etcd-backup: controllers: main: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: "0 2 * * *" startingDeadlineSeconds: 90 successfulJobsHistory: 3 failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7 pullPolicy: IfNotPresent command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 - name: CUSTOM_S3_ENDPOINT value: https://nyc3.digitaloceanspaces.com - name: BUCKET value: talos-backups-bee8585f7b8a4d0239c9b823 - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" resources: requests: cpu: 100m memory: 128Mi s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:dacbd4baa0c66df934e96a9325b9e34563c2ab8e4dd0fe9fd1bd9793d53fb606 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | export ONE_WEEK_AGO=$(date -d @$(( $(date +%s) - 604800 )) +%Y-%m-%d\ %H:%M:%S); export TWO_WEEK_AGO=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%d\ %H:%M:%S); export TIME_RANGE="$TWO_WEEK_AGO" echo ">> Running S3 prune for Gitea backup repository" echo ">> Backups prior to '$TIME_RANGE' will be removed" echo ">> File list:" s3cmd ls -v ${BUCKET}/cl01tl/etcd/ echo ">> Deleting ..." s3cmd ls -v ${BUCKET}/cl01tl/etcd/ | awk -v time_range="$TIME_RANGE" '$1 < time_range {print $4}' | while read file; do s3cmd del -v "$file"; echo ">> Deleted $file"; done; echo ">> Completed S3 prune for Gitea backup repository" env: - name: BUCKET valueFrom: secretKeyRef: name: talos-etcd-backup-secret key: BUCKET resources: requests: cpu: 100m memory: 128Mi persistence: tmp: type: emptyDir medium: Memory advancedMounts: main: main: - path: /tmp readOnly: false talos: type: emptyDir medium: Memory advancedMounts: main: main: - path: /.talos readOnly: false secret: enabled: true type: secret name: talos-backup-secrets advancedMounts: main: main: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None s3cmd-config: enabled: true type: secret name: talos-etcd-backup-secret advancedMounts: main: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg