From 5c16ed8137752ed3c28ffe9596a36680727604d1 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Fri, 12 Dec 2025 01:01:42 +0100 Subject: [PATCH] feat: Added garage as default backup target --- controllers/longhorn/base/values.yaml | 3 + controllers/longhorn/longhorn.yaml | 4 ++ .../longhorn/staging/kustomization.yaml | 1 + .../staging/secret-s3-garage.enc.yaml | 55 +++++++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 controllers/longhorn/staging/secret-s3-garage.enc.yaml diff --git a/controllers/longhorn/base/values.yaml b/controllers/longhorn/base/values.yaml index b1ee9b1..6ca0ad0 100644 --- a/controllers/longhorn/base/values.yaml +++ b/controllers/longhorn/base/values.yaml @@ -8,3 +8,6 @@ defaultSettings: storageOverProvisioningPercentage: 25 persistence: defaultDataLocality: best-effort +defaultBackupStore: + backupTarget: s3://longhorn-backup@garage/ + backupTargetCredentialSecret: s3-garage diff --git a/controllers/longhorn/longhorn.yaml b/controllers/longhorn/longhorn.yaml index 1b7a058..d4399ce 100644 --- a/controllers/longhorn/longhorn.yaml +++ b/controllers/longhorn/longhorn.yaml @@ -10,6 +10,10 @@ spec: sourceRef: kind: ExternalArtifact name: longhorn + decryption: + provider: sops + secretRef: + name: sops-gpg path: ./${cluster_env} prune: true wait: true diff --git a/controllers/longhorn/staging/kustomization.yaml b/controllers/longhorn/staging/kustomization.yaml index 75f1377..9c13843 100644 --- a/controllers/longhorn/staging/kustomization.yaml +++ b/controllers/longhorn/staging/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - secret-s3-garage.enc.yaml configMapGenerator: - name: values-overlay diff --git a/controllers/longhorn/staging/secret-s3-garage.enc.yaml b/controllers/longhorn/staging/secret-s3-garage.enc.yaml new file mode 100644 index 0000000..d0dc7df --- /dev/null +++ b/controllers/longhorn/staging/secret-s3-garage.enc.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-garage + namespace: longhorn-system +type: Opaque +stringData: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Z61V0zZ0sApVz8gP+Yc6LTKQcW0jdRaWXa4=,iv:SpLgdgI4Yc48NYNb9wE3C28ixBg8vu5tTf7bUENMfrE=,tag:DDbqGvSbcpDxzPUpHbhLKA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:FK/BS+rXAD2sXND6zHJ2G/GIcFIe01kL/1WP1RJNX86Jc9aCra26+FQQ4zU0Uanh8tQqSzf2qMwK1uMkr/SI4A==,iv:36UsdtiRN3fPr+HtRHSad7oEetiJh56sq+Ypyq/W5FA=,tag:rYHPuCOCHA+YoEKdfN8P0g==,type:str] + AWS_ENDPOINTS: ENC[AES256_GCM,data:2iB2cf1E4ucxJEDGRpe2wiX9yMCZA1A=,iv:c+izWJ+i7lHybZlU9yKS5Q+Zj9lOGysCbewz9iRud3M=,tag:UX4zr9dguSAUBqm1xJnNJQ==,type:str] +sops: + age: + - recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmd2NkxFOVB0a1R3MHVN + RWRwbFVVaHF6Mlo4UElIZ1ROd1pyV1czSEYwCmFQMGM3Nkw0U0hzcWdyQVpnZTZL + eFNLWW5iNWpZVU9BQm9KakV4dEJzaGsKLS0tIGZ0ajdRZjZIUnNRSElzeENYRG4r + eUJHQVAzeWJSUDZTYy8zbTJIQ3pscjAKERe7k/VVNqMhqe2rLLRA9dO71bjieffX + YMIzJ0/UNMo2el4bcefwRnqwl0oyPG+pMXZ3F6UXyEoZw3ZIc4Nzvg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhakxrQ1Zrd3FRekZwZkU4 + MVBpdloxeTJWQm1GZjA4M2NFVk1IYWtrTG1RCnpaRGh1WDZ4dCtzeFhkK1YzczYz + dmFNSWQ1bXgwQjJ1VlkrQnFhMXJ3bGcKLS0tIDhpcWx0MklNazJ0SjUzRmlyV0Er + K09tZGI0Z2w0eXh5eHcvcEttMy82aU0K2fnCDfYIShzw2Zipof+C8zf9pcOmiDg9 + 2SCiIfAJs9MB3n078P068z77KpvdlJYOi9pUTKSBhNw+mBI24y6X6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-15T03:54:35Z" + mac: ENC[AES256_GCM,data:mXl4RyNkiUa0siCcB74fcRb2WLkak64qCVwaPnx3dG+BE1pwfLJUocXs13ueaVFlAwqAFD5ZN0B+yiEqxk7DXvga5/S1zewJIFHAeOdG9sW3lNJaCHXjgkg4GBOpCii173bUIl5QTp9fgEFLsc6IFsXcalhXOIdiJtV9zj5xlHQ=,iv:4atqqw9claajWbXH2YBQ0cA89ZdaiqFHwKrhOxMBVLk=,tag:NtwG2L1XZCCuTp5Q8ygJ5g==,type:str] + pgp: + - created_at: "2025-12-11T23:56:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoARAA2+TLPMKYQFUjyuER+HZgY5Zl4qcF94sYcZuTdcvl/Pam + l//PcgU80DLb/3IZ1K12EYyuZ+QVdJxmUQt1OvBUWv2p0/5mU7zbkxc8YJ/vc46b + yMX7mmDnzuyU2Lss0hUl5dDDk3pdC4SgjrBz15g9TvS2jOWDTOwKCb1DEghfzB07 + /9Yfj6Rfds2gqsUgfyxVCzHXzC0SNpuqqPLmnzNmjYiQGNFOCOdyxP6c2ehCI6Bq + Lu38n6rjTj2QWJZvtr57a2IVqmFVcD9wcy7ITUk8u9+ncYemLmx1LTQKD6n0WDHm + DwjRjziqdJRpHo70Q6TUanFppqTB2q1CReS4yk9sc3CINq9fRJrKtOeJxW8x81yZ + o3X++3gYbsRIrApVAFECJyKA4H6eK1gp4djNV7K0MmbQcR/7wSqaYrE6vTPml7jG + Ribd7eGvF2FnH5P/z3ckh6HH2Ln+i+iVy+ZeY+lgWuIrVNDWwR8mDH8AkjXuGTu4 + K6ra+kCna6v7CAKwlGd31rk9i0CTNTqyHEQeqYuto/HTEC0Jj/lRyFPq+KuuvoAq + vxQlmP6VnYR0gTfkneBAny4neu3zrbYMuIMWoA9pAhZBNOLPuPXZtUwhAStHBS1V + Sdc6AI9CXSPFIP2WDn6iwjwXElkG5+iYyngf3tXrJUVXs0SQeFH05j3r5zVNT0zS + XgFAiWuLAOyWWvP+Jlre5dgKnbiaSs3wIVL9Qw9MuHIWdlXmTyuQ5SQKErQLSQ2j + b5ogtCcgcbVd+OsZCHWQbPtLI2yk/n0afA9D6cRvLHbNZGrWRZjdTYUHU2Drp0w= + =/yAN + -----END PGP MESSAGE----- + fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9 + encrypted_regex: ^(data|stringData)$ + version: 3.11.0