Update image ghcr.io/open-webui/open-webui to v0.5.1

update secret refs
r2 --> daily, minio back and hourly
2024-12-26 07:06:01 +00:00 · 2024-12-26 00:21:42 -06:00 · 2024-12-25 23:41:45 -06:00 · 2024-12-25 23:06:49 -06:00 · 2024-12-25 21:18:13 -06:00 · 2024-12-25 21:12:16 -06:00
8 changed files with 27 additions and 85 deletions
--- a/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/open-webui/open-webui
-              tag: 0.5.0
+              tag: 0.5.1
            env:
              - name: OLLAMA_BASE_URL
                value: http://10.1.1.61:11434
--- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/externalsecret.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/externalsecret.yaml
@ -17,9 +17,12 @@ spec:
          [global]
          repo1-s3-key={{ .minio_crunchy_postgres_access_key }}
          repo1-s3-key-secret={{ .minio_crunchy_postgres_secret_key }}
          repo2-s3-key={{ .hetzner_PGB_ACCESS_KEY }}
          repo2-s3-key-secret={{ .hetzner_PGB_SECRET_KEY }}
        encryption.conf: |
          [global]
          repo1-cipher-pass={{ .crunchy_postgres_backup_encryption_cipher }}
          repo2-cipher-pass={{ .crunchy_postgres_backup_encryption_cipher }}
  dataFrom:
    - extract:
        key: crunchy-postgres
--- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
@ -157,16 +157,19 @@ spec:
        - secret:
            name: crunchy-postgres-secret
      global: &backupFlag
        archive-timeout: "60"
        compress-type: "bz2"
        compress-level: "9"
-        delta: "y"
+        # Minio
        repo1-retention-full-type: "time"
        repo1-retention-full: "14"
        repo1-retention-diff: "30"
        repo1-path: "/crunchy-pgo"
        repo1-s3-uri-style: path
-        archive-push-queue-max: 4GiB
+        # Hetzner
        repo2-retention-full-type: "time"
        repo2-retention-full: "7"
        repo2-path: "/crunchy-pgo"
        repo2-s3-uri-style: host
      manual:
        repoName: repo1
        options:
@ -184,6 +187,14 @@ spec:
            full: "0 1 * * 0" # Sunday at 01:00
            differential: "0 1 * * 1-6" # Mon-Sat at 01:00
            incremental: "0 2-23 * * *" # Every hour except 01:00
        - name: repo2 # Hetzner Object Storage
          s3: &hetzner
            bucket: "hsn-pgb"
            endpoint: ${CLUSTER_SECRET_HETZNER_PGB_ENDPOINT}
            region: "fsn1"
          schedules:
            full: "0 2 * * 0" # Sunday at 02:00
            differential: "0 2 * * 1-6/2" # Mon,Wed,Fri at 02:00
  dataSource:
    pgbackrest:
--- a/kubernetes/flux/vars/cluster-secrets.sops.yaml
+++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml
@ -6,6 +6,8 @@ metadata:
 stringData:
    CLUSTER_SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:9YWkXR/bWSbo020UOD81Y9FT9TOmOcPUudD/JEj0Src=,iv:FqWULXadlng/odR93Sv8HXy+3NLfMh1jj5BoA3+er90=,tag:PETCCxtVvJU2/Kw/Uupujg==,type:str]
    CLUSTER_SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:JBVLvSlU3nXRI/ZZfrd6ahGjQPHn3AQYqAMa4HcRKX4dQyu7,iv:EtzKsH1UWB4zyXimSngqOnV+gwf8BrfF9TKM1ADgBr4=,tag:V+Ip8AtReDyvnmbH1hSDYA==,type:str]
    CLUSTER_SECRET_HETZNER_PGB_ENDPOINT: ENC[AES256_GCM,data:oRXkKM6VezxAbMLbfkY49OvccA6RZTKmQgHU,iv:8ZW4dQX9QuoVUy9Ul+Zmm9Eyeisk9iai5Qju4VTo7hg=,tag:040JJ3LkvR1kJNOpaIcqFQ==,type:str]
    CLUSTER_SECRET_CLOUDFLARE_R2_ENDPOINT: ENC[AES256_GCM,data:9jZPr6vgbCJvX8f7gkvffoq/1W8luEBFyFg7GswgY89gogpqPeYc9UD9bVcpWAqFh6PgKGe1dhUj,iv:wbMZVXbPil4pUzij9vsla3JXz9eUT5Z8bw/iTmj63og=,tag:jwSJZM5zLuERBI01PJEngA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -21,8 +23,8 @@ sops:
            MzA0aXAwbjUrV0ZMbmVHRUtRanUweE0K/I2EoGJKvfpC9sMNxYBbp41qQnRPYbGB
            ApDo7SVBhXR+jnCmBrNdKbmpFdcGkHTYZ35LtuTuuBeq+bPyBazAQA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-14T17:47:42Z"
+    lastmodified: "2024-12-26T03:05:18Z"
-    mac: ENC[AES256_GCM,data:pdlFLlQTGZ9Wuom0N38C043+6D05WSlE7UIt7BfhYNajwCqucCFhzphTKfGyx73WEJ9ctAmkAv1vQRjyFUDULgwSILH5dVV99a85dAguwaQJn/kqmf/jiznF/wRXek8CE/gQlu23bjM82vTEg5GdrDrFeenWBe9xYCt/UdmVp4A=,iv:fp6e3UCEEeWf3MT34f7Ae+ap4ss3KXD7boTrrBy6kpM=,tag:jtw9PlalhoGcbDhrQzNPXA==,type:str]
+    mac: ENC[AES256_GCM,data:ropOjLfzCzX3uQRLbce4XpnkrdvY3H7ud1UYJ7h37miqdH2Uhk8/4h4cvfQzF4ObYuDnVYNr3hveYUi1i5CD1S93C/n6iJ1gN7MRqF6XBJ2wF01T1z45+ahNpf3qQNDE38DUiabv1fIdZs3fB9n7hYgl2d+l+z5lFUlbYvK2pXg=,iv:+w6BN3FqkSki4LHff/kfzZM5CRYCQfZV+w7cgJ/ASY4=,tag:bipZg6kheREoQoTuh3+41Q==,type:str]
    pgp: []
    encrypted_regex: ^(data|stringData)$
-    version: 3.8.1
+    version: 3.9.2
--- a/kubernetes/templates/volsync/kustomization.yaml
+++ b/kubernetes/templates/volsync/kustomization.yaml
@ -4,4 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./claim.yaml
  - ./minio.yaml
  - ./r2.yaml
--- a/kubernetes/templates/volsync/minio.yaml
+++ b/kubernetes/templates/volsync/minio.yaml
@ -15,11 +15,9 @@ spec:
      data:
        RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
-        AWS_ACCESS_KEY_ID: "{{ .volsync_access_key }}"
+        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
-        AWS_SECRET_ACCESS_KEY: "{{ .volsync_secret_key }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
  dataFrom:
    - extract:
        key: minio
    - extract:
        key: volsync-minio-template
 ---
--- a/kubernetes/templates/volsync/nfs.yaml
+++ b/kubernetes/templates/volsync/nfs.yaml
@ -1,73 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: "${APP}-volsync"
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: "${APP}-volsync-secret"
    template:
      engineVersion: v2
      data:
        RESTIC_REPOSITORY: "/repository/${APP}"
        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
  dataFrom:
    - extract:
        key: volsync-template
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
  name: "${APP}"
 spec:
  sourcePVC: "${APP}"
  trigger:
    schedule: "0 * * * *"
  restic:
    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
    pruneIntervalDays: 7
    repository: "${APP}-volsync-secret"
    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
    storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
    moverSecurityContext:
      runAsUser: ${VOLSYNC_PUID:-568}
      runAsGroup: ${VOLSYNC_PGID:-568}
      fsGroup: ${VOLSYNC_PGID:-568}
    retain:
      hourly: 24
      daily: 14
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationDestination
 metadata:
  name: "${APP}-dst"
 spec:
  trigger:
    manual: restore-once
  restic:
    repository: "${APP}-volsync-secret"
    copyMethod: Snapshot
    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
    storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
    capacity: "${VOLSYNC_CAPACITY}"
    moverSecurityContext:
      runAsUser: ${VOLSYNC_PUID:-568}
      runAsGroup: ${VOLSYNC_PGID:-568}
      fsGroup: ${VOLSYNC_PGID:-568}
    enableFileDeletion: true
    cleanupCachePVC: true
    cleanupTempPVC: true
--- a/kubernetes/templates/volsync/r2.yaml
+++ b/kubernetes/templates/volsync/r2.yaml
@ -31,7 +31,7 @@ metadata:
 spec:
  sourcePVC: "${APP}"
  trigger:
-    schedule: "0 * * * *"
+    schedule: "0 0 * * *"
  restic:
    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
    pruneIntervalDays: 7
Author	SHA1	Message	Date
Renovate Bot	398bed1432	Update image ghcr.io/open-webui/open-webui to v0.5.1	2024-12-26 07:06:01 +00:00
Joseph Hanson	6f450ff0df	update secret refs	2024-12-26 00:21:42 -06:00
Joseph Hanson	66a1fa0289	r2 --> daily, minio back and hourly	2024-12-25 23:41:45 -06:00
Joseph Hanson	6eaf74d7d8	correct path	2024-12-25 23:06:49 -06:00
Joseph Hanson	5dce2a8d43	s3 uri style = host	2024-12-25 21:18:13 -06:00
Joseph Hanson	428d38955f	correct path	2024-12-25 21:12:16 -06:00
Joseph Hanson	0e909ebe35	update endpoints	2024-12-25 21:05:28 -06:00
Joseph Hanson	b7b550a13e	update hetzner endpoint and swap to diffs	2024-12-25 21:02:08 -06:00
Joseph Hanson	e014ee0885	add hetzner remote backup	2024-12-25 19:29:11 -06:00
Joseph Hanson	23b92c2dd1	add hetzner object storage and r2 endpoint	2024-12-25 19:16:03 -06:00