From 4fb7234df87d91429b231a44cf5ed847be02e7e2 Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Mon, 30 Sep 2024 15:15:24 +0200 Subject: [PATCH] switch to backblaze for backups --- .../backblaze-credentials.sealedsecret.yaml | 19 +++++++++++++++++++ .../backup/cronjobs-base/cronjob.yaml | 19 ++++++++++++++++--- infrastructure/backup/kustomization.yaml | 3 +-- 3 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 infrastructure/backup/backblaze-credentials.sealedsecret.yaml diff --git a/infrastructure/backup/backblaze-credentials.sealedsecret.yaml b/infrastructure/backup/backblaze-credentials.sealedsecret.yaml new file mode 100644 index 0000000..2a60b09 --- /dev/null +++ b/infrastructure/backup/backblaze-credentials.sealedsecret.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: backblaze-credentials + namespace: backup +spec: + encryptedData: + bucket-id: AgBwwjlkGjskxMXXpXrnfcT9fJGgDXtbOO/6WcpqsX0exoADw31dADjLTHztiddsGYipiGFf2DBWge69UEnL04NXIzh/xTwWtWaqlz6yOJm/89FMQE1mfbrrLc7tk98TO3oS8i+IDAnkUiYyvDXJexgJg56QLY595PXkpplYit2bAk43mAB02yUZAK0gMs3KRDIvhHFsMq8Uiqx78En5KGGXwEg6KbVDyNvI2k8suEyy+C0yNO/M6dlczoUQiIJbllQzbqIzuxbOp609PfvGFAYHuPlz1kwsg+feZJ3kNsHYi4hWvpd64BWb30iO9J3dAYfW6d7C61t3S5uabmnd9E7bMYZA/OppD8SCknBFalXF91BUiJao9qBVd/BB7TCZOzhdzhxTW+FhgARcA+GIfg+nIzgBqHfAfQQmAOO2RZnsWrvMysyZaUpODvU8kSsLWZJ3CESVRVU3BHmJZpyxjX/s6QEXShQXZaLq54zoFJULZU/kbom5yFNNDWW5sKbURPvbKJcf/J9QabY5toO4yOwDk96Sr/FI+CHHvMh8/amigva0Upq6naiTHXMf4BR6+w3VKP5ALn5cbD5jG7EpUA/j1roMoLn68GMAtTJDLvSq2BGeJENWrUpOmjWZHDKZy8DEKorJk/Wbp46ksteSALE8eXpi4DRKXYDPvDb57EhzoJGQ9NMXgAvU9+1vw2nyTZE4gAWKpg0JkiHglu4Om79HfuGuewzJXlY= + key-id: AgBe4Iytjw9CkT7CqqNLHWyG4F8F+R6m8W1fnQZdGJvLy7D81+nB2ZDMCUZgUQV/mppGnXCkSxHyelcyTYCswQ9bD8hZsAIiQACq39v2UFxdORFEgNMj4bTWPo65fwhSK2giozPqN/4lzPopP91uyq1Z0gQaiqn/HDtbfNjq+Nu9kPmV06O1NUj1f7QqvfsMK+Xadv0G+DAA+ClGaq1q3fZPDkl2MSDdbEPGq+fLPK2DSdYu9fr1bc9TPyaU5JDFvGrCg8Nyigugi4wVGjQFtVwR1QsHAADmnoDAdXoj1Sz65QO5F+zNaDZWvnLnVFxAFrXJHihilc4ilAc8hSpE6YHQm7dGO5gGejLRNaaCspb/fPJD1g2XlnkckhFCSwd9sHNrXb07BZk8gFTHfndEC0t2UyUNloYpXsfap6fvehPK91ey35jbxDk9zYdgKZ7bz/tY0450CkofSbhisf2DwS3prt5YCEDaXasrpUqlk4dSbmLaGm6aee8lM5VpO8qYE56nvXY7qr0yB6z/NGWuLX3oH3fV+C8hH1P4mxDjvVEFdtewlF50Bf9WFoE7KpboSvmChZhBfjOkbtsGmQE41ZuNoYVupetXn6IfvYo6MzGoG6dTRVpJ5S2KLQDtsUljQfXJDFCSYwo87DD2dGBEn/z9GFCIPAYNO2ewzU4RUgcXPuDD4I2tdNIC+xdEBZq7BaWn/46Yfc1+FAWUA9VWEL/9kz5tK6hFD3Ww + key-secret: AgBcKSHdXHeNBzkZRtbaOEZra7AAWVlzmubaQoklECr14gKNL7rTReqX87qQObjQjmGKXtnJlKXIVHGDuiuHGkqfxQ9PCxccvpA3/7LdbFZnZtlFDWpAv+VB6Tp7H7Quho/GeAo8u6de0BXz85lz7+RyDCssBpuuzpchMgOlcEmhhfgQM5E6ye7bD6LpAZWcay3PV6FW2xTrJvLobpCcJordye6iTdSySPKdk6zflkon9h1KuQT+njmW4cfTQg/u7iS/NDQYcHdCpDHRLCor4GkVmi7NW8q+WuYhUSGWBy55SGvcUobhUL7GEHFJZpKmyrBOwSbwiWUDoN+NjI2TR5xvG0Ldjd/Hj32Vk29I+xSnj/O7pZj5ho35qExlZ/WCe42i0VHjzHFbOoU1MkqB+Skm24L1cLufhyNBtA8NNN3GWZhkcozpe164gpx4H/Vfe0UyzxUn4VJIws/IXYiLb4DgDkGrV+wzigN2QfSgTgs6syQkSs4UJ4gUZeN0jsyq0YHIhq1VZ8qPtLH310d8LZLxpTjZdO0obBwJfnHkg3blwSABEt5756C5DvjKmvO1pjG+JX/PJ0yAINL9Sc+FsY7TnGlItVzD830NcZ3Gg9C4Tg4xBEHybUWCSl1rJjwMvmUvVKNcIzLBHPAOyle1VLTZ37zb13MnhwNwdUtBu7+RZTy9wVO26iqemXTtFVj13kgZkJsyLjM6bo2y2wvFmjBCV9EKQtm87ROStM7iKB46 + repository-string: AgAEYSqT6VR4OKW9/ZDgjYV+rm4tK3uucZsQG2u7W+8rRO0Rowkuba1AbybjgTE+G3q8si/GtlgsB1J8suvztHcVLNxg0y0Olb40pn2sZjKd85Q8AzsM0pFMkzme1lvnwu1Bcgd6Ck+FCr4CuUnh+UvJM5iWhAoSHJtdBb/EKw2F1BhewAqMXSX4oWM7V/T8RTtW2wBUk4wgX4ia+gCBPMpTo6i00ZtSpRB3Ub9VfGJfRmiXZA7oh5j3yN9nJlXonbJYBp4DNWod76CF7s35HBnSzS7YfIV80R4lH4xAPgRbZ0tvPWkTLMhSBX8rJCEnxT7DjL2lS7WfyboLdL4Uy8WmP7n2difZSr7p2iic6SCP44YgQ8JY5UgXh2QZENQ6oLvjK/PpFTjQ4bfw3E1/dakg1EdCYc/6DPyK3YekccUe/pXvVBrazpgObxXWeKKT6RMDeYWLUXTBHWhJ5OaJHHePD5t9IM65FlFTtkuUFbxExTi/u+RczBlWWcy10Yow3I3LGrDPJ/PfBy4RPfHCeQDQ+WoLJkNT20nu5mBXEYYKgNvgdn4yogifSiNG8vsNpo4dO89aHppbnHdmdp7F9asfbn27btEoFoHzIFku/mEnY5srs+Smrhhzy0+iPKge9LOuW33Gi4oJban1UYFvLAjq8YsZGkbIO82r2p+v15UjwU3girWPl1KBUc8WzLJtnqBvRPWS1ul6/X9JIdmmrHJjC0KlcGiVMU/Ls9ljnQj7dgLXuDW7JzuK3MhTWV3Y2kS39ze3TskCKcbL + template: + metadata: + creationTimestamp: null + name: backblaze-credentials + namespace: backup + type: Opaque diff --git a/infrastructure/backup/cronjobs-base/cronjob.yaml b/infrastructure/backup/cronjobs-base/cronjob.yaml index 80e1d3c..2d095f5 100644 --- a/infrastructure/backup/cronjobs-base/cronjob.yaml +++ b/infrastructure/backup/cronjobs-base/cronjob.yaml @@ -46,14 +46,27 @@ spec: name: backup-nfs-access env: - - name: RESTIC_REPOSITORY - value: rest:http://rclone-gcloud:8000/kluster - # lives in the same namespace + # secrets live in the same namespace as per kustomization.yaml - name: RESTIC_PASSWORD valueFrom: secretKeyRef: name: restic-gdrive-credentials key: restic-password + - name: RESTIC_REPOSITORY + valueFrom: + secretKeyRef: + name: backblaze-credentials + key: repository-string + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: backblaze-credentials + key: key-id + - name: AWS_ACCESS_KEY + valueFrom: + secretKeyRef: + name: backblaze-credentials + key: key-secret volumes: - name: backup-nfs-access persistentVolumeClaim: diff --git a/infrastructure/backup/kustomization.yaml b/infrastructure/backup/kustomization.yaml index e0275ee..bdc247c 100644 --- a/infrastructure/backup/kustomization.yaml +++ b/infrastructure/backup/kustomization.yaml @@ -8,7 +8,6 @@ resources: - namespace.yaml - pvc.yaml - restic-password.sealedsecret.yaml - - rclone-config.sealedsecret.yaml - - rclone-gcloud.deployment.yaml + - backblaze-credentials.sealedsecret.yaml - cronjobs-overlays/prune/ - cronjobs-overlays/backup/