etcd-backup: controllers: local: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 2 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 - name: CUSTOM_S3_ENDPOINT value: http://garage-main.garage:3900 - name: BUCKET value: talos-backups - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-local-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: Local - name: DATE_RANGE_SECONDS value: "2419200" remote: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 3 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 - name: CUSTOM_S3_ENDPOINT value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - name: BUCKET value: talos-backups - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-remote-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: Remote - name: DATE_RANGE_SECONDS value: "2419200" external: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 4 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 - name: CUSTOM_S3_ENDPOINT value: https://nyc3.digitaloceanspaces.com - name: BUCKET value: talos-backups-bee8585f7b8a4d0239c9b823 - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-external-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: External - name: DATE_RANGE_SECONDS value: "1209600" persistence: secret: enabled: true type: secret name: talos-backup-secrets advancedMounts: local: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None remote: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None external: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None prune-script: enabled: true type: configMap name: talos-prune-script defaultMode: 0755 advancedMounts: local: s3-prune: - path: /scripts/prune.sh subPath: prune.sh remote: s3-prune: - path: /scripts/prune.sh subPath: prune.sh external: s3-prune: - path: /scripts/prune.sh subPath: prune.sh s3cmd-config-local: enabled: true type: secret name: talos-etcd-backup-local-secret advancedMounts: local: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg s3cmd-config-remote: enabled: true type: secret name: talos-etcd-backup-remote-secret advancedMounts: remote: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg s3cmd-config-external: enabled: true type: secret name: talos-etcd-backup-external-secret advancedMounts: external: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg tmp-local: type: emptyDir medium: Memory advancedMounts: local: backup: - path: /tmp readOnly: false tmp-remote: type: emptyDir medium: Memory advancedMounts: remote: backup: - path: /tmp readOnly: false tmp-external: type: emptyDir medium: Memory advancedMounts: external: backup: - path: /tmp readOnly: false talos-local: type: emptyDir medium: Memory advancedMounts: local: backup: - path: /.talos readOnly: false talos-remote: type: emptyDir medium: Memory advancedMounts: remote: backup: - path: /.talos readOnly: false talos-external: type: emptyDir medium: Memory advancedMounts: external: backup: - path: /.talos readOnly: false etcd-defrag: global: fullnameOverride: etcd-defrag controllers: defrag-1: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 0 * * 0" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.11.6 pullPolicy: IfNotPresent args: - etcd - defrag - -n - "10.232.1.11" env: - name: TALOSCONFIG value: /tmp/.talos/config defrag-2: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "10 0 * * 0" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.11.6 pullPolicy: IfNotPresent args: - etcd - defrag - -n - "10.232.1.12" env: - name: TALOSCONFIG value: /tmp/.talos/config defrag-3: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "20 0 * * 0" startingDeadlineSeconds: 90 successfulJobsHistory: 1 failedJobsHistory: 1 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.11.6 pullPolicy: IfNotPresent args: - etcd - defrag - -n - "10.232.1.13" env: - name: TALOSCONFIG value: /tmp/.talos/config persistence: talos-config-1: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-1: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config talos-config-2: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-2: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config talos-config-3: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-3: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config