-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
96 lines (96 loc) · 2.59 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
apiVersion: v1
kind: Secret
metadata:
name: borgbase-ssh
namespace: vaultwarden
annotations:
reflector.v1.k8s.emberstack.com/reflects: default/borgbase-ssh
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: borgmatic
namespace: vaultwarden
spec:
chart:
spec:
chart: borgmatic
version: 0.9.11
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: gabe565
interval: 1h
driftDetection:
mode: enabled
values:
controller:
type: cronjob
cronjob:
schedule: 55 0 * * *
ttlSecondsAfterFinished: 3600
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app.kubernetes.io/name: vaultwarden
podLabels:
policy.gabe565.com/egress-healthchecks: "true"
policy.gabe565.com/egress-namespace: "true"
policy.gabe565.com/egress-world: "true"
env:
TZ: America/Chicago
BORG_PASSPHRASE: ${borg_passphrase}
PGPASSWORD:
secretKeyRef:
name: postgresql-app
key: password
PING_KEY:
secretKeyRef:
name: healthchecks-ping-key
key: key
persistence:
data:
enabled: true
size: 100Mi
storageClass: nfs-client
accessMode: ReadWriteMany
ssh:
enabled: true
type: secret
name: borgbase-ssh
vaultwarden-data:
enabled: true
existingClaim: vaultwarden-data
configMaps:
config:
data:
# language=yaml
config.yaml: |
repositories:
- path: ${borg_repo}
label: borgbase
source_directories:
- /vaultwarden-data
archive_name_format: "vaultwarden-{now:%Y-%m-%d-%H%M%S}"
ssh_command: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
retries: 2
retry_wait: 10
keep_daily: 90
keep_weekly: 24
keep_monthly: 24
keep_yearly: 20
check_last: 3
healthchecks:
ping_url: http://healthchecks.healthchecks:8000/ping/${healthchecks_uuid}
postgresql_databases:
- name: vaultwarden
username: vaultwarden
hostname: postgresql-r
options: --no-owner
format: plain