etcd-backup: controllers: main: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 2 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 3 failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 - name: CUSTOM_S3_ENDPOINT value: https://nyc3.digitaloceanspaces.com - name: BUCKET value: talos-backups-bee8585f7b8a4d0239c9b823 - name: S3_PREFIX value: "cl01tl" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" resources: requests: cpu: 100m memory: 128Mi persistence: tmp: type: emptyDir medium: Memory advancedMounts: main: main: - path: /tmp readOnly: false talos: type: emptyDir medium: Memory advancedMounts: main: main: - path: /.talos readOnly: false secret: enabled: true type: secret name: talos-backup-secrets advancedMounts: main: main: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None