shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixup! ♻️ migration externalsecrets

Browse Source
This commit is contained in:
auricom
2023-07-09 09:17:34 +02:00
parent c00e101eec
commit 357fb88067
167 changed files with 1329 additions and 2706 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kubernetes/apps/default/gitea/app/backups/kustomization.yaml
View File

@@ -1,8 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./external-backup.yaml
- ./replicationsource.yaml
- ./restic.sops.yaml

25
kubernetes/apps/default/gitea/app/backups/replicationsource.yaml
View File

@@ -1,25 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: gitea
namespace: default
spec:
sourcePVC: gitea-config
trigger:
schedule: "0 0 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 10
repository: gitea-restic
cacheCapacity: 2Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
retain:
daily: 10
within: 3d

35
kubernetes/apps/default/gitea/app/backups/restic.sops.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-restic
namespace: default
type: Opaque
stringData:
#ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
RESTIC_REPOSITORY: ENC[AES256_GCM,data:Y1Kpc918cOrFj1lv9aCUyoJPwYXhpQlirTzDPIiznbbVHfoOWhUdsDWDzv8Dvs7dSFbNiFdYag==,iv:CvQ3u6gmkP9wpUs0pbmG3UK5/jzJvDyjxSB/kRZrOyU=,tag:dhqdXpyGYDqnSxG6OQ0Z9A==,type:str]
#ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
#ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
#ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-28T07:48:12Z"
mac: ENC[AES256_GCM,data:yQjxYGqOHqB6OvdHADZpLNpblivcBaNhwmzTZvBQ8j0eb3jk/FXjhYzaomIReq49RmsdQTbqSWNLZkx7Ze6M9E64YOBYFGA5CBucvTn+/0WG4XdrXz0W11BDGtEfU4FlAmHbLZHA11Qw/NcjR4aqP4U8OdNcDye5amGmnLg4U8A=,iv:bZRsW+I3G1uVmBBCrRjVeRAoQgqjehhiF0NJ+ej20ac=,tag:r1rt+3qtL+BIoh/XUacWqw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

4
kubernetes/apps/default/gitea/app/backups/external-backup.yaml → kubernetes/apps/default/gitea/app/externalbackup.yaml
View File

@@ -79,9 +79,9 @@ spec:
volumeMounts:
- name: secret
mountPath: /opt/id_rsa
subPath: deployment_rsa_priv_key
subPath: GITEA_DEPLOYMENT_PRIVATE_KEY
volumes:
- name: secret
secret:
secretName: gitea-config
secretName: gitea-secret
restartPolicy: Never

36
kubernetes/apps/default/gitea/app/externalsecret.yaml Normal file
View File

@@ -0,0 +1,36 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: gitea-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
# App
GITEA_ADMIN_EMAIL: "{{ .GITEA_ADMIN_EMAIL }}"
GITEA_ADMIN_PASSWORD: "{{ .GITEA_ADMIN_PASSWORD }}"
GITEA_AWS_S3_ACCESS_KEY: "{{ .GITEA_AWS_S3_ACCESS_KEY }}"
GITEA_AWS_S3_SECRET_KEY: "{{ .GITEA_AWS_S3_SECRET_KEY }}"
GITEA_DEPLOYMENT_PRIVATE_KEY: "{{ .GITEA_DEPLOYMENT_PRIVATE_KEY }}"
POSTGRES_USERNAME: &dbUser "{{ .POSTGRES_USERNAME }}"
POSTGRES_PASSWORD: &dbPass "{{ .POSTGRES_PASSWORD }}"
# Postgres Init
INIT_POSTGRES_DBNAME: gitea
INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
INIT_POSTGRES_USER: *dbUser
INIT_POSTGRES_PASS: *dbPass
INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
dataFrom:
- extract:
key: cloudnative-pg
- extract:
key: gitea

68
kubernetes/apps/default/gitea/app/helmrelease.yaml
View File

@@ -6,7 +6,7 @@ metadata:
name: gitea
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: gitea
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: gitea
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -44,7 +44,7 @@ spec:
RUN_AT_START: true
database:
DB_TYPE: postgres
HOST: ${POSTGRES_HOST}:${POSTGRES_PORT}
HOST: postgres-rw.default.svc.cluster.local:5432
NAME: gitea
SCHEMA: public
SSL_MODE: disable
@@ -101,8 +101,6 @@ spec:
enabled: true
serviceMonitor:
enabled: true
podAnnotations:
secret.reloader.stakater.com/reload: gitea-config
postgresql:
enabled: false
memcached:
@@ -138,36 +136,36 @@ spec:
valuesFrom:
- targetPath: gitea.admin.email
kind: Secret
name: gitea-config
valuesKey: adminEmail
name: gitea-secret
valuesKey: GITEA_ADMIN_EMAIL
- targetPath: gitea.admin.password
kind: Secret
name: gitea-config
valuesKey: adminPassword
name: gitea-secret
valuesKey: GITEA_ADMIN_PASSWORD
- targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID
kind: Secret
name: gitea-config
valuesKey: minioAccessKeyId
name: gitea-secret
valuesKey: GITEA_AWS_S3_ACCESS_KEY
- targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY
kind: Secret
name: gitea-config
valuesKey: minioSecretAccessKey
name: gitea-secret
valuesKey: GITEA_AWS_S3_SECRET_KEY
- targetPath: gitea.config.database.PASSWD
kind: Secret
name: gitea-config
valuesKey: dbPassword
name: gitea-secret
valuesKey: POSTGRES_PASSWORD
- targetPath: gitea.config.database.USER
kind: Secret
name: gitea-config
valuesKey: dbUser
name: gitea-secret
valuesKey: POSTGRES_USERNAME
- targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID
kind: Secret
name: gitea-config
valuesKey: minioAccessKeyId
name: gitea-secret
valuesKey: GITEA_AWS_S3_ACCESS_KEY
- targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY
kind: Secret
name: gitea-config
valuesKey: minioSecretAccessKey
name: gitea-secret
valuesKey: GITEA_AWS_S3_SECRET_KEY
postRenderers:
- kustomize:
patchesStrategicMerge:
@@ -179,25 +177,9 @@ spec:
template:
spec:
initContainers:
- name: init-db
image: ghcr.io/onedr0p/postgres-initdb:14.8
env:
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_DB
value: gitea
- name: POSTGRES_SUPER_PASS
valueFrom:
secretKeyRef:
name: postgres-superuser
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: gitea-config
key: dbUser
- name: POSTGRES_PASS
valueFrom:
secretKeyRef:
name: gitea-config
key: dbPassword
- name: 01-init-db
image: ghcr.io/onedr0p/postgres-init:14.8
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: gitea-secret

5
kubernetes/apps/default/gitea/app/kustomization.yaml
View File

@@ -4,7 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./backups
- ./externalbackup.yaml
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./secret.sops.yaml
- ./volsync.yaml
- ./volume.yaml

34
kubernetes/apps/default/gitea/app/secret.sops.yaml
View File

@@ -1,34 +0,0 @@
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: gitea-config
namespace: default
stringData:
adminEmail: ENC[AES256_GCM,data:KUhhtTXAU/lcKVsuy3tF+QjgRk8m,iv:goqGhOEkpbnYa6uELXYfdQjCdKPOW2KGAjb4cfdHrn0=,tag:SFENNvmSkEfcAgat/BHksg==,type:str]
adminPassword: ENC[AES256_GCM,data:SMR6vlFSysGv7iG+zjk=,iv:PtceAzAWR1nc8nACAYSOe+19evR9+orQa9DRzbcXU4U=,tag:Rq+3Ua0XhOzsnFw6/OdY4A==,type:str]
dbUser: ENC[AES256_GCM,data:4Mb4+JI=,iv:qTzsuXkJGFEtKjoKcAWD2VoBCD4GIH9UsBSWUknez8c=,tag:p5Q0R1DdJuZmpPiBYZxV0A==,type:str]
dbPassword: ENC[AES256_GCM,data:h/qQ43+3E9DfSlY6eww=,iv:ppvnc3A4binyLwnNuEPzmQCyc11RUSZ9cSw0cRYjLdI=,tag:iBXRYFPBCn4AdkdoRZK4eg==,type:str]
minioAccessKeyId: ENC[AES256_GCM,data:Gh41eINrkyjgEpTO5O+5lPWNPd8=,iv:XFH3RvyJwUEtszqtKVjLtMxTamPHPx4Aqi0PqsUmDCQ=,tag:abNj9gjgSlPJFsS9DBs+gw==,type:str]
minioSecretAccessKey: ENC[AES256_GCM,data:ZiCMwvRnVavI62F7+OIDoYEOSvM9Jfh1eqJGbJjOR+GiC2YXw7T4+A==,iv:bbCaIOXhwrCFqiu8AQ1qyWzE+yuTotCjJgaK14qC1Qs=,tag:ZESnmDhsgqffe1rdKoVStQ==,type:str]
deployment_rsa_priv_key: ENC[AES256_GCM,data:3Olhz6VZ6oI18hwCUDIHNLUEMM7PnGIcDDTCtX7sb6+yOmmW8cyKfZo2Ks6c4pEXJjWQ0JpvIYd/JMP53Noyb62H2+JAlcnIYgivJYpKmZ2fFD5i9Nyg+a91w6xkwwfBHEO6BBGAM4j3wARfFqLo4xqQFgf0/2DEUMVwHgXP6JGuqik+fOTHFRP66fQ16m+p+3iig1cvMvkjN7y/KmuBgT8w3VBJ6xukb/rC3mx+h5KIhoMfi+aBXi/SI7hUvnDPmaJs2Q/QlpcudQQHEYC51df0uGEeJaM/136+BON6B8fi2xUw1y/zYPJFabZg3b5Y7KRxKrDUJyOclaXEi8ZI+1Wz64KJ3Zhb7bITNLX7iIMuE2bQZq574xJre5HH/aI6/VAwLIKOFAV/l+WadfEh+1mbmoGRhjC3Ylin01mC9/z+8dxnG5sX+DvGzG7EiwoApIHpEZ4n7DZThi9xR1RSfYCqG5K9D3q+RpsnVoi6busJbevJ9U7fb0Yq7iiZfv+iiZc8HmEWyAy6r967oUGNss8VF/ahucP4uAE6nzTVadOSLc/UyS/jeil593SSn62h2hDYPuDxP/M3odiI40m0kCMuLNdIxFDl8xXNtSNy5nUmdlP/Ez9ach5Zigw+gJaeK/CVhr2e6TFkzfcYri7ryOVVNmoFw6hr66TXGjiwHATj6Ucpm0OLS1C2GP/G5FGqpdbYMTxe6JCOQggnBXLe3v5Dtr2Qrp49yA8UxLG5Ksxxd19Q1uaudWbc4S/Lg6gfey7IkuaMQ6zGIAE8vMNnKHdx0XBqKwBpwajCsFXDCrTnAs6YyST1KXHm/YmRep5KcMMuUk3UhE6TwAYTNK9SHSwXHOxaRETrVnf1XEzg7GATomW7U3Gp4v4OAnZy2T/7NJ1EfhQiMjw4J3RKN7bswITmfhLamXwDk6tiVGv9pQdsAEtr0+A5kKXV2kNXGfZ5U1Uv0wdcAhXxYnc0TaFmQ2J95Kljl/O+SYFxv3UyvQs4O1JQdeXVIrqpRzGtMRQHaPpaT0FMlk5ntShRQhGYZEoHknKw0cniajNpfCC6pqNEGbcL6PhROx9X2AK59YveX4g2z2jEhfrzb/eRow2Ha5gubmMGnwiV07wwzEe5VQCwDQgdcAc8l2bbkpgcws8RCg342towNRwjq81fqWX+hWsufXxIip9PX+AQsAcBpbdfcAEbcxLQLhkxCqA23+k+Ih8Yt/4qqKCT7QMyiJgRmigaXW5J61lVSuRjU2gQfGOqjtqQc23K6bUzrzgGiymWJEMMwKOJuxJiKk7uTs2xowmiSgFsfFdsiD+3UzOX5Fh6Y0OV858oXpzx/vD8J9RwrLnsV36xfeXPX1yh8UoCc0ZeVyvvWvXIa942RSDXtvgt86Y4kT/uTIEKrikReCD1K+1BdE8bwaMHakrKYrRwbauQM3S2SV17/XC6t8A1f4vu8/vV5Ir1oge2tFI/pJU6AqF/k7Lit1JTWXf1qiXxAxFEJJDzuwABWLQKvw1QUBHQiR/Kq5myDN589qSU5/C2zh1zq8k7BE54NR1ZyCAnIkmbZNMEMBNMArr44DbTgm5tiGhCh+OgJD/5DUGi1+E6a4IqoMzgvh3ToHAKveSz3mRQwhXx7RJH4WFkcGBVUaQohg2YlqIQilb1NFHwG5UFnoXlVPY0VpIhyoFCfvg2X/L1UmfpU7V9OpKHOcMFQ0A7YIGXgp/nGVZZchuOcuiwkF5z/GTI14RZOiBFh5P2LR3pa56j4P4PrhWV5mGgAkdfDvh0DY0yWRTzjo0piZPBCnLf/hUn8rpT9T8xIqz0EDoH3pHRR/VKgGxFOcgRecSD+fTnYFGUEi4akcBT5Lgm11/c3VNbO3/nZq6dlTxbjT8/VGOps/tPWPHUUbf/8U1NTD46zjbRGWEjod7Pwnz1hFxU3ql0KBDBhS/J+0kSmz98CPmeS8uW0OCKPFvIoPYJhr9CsxJNVEiW2+pd/WabvlIeOXtmQKjjwvmQaW77FTkKVP8Y0+9qH8Ln4M9h4QrP69YHGBtt3oIej5MUDCoZ+ut1L7ikEHbuOEb1c1a2z0PdzooudgT+NMhcBlGCpoUiC9ZcspOJn+nU6IBkJ2Sjyfl/BrMTBmJ+rs3suoEY3NvA4gWRU9xevNKpjqNRtxiYLll1JZl43lJL5RkG4bXb5JK4nSwJfADu6aIhWL2IjpFYd93A4lg19jf3nVpcazxFXcYY7UpYDhOb7fbWYmI6xV+AX52SwTKRM9fLK7j0EWx/fo0SfdZUNl4T/dtPsqe8Te/ZzkQlHA8tbC5kQeEJxGw72lvjMHNq4Fv0hVZ7r4gEFZhiPlciYG9cOwG1A2GifGthy+1fsCnKxNBx/5Cf+1OOz8AY7ZL9ECSPOrK3zlpXC6P6HhxokvTe5qY9eIR0ztYg1vgxz+XrqzOU7drfUdDigt+uqRZwvfC5AoNF2e5bFO+y83fdeVisZI0qtsOElhBYS6EIHmh1LRNhRfD3tpRyFinNlVVbOy/33A7yEUv+ieO9hL5VOvkJEvEdmeTtcCevniESu2tQEANFUiI6NpoxNycmJaCeejiZ5LvrC+BQjylqPIqAhgHdfWDIcmKjRQuolkOQ2PbzRrGCCcV3sbDaCbH769hGrdBV06bN3gNZNvnAo6kafEw62RGRaGjxJ/O8zHRALVwDECLtE3yW9ghjgPdw2zGItza0qlG2Hr+nzER9aMLWI4dzqnMNFTtiqJDLkL2Qo33h8qtGTtIEuP8jjTbGqMbs8xFzsqPkeSROW34kLAzJold7JAoRLevFGAshk0kGv4C+sXexBwNuTn4JduUdB6niVxzKkhQM3OcKNuFQ0tZNQY8fxbg0h2YhONG3spfQ8UC2bT2lSJfWec26fP8W2VzjjVLeNxpODco0eHre3i/6BRSEn8q2i+n15zKtiDlcEw8R7phnjB3I+JCZAvwy33mI0qJ/5fKIzRKtYtzPWRDcoOazdtfByBZrXjVUpSIm0e4Dxl1AIyKj5ec5DC2Czv1p+uUYMA5lhw1alXOSrlzJnRnsnohtdXIgH+xEf19V6zYf6IQBsB+4Kz1hQYo1IVwKj6qkXReNy9tQ5OrBFMzDLrbCd50gaMyT+86R8EsSZ2nW5anIaMxvSERdmED7QZkizeyUHLyLFPduv20OYQbaUxQ0oRWxpCY9OOq/vxOwLLqoRU+ohc7wnLCjsUmjQA5V5zlBYok8TMv971WM2rqmOfa7F5uOxiQ5RJ4GLCMryBl0UuLpNmN2JTdq3RjzduiQP/osJspJP0evz9ln9b0sdf6KqSnCnTiu2NUMZHhj7oGpFjBZpG7KWROVcjUiS0OVmKWjbYHJE5DNXAK9zcHodPxrAYVxUG+lDhVJ+4GmNY5o+KO5yCOswD93HrTX+KkwaLG9vhdKM3IrC6ttynCzvl1CME5A9HL+VszsJQoXWnZYNl36pD7p1k8AMqINeAN+KahalogAoMXk,iv:CYw3LLwOeyEu3/BK/SjdjneQvXPk2mHMPiFm2T4sXHQ=,tag:Et4HAytIgiVg4n8+D5anfw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd2h2N2RELzkvODM0WE1p
c1M3bEQxdDZkZ3Zlcm9uKzFWYklLWWpUYXhvCkN1bXU3YmNrY255RmkwSXFDWmt1
dHExaGZRODhKdm1NR2xYV29CeE5vbk0KLS0tIHpBUGVaNUhKaE5UOU1hM3c0akxX
ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8
LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-16T22:14:19Z"
mac: ENC[AES256_GCM,data:IbNuB2a6Pm2NTA6OS45kmYIdqZZIG1iJewt6n0rWLdYrbaGNGKt1ig0oTu/ubJSHNb/OgoN+fKEj/JQ+kJhwUiTEQhH+IUwPtUZeb0C0/QqatqCXoQk4qBOTuwea4gLLMHqoIwP0fETLiaVphNK7llPaI7aW0Li0W9yAdhu3VCs=,iv:utxR9+tJ8elgdvOQg5eoClb/4DDJyzvz2eWuCDNU3V0=,tag:Y8qEcwVwW2FoUOXZRQHEgA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

49
kubernetes/apps/default/gitea/app/volsync.yaml Normal file
View File

@@ -0,0 +1,49 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: gitea-restic-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/gitea'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: gitea
namespace: default
spec:
sourcePVC: gitea-config
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: gitea-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
retain:
daily: 7
within: 3d

2
kubernetes/apps/default/gitea/ks.yaml
View File

@@ -15,7 +15,7 @@ spec:
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-cloudnative-pg-cluster
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
healthChecks:
- apiVersion: batch/v1