From f42c2e79150adc47758f7ae9a6e04bb710fb9732 Mon Sep 17 00:00:00 2001 From: Vladimir Romashchenko Date: Sat, 1 Feb 2025 00:41:42 -0500 Subject: [PATCH] feat(binner): Deploy binner.io --- k8s/apps/accounting/binner.k8s.yaml | 14 + .../binner/config-template.k8s.yaml | 261 ++++++++++++++++++ .../accounting/binner/deployment.k8s.yaml | 45 +++ k8s/apps/accounting/binner/ingress.k8s.yaml | 40 +++ k8s/apps/accounting/binner/kustomization.yaml | 10 + k8s/apps/accounting/binner/namespace.k8s.yaml | 4 + k8s/apps/accounting/binner/postgres.k8s.yaml | 98 +++++++ k8s/apps/accounting/binner/pvc.k8s.yaml | 13 + .../accounting/binner/secretstore.k8s.yaml | 50 ++++ k8s/apps/accounting/kustomization.yaml | 1 + .../local-backup-s3/kustomization.yaml | 2 + .../local-backup-s3/minio-init.k8s.yaml | 31 +-- .../pgbackrest-binner-creds.sops.yaml | 43 +++ ...pgbackrest-binner-s3conf-template.k8s.yaml | 32 +++ 14 files changed, 618 insertions(+), 26 deletions(-) create mode 100644 k8s/apps/accounting/binner.k8s.yaml create mode 100644 k8s/apps/accounting/binner/config-template.k8s.yaml create mode 100644 k8s/apps/accounting/binner/deployment.k8s.yaml create mode 100644 k8s/apps/accounting/binner/ingress.k8s.yaml create mode 100644 k8s/apps/accounting/binner/kustomization.yaml create mode 100644 k8s/apps/accounting/binner/namespace.k8s.yaml create mode 100644 k8s/apps/accounting/binner/postgres.k8s.yaml create mode 100644 k8s/apps/accounting/binner/pvc.k8s.yaml create mode 100644 k8s/apps/accounting/binner/secretstore.k8s.yaml create mode 100644 k8s/apps/storage/local-backup-s3/pgbackrest-binner-creds.sops.yaml create mode 100644 k8s/apps/storage/local-backup-s3/pgbackrest-binner-s3conf-template.k8s.yaml diff --git a/k8s/apps/accounting/binner.k8s.yaml b/k8s/apps/accounting/binner.k8s.yaml new file mode 100644 index 00000000..92df80bd --- /dev/null +++ b/k8s/apps/accounting/binner.k8s.yaml @@ -0,0 +1,14 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: binner + namespace: flux-system +spec: + interval: 10m + path: ./k8s/apps/accounting/binner + prune: true + sourceRef: + kind: GitRepository + name: emnt-ops + wait: true diff --git a/k8s/apps/accounting/binner/config-template.k8s.yaml b/k8s/apps/accounting/binner/config-template.k8s.yaml new file mode 100644 index 00000000..fe45a4c3 --- /dev/null +++ b/k8s/apps/accounting/binner/config-template.k8s.yaml @@ -0,0 +1,261 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: config-template + namespace: binner +spec: + secretStoreRef: + kind: SecretStore + name: binner-secrets + target: + name: binner-config + template: + engineVersion: v2 + data: + appsettings.json: |- + { + "WebHostServiceConfiguration": { + "Environment": "Production", + "Name": "Binner Server", + "IP": "*", + "PublicUrl": "https://binner.${CLUSTER_DOMAIN}", + "Port": 8090, + "ResourceSource": "d6ng6g5o3ih7k.cloudfront.net", + "MaxCacheItems": 1024, + "CacheSlidingExpirationMinutes": 30, + "CacheAbsoluteExpirationMinutes": 0, + "Locale": { + "Language": "en", + "Currency": "CAD" + }, + "Integrations": { + "Swarm": { + "Enabled": true, + "ApiKey": "{{ .swarm_api_key }}", + "ApiUrl": "https://swarm.binner.io", + "Timeout": "00:00:05" + }, + "Octopart": { + "Enabled": false, + "ApiKey": "", + "ApiUrl": "https://octopart.com" + }, + "Digikey": { + "Enabled": true, + "ClientId": "{{ .digikey_api_id }}", + "ClientSecret": "{{ .digikey_api_secret }}", + "oAuthPostbackUrl": "https://binner.${CLUSTER_DOMAIN}/Authorization/Authorize", + "ApiUrl": "https://api.digikey.com" + }, + "Mouser": { + "Enabled": true, + "ApiKeys": { + "SearchApiKey": "{{ .mouser_search_api_key }}", + "OrderApiKey": "{{ .mouser_order_api_key }}", + "CartApiKey": "" + }, + "ApiUrl": "https://api.mouser.com" + }, + "Arrow": { + "Enabled": false, + "ApiKey": "", + "Username": "", + "ApiUrl": "https://api.arrow.com" + }, + "AliExpress": { + "Enabled": false, + "ApiKey": "", + "oAuthPostbackUrl": "https://binner.${CLUSTER_DOMAIN}/Authorization/Authorize", + "ApiUrl": "https://api.aliexpress.com" + } + }, + "PrinterConfiguration": { + "PrintMode": "WebBrowser", + "PrinterName": "DYMO LabelWriter 450", + "PartLabelSource": "Default", + "PartLabelName": "30346", + "PartLabelTemplate": { + "Line1": { + "label": 2, + "content": "{partNumber}", + "fontName": "Segoe UI", + "fontSize": 16, + "autoSize": true, + "upperCase": true + }, + "Line2": { + "label": 2, + "content": "{description}", + "fontName": "Segoe UI", + "fontSize": 8 + }, + "Line3": { + "label": 2, + "content": "{description}", + "fontName": "Segoe UI", + "fontSize": 8 + }, + "Line4": { + "label": 2, + "content": "{partNumber}", + "barcode": true + }, + "Identifier": { + "label": 1, + "content": "{binNumber}", + "fontName": "Source Code Pro", + "fontSize": 10, + "color": "#ee0000", + "rotate": 90, + "position": "left", + "upperCase": true, + "margin": { + "top": 25 + } + }, + "Identifier2": { + "label": 1, + "content": "{binNumber2}", + "fontName": "Source Code Pro", + "fontSize": 10, + "color": "#ee0000", + "rotate": 90, + "position": "right", + "upperCase": true, + "margin": { + "top": 25, + "left": 20 + } + } + }, + "LabelDefinitions": [ + { + "MediaSize": { + "ModelName": "30277", + "Name": "File Folder (2 up)", + "DriverName": "w82h248", + "ExtraData": "", + "Width": 82, + "Height": 248 + }, + "TopMargin": -20, + "LeftMargin": 0, + "LabelCount": 2, + "TotalLines": 2 + }, + { + "MediaSize": { + "ModelName": "30346", + "Name": "1/2 in x 1-7/8 in", + "DriverName": "w36h136", + "ExtraData": "", + "Width": 36, + "Height": 136 + }, + "TopMargin": -20, + "LeftMargin": 0, + "LabelCount": 2, + "TotalLines": 2 + }, + { + "MediaSize": { + "ModelName": "30252", + "Name": "Address", + "DriverName": "w79h252", + "ExtraData": "", + "Width": 79, + "Height": 252 + }, + "TopMargin": -20, + "LeftMargin": 0, + "LabelCount": 1, + "TotalLines": 4 + }, + { + "MediaSize": { + "ModelName": "30327", + "Name": "File Folder", + "DriverName": "w57h248", + "ExtraData": "", + "Width": 57, + "Height": 286 + }, + "TopMargin": -20, + "LeftMargin": 0, + "LabelCount": 1, + "TotalLines": 4 + } + ] + }, + "Authentication": { + "TokenLength": 64, + "JwtAccessTokenExpiryTime": "00:15:00", + "JwtRefreshTokenExpiryTime": "03:00:00:00", + "EncryptionBits": 256, + "ClockSkew": "00:00:00", + "JwtIssuer": "https://binner.${CLUSTER_DOMAIN}", + "JwtAudience": "https://binner.${CLUSTER_DOMAIN}", + "ValidateIssuerSigningKey": true, + "ValidateIssuer": true, + "ValidateAudience": true, + "ValidateLifetime": true, + "RequireExpirationTime": true + } + }, + "StorageProviderConfiguration": { + "Provider": "Postgresql", + "ProviderConfiguration": { + "ConnectionString": "Server={{ .pg_host }};Port={{ .pg_port }};Database={{ .pg_db }};Userid={{ .pg_user }};Password={{ .pg_pass }};Persist Security Info=true;Root Certificate=/pg-certs/ca.crt" + }, + "UserUploadedFilesPath": "/uploads" + }, + "Logging": { + "LogLevel": { + "Default": "Trace", + "Microsoft": "Error" + } + } + } + data: + - secretKey: swarm_api_key + remoteRef: + key: api-keys + property: SWARM_API_KEY + - secretKey: digikey_api_id + remoteRef: + key: api-keys + property: DIGIKEY_API_ID + - secretKey: digikey_api_secret + remoteRef: + key: api-keys + property: DIGIKEY_API_SECRET + - secretKey: mouser_search_api_key + remoteRef: + key: api-keys + property: MOUSER_SEARCH_API_KEY + - secretKey: mouser_order_api_key + remoteRef: + key: api-keys + property: MOUSER_ORDER_API_KEY + + - secretKey: pg_host + remoteRef: + key: binner-pg-pguser-binner + property: host + - secretKey: pg_port + remoteRef: + key: binner-pg-pguser-binner + property: port + - secretKey: pg_db + remoteRef: + key: binner-pg-pguser-binner + property: dbname + - secretKey: pg_user + remoteRef: + key: binner-pg-pguser-binner + property: user + - secretKey: pg_pass + remoteRef: + key: binner-pg-pguser-binner + property: password diff --git a/k8s/apps/accounting/binner/deployment.k8s.yaml b/k8s/apps/accounting/binner/deployment.k8s.yaml new file mode 100644 index 00000000..317ee4c8 --- /dev/null +++ b/k8s/apps/accounting/binner/deployment.k8s.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: binner + namespace: binner + labels: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner + template: + metadata: + labels: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner + spec: + containers: + - name: binner + image: ghcr.io/eaglesemanation/ops.emnt.dev/binner:2.6.3_b666-1 + volumeMounts: + - name: uploads + mountPath: /uploads + - name: pg-certs + mountPath: /pg-certs + - name: config + subPath: appsettings.json + mountPath: /app/appsettings.json + ports: + - name: http + protocol: TCP + containerPort: 8090 + volumes: + - name: uploads + persistentVolumeClaim: + claimName: binner-uploads + - name: pg-certs + secret: + secretName: binner-pg-cluster-cert + - name: config + secret: + secretName: binner-config diff --git a/k8s/apps/accounting/binner/ingress.k8s.yaml b/k8s/apps/accounting/binner/ingress.k8s.yaml new file mode 100644 index 00000000..d7ade0c2 --- /dev/null +++ b/k8s/apps/accounting/binner/ingress.k8s.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: Service +metadata: + name: binner + namespace: binner + labels: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner + ports: + - name: http + port: 8090 + targetPort: http + protocol: TCP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: binner + namespace: binner + labels: + app.kubernetes.io/name: binner + app.kubernetes.io/instance: binner +spec: + ingressClassName: ingress-internal-traefik + rules: + - host: binner.${CLUSTER_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: binner + port: + name: http diff --git a/k8s/apps/accounting/binner/kustomization.yaml b/k8s/apps/accounting/binner/kustomization.yaml new file mode 100644 index 00000000..87076944 --- /dev/null +++ b/k8s/apps/accounting/binner/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.k8s.yaml + - postgres.k8s.yaml + - secretstore.k8s.yaml + - config-template.k8s.yaml + - deployment.k8s.yaml + - pvc.k8s.yaml + - ingress.k8s.yaml diff --git a/k8s/apps/accounting/binner/namespace.k8s.yaml b/k8s/apps/accounting/binner/namespace.k8s.yaml new file mode 100644 index 00000000..fc2fd0b0 --- /dev/null +++ b/k8s/apps/accounting/binner/namespace.k8s.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: binner diff --git a/k8s/apps/accounting/binner/postgres.k8s.yaml b/k8s/apps/accounting/binner/postgres.k8s.yaml new file mode 100644 index 00000000..2af550df --- /dev/null +++ b/k8s/apps/accounting/binner/postgres.k8s.yaml @@ -0,0 +1,98 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-creds + namespace: binner + annotations: + reflector.v1.k8s.emberstack.com/reflects: "local-backup-s3/pgbackrest-binner-s3creds" +data: {} +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json +apiVersion: postgres-operator.crunchydata.com/v1beta1 +kind: PostgresCluster +metadata: + name: binner-pg + namespace: binner + annotations: + postgres-operator.crunchydata.com/autoCreateUserSchema: "true" +spec: + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.7-1 + postgresVersion: 15 + users: + - name: binner + password: + type: AlphaNumeric + databases: + - binner + instances: + - name: instance1 + metadata: + labels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: binner-pg + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + memory: 512Mi + sidecars: + replicaCertCopy: + resources: + requests: + cpu: 10m + memory: 2Mi + limits: + memory: 16Mi + dataVolumeClaimSpec: + storageClassName: freenas-api-iscsi-csi + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 10Gi + patroni: + dynamicConfiguration: + # Prevents failovers due to latency issues with etcd, useful for non-HA controlplane + failsafe_mode: true + postgresql: + parameters: + max_slot_wal_keep_size: 1GB + max_wal_size: 1GB + backups: + pgbackrest: + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1 + global: + repo1-s3-uri-style: path + repo1-path: /pgbackrest-binner/binner-pg/repo1 + repo1-retention-full: "30" + repo1-retention-full-type: time + jobs: + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 128Mi + configuration: + - secret: + name: s3-creds + repos: + - name: repo1 + s3: + endpoint: https://backup-s3.${CLUSTER_DOMAIN} + region: us-west-1 + bucket: pgbackrest + schedules: + full: 0 6 * * 0 + incremental: 0 6 * * 1-6 + monitoring: + pgmonitor: + exporter: + resources: + requests: + cpu: 10m + memory: 16Mi + limits: + memory: 64Mi + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.1-0 diff --git a/k8s/apps/accounting/binner/pvc.k8s.yaml b/k8s/apps/accounting/binner/pvc.k8s.yaml new file mode 100644 index 00000000..735c9eff --- /dev/null +++ b/k8s/apps/accounting/binner/pvc.k8s.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: binner-uploads + namespace: binner +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 10Gi + storageClassName: freenas-api-iscsi-csi diff --git a/k8s/apps/accounting/binner/secretstore.k8s.yaml b/k8s/apps/accounting/binner/secretstore.k8s.yaml new file mode 100644 index 00000000..a16ca189 --- /dev/null +++ b/k8s/apps/accounting/binner/secretstore.k8s.yaml @@ -0,0 +1,50 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/clustersecretstore_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: binner-secrets + namespace: binner +spec: + provider: + kubernetes: + remoteNamespace: binner + server: + caProvider: + type: ConfigMap + name: kube-root-ca.crt + key: ca.crt + auth: + serviceAccount: + name: external-secrets +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-secrets + namespace: binner +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: secret-reader + namespace: binner +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + - apiGroups: ["authorization.k8s.io"] + resources: ["selfsubjectrulesreviews"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: external-secrets + namespace: binner +subjects: + - kind: ServiceAccount + name: external-secrets +roleRef: + kind: Role + name: secret-reader + apiGroup: rbac.authorization.k8s.io diff --git a/k8s/apps/accounting/kustomization.yaml b/k8s/apps/accounting/kustomization.yaml index 25fdbf92..527cfd30 100644 --- a/k8s/apps/accounting/kustomization.yaml +++ b/k8s/apps/accounting/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - actual.k8s.yaml + - binner.k8s.yaml - mealie.k8s.yaml diff --git a/k8s/apps/storage/local-backup-s3/kustomization.yaml b/k8s/apps/storage/local-backup-s3/kustomization.yaml index de4226ce..5188c8fe 100644 --- a/k8s/apps/storage/local-backup-s3/kustomization.yaml +++ b/k8s/apps/storage/local-backup-s3/kustomization.yaml @@ -30,3 +30,5 @@ resources: - pgbackrest-unifi-controller-s3conf-template.k8s.yaml - pgbackrest-postiz-creds.sops.yaml - pgbackrest-postiz-s3conf-template.k8s.yaml + - pgbackrest-binner-creds.sops.yaml + - pgbackrest-binner-s3conf-template.k8s.yaml diff --git a/k8s/apps/storage/local-backup-s3/minio-init.k8s.yaml b/k8s/apps/storage/local-backup-s3/minio-init.k8s.yaml index 332f5510..bc4072b0 100644 --- a/k8s/apps/storage/local-backup-s3/minio-init.k8s.yaml +++ b/k8s/apps/storage/local-backup-s3/minio-init.k8s.yaml @@ -36,9 +36,12 @@ data: mc admin policy attach local-backup-s3 pgbackrest-rw --user "$UNIFI_CONTROLLER_ACCESS_KEY" mc admin user add local-backup-s3 "$POSTIZ_ACCESS_KEY" "$POSTIZ_SECRET_KEY" mc admin policy attach local-backup-s3 pgbackrest-rw --user "$POSTIZ_ACCESS_KEY" + mc admin user add local-backup-s3 "$BINNER_ACCESS_KEY" "$BINNER_SECRET_KEY" + mc admin policy attach local-backup-s3 pgbackrest-rw --user "$BINNER_ACCESS_KEY" exit 0 --- +# TODO: Migrate to S3 operator apiVersion: batch/v1 kind: CronJob metadata: @@ -96,6 +99,8 @@ spec: name: pgbackrest-unifi-controller-creds - secretRef: name: pgbackrest-postiz-creds + - secretRef: + name: pgbackrest-binner-creds volumeMounts: - name: init-script mountPath: /tmp/init.sh @@ -116,29 +121,3 @@ spec: - name: pgbackrest-policy configMap: name: pgbackrest-policy -# TODO: Use this when next operator version gets released (probably v5.0.16) -# -## yaml-language-server: $schema=https://raw.githubusercontent.com/eaglesemanation/CRDs-catalog/minio/job.min.io/miniojob_v1alpha1.json -#apiVersion: job.min.io/v1alpha1 -#kind: MinIOJob -#metadata: -# name: minio-init-job -# namespace: minio-operator -#spec: -# serviceAccountName: mc-job-sa -# tenant: -# name: minio -# namespace: local-backup-s3 -# commands: -# - name: velero-policy -# op: admin/policy/create -# args: -# name: velero-rw -# policy: /temp/policy.json -# volumeMounts: -# - name: policy -# mountPath: /temp -# volumes: -# - name: policy -# configMap: -# name: velero-policy diff --git a/k8s/apps/storage/local-backup-s3/pgbackrest-binner-creds.sops.yaml b/k8s/apps/storage/local-backup-s3/pgbackrest-binner-creds.sops.yaml new file mode 100644 index 00000000..1cc90f77 --- /dev/null +++ b/k8s/apps/storage/local-backup-s3/pgbackrest-binner-creds.sops.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pgbackrest-binner-creds + namespace: local-backup-s3 +stringData: + BINNER_ACCESS_KEY: ENC[AES256_GCM,data:GOz2+DKn,iv:B2YaDL1XJjkCVYpxR+ElLF2MYPAFlnscATVoKbauokY=,tag:uvnNdqvaPAmCmCEZHQ1peA==,type:str] + BINNER_SECRET_KEY: ENC[AES256_GCM,data:+40ln4+flfUSBpcsrIOkBxkClQp94yE0+fh7EPrqLTg=,iv:hW0wReZ/Gnsdfi7j8024WdWL/LkozTWwN5tKEbMZ1Xk=,tag:A8CoksaF+XtIPk7YaV9HoQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1exncnhces66v0uc67xm009v2d2237hgdxtaa8tdy0hvusexjry0qye4ad2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMlNZMnBLTzFxM0dtdUh0 + VnlEYlBVNWl5S0JmR2drV2hKZlNveFJwcGo4ClkrUXp6Z1N2dG1KZ2YrZFJvUHl1 + M2UyeUxpUXZnSys1T0o3THpveU9nc1EKLS0tIEJ6dnFHR2hCQjFUR1dGV3crLzda + QVB4aitiZXc1S21rMXMxelBmZ3JKZEUKw3BpDZ92+gHpTeWO+13lFvJtsVeKVQa6 + TytVmpcC88fg+AW2Yb4aVn05xy7DSFO+8R7xxZNZQqXEfwAkSmjhIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-30T07:36:44Z" + mac: ENC[AES256_GCM,data:JUyKGZQp3d1E8RgCzmB1eMKWcJtGemuqU9I8pbxwcSg6AprKiJYycHsY70UxjWgv9v+fa/WLXlmKv0W2uaQ6fGiNyZGagwc3WR1vjmwvqvSkxTFdKPizHHEj+f3obKk3vHaOBFez3MWTUkLS5LsN8JnuGs/qpv22rjAuxxRc194=,iv:89nwnY9bXTYt+bdGSgcgwxzaq0ubfeWzxUUwPKahouE=,tag:ALqVBSI7aL4oOIg6BZ7iNA==,type:str] + pgp: + - created_at: "2025-01-30T07:36:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAzB6fv8Ha/LEAQf/e3407PDG2zTD2WbJAbXptsZVrT/o+Z+4dehX7tPM/W43 + JA8cjkMMTfJ/xL6RkNkx9fQjmsUwQMDfAOTDYkoqvyDy4DvuNzekaEMHa37W+NG5 + vrn47PjRhzymtgcPAF6JwqvjVHsT/D39+gCcXo6nZ9cgzSxxFKIsPW31cH2Idd2w + JRhOEzw+sqhFJMXkwF9gS4q+/4VscM6X2/dHjHP8mpPRv4OUgPSNWV7qSdCJ3a8O + t6/fePYjjBZEU3go2tsSzZ7k4fMgcqQRXTSbVzWslMZRnkMP743u2tI5JFOEHMv6 + SffywpgUUI3hJx0KoF175BjKPoXe0Yo1Tgb0aq0Il9JeASKhKf4lJYomeCJXwSRd + qp6h3bQKYFBATXqufNKvEFe35hXoUUGxKVXQ34Y3amItR3STlavrIggWY/zf3xdb + Ju6vuj3RB8NjpZ2lCW6xJKfU6aGVQPCPP2IF5uRgfA== + =/k+P + -----END PGP MESSAGE----- + fp: C5B9ADB07DBE5A2E + encrypted_regex: ^(data|stringData)$ + version: 3.9.3 diff --git a/k8s/apps/storage/local-backup-s3/pgbackrest-binner-s3conf-template.k8s.yaml b/k8s/apps/storage/local-backup-s3/pgbackrest-binner-s3conf-template.k8s.yaml new file mode 100644 index 00000000..6324523a --- /dev/null +++ b/k8s/apps/storage/local-backup-s3/pgbackrest-binner-s3conf-template.k8s.yaml @@ -0,0 +1,32 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pgbackrest-binner-s3conf-template + namespace: local-backup-s3 +spec: + secretStoreRef: + kind: SecretStore + name: local-backup-s3-secrets + target: + name: pgbackrest-binner-s3conf + template: + engineVersion: v2 + metadata: + annotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: binner + data: + s3.conf: |- + [global] + repo1-s3-key={{ .local_minio_access_key }} + repo1-s3-key-secret={{ .local_minio_secret_key }} + data: + - secretKey: local_minio_access_key + remoteRef: + key: pgbackrest-binner-creds + property: BINNER_ACCESS_KEY + - secretKey: local_minio_secret_key + remoteRef: + key: pgbackrest-binner-creds + property: BINNER_SECRET_KEY