From b67ea2a49f6a9d06c95e97cf3b5d6e36fbc820fb Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 20 Dec 2025 20:50:48 +0000 Subject: [PATCH] chore: Update manifests after change --- .../talos/CronJob-talos-external.yaml | 142 ++++++++ .../manifests/talos/CronJob-talos-local.yaml | 142 ++++++++ .../manifests/talos/CronJob-talos-remote.yaml | 142 ++++++++ .../cl01tl/manifests/talos/CronJob-talos.yaml | 305 ------------------ 4 files changed, 426 insertions(+), 305 deletions(-) create mode 100644 clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml create mode 100644 clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml create mode 100644 clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml delete mode 100644 clusters/cl01tl/manifests/talos/CronJob-talos.yaml diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml new file mode 100644 index 000000000..5166d8020 --- /dev/null +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml @@ -0,0 +1,142 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: talos-external + labels: + app.kubernetes.io/controller: external + app.kubernetes.io/instance: talos + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: talos + helm.sh/chart: etcd-backup-4.5.0 + namespace: talos +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 4 * * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: external + app.kubernetes.io/instance: talos + app.kubernetes.io/name: talos + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + containers: + - command: + - /talos-backup + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: talos-etcd-backup-external-secret + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: talos-etcd-backup-external-secret + - name: AWS_REGION + value: nyc3 + - name: CUSTOM_S3_ENDPOINT + value: https://nyc3.digitaloceanspaces.com + - name: BUCKET + value: talos-backups-bee8585f7b8a4d0239c9b823 + - name: S3_PREFIX + value: cl01tl/etcd + - name: CLUSTER_NAME + value: cl01tl + - name: AGE_X25519_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: AGE_X25519_PUBLIC_KEY + name: talos-etcd-backup-external-secret + - name: USE_PATH_STYLE + value: "false" + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b + imagePullPolicy: IfNotPresent + name: backup + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/secrets/talos.dev + mountPropagation: None + name: secret + readOnly: true + - mountPath: /.talos + name: talos-external + - mountPath: /tmp + name: tmp-external + workingDir: /tmp + - args: + - -ec + - /scripts/prune.sh + command: + - /bin/sh + env: + - name: TARGET + value: External + - name: DATE_RANGE_SECONDS + value: "1.2096e+06" + envFrom: + - secretRef: + name: talos-etcd-backup-external-secret + - secretRef: + name: talos-backup-ntfy-secret + image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f + imagePullPolicy: IfNotPresent + name: s3-prune + volumeMounts: + - mountPath: /scripts/prune.sh + name: prune-script + subPath: prune.sh + - mountPath: /root/.s3cfg + mountPropagation: None + name: s3cmd-config-external + readOnly: true + subPath: .s3cfg + volumes: + - configMap: + defaultMode: 493 + name: talos-prune-script + name: prune-script + - name: s3cmd-config-external + secret: + secretName: talos-etcd-backup-external-secret + - name: secret + secret: + secretName: talos-backup-secrets + - emptyDir: + medium: Memory + name: talos-external + - emptyDir: + medium: Memory + name: tmp-external diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml new file mode 100644 index 000000000..ef64f272d --- /dev/null +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml @@ -0,0 +1,142 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: talos-local + labels: + app.kubernetes.io/controller: local + app.kubernetes.io/instance: talos + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: talos + helm.sh/chart: etcd-backup-4.5.0 + namespace: talos +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 2 * * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: local + app.kubernetes.io/instance: talos + app.kubernetes.io/name: talos + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + containers: + - command: + - /talos-backup + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: talos-etcd-backup-local-secret + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: talos-etcd-backup-local-secret + - name: AWS_REGION + value: us-east-1 + - name: CUSTOM_S3_ENDPOINT + value: http://garage-main.garage:3900 + - name: BUCKET + value: talos-backups + - name: S3_PREFIX + value: cl01tl/etcd + - name: CLUSTER_NAME + value: cl01tl + - name: AGE_X25519_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: AGE_X25519_PUBLIC_KEY + name: talos-etcd-backup-local-secret + - name: USE_PATH_STYLE + value: "true" + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 + imagePullPolicy: IfNotPresent + name: backup + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/secrets/talos.dev + mountPropagation: None + name: secret + readOnly: true + - mountPath: /.talos + name: talos-local + - mountPath: /tmp + name: tmp-local + workingDir: /tmp + - args: + - -ec + - /scripts/prune.sh + command: + - /bin/sh + env: + - name: TARGET + value: Local + - name: DATE_RANGE_SECONDS + value: "2.4192e+06" + envFrom: + - secretRef: + name: talos-etcd-backup-local-secret + - secretRef: + name: talos-backup-ntfy-secret + image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f + imagePullPolicy: IfNotPresent + name: s3-prune + volumeMounts: + - mountPath: /scripts/prune.sh + name: prune-script + subPath: prune.sh + - mountPath: /root/.s3cfg + mountPropagation: None + name: s3cmd-config-local + readOnly: true + subPath: .s3cfg + volumes: + - configMap: + defaultMode: 493 + name: talos-prune-script + name: prune-script + - name: s3cmd-config-local + secret: + secretName: talos-etcd-backup-local-secret + - name: secret + secret: + secretName: talos-backup-secrets + - emptyDir: + medium: Memory + name: talos-local + - emptyDir: + medium: Memory + name: tmp-local diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml new file mode 100644 index 000000000..8eb1f4769 --- /dev/null +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml @@ -0,0 +1,142 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: talos-remote + labels: + app.kubernetes.io/controller: remote + app.kubernetes.io/instance: talos + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: talos + helm.sh/chart: etcd-backup-4.5.0 + namespace: talos +spec: + suspend: false + concurrencyPolicy: Forbid + startingDeadlineSeconds: 90 + timeZone: US/Central + schedule: "0 3 * * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + parallelism: 1 + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/controller: remote + app.kubernetes.io/instance: talos + app.kubernetes.io/name: talos + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + restartPolicy: Never + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + containers: + - command: + - /talos-backup + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: talos-etcd-backup-remote-secret + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: talos-etcd-backup-remote-secret + - name: AWS_REGION + value: us-east-1 + - name: CUSTOM_S3_ENDPOINT + value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + - name: BUCKET + value: talos-backups + - name: S3_PREFIX + value: cl01tl/etcd + - name: CLUSTER_NAME + value: cl01tl + - name: AGE_X25519_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: AGE_X25519_PUBLIC_KEY + name: talos-etcd-backup-remote-secret + - name: USE_PATH_STYLE + value: "true" + image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 + imagePullPolicy: IfNotPresent + name: backup + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/secrets/talos.dev + mountPropagation: None + name: secret + readOnly: true + - mountPath: /.talos + name: talos-remote + - mountPath: /tmp + name: tmp-remote + workingDir: /tmp + - args: + - -ec + - /scripts/prune.sh + command: + - /bin/sh + env: + - name: TARGET + value: Remote + - name: DATE_RANGE_SECONDS + value: "2.4192e+06" + envFrom: + - secretRef: + name: talos-etcd-backup-remote-secret + - secretRef: + name: talos-backup-ntfy-secret + image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f + imagePullPolicy: IfNotPresent + name: s3-prune + volumeMounts: + - mountPath: /scripts/prune.sh + name: prune-script + subPath: prune.sh + - mountPath: /root/.s3cfg + mountPropagation: None + name: s3cmd-config-remote + readOnly: true + subPath: .s3cfg + volumes: + - configMap: + defaultMode: 493 + name: talos-prune-script + name: prune-script + - name: s3cmd-config-remote + secret: + secretName: talos-etcd-backup-remote-secret + - name: secret + secret: + secretName: talos-backup-secrets + - emptyDir: + medium: Memory + name: talos-remote + - emptyDir: + medium: Memory + name: tmp-remote diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos.yaml deleted file mode 100644 index 527f79e9c..000000000 --- a/clusters/cl01tl/manifests/talos/CronJob-talos.yaml +++ /dev/null @@ -1,305 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: talos - labels: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: talos - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: talos - helm.sh/chart: etcd-backup-4.5.0 - namespace: talos -spec: - suspend: false - concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central - schedule: "0 2 * * *" - successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 1 - jobTemplate: - spec: - parallelism: 1 - backoffLimit: 3 - template: - metadata: - labels: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: talos - app.kubernetes.io/name: talos - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - restartPolicy: Never - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - containers: - - command: - - /talos-backup - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: talos-etcd-backup-external-secret - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: talos-etcd-backup-external-secret - - name: AWS_REGION - value: nyc3 - - name: CUSTOM_S3_ENDPOINT - value: https://nyc3.digitaloceanspaces.com - - name: BUCKET - value: talos-backups-bee8585f7b8a4d0239c9b823 - - name: S3_PREFIX - value: cl01tl/etcd - - name: CLUSTER_NAME - value: cl01tl - - name: AGE_X25519_PUBLIC_KEY - valueFrom: - secretKeyRef: - key: AGE_X25519_PUBLIC_KEY - name: talos-etcd-backup-external-secret - - name: USE_PATH_STYLE - value: "false" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b - imagePullPolicy: IfNotPresent - name: external - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/run/secrets/talos.dev - mountPropagation: None - name: secret - readOnly: true - - mountPath: /.talos - name: talos-external - - mountPath: /tmp - name: tmp-external - workingDir: /tmp - - command: - - /talos-backup - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: talos-etcd-backup-local-secret - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: talos-etcd-backup-local-secret - - name: AWS_REGION - value: us-east-1 - - name: CUSTOM_S3_ENDPOINT - value: http://garage-main.garage:3900 - - name: BUCKET - value: talos-backups - - name: S3_PREFIX - value: cl01tl/etcd - - name: CLUSTER_NAME - value: cl01tl - - name: AGE_X25519_PUBLIC_KEY - valueFrom: - secretKeyRef: - key: AGE_X25519_PUBLIC_KEY - name: talos-etcd-backup-local-secret - - name: USE_PATH_STYLE - value: "true" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 - imagePullPolicy: IfNotPresent - name: local - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/run/secrets/talos.dev - mountPropagation: None - name: secret - readOnly: true - - mountPath: /.talos - name: talos-local - - mountPath: /tmp - name: tmp-local - workingDir: /tmp - - command: - - /talos-backup - env: - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: talos-etcd-backup-remote-secret - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: talos-etcd-backup-remote-secret - - name: AWS_REGION - value: us-east-1 - - name: CUSTOM_S3_ENDPOINT - value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - - name: BUCKET - value: talos-backups - - name: S3_PREFIX - value: cl01tl/etcd - - name: CLUSTER_NAME - value: cl01tl - - name: AGE_X25519_PUBLIC_KEY - valueFrom: - secretKeyRef: - key: AGE_X25519_PUBLIC_KEY - name: talos-etcd-backup-remote-secret - - name: USE_PATH_STYLE - value: "true" - image: ghcr.io/siderolabs/talos-backup:v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 - imagePullPolicy: IfNotPresent - name: remote - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/run/secrets/talos.dev - mountPropagation: None - name: secret - readOnly: true - - mountPath: /.talos - name: talos-remote - - mountPath: /tmp - name: tmp-remote - workingDir: /tmp - - args: - - -ec - - /scripts/prune.sh - command: - - /bin/sh - env: - - name: TARGET - value: External - - name: DATE_RANGE_SECONDS - value: "1.2096e+06" - envFrom: - - secretRef: - name: talos-etcd-backup-external-secret - - secretRef: - name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f - imagePullPolicy: IfNotPresent - name: s3-prune-external - volumeMounts: - - mountPath: /scripts/prune.sh - name: prune-script - subPath: prune.sh - - args: - - -ec - - /scripts/prune.sh - command: - - /bin/sh - env: - - name: TARGET - value: Local - - name: DATE_RANGE_SECONDS - value: "2.4192e+06" - envFrom: - - secretRef: - name: talos-etcd-backup-local-secret - - secretRef: - name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f - imagePullPolicy: IfNotPresent - name: s3-prune-local - volumeMounts: - - mountPath: /scripts/prune.sh - name: prune-script - subPath: prune.sh - - args: - - -ec - - /scripts/prune.sh - command: - - /bin/sh - env: - - name: TARGET - value: Remote - - name: DATE_RANGE_SECONDS - value: "2.4192e+06" - envFrom: - - secretRef: - name: talos-etcd-backup-remote-secret - - secretRef: - name: talos-backup-ntfy-secret - image: d3fk/s3cmd:latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f - imagePullPolicy: IfNotPresent - name: s3-prune-remote - volumeMounts: - - mountPath: /scripts/prune.sh - name: prune-script - subPath: prune.sh - volumes: - - configMap: - defaultMode: 493 - name: talos-prune-script - name: prune-script - - name: s3cmd-config-external - secret: - secretName: talos-etcd-backup-external-secret - - name: s3cmd-config-local - secret: - secretName: talos-etcd-backup-local-secret - - name: s3cmd-config-remote - secret: - secretName: talos-etcd-backup-remote-secret - - name: secret - secret: - secretName: talos-backup-secrets - - emptyDir: - medium: Memory - name: talos-external - - emptyDir: - medium: Memory - name: talos-local - - emptyDir: - medium: Memory - name: talos-remote - - emptyDir: - medium: Memory - name: tmp-external - - emptyDir: - medium: Memory - name: tmp-local - - emptyDir: - medium: Memory - name: tmp-remote -- 2.49.1