdarr/{ReplicationSource-tdarr-server-backup-source.yaml => ReplicationSource-tdarr-server-backup-source-external.yaml} (62%) create mode 100644 clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml create mode 100644 clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml rename clusters/cl01tl/manifests/vaultwarden/{ExternalSecret-vaultwarden-data-backup-secret.yaml => ExternalSecret-vaultwarden-data-backup-secret-external.yaml} (73%) create mode 100644 clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml rename clusters/cl01tl/manifests/vaultwarden/{ReplicationSource-vaultwarden-data-backup-source.yaml => ReplicationSource-vaultwarden-data-backup-source-local.yaml} (59%) create mode 100644 clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml diff --git a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml index dfedb5af0..7ce8f3216 100644 --- a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml +++ b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2025.11.1 - helm.sh/chart: cloudflared-1.23.2 + helm.sh/chart: cloudflared-2.0.0 namespace: code-server spec: revisionHistoryLimit: 3 diff --git a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml index 87b98f6af..d991a454b 100644 --- a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml @@ -4,9 +4,12 @@ metadata: name: code-server-cloudflared-secret namespace: code-server labels: - app.kubernetes.io/name: code-server-cloudflared-secret + helm.sh/chart: cloudflared-2.0.0 app.kubernetes.io/instance: code-server app.kubernetes.io/part-of: code-server + app.kubernetes.io/version: "2.0.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: code-server-cloudflared-secret spec: secretStoreRef: kind: ClusterSecretStore @@ -16,6 +19,6 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cloudflare/tunnels/codeserver + key: /cloudflare/tunnels//code-server metadataPolicy: None property: token diff --git a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml index 61c27e5d1..09af5107f 100644 --- a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml +++ b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin-vue.yaml @@ -11,7 +11,7 @@ metadata: namespace: jellyfin spec: revisionHistoryLimit: 3 - replicas: 3 + replicas: 1 strategy: type: Recreate selector: diff --git a/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml b/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml index aa8d1877f..88623328b 100644 --- a/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml +++ b/clusters/cl01tl/manifests/kubernetes-cloudflare-ddns/CronJob-kubernetes-cloudflare-ddns.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "30 4 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml b/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml index b085107be..4c8d4ef2f 100644 --- a/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml +++ b/clusters/cl01tl/manifests/libation/CronJob-libation-main.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 0 1 1 *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml index 4567db6dc..b2c14f863 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-external.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml index 2f49bf45a..9af778704 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-local.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml index e1b5c4c46..27d702d67 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ReplicationSource-qbittorrent-config-data-backup-source-remote.yaml @@ -29,6 +29,6 @@ spec: runAsGroup: 1000 runAsUser: 1000 copyMethod: Snapshot - storageClassName: ceph-block - volumeSnapshotClassName: ceph-blockpool-snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml index 818102207..7ed723890 100644 --- a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-4k-config-backup-secret + name: radarr-4k-config-backup-secret-external namespace: radarr-4k labels: - app.kubernetes.io/name: radarr-4k-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-4k app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-4k/radarr5-4k-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml new file mode 100644 index 000000000..e52266ab3 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-4k-config-backup-secret-local + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml new file mode 100644 index 000000000..6615f636c --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ExternalSecret-radarr-4k-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-4k-config-backup-secret-remote + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-4k/radarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml index 0d9deb9d4..c286ba4ec 100644 --- a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-4k-config-backup-source + name: radarr-4k-config-backup-source-external namespace: radarr-4k labels: - app.kubernetes.io/name: radarr-4k-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-4k app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup spec: sourcePVC: radarr-4k-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-4k-config-backup-secret + repository: radarr-4k-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml new file mode 100644 index 000000000..dc7ee132b --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-4k-config-backup-source-local + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup +spec: + sourcePVC: radarr-4k-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-4k-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml new file mode 100644 index 000000000..40d8df4c8 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/ReplicationSource-radarr-4k-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-4k-config-backup-source-remote + namespace: radarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-4k-config-backup +spec: + sourcePVC: radarr-4k-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-4k-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml index b1894b01d..23b624cd4 100644 --- a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-anime-config-backup-secret + name: radarr-anime-config-backup-secret-external namespace: radarr-anime labels: - app.kubernetes.io/name: radarr-anime-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-anime app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-anime/radarr5-anime-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml new file mode 100644 index 000000000..744bc7061 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-anime-config-backup-secret-local + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml new file mode 100644 index 000000000..2a1bc6762 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ExternalSecret-radarr-anime-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-anime-config-backup-secret-remote + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-anime/radarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml index 0dd650bfa..a47c3449a 100644 --- a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-anime-config-backup-source + name: radarr-anime-config-backup-source-external namespace: radarr-anime labels: - app.kubernetes.io/name: radarr-anime-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-anime app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup spec: sourcePVC: radarr-anime-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-anime-config-backup-secret + repository: radarr-anime-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml new file mode 100644 index 000000000..b5dd5e417 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-anime-config-backup-source-local + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup +spec: + sourcePVC: radarr-anime-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-anime-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml new file mode 100644 index 000000000..9514045a3 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/ReplicationSource-radarr-anime-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-anime-config-backup-source-remote + namespace: radarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-anime-config-backup +spec: + sourcePVC: radarr-anime-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-anime-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml index e958877cc..ff77ac582 100644 --- a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-standup-config-backup-secret + name: radarr-standup-config-backup-secret-external namespace: radarr-standup labels: - app.kubernetes.io/name: radarr-standup-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-standup app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5-standup/radarr5-standup-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml new file mode 100644 index 000000000..720f77e56 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-standup-config-backup-secret-local + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml new file mode 100644 index 000000000..e4c040939 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ExternalSecret-radarr-standup-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-standup-config-backup-secret-remote + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr-standup/radarr-standup-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml index f5f2e7819..28c11efcc 100644 --- a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-standup-config-backup-source + name: radarr-standup-config-backup-source-external namespace: radarr-standup labels: - app.kubernetes.io/name: radarr-standup-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr-standup app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup spec: sourcePVC: radarr-standup-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-standup-config-backup-secret + repository: radarr-standup-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml new file mode 100644 index 000000000..833c81809 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-standup-config-backup-source-local + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup +spec: + sourcePVC: radarr-standup-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-standup-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml new file mode 100644 index 000000000..6842b9c97 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/ReplicationSource-radarr-standup-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-standup-config-backup-source-remote + namespace: radarr-standup + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-standup-config-backup +spec: + sourcePVC: radarr-standup-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-standup-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml similarity index 69% rename from clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml index bea7b3399..5012a0d1c 100644 --- a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: radarr-config-backup-secret + name: radarr-config-backup-secret-external namespace: radarr labels: - app.kubernetes.io/name: radarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr5/radarr5-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..c4faa37ab --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-config-backup-secret-local + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..76f5b9e2e --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ExternalSecret-radarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: radarr-config-backup-secret-remote + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/radarr/radarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml index 02c38eab5..b0860b52c 100644 --- a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: radarr-config-backup-source + name: radarr-config-backup-source-external namespace: radarr labels: - app.kubernetes.io/name: radarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: radarr app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup spec: sourcePVC: radarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: radarr-config-backup-secret + repository: radarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml new file mode 100644 index 000000000..1d5f0b386 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-config-backup-source-local + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup +spec: + sourcePVC: radarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..4b0e6d340 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/ReplicationSource-radarr-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: radarr-config-backup-source-remote + namespace: radarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: radarr-config-backup +spec: + sourcePVC: radarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: radarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml b/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml index 05c8baf84..0f985a351 100644 --- a/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml +++ b/clusters/cl01tl/manifests/roundcube/CronJob-roundcube-cleandb.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "30 4 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml rename to clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml index d7ff5bdc7..2c35d2deb 100644 --- a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: roundcube-data-backup-secret + name: roundcube-data-backup-secret-external namespace: roundcube labels: - app.kubernetes.io/name: roundcube-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: roundcube app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml new file mode 100644 index 000000000..6bd406880 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: roundcube-data-backup-secret-local + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml new file mode 100644 index 000000000..620753948 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ExternalSecret-roundcube-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: roundcube-data-backup-secret-remote + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml rename to clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml index 34c8e7977..e3bb76cbc 100644 --- a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: roundcube-data-backup-source + name: roundcube-data-backup-source-external namespace: roundcube labels: - app.kubernetes.io/name: roundcube-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: roundcube app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup spec: sourcePVC: roundcube-data trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: roundcube-data-backup-secret + repository: roundcube-data-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml new file mode 100644 index 000000000..711484942 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: roundcube-data-backup-source-local + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup +spec: + sourcePVC: roundcube-data + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: roundcube-data-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml new file mode 100644 index 000000000..fdb09a036 --- /dev/null +++ b/clusters/cl01tl/manifests/roundcube/ReplicationSource-roundcube-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: roundcube-data-backup-source-remote + namespace: roundcube + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: roundcube + app.kubernetes.io/part-of: roundcube + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: roundcube-data-backup +spec: + sourcePVC: roundcube-data + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: roundcube-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml similarity index 72% rename from clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml rename to clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml index 31e1b4d7e..ad2df0690 100644 --- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: searxng-browser-data-backup-secret + name: searxng-browser-data-backup-secret-external namespace: searxng labels: - app.kubernetes.io/name: searxng-browser-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml new file mode 100644 index 000000000..8611d9966 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: searxng-browser-data-backup-secret-local + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml new file mode 100644 index 000000000..c6268dde5 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: searxng-browser-data-backup-secret-remote + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/searxng/searxng-browser-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml similarity index 61% rename from clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml rename to clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml index 32e64ba9a..c41aaa481 100644 --- a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: searxng-browser-data-backup-source + name: searxng-browser-data-backup-source-external namespace: searxng labels: - app.kubernetes.io/name: searxng-browser-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: searxng app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup spec: sourcePVC: searxng-browser-data trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: searxng-browser-data-backup-secret + repository: searxng-browser-data-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml new file mode 100644 index 000000000..aadd8bc77 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: searxng-browser-data-backup-source-local + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup +spec: + sourcePVC: searxng-browser-data + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: searxng-browser-data-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml new file mode 100644 index 000000000..28def92c0 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: searxng-browser-data-backup-source-remote + namespace: searxng + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: searxng + app.kubernetes.io/part-of: searxng + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng-browser-data-backup +spec: + sourcePVC: searxng-browser-data + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: searxng-browser-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml index e0cabb226..0c116da4b 100644 --- a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: seerr-config-backup-secret + name: seerr-seerr-chart-config-backup-secret-external namespace: seerr labels: - app.kubernetes.io/name: seerr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml new file mode 100644 index 000000000..e4abfc993 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: seerr-seerr-chart-config-backup-secret-local + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml new file mode 100644 index 000000000..dfaaa3d25 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ExternalSecret-seerr-seerr-chart-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: seerr-seerr-chart-config-backup-secret-remote + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/seerr/seerr-seerr-chart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml similarity index 60% rename from clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml rename to clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml index 04b925b57..8b6ba7f3a 100644 --- a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-external.yaml @@ -1,26 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: seerr-config-backup-source + name: seerr-seerr-chart-config-backup-source-external namespace: seerr labels: - app.kubernetes.io/name: seerr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: seerr app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup spec: sourcePVC: seerr-seerr-chart-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: seerr-config-backup-secret + repository: seerr-seerr-chart-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot - cacheCapacity: 10Gi + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml new file mode 100644 index 000000000..46fcd1bb3 --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: seerr-seerr-chart-config-backup-source-local + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup +spec: + sourcePVC: seerr-seerr-chart-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: seerr-seerr-chart-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml new file mode 100644 index 000000000..1912bd29a --- /dev/null +++ b/clusters/cl01tl/manifests/seerr/ReplicationSource-seerr-seerr-chart-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: seerr-seerr-chart-config-backup-source-remote + namespace: seerr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: seerr + app.kubernetes.io/part-of: seerr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seerr-seerr-chart-config-backup +spec: + sourcePVC: seerr-seerr-chart-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: seerr-seerr-chart-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml index 2c785991c..1fbbf5892 100644 --- a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-4k-config-backup-secret + name: sonarr-4k-config-backup-secret-external namespace: sonarr-4k labels: - app.kubernetes.io/name: sonarr-4k-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-4k app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4-4k/sonarr4-4k-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml new file mode 100644 index 000000000..615c24ca4 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-4k-config-backup-secret-local + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml new file mode 100644 index 000000000..332f0f8b3 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ExternalSecret-sonarr-4k-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-4k-config-backup-secret-remote + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-4k/sonarr-4k-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml index 21ce41fde..c76838bc4 100644 --- a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-4k-config-backup-source + name: sonarr-4k-config-backup-source-external namespace: sonarr-4k labels: - app.kubernetes.io/name: sonarr-4k-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-4k app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup spec: sourcePVC: sonarr-4k-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-4k-config-backup-secret + repository: sonarr-4k-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml new file mode 100644 index 000000000..43f96ea38 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-4k-config-backup-source-local + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup +spec: + sourcePVC: sonarr-4k-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-4k-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml new file mode 100644 index 000000000..f8705678f --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-4k/ReplicationSource-sonarr-4k-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-4k-config-backup-source-remote + namespace: sonarr-4k + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-4k + app.kubernetes.io/part-of: sonarr-4k + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-4k-config-backup +spec: + sourcePVC: sonarr-4k-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-4k-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml similarity index 68% rename from clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml index 8bb07e89d..359ccf910 100644 --- a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-anime-config-backup-secret + name: sonarr-anime-config-backup-secret-external namespace: sonarr-anime labels: - app.kubernetes.io/name: sonarr-anime-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-anime app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4-anime/sonarr4-anime-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml new file mode 100644 index 000000000..f0b3355ac --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-anime-config-backup-secret-local + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml new file mode 100644 index 000000000..53e2ecba3 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ExternalSecret-sonarr-anime-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-anime-config-backup-secret-remote + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr-anime/sonarr-anime-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml index dcfef0986..3eb2268fa 100644 --- a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-anime-config-backup-source + name: sonarr-anime-config-backup-source-external namespace: sonarr-anime labels: - app.kubernetes.io/name: sonarr-anime-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr-anime app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup spec: sourcePVC: sonarr-anime-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-anime-config-backup-secret + repository: sonarr-anime-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml new file mode 100644 index 000000000..d41ab5b5c --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-anime-config-backup-source-local + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup +spec: + sourcePVC: sonarr-anime-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-anime-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml new file mode 100644 index 000000000..c5c155024 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/ReplicationSource-sonarr-anime-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-anime-config-backup-source-remote + namespace: sonarr-anime + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-anime-config-backup +spec: + sourcePVC: sonarr-anime-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-anime-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml similarity index 69% rename from clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml index a108c5937..1f0e08a03 100644 --- a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sonarr-config-backup-secret + name: sonarr-config-backup-secret-external namespace: sonarr labels: - app.kubernetes.io/name: sonarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -16,27 +19,27 @@ spec: mergePolicy: Merge engineVersion: v2 data: - RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr4/sonarr4-config" + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..2a15ca862 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-config-backup-secret-local + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..a0e0680ad --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ExternalSecret-sonarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: sonarr-config-backup-secret-remote + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/sonarr/sonarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml similarity index 67% rename from clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml index cee111b2e..f1c2dc915 100644 --- a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-external.yaml @@ -1,30 +1,34 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: sonarr-config-backup-source + name: sonarr-config-backup-source-external namespace: sonarr labels: - app.kubernetes.io/name: sonarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: sonarr app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup spec: sourcePVC: sonarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: sonarr-config-backup-secret + repository: sonarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 moverSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml new file mode 100644 index 000000000..0422cccfa --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-local.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-config-backup-source-local + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup +spec: + sourcePVC: sonarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..a286a727e --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/ReplicationSource-sonarr-config-backup-source-remote.yaml @@ -0,0 +1,34 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: sonarr-config-backup-source-remote + namespace: sonarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: sonarr-config-backup +spec: + sourcePVC: sonarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: sonarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + moverSecurityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsUser: 1000 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml rename to clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml index 01add9a45..9debc7e98 100644 --- a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-external.yaml @@ -1,14 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: stalwart-config-backup-secret + name: stalwart-config-backup-secret-external namespace: stalwart labels: - app.kubernetes.io/name: stalwart-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: stalwart - app.kubernetes.io/version: v0.14.1 - app.kubernetes.io/component: backup app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -24,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -47,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml new file mode 100644 index 000000000..e968ffa94 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-config-backup-secret-local + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/stalwart/stalwart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml new file mode 100644 index 000000000..a75118a12 --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ExternalSecret-stalwart-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-config-backup-secret-remote + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/stalwart/stalwart-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml rename to clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml index 4a2621ab3..8f6348509 100644 --- a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: stalwart-config-backup-source + name: stalwart-config-backup-source-external namespace: stalwart labels: - app.kubernetes.io/name: stalwart-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: stalwart app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup spec: sourcePVC: stalwart-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: stalwart-config-backup-secret + repository: stalwart-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml new file mode 100644 index 000000000..c94edacaa --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: stalwart-config-backup-source-local + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup +spec: + sourcePVC: stalwart-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: stalwart-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml new file mode 100644 index 000000000..9fb07c78f --- /dev/null +++ b/clusters/cl01tl/manifests/stalwart/ReplicationSource-stalwart-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: stalwart-config-backup-source-remote + namespace: stalwart + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: stalwart + app.kubernetes.io/part-of: stalwart + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stalwart-config-backup +spec: + sourcePVC: stalwart-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: stalwart-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml index e2f573b2a..5d793b38f 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml index 45209e08b..8ba4fef2a 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "10 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml index 76eb35a68..10515c9f2 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "20 0 * * 0" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos.yaml index 21150ef80..e42fd2139 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos.yaml @@ -15,8 +15,8 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 2 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml rename to clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml index 8a309f470..a88749ccf 100644 --- a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tautulli-config-backup-secret + name: tautulli-config-backup-secret-external namespace: tautulli labels: - app.kubernetes.io/name: tautulli-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tautulli app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml new file mode 100644 index 000000000..2b6663d0f --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tautulli-config-backup-secret-local + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tautulli/tautulli-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml new file mode 100644 index 000000000..6e93f70cb --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ExternalSecret-tautulli-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tautulli-config-backup-secret-remote + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tautulli/tautulli-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml rename to clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml index 33a351e33..167874cd2 100644 --- a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tautulli-config-backup-source + name: tautulli-config-backup-source-external namespace: tautulli labels: - app.kubernetes.io/name: tautulli-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tautulli app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup spec: sourcePVC: tautulli-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tautulli-config-backup-secret + repository: tautulli-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml new file mode 100644 index 000000000..d561677ec --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tautulli-config-backup-source-local + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup +spec: + sourcePVC: tautulli-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tautulli-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml new file mode 100644 index 000000000..f557f246a --- /dev/null +++ b/clusters/cl01tl/manifests/tautulli/ReplicationSource-tautulli-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tautulli-config-backup-source-remote + namespace: tautulli + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tautulli + app.kubernetes.io/part-of: tautulli + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tautulli-config-backup +spec: + sourcePVC: tautulli-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tautulli-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml rename to clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml index 6f9068153..108abfcdf 100644 --- a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tdarr-config-backup-secret + name: tdarr-config-backup-secret-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-config-backup-secret + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml new file mode 100644 index 000000000..acad7e3cd --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-config-backup-secret-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml new file mode 100644 index 000000000..0d86e41a7 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-config-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-config-backup-secret-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-config" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml rename to clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml index ea7923616..c1a33473d 100644 --- a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret.yaml +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tdarr-server-backup-secret + name: tdarr-server-backup-secret-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-server-backup-secret + helm.sh/chart: volsync-target-server-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml new file mode 100644 index 000000000..6b954213a --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-server-backup-secret-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-server" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml new file mode 100644 index 000000000..3572b0d6d --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ExternalSecret-tdarr-server-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: tdarr-server-backup-secret-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/tdarr/tdarr-server" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml rename to clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml index 4d6b8a832..3bbf2970e 100644 --- a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source.yaml +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tdarr-config-backup-source + name: tdarr-config-backup-source-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-config-backup-source + helm.sh/chart: volsync-target-config-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup spec: sourcePVC: tdarr-config trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tdarr-config-backup-secret + repository: tdarr-config-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml new file mode 100644 index 000000000..8b13ee1f2 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-config-backup-source-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup +spec: + sourcePVC: tdarr-config + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-config-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml new file mode 100644 index 000000000..c9cb60d58 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-config-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-config-backup-source-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-config-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-config-backup +spec: + sourcePVC: tdarr-config + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-config-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml similarity index 62% rename from clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml rename to clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml index 433668a58..a178b213e 100644 --- a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source.yaml +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-external.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: tdarr-server-backup-source + name: tdarr-server-backup-source-external namespace: tdarr labels: - app.kubernetes.io/name: tdarr-server-backup-source + helm.sh/chart: volsync-target-server-0.5.0 app.kubernetes.io/instance: tdarr app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup spec: sourcePVC: tdarr-server trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 - repository: tdarr-server-backup-secret + repository: tdarr-server-backup-secret-external retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml new file mode 100644 index 000000000..b17d232bb --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-server-backup-source-local + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup +spec: + sourcePVC: tdarr-server + trigger: + schedule: 0 2 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-server-backup-secret-local + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml new file mode 100644 index 000000000..823c57599 --- /dev/null +++ b/clusters/cl01tl/manifests/tdarr/ReplicationSource-tdarr-server-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: tdarr-server-backup-source-remote + namespace: tdarr + labels: + helm.sh/chart: volsync-target-server-0.5.0 + app.kubernetes.io/instance: tdarr + app.kubernetes.io/part-of: tdarr + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tdarr-server-backup +spec: + sourcePVC: tdarr-server + trigger: + schedule: 0 3 * * * + restic: + pruneIntervalDays: 7 + repository: tdarr-server-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index 73237534d..87a48a5ff 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -15,7 +15,7 @@ spec: startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 4 * * *" - successfulJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml similarity index 73% rename from clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml rename to clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml index ba6421e8f..b4d985dd4 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-external.yaml @@ -1,12 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vaultwarden-data-backup-secret + name: vaultwarden-data-backup-secret-external namespace: vaultwarden labels: - app.kubernetes.io/name: vaultwarden-data-backup-secret + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore @@ -22,21 +25,21 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None - property: S3_BUCKET_ENDPOINT + property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID @@ -45,11 +48,11 @@ spec: decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: access_key + property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None - property: secret_key + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml new file mode 100644 index 000000000..35b7f9e70 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: vaultwarden-data-backup-secret-local + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/vaultwarden/vaultwarden-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml new file mode 100644 index 000000000..a8560db23 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: vaultwarden-data-backup-secret-remote + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/vaultwarden/vaultwarden-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml new file mode 100644 index 000000000..8c4d45611 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: vaultwarden-data-backup-source-external + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup +spec: + sourcePVC: vaultwarden-data + trigger: + schedule: 0 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: vaultwarden-data-backup-secret-external + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml similarity index 59% rename from clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml rename to clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml index be2c3590b..b461ebb38 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-local.yaml @@ -1,25 +1,29 @@ apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: vaultwarden-data-backup-source + name: vaultwarden-data-backup-source-local namespace: vaultwarden labels: - app.kubernetes.io/name: vaultwarden-data-backup-source + helm.sh/chart: volsync-target-data-0.5.0 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup spec: sourcePVC: vaultwarden-data trigger: - schedule: 0 4 * * * + schedule: 0 0 0 * * * restic: pruneIntervalDays: 7 - repository: vaultwarden-data-backup-secret + repository: vaultwarden-data-backup-secret-local retain: - hourly: 1 daily: 3 - weekly: 2 + hourly: 1 monthly: 2 + weekly: 2 yearly: 4 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml new file mode 100644 index 000000000..bfff5fc85 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ReplicationSource-vaultwarden-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: vaultwarden-data-backup-source-remote + namespace: vaultwarden + labels: + helm.sh/chart: volsync-target-data-0.5.0 + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/part-of: vaultwarden + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden-data-backup +spec: + sourcePVC: vaultwarden-data + trigger: + schedule: 0 0 0 * * * + restic: + pruneIntervalDays: 7 + repository: vaultwarden-data-backup-secret-remote + retain: + daily: 3 + hourly: 1 + monthly: 2 + weekly: 2 + yearly: 4 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi -- 2.49.1 From 77e82136b086cfcccd090b438bc77f078f9ea72c Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 17 Dec 2025 22:29:55 +0000 Subject: [PATCH 2/2] chore: Update manifests after change --- .../code-server/Deployment-code-server-cloudflared.yaml | 2 +- .../ExternalSecret-code-server-cloudflared-secret.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml index 7ce8f3216..9419117a9 100644 --- a/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml +++ b/clusters/cl01tl/manifests/code-server/Deployment-code-server-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2025.11.1 - helm.sh/chart: cloudflared-2.0.0 + helm.sh/chart: cloudflared-2.0.1 namespace: code-server spec: revisionHistoryLimit: 3 diff --git a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml index d991a454b..06361681b 100644 --- a/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/code-server/ExternalSecret-code-server-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: code-server-cloudflared-secret namespace: code-server labels: - helm.sh/chart: cloudflared-2.0.0 + helm.sh/chart: cloudflared-2.0.1 app.kubernetes.io/instance: code-server app.kubernetes.io/part-of: code-server - app.kubernetes.io/version: "2.0.0" + app.kubernetes.io/version: "2.0.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: code-server-cloudflared-secret spec: @@ -19,6 +19,6 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cloudflare/tunnels//code-server + key: /cloudflare/tunnels/code-server metadataPolicy: None property: token -- 2.49.1