apiVersion: apps/v1 kind: Deployment metadata: name: backrest labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: backrest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest helm.sh/chart: backrest-4.6.2 namespace: backrest spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: backrest app.kubernetes.io/instance: backrest template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: backrest app.kubernetes.io/name: backrest spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: TZ value: America/Chicago - name: BACKREST_DATA value: /data - name: BACKREST_CONFIG value: /config/config.json - name: XDG_CACHE_HOME value: /cache - name: TMPDIR value: /tmp image: garethgeorge/backrest:v1.12.1 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi volumeMounts: - mountPath: /cache name: cache - mountPath: /config name: config - mountPath: /data name: data - mountPath: /mnt/share name: share readOnly: true - mountPath: /mnt/storage name: storage readOnly: true - mountPath: /tmp name: tmp volumes: - emptyDir: {} name: cache - name: config persistentVolumeClaim: claimName: backrest-config - name: data persistentVolumeClaim: claimName: backrest-data - name: share persistentVolumeClaim: claimName: backrest-nfs-share - name: storage persistentVolumeClaim: claimName: backrest-nfs-storage - emptyDir: {} name: tmp --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-config-backup-secret-external namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-config-backup-secret-local namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup-secret-local spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-config-backup-secret-remote namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup-secret-remote spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-config" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-data-backup-secret-external namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup-secret-external spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/digital-ocean metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-data-backup-secret-local namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup-secret-local spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-local metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: backrest-data-backup-secret-remote namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup-secret-remote spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/backrest/backrest-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /volsync/restic/garage-remote metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/volsync-backups metadataPolicy: None property: ACCESS_SECRET_KEY --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: backrest labels: app.kubernetes.io/instance: backrest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest helm.sh/chart: backrest-4.6.2 namespace: backrest spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "backrest.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: backrest namespace: backrest port: 80 weight: 100 matches: - path: type: PathPrefix value: / --- apiVersion: v1 kind: PersistentVolume metadata: name: backrest-nfs-share namespace: backrest labels: app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Share server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- apiVersion: v1 kind: PersistentVolume metadata: name: backrest-nfs-storage namespace: backrest labels: app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client capacity: storage: 1Gi accessModes: - ReadWriteMany nfs: path: /volume2/Storage server: synologybond.alexlebens.net mountOptions: - vers=4 - minorversion=1 - noac --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: backrest-config labels: app.kubernetes.io/instance: backrest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest helm.sh/chart: backrest-4.6.2 annotations: helm.sh/resource-policy: keep namespace: backrest spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: backrest-data labels: app.kubernetes.io/instance: backrest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest helm.sh/chart: backrest-4.6.2 annotations: helm.sh/resource-policy: keep namespace: backrest spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "10Gi" storageClassName: "ceph-block" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: backrest-nfs-share namespace: backrest labels: app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest spec: volumeName: backrest-nfs-share storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: backrest-nfs-storage namespace: backrest labels: app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest spec: volumeName: backrest-nfs-storage storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-config-backup-source-external namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup spec: sourcePVC: backrest-config trigger: schedule: 8 10 * * * restic: pruneIntervalDays: 7 repository: backrest-config-backup-secret-external retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-config-backup-source-local namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup spec: sourcePVC: backrest-config trigger: schedule: 8 8 * * * restic: pruneIntervalDays: 7 repository: backrest-config-backup-secret-local retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-config-backup-source-remote namespace: backrest labels: helm.sh/chart: volsync-target-config-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-config-backup spec: sourcePVC: backrest-config trigger: schedule: 8 9 * * * restic: pruneIntervalDays: 7 repository: backrest-config-backup-secret-remote retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-data-backup-source-external namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup spec: sourcePVC: backrest-data trigger: schedule: 6 10 * * * restic: pruneIntervalDays: 7 repository: backrest-data-backup-secret-external retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-data-backup-source-local namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup spec: sourcePVC: backrest-data trigger: schedule: 6 8 * * * restic: pruneIntervalDays: 7 repository: backrest-data-backup-secret-local retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: backrest-data-backup-source-remote namespace: backrest labels: helm.sh/chart: volsync-target-data-0.8.0 app.kubernetes.io/instance: backrest app.kubernetes.io/part-of: backrest app.kubernetes.io/version: "0.8.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest-data-backup spec: sourcePVC: backrest-data trigger: schedule: 6 9 * * * restic: pruneIntervalDays: 7 repository: backrest-data-backup-secret-remote retain: daily: 7 hourly: 0 monthly: 3 weekly: 4 yearly: 1 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot cacheCapacity: 1Gi --- apiVersion: v1 kind: Service metadata: name: backrest labels: app.kubernetes.io/instance: backrest app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backrest app.kubernetes.io/service: backrest helm.sh/chart: backrest-4.6.2 namespace: backrest spec: type: ClusterIP ports: - port: 80 targetPort: 9898 protocol: TCP name: http selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: backrest app.kubernetes.io/name: backrest