alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity
Files
774ae3bd44be2ce3684d5199d6a68459a0b18416
infrastructure/clusters/cl01tl/helm/talos/values.yaml
Alex Lebens a3ce90b4d4
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 26s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
feat: refactor apps
2026-04-06 21:27:00 -05:00

485 lines
14 KiB
YAML
Raw Blame History

etcd-backup:
controllers:
local:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 2 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: talos-etcd-backup-local-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-local-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
value: us-east-1
- name: CUSTOM_S3_ENDPOINT
value: http://garage-main.garage:3900
- name: BUCKET
value: talos-backups
- name: S3_PREFIX
value: "cl01tl/etcd"
- name: CLUSTER_NAME
value: "cl01tl"
- name: AGE_X25519_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-local-secret
key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE
value: "false"
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
- -ec
- /scripts/prune.sh
envFrom:
- secretRef:
name: talos-etcd-backup-local-secret
- secretRef:
name: talos-backup-ntfy-secret
env:
- name: TARGET
value: Local
- name: DATE_RANGE_SECONDS
value: "2419200"
remote:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 3 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: talos-etcd-backup-remote-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-remote-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
value: us-east-1
- name: CUSTOM_S3_ENDPOINT
value: https://garage-ps10rp.boreal-beaufort.ts.net:3900
- name: BUCKET
value: talos-backups
- name: S3_PREFIX
value: "cl01tl/etcd"
- name: CLUSTER_NAME
value: "cl01tl"
- name: AGE_X25519_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-remote-secret
key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE
value: "false"
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
- -ec
- /scripts/prune.sh
envFrom:
- secretRef:
name: talos-etcd-backup-remote-secret
- secretRef:
name: talos-backup-ntfy-secret
env:
- name: TARGET
value: Remote
- name: DATE_RANGE_SECONDS
value: "2419200"
external:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 4 * * *
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
command:
- /talos-backup
workingDir: /tmp
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: talos-etcd-backup-external-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-external-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
value: nyc3
- name: CUSTOM_S3_ENDPOINT
value: https://nyc3.digitaloceanspaces.com
- name: BUCKET
value: talos-backups-bee8585f7b8a4d0239c9b823
- name: S3_PREFIX
value: "cl01tl/etcd"
- name: CLUSTER_NAME
value: "cl01tl"
- name: AGE_X25519_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: talos-etcd-backup-external-secret
key: AGE_X25519_PUBLIC_KEY
- name: USE_PATH_STYLE
value: "false"
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
- -ec
- /scripts/prune.sh
envFrom:
- secretRef:
name: talos-etcd-backup-external-secret
- secretRef:
name: talos-backup-ntfy-secret
env:
- name: TARGET
value: External
- name: DATE_RANGE_SECONDS
value: "1209600"
persistence:
secret:
enabled: true
type: secret
name: talos-backup-secrets
advancedMounts:
local:
backup:
- path: /var/run/secrets/talos.dev
readOnly: true
mountPropagation: None
remote:
backup:
- path: /var/run/secrets/talos.dev
readOnly: true
mountPropagation: None
external:
backup:
- path: /var/run/secrets/talos.dev
readOnly: true
mountPropagation: None
prune-script:
enabled: true
type: configMap
name: talos-prune-script
defaultMode: 0755
advancedMounts:
local:
s3-prune:
- path: /scripts/prune.sh
subPath: prune.sh
remote:
s3-prune:
- path: /scripts/prune.sh
subPath: prune.sh
external:
s3-prune:
- path: /scripts/prune.sh
subPath: prune.sh
s3cmd-config-local:
enabled: true
type: secret
name: talos-etcd-backup-local-secret
advancedMounts:
local:
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3cmd-config-remote:
enabled: true
type: secret
name: talos-etcd-backup-remote-secret
advancedMounts:
remote:
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3cmd-config-external:
enabled: true
type: secret
name: talos-etcd-backup-external-secret
advancedMounts:
external:
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
tmp-local:
type: emptyDir
medium: Memory
advancedMounts:
local:
backup:
- path: /tmp
readOnly: false
tmp-remote:
type: emptyDir
medium: Memory
advancedMounts:
remote:
backup:
- path: /tmp
readOnly: false
tmp-external:
type: emptyDir
medium: Memory
advancedMounts:
external:
backup:
- path: /tmp
readOnly: false
talos-local:
type: emptyDir
medium: Memory
advancedMounts:
local:
backup:
- path: /.talos
readOnly: false
talos-remote:
type: emptyDir
medium: Memory
advancedMounts:
remote:
backup:
- path: /.talos
readOnly: false
talos-external:
type: emptyDir
medium: Memory
advancedMounts:
external:
backup:
- path: /.talos
readOnly: false
etcd-defrag:
global:
fullnameOverride: etcd-defrag
controllers:
defrag-1:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: "0 0 * * 0"
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag
- -n
- "10.232.1.11"
env:
- name: TALOSCONFIG
value: /tmp/.talos/config
defrag-2:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: "10 0 * * 0"
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag
- -n
- "10.232.1.12"
env:
- name: TALOSCONFIG
value: /tmp/.talos/config
defrag-3:
type: cronjob
pod:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: "20 0 * * 0"
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
args:
- etcd
- defrag
- -n
- "10.232.1.13"
env:
- name: TALOSCONFIG
value: /tmp/.talos/config
persistence:
talos-config-1:
enabled: true
type: secret
name: talos-etcd-defrag-secret
advancedMounts:
defrag-1:
main:
- path: /tmp/.talos/config
readOnly: true
mountPropagation: None
subPath: config
talos-config-2:
enabled: true
type: secret
name: talos-etcd-defrag-secret
advancedMounts:
defrag-2:
main:
- path: /tmp/.talos/config
readOnly: true
mountPropagation: None
subPath: config
talos-config-3:
enabled: true
type: secret
name: talos-etcd-defrag-secret
advancedMounts:
defrag-3:
main:
- path: /tmp/.talos/config
readOnly: true
mountPropagation: None
subPath: config
Reference in New Issue View Git Blame Copy Permalink