etcd-backup: controllers: main: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 2 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 3 failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 - name: CUSTOM_S3_ENDPOINT value: https://nyc3.digitaloceanspaces.com - name: BUCKET value: talos-backups-bee8585f7b8a4d0239c9b823 - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" resources: requests: cpu: 100m memory: 128Mi s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:4e1ea572a90e25f42fe0550b86bad601508033030dd6989c63b85a79e143c8b4 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ); export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age" echo ">> Running S3 prune for Talos backup repository" echo ">> Backups prior to '$DATE_RANGE' will be removed" echo ">> Backups to be removed:" s3cmd ls ${BUCKET}/cl01tl/etcd/ | awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' echo ">> Deleting ..." s3cmd ls ${BUCKET}/cl01tl/etcd/ | awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' | while read file; do s3cmd del "$file"; done; echo ">> Completed S3 prune for Talos backup repository" env: - name: BUCKET valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: BUCKET resources: requests: cpu: 100m memory: 128Mi persistence: tmp: type: emptyDir medium: Memory advancedMounts: main: main: - path: /tmp readOnly: false talos: type: emptyDir medium: Memory advancedMounts: main: main: - path: /.talos readOnly: false secret: enabled: true type: secret name: talos-backup-secrets advancedMounts: main: main: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None s3cmd-config: enabled: true type: secret name: talos-etcd-backup-secret advancedMounts: main: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg