294 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			294 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| etcd-backup:
 | |
|   controllers:
 | |
|     main:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "0 2 * * *"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talos-backup
 | |
|             tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /talos-backup
 | |
|           workingDir: /tmp
 | |
|           securityContext:
 | |
|             runAsUser: 1000
 | |
|             runAsGroup: 1000
 | |
|             allowPrivilegeEscalation: false
 | |
|             runAsNonRoot: true
 | |
|             capabilities:
 | |
|               drop:
 | |
|                 - ALL
 | |
|             seccompProfile:
 | |
|               type: RuntimeDefault
 | |
|           env:
 | |
|             - name: AWS_ACCESS_KEY_ID
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AWS_ACCESS_KEY_ID
 | |
|             - name: AWS_SECRET_ACCESS_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AWS_SECRET_ACCESS_KEY
 | |
|             - name: AWS_REGION
 | |
|               value: nyc3
 | |
|             - name: CUSTOM_S3_ENDPOINT
 | |
|               value: https://nyc3.digitaloceanspaces.com
 | |
|             - name: BUCKET
 | |
|               value: talos-backups-bee8585f7b8a4d0239c9b823
 | |
|             - name: S3_PREFIX
 | |
|               value: "cl01tl/etcd"
 | |
|             - name: CLUSTER_NAME
 | |
|               value: "cl01tl"
 | |
|             - name: AGE_X25519_PUBLIC_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AGE_X25519_PUBLIC_KEY
 | |
|             - name: USE_PATH_STYLE
 | |
|               value: "false"
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|         s3-prune:
 | |
|           image:
 | |
|             repository: d3fk/s3cmd
 | |
|             tag: latest@sha256:53e70e305f80969621cb31f295a0f0b221bbec791ce418ef2bd025354978d953
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /bin/sh
 | |
|           args:
 | |
|             - -ec
 | |
|             - |
 | |
|               export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ);
 | |
|               export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age"
 | |
|               echo ">> Running S3 prune for Talos backup repository"
 | |
|               echo ">> Backups prior to '$DATE_RANGE' will be removed"
 | |
|               echo ">> Backups to be removed:"
 | |
|               s3cmd ls ${BUCKET}/cl01tl/etcd/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
 | |
|               echo ">> Deleting ..."
 | |
|               s3cmd ls ${BUCKET}/cl01tl/etcd/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
 | |
|                 while read file; do
 | |
|                   s3cmd del "$file";
 | |
|                 done;
 | |
|               echo ">> Completed S3 prune for Talos backup repository"
 | |
|           env:
 | |
|             - name: BUCKET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: BUCKET
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|   persistence:
 | |
|     tmp:
 | |
|       type: emptyDir
 | |
|       medium: Memory
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /tmp
 | |
|               readOnly: false
 | |
|     talos:
 | |
|       type: emptyDir
 | |
|       medium: Memory
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /.talos
 | |
|               readOnly: false
 | |
|     secret:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-backup-secrets
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /var/run/secrets/talos.dev
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|     s3cmd-config:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-backup-secret
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           s3-prune:
 | |
|             - path: /root/.s3cfg
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: .s3cfg
 | |
| etcd-defrag:
 | |
|   global:
 | |
|     fullnameOverride: etcd-defrag
 | |
|   controllers:
 | |
|     defrag-1:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "0 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.2
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.11"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     defrag-2:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "10 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.2
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.12"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     defrag-3:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "20 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.2
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.13"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|   persistence:
 | |
|     talos-config-1:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-1:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 | |
|     talos-config-2:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-2:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 | |
|     talos-config-3:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-3:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 |