Compare commits
10 commits
b5ba05d9b0
...
398bed1432
| Author | SHA1 | Date | |
|---|---|---|---|
| 398bed1432 | |||
| 6f450ff0df | |||
| 66a1fa0289 | |||
| 6eaf74d7d8 | |||
| 5dce2a8d43 | |||
| 428d38955f | |||
| 0e909ebe35 | |||
| b7b550a13e | |||
| e014ee0885 | |||
| 23b92c2dd1 |
8 changed files with 27 additions and 85 deletions
|
|
@ -31,7 +31,7 @@ spec:
|
|||
app:
|
||||
image:
|
||||
repository: ghcr.io/open-webui/open-webui
|
||||
tag: v0.4.8
|
||||
tag: 0.5.1
|
||||
env:
|
||||
- name: OLLAMA_BASE_URL
|
||||
value: http://10.1.1.61:11434
|
||||
|
|
|
|||
|
|
@ -17,9 +17,12 @@ spec:
|
|||
[global]
|
||||
repo1-s3-key={{ .minio_crunchy_postgres_access_key }}
|
||||
repo1-s3-key-secret={{ .minio_crunchy_postgres_secret_key }}
|
||||
repo2-s3-key={{ .hetzner_PGB_ACCESS_KEY }}
|
||||
repo2-s3-key-secret={{ .hetzner_PGB_SECRET_KEY }}
|
||||
encryption.conf: |
|
||||
[global]
|
||||
repo1-cipher-pass={{ .crunchy_postgres_backup_encryption_cipher }}
|
||||
repo2-cipher-pass={{ .crunchy_postgres_backup_encryption_cipher }}
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: crunchy-postgres
|
||||
|
|
|
|||
|
|
@ -157,16 +157,19 @@ spec:
|
|||
- secret:
|
||||
name: crunchy-postgres-secret
|
||||
global: &backupFlag
|
||||
archive-timeout: "60"
|
||||
compress-type: "bz2"
|
||||
compress-level: "9"
|
||||
delta: "y"
|
||||
# Minio
|
||||
repo1-retention-full-type: "time"
|
||||
repo1-retention-full: "14"
|
||||
repo1-retention-diff: "30"
|
||||
repo1-path: "/crunchy-pgo"
|
||||
repo1-s3-uri-style: path
|
||||
archive-push-queue-max: 4GiB
|
||||
# Hetzner
|
||||
repo2-retention-full-type: "time"
|
||||
repo2-retention-full: "7"
|
||||
repo2-path: "/crunchy-pgo"
|
||||
repo2-s3-uri-style: host
|
||||
manual:
|
||||
repoName: repo1
|
||||
options:
|
||||
|
|
@ -184,6 +187,14 @@ spec:
|
|||
full: "0 1 * * 0" # Sunday at 01:00
|
||||
differential: "0 1 * * 1-6" # Mon-Sat at 01:00
|
||||
incremental: "0 2-23 * * *" # Every hour except 01:00
|
||||
- name: repo2 # Hetzner Object Storage
|
||||
s3: &hetzner
|
||||
bucket: "hsn-pgb"
|
||||
endpoint: ${CLUSTER_SECRET_HETZNER_PGB_ENDPOINT}
|
||||
region: "fsn1"
|
||||
schedules:
|
||||
full: "0 2 * * 0" # Sunday at 02:00
|
||||
differential: "0 2 * * 1-6/2" # Mon,Wed,Fri at 02:00
|
||||
|
||||
dataSource:
|
||||
pgbackrest:
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ metadata:
|
|||
stringData:
|
||||
CLUSTER_SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:9YWkXR/bWSbo020UOD81Y9FT9TOmOcPUudD/JEj0Src=,iv:FqWULXadlng/odR93Sv8HXy+3NLfMh1jj5BoA3+er90=,tag:PETCCxtVvJU2/Kw/Uupujg==,type:str]
|
||||
CLUSTER_SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:JBVLvSlU3nXRI/ZZfrd6ahGjQPHn3AQYqAMa4HcRKX4dQyu7,iv:EtzKsH1UWB4zyXimSngqOnV+gwf8BrfF9TKM1ADgBr4=,tag:V+Ip8AtReDyvnmbH1hSDYA==,type:str]
|
||||
CLUSTER_SECRET_HETZNER_PGB_ENDPOINT: ENC[AES256_GCM,data:oRXkKM6VezxAbMLbfkY49OvccA6RZTKmQgHU,iv:8ZW4dQX9QuoVUy9Ul+Zmm9Eyeisk9iai5Qju4VTo7hg=,tag:040JJ3LkvR1kJNOpaIcqFQ==,type:str]
|
||||
CLUSTER_SECRET_CLOUDFLARE_R2_ENDPOINT: ENC[AES256_GCM,data:9jZPr6vgbCJvX8f7gkvffoq/1W8luEBFyFg7GswgY89gogpqPeYc9UD9bVcpWAqFh6PgKGe1dhUj,iv:wbMZVXbPil4pUzij9vsla3JXz9eUT5Z8bw/iTmj63og=,tag:jwSJZM5zLuERBI01PJEngA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -21,8 +23,8 @@ sops:
|
|||
MzA0aXAwbjUrV0ZMbmVHRUtRanUweE0K/I2EoGJKvfpC9sMNxYBbp41qQnRPYbGB
|
||||
ApDo7SVBhXR+jnCmBrNdKbmpFdcGkHTYZ35LtuTuuBeq+bPyBazAQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-14T17:47:42Z"
|
||||
mac: ENC[AES256_GCM,data:pdlFLlQTGZ9Wuom0N38C043+6D05WSlE7UIt7BfhYNajwCqucCFhzphTKfGyx73WEJ9ctAmkAv1vQRjyFUDULgwSILH5dVV99a85dAguwaQJn/kqmf/jiznF/wRXek8CE/gQlu23bjM82vTEg5GdrDrFeenWBe9xYCt/UdmVp4A=,iv:fp6e3UCEEeWf3MT34f7Ae+ap4ss3KXD7boTrrBy6kpM=,tag:jtw9PlalhoGcbDhrQzNPXA==,type:str]
|
||||
lastmodified: "2024-12-26T03:05:18Z"
|
||||
mac: ENC[AES256_GCM,data:ropOjLfzCzX3uQRLbce4XpnkrdvY3H7ud1UYJ7h37miqdH2Uhk8/4h4cvfQzF4ObYuDnVYNr3hveYUi1i5CD1S93C/n6iJ1gN7MRqF6XBJ2wF01T1z45+ahNpf3qQNDE38DUiabv1fIdZs3fB9n7hYgl2d+l+z5lFUlbYvK2pXg=,iv:+w6BN3FqkSki4LHff/kfzZM5CRYCQfZV+w7cgJ/ASY4=,tag:bipZg6kheREoQoTuh3+41Q==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
||||
version: 3.9.2
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ./claim.yaml
|
||||
- ./minio.yaml
|
||||
- ./r2.yaml
|
||||
|
|
|
|||
|
|
@ -15,11 +15,9 @@ spec:
|
|||
data:
|
||||
RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
|
||||
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
|
||||
AWS_ACCESS_KEY_ID: "{{ .volsync_access_key }}"
|
||||
AWS_SECRET_ACCESS_KEY: "{{ .volsync_secret_key }}"
|
||||
AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
|
||||
AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: minio
|
||||
- extract:
|
||||
key: volsync-minio-template
|
||||
---
|
||||
|
|
|
|||
|
|
@ -1,73 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: "${APP}-volsync"
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: "${APP}-volsync-secret"
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "/repository/${APP}"
|
||||
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: volsync-template
|
||||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: "${APP}"
|
||||
spec:
|
||||
sourcePVC: "${APP}"
|
||||
trigger:
|
||||
schedule: "0 * * * *"
|
||||
restic:
|
||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
||||
pruneIntervalDays: 7
|
||||
repository: "${APP}-volsync-secret"
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
moverSecurityContext:
|
||||
runAsUser: ${VOLSYNC_PUID:-568}
|
||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||
fsGroup: ${VOLSYNC_PGID:-568}
|
||||
retain:
|
||||
hourly: 24
|
||||
daily: 14
|
||||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationDestination
|
||||
metadata:
|
||||
name: "${APP}-dst"
|
||||
spec:
|
||||
trigger:
|
||||
manual: restore-once
|
||||
restic:
|
||||
repository: "${APP}-volsync-secret"
|
||||
copyMethod: Snapshot
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
capacity: "${VOLSYNC_CAPACITY}"
|
||||
moverSecurityContext:
|
||||
runAsUser: ${VOLSYNC_PUID:-568}
|
||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||
fsGroup: ${VOLSYNC_PGID:-568}
|
||||
enableFileDeletion: true
|
||||
cleanupCachePVC: true
|
||||
cleanupTempPVC: true
|
||||
|
|
@ -31,7 +31,7 @@ metadata:
|
|||
spec:
|
||||
sourcePVC: "${APP}"
|
||||
trigger:
|
||||
schedule: "0 * * * *"
|
||||
schedule: "0 0 * * *"
|
||||
restic:
|
||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
||||
pruneIntervalDays: 7
|
||||
|
|
|
|||
Reference in a new issue