fixup! ♻️ migration externalsecrets

2025-10-03 09:09:01 +02:00 · 2023-07-13 18:33:28 +02:00
parent 4021dac4df
commit eacff455da
125 changed files with 1061 additions and 1474 deletions
--- a/kubernetes/apps/default/truenas/app/minio-rclone/helmrelease.yaml
+++ b/kubernetes/apps/default/truenas/app/minio-rclone/helmrelease.yaml
@@ -0,0 +1,58 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: truenas-minio-rclone
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      type: cronjob
+      cronjob:
+        concurrencyPolicy: Forbid
+        schedule: "15 0 * * *"
+    restartPolicy: OnFailure
+    image:
+      repository: ghcr.io/auricom/rclone
+      tag: 1.62.2@sha256:8d3ae01ed5295974be1b229f7398ce93a03c77a3fdaf301ea35bf929bb19389a
+    command: ["/bin/bash", "/app/minio-rclone.sh"]
+    service:
+      main:
+        enabled: false
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: truenas-minio-rclone-configmap
+        subPath: minio-rclone.sh
+        mountPath: /app/minio-rclone.sh
+        defaultMode: 0775
+        readOnly: true
+      age:
+        enabled: true
+        type: secret
+        name: truenas-secret
+        subPath: SOPS_AGE_KEY
+        mountPath: /app/age_key
+        readOnly: true
--- a/kubernetes/apps/default/truenas/app/minio-rclone/kustomization.yaml
+++ b/kubernetes/apps/default/truenas/app/minio-rclone/kustomization.yaml
@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: truenas-minio-rclone-configmap
+    files:
+      - ./minio-rclone.sh
+generatorOptions:
+  disableNameSuffixHash: true
+  annotations:
+    kustomize.toolkit.fluxcd.io/substitute: disabled
--- a/kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh
+++ b/kubernetes/apps/default/truenas/app/minio-rclone/minio-rclone.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -o nounset
+set -o errexit
+
+
+
+echo "Download rclone config file ..."
+curl -fsSL \
+    --output "/tmp/rclone.conf.age" \
+    "https://raw.githubusercontent.com/auricom/dotfiles/main/private_dot_config/rclone/encrypted_private_rclone.conf.age"
+
+echo "Decrypt rclone config file ..."
+age --decrypt \
+    -i /app/age_key \
+    /tmp/rclone.conf.age > /tmp/rclone.conf
+
+
+echo "Sync minio buckets with encrypted remote gdrive-homelab-backups ..."
+rclone --config /tmp/rclone.conf sync minio: gdrive-homelab-backups: