From 5bf7a4313210cc6159a4798b6c41fc865a8c6cf2 Mon Sep 17 00:00:00 2001 From: martinohmann Date: Sun, 17 Nov 2024 19:53:06 +0100 Subject: [PATCH] feat(backrest): manage config as yaml file --- .../default/backrest/app/helmrelease.yaml | 61 +++++++++++++++---- .../default/backrest/app/secret.sops.yaml | 32 +++++++++- 2 files changed, 77 insertions(+), 16 deletions(-) diff --git a/kubernetes/storage/apps/default/backrest/app/helmrelease.yaml b/kubernetes/storage/apps/default/backrest/app/helmrelease.yaml index 34e27d0b..f87fdfcb 100644 --- a/kubernetes/storage/apps/default/backrest/app/helmrelease.yaml +++ b/kubernetes/storage/apps/default/backrest/app/helmrelease.yaml @@ -20,6 +20,14 @@ spec: backrest: annotations: reloader.stakater.com/auto: "true" + initContainers: + init-config: + image: + repository: docker.io/mikefarah/yq + tag: 4.44.5 + command: ["/bin/sh", "-c"] + args: + - yq -o json /config/config.yaml > /app/config/config.json containers: app: image: @@ -86,32 +94,59 @@ spec: persistence: app: existingClaim: *app - globalMounts: - - path: /app + advancedMounts: + backrest: + app: + - path: /app cache: type: emptyDir - globalMounts: - - path: /app/cache + advancedMounts: + backrest: + app: + - path: /app/cache + config: + type: emptyDir + advancedMounts: + backrest: + app: + - path: /app/config + init-config: + type: secret + name: backrest-config + advancedMounts: + backrest: + init-config: + - path: /config/config.yaml + subPath: config.yaml + readOnly: true processlogs: type: emptyDir - globalMounts: - - path: /app/data/processlogs + advancedMounts: + backrest: + app: + - path: /app/data/processlogs storage: type: hostPath hostPath: /io hostPathType: Directory - globalMounts: - - path: /io - readOnly: true + advancedMounts: + backrest: + app: + - path: /io + readOnly: true restic: type: hostPath hostPath: /io/restic hostPathType: Directory - globalMounts: - - path: /io/restic + advancedMounts: + backrest: + app: + - path: /io/restic restore: type: hostPath hostPath: /io/restore hostPathType: Directory - globalMounts: - - path: /io/restore + advancedMounts: + backrest: + app: + - path: /io/restore diff --git a/kubernetes/storage/apps/default/backrest/app/secret.sops.yaml b/kubernetes/storage/apps/default/backrest/app/secret.sops.yaml index a2753ad7..58160937 100644 --- a/kubernetes/storage/apps/default/backrest/app/secret.sops.yaml +++ b/kubernetes/storage/apps/default/backrest/app/secret.sops.yaml @@ -5,7 +5,6 @@ metadata: stringData: RESTIC_PASSWORD: ENC[AES256_GCM,data:VCR6SoFCI+7ng68b5rK0eeIZaARBl6U5HA==,iv:5Lh74FBiQQBocsM1J+EeSKdu4xGbyWvSF4wM8E6FKb0=,tag:I/vob1qZBU0sG0Lqjm9lLQ==,type:str] B2_ACCESS_KEY_ID: ENC[AES256_GCM,data:sCPPiL48DU73tSV5u+O04GABvgpmW61Eswx9c1F7IEaLUg==,iv:JIloL4WpzyIhqgL6Pyq2YAMq+nw/zSotBu5NFEfiyVM=,tag:7+qqgvw5GRi8ZeSzI8Rc/w==,type:str] - B2_BUCKET_ENDPOINT: ENC[AES256_GCM,data:MT4ZUMjwSWc9zBVu88T0sYHdStI7q12DCFMhhw/zqICPzqWh,iv:fhVkGBh14LpHAEM12R54ws4JzXsjCPCEoEtWRA3b3BU=,tag:G2Fh2rhGgFwMz7ELS2Ixag==,type:str] B2_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:PEeGc/J/hzVkghGMHUrxv8le9BnqTt8M8uTMX/sLsyTcyOVJO/0=,iv:XVtxXqIrWn3WTosfXAPo8rM5RxzHubY44wH3JZYvN4s=,tag:VksMWfZXOJDHS3Ky0/Ix3A==,type:str] MINIO_ACCESS_KEY_ID: ENC[AES256_GCM,data:iB/HeV+UJlWusR7nMzg/Wt5aozG0Xm9OlJEWtTQETZCqEWykBg==,iv:aratwzR8tXkfeLtbEUcge3hxmoUOTwxrJJDOfGP5jpQ=,tag:ojE78DR8MvedHdd6tbAvUQ==,type:str] MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:Ex01slq6YqKk7wE5Z/ccpir1V8FPQ6eT6NAx8efQUMj0A6v/0+cGOaU=,iv:UUAlyi83TFmnThLr5FttwhlyfOGNdH4FzyGG0nflZ7s=,tag:d8BmoV6yMJ8F37Ebiyu9Dw==,type:str] @@ -24,8 +23,35 @@ sops: UFhCSExBK2w5K04xMnNtWXhGUjZ1S3cK4txYg7g9D/lMwEJe27w6GjRZ4od97VgB DRRngPR7fiZb+ev1CWEjrIkpPPi7lcT/E9NQldS8RTeOoUQgfXo4Dg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-15T19:57:37Z" - mac: ENC[AES256_GCM,data:vLIbG0FJE6eDAM5mxk8qlXaloOhJvt8FFE8rE3Gl7t2hLvV9EnhsHRSBYi14m/JVMqrsLkIErzR5RXII52GcU4YSMMzuABLhHlEk8JyoU3vyVdbYl5b63JtfEz4ofX4bILZqyvDoZJbqgv1ZpGK2QWTN0mWIOL5s2B6faMsoE44=,iv:lrmz+VYFLKsD1Zzz09nLBKEzCnR0tGyDKBBnCMUf8EU=,tag:K0eWuZvqmFCLcemxYXfIEw==,type:str] + lastmodified: "2024-11-17T19:04:26Z" + mac: ENC[AES256_GCM,data:IZY8MtY9qaj1mCJSzG1akXeNi2sS/fqVBug/oOu12amOdBo9EDatpTRllFrClOMTPQNVD6JxgkKgDrSr5zmNTjB8tLzuk5JZQddCX/Wi/iAfcgz6AUXUrrTxJEDbLlUdMfNVfEZybnZcjueWcBmmuLx04Pn44FxalACm87hu0YM=,iv:HnblfgjW4xeeUGPpZafWPIuGUnACMGrRZ8jyVcULpHk=,tag:LLE+sEdBzeDYz0w6IONETQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: backrest-config +stringData: + config.yaml: ENC[AES256_GCM,data:NGqG1AIaxVodbPH6hUWyY3jG6PFyyR3uwBNNetxk6hrD0YfVVOTaY1THhsPXgFaY2jZafExeblrsJ2dXXt5NOREj6j9ri07D+mP1YTRsdn47WCEOWG6arnQwncuV1AtOycJsqEmO7u8TzOxUTJgHwkqed5SuRrZ0O/bGLfC1LuMUcMqVqY15OtDJvEa9KCiD74/ii+SSItDF38bTlqsfLUbEq7ZlhMiLirxOlSvNxqLLKEeAY2Bs4QAcWN55bG1AZrTUQSgUlrytD75adSkdJCMNoq9w2VJmH21GCZWz0op2J5fCYXKsZnmbo1VSwMA+K2G/OvyXo6hW2pKMGmocaZ+BZvxzMv0KaedC1IEsbd9TJNkGMpxytqcm19WTtx77/dwrvr3FKv0I7q9n39b6Uj9dujz7owkN5QfvAG95UuKD/avnvRc9KkQnyMUo/E72OXKVDLXNUydj1wktxr0qMjoTgJoiCUyd0+lelSj4YZ6THmxiJBuENX0GKFnLhYuqouj62qUbvS1TU4sSK4vc6hxCPoj1APtF2TVyztnAJMJVtekjItr7SXzeF8yJEeMxk9VZVTZesrFwF2rlZ1+g2ib+lg1syzQdvLF8nM5ca0FHe5oazOEwi1BF4Pj7j4BZIjWHwXjDUUvwA27gSF6Qp+XIYHamvqu7kBSUj0OD6ghdePxJr8NNHpUWph9Pmi2bAlqaLu7uYsGhyc6isiTd/S+BAF0CTHVdZmIZxW/uqyvv1C5GP3JAlRwfDaJaVPmCX6JbOlsgLVF07z5d2aXDEZpf8DtGP2leZonjDr1KlAEt6pDLeWuWj4CRAZva7+WEDTxHvMhjR4Up1USdA+JeuLL49HH8riCIrZYwAgUPxI8QKiUnATpEihbIvRROsNu76IzSNiFGKSdb8ESDH4gvVuF0lpDvmN3XhkBZZZrRXfcCJZjTA/RTr8tF1/m9KHWQ0+Zh1kqd8ecJJwKpROX8ERwp0Df+joa3L0138KwuV9tqno7ZJCQSozyMEdXFUEh2bPAyx1sA+2nxPM3v0swD54hKIlYe4XzOLb4wbS3r12+qzX6mYh1ZeDX1nnXUy26Z1mJ2rErM/QMPjfbXmdTXhVZPTX5x5xFIkSLZwW5de1BBL1FgrHyiIqHW0oNAdB8aztFseBj7Wb9DPup60gTShfSWSrbGjyT+Ci9ehJ2OaICl6jdR//e3D3Pc8GbY4yW+cmULi5Qb5HQ+58xLwuqVXwcX2/dNeEjUKGm6dUysaIvl1zKL3zby3ABUmPFJ637RnbFRoOdT28ADhbpt30gT7JojBlgWIOjgV/7/AnUfYRNDUp/rS2qrzMKc7TOM6LWYOL3wUpBvbg9U1tYXgXpeoLTpCwVeUSOaq/34tgfswyOzvJZXRdkJk5AkJdyg7pygwpAYlfgDvUq19NGChODsBiZYNszdYh7l6TpNvUTaaTd2IPk1XC4pSrslCPO8oIqSh/NtO3s6kzL7mk+Ji6B7vhy/1RZF1Q6qUIQF5UsWiFSXT5VGEJyAXhthwzPM0CGgjptJ2P76tDW5zPcjIaXmtzwaQCDQZrrEP278waZh/2lDORXn5GIeFKkekUyGKPmX7dSprOLfka5K7WUeabd1ib+rxOBp6EbTvO/JpnrQxevBKhueCq/bJZ9dyNXTIQEZMGFsjiOSN9fDG/QeOPJgtmMUAsTOQVdd/XNYTYHmB3yIyUUetcRukpy84OXEerlwYEAChYH9rqKioVTd5I7YODfWu1EJ70dFUQu+1935KN6ekSRwUktNBWJDriqpm623KIJ3bA+nqSrlZ26swk9yoZvXkpYuT3utuqcXPD50OiS3jWCHRNgPxb721Qh9gePu94Y8nYlNs+SLI6RDbtwOf6WTOO2EVr4pSB86Q0oIh0dwSGmiUuslcV2/25n2M8PCL8whLn8dj5wlyjxr2yuXvqkvEXdp4oKz3nZaZ71PeF6wA7vWnqdVGErodlKCN+l3+pTN44xPEGvT+CiPQTJgFyt/f0/lvxIciSZ2dTIkgzuEeZq5f9Q+zvZLmnpMzlD98aMWoH4+zKlm4d9ZoDuUO3/+H12AiXQcSeJA08QT0HRUTAq2wxOY4uZHWGMJZg+DL5AyAwsfJ6AsvMi7OxjnnTfqR7RfdMchXnLTxU9TKpTwHgeKOWQgsb3NI4MIPA==,iv:574FL2MvHsP/Fx+d39NCLFcMEMQB7Nv/U4cjgurnB08=,tag:PrHV2G59XdrMJ/vOtBTDGQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1u79ltfzz5k79ddwgv59r76p2532xnaehzz7vggttctudr6gdkvhq33edn6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcnB5RzYwejc1WGl1dStJ + VHpFNFByU1NtWVNIVDdOazFtdCtQZG1HbDFFCjZCNHI1a1ZYV1AyT1diQWRTbjVO + RSt2enZlRVJINkJMclZpMjhZaCttUDQKLS0tIGVtK0VncHB0OTJsdEJwUWRuQjR4 + UFhCSExBK2w5K04xMnNtWXhGUjZ1S3cK4txYg7g9D/lMwEJe27w6GjRZ4od97VgB + DRRngPR7fiZb+ev1CWEjrIkpPPi7lcT/E9NQldS8RTeOoUQgfXo4Dg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T19:04:26Z" + mac: ENC[AES256_GCM,data:IZY8MtY9qaj1mCJSzG1akXeNi2sS/fqVBug/oOu12amOdBo9EDatpTRllFrClOMTPQNVD6JxgkKgDrSr5zmNTjB8tLzuk5JZQddCX/Wi/iAfcgz6AUXUrrTxJEDbLlUdMfNVfEZybnZcjueWcBmmuLx04Pn44FxalACm87hu0YM=,iv:HnblfgjW4xeeUGPpZafWPIuGUnACMGrRZ8jyVcULpHk=,tag:LLE+sEdBzeDYz0w6IONETQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1