etcd-backup: controllers: local: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: 0 2 * * * backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 - name: CUSTOM_S3_ENDPOINT value: http://garage-main.garage:3900 - name: BUCKET value: talos-backups - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-local-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-local-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: Local - name: DATE_RANGE_SECONDS value: "2419200" remote: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: 0 3 * * * backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 - name: CUSTOM_S3_ENDPOINT value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - name: BUCKET value: talos-backups - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-remote-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-remote-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: Remote - name: DATE_RANGE_SECONDS value: "2419200" external: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: 0 4 * * * backoffLimit: 3 parallelism: 1 containers: backup: image: repository: ghcr.io/siderolabs/talos-backup tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953 command: - /talos-backup workingDir: /tmp securityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 - name: CUSTOM_S3_ENDPOINT value: https://nyc3.digitaloceanspaces.com - name: BUCKET value: talos-backups-bee8585f7b8a4d0239c9b823 - name: S3_PREFIX value: "cl01tl/etcd" - name: CLUSTER_NAME value: "cl01tl" - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: name: talos-etcd-backup-external-secret key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2 command: - /bin/sh args: - -ec - /scripts/prune.sh envFrom: - secretRef: name: talos-etcd-backup-external-secret - secretRef: name: talos-backup-ntfy-secret env: - name: TARGET value: External - name: DATE_RANGE_SECONDS value: "1209600" persistence: secret: enabled: true type: secret name: talos-backup-secrets advancedMounts: local: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None remote: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None external: backup: - path: /var/run/secrets/talos.dev readOnly: true mountPropagation: None prune-script: enabled: true type: configMap name: talos-prune-script defaultMode: 0755 advancedMounts: local: s3-prune: - path: /scripts/prune.sh subPath: prune.sh remote: s3-prune: - path: /scripts/prune.sh subPath: prune.sh external: s3-prune: - path: /scripts/prune.sh subPath: prune.sh s3cmd-config-local: enabled: true type: secret name: talos-etcd-backup-local-secret advancedMounts: local: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg s3cmd-config-remote: enabled: true type: secret name: talos-etcd-backup-remote-secret advancedMounts: remote: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg s3cmd-config-external: enabled: true type: secret name: talos-etcd-backup-external-secret advancedMounts: external: s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg tmp-local: type: emptyDir medium: Memory advancedMounts: local: backup: - path: /tmp readOnly: false tmp-remote: type: emptyDir medium: Memory advancedMounts: remote: backup: - path: /tmp readOnly: false tmp-external: type: emptyDir medium: Memory advancedMounts: external: backup: - path: /tmp readOnly: false talos-local: type: emptyDir medium: Memory advancedMounts: local: backup: - path: /.talos readOnly: false talos-remote: type: emptyDir medium: Memory advancedMounts: remote: backup: - path: /.talos readOnly: false talos-external: type: emptyDir medium: Memory advancedMounts: external: backup: - path: /.talos readOnly: false etcd-defrag: global: fullnameOverride: etcd-defrag controllers: defrag-1: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: "0 0 * * 0" backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 args: - etcd - defrag - -n - "10.232.1.11" env: - name: TALOSCONFIG value: /tmp/.talos/config defrag-2: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: "10 0 * * 0" backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 args: - etcd - defrag - -n - "10.232.1.12" env: - name: TALOSCONFIG value: /tmp/.talos/config defrag-3: type: cronjob pod: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule cronjob: suspend: false timeZone: America/Chicago schedule: "20 0 * * 0" backoffLimit: 3 parallelism: 1 containers: main: image: repository: ghcr.io/siderolabs/talosctl tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54 args: - etcd - defrag - -n - "10.232.1.13" env: - name: TALOSCONFIG value: /tmp/.talos/config persistence: talos-config-1: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-1: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config talos-config-2: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-2: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config talos-config-3: enabled: true type: secret name: talos-etcd-defrag-secret advancedMounts: defrag-3: main: - path: /tmp/.talos/config readOnly: true mountPropagation: None subPath: config