infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Configure barman object store
Some checks are pending
kustomization/barman-config/1b69816f progressing
kustomization/flux-system/1b69816f reconciliation succeeded
kustomization/longhorn/1b69816f reconciliation succeeded
kustomization/cilium/1b69816f reconciliation succeeded
kustomization/local-path-provisioner/1b69816f reconciliation succeeded
kustomization/longhorn-jobs/1b69816f reconciliation succeeded
kustomization/certificates/1b69816f reconciliation succeeded
kustomization/letsencrypt/1b69816f reconciliation succeeded
kustomization/cert-manager/1b69816f reconciliation succeeded

Browse Source
This commit is contained in:
Dreaded_X
2025-12-15 04:49:08 +01:00
parent 3ff885a6ac
commit c434f0822a
6 changed files with 104 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/testing/kustomization.yaml
View File

@@ -17,3 +17,4 @@ resources:
- ../../configs/certificates/certificates.yaml - ../../configs/certificates/certificates.yaml
- ../../configs/alerts/alerts.yaml - ../../configs/alerts/alerts.yaml
- ../../configs/longhorn-jobs/longhorn-jobs.yaml - ../../configs/longhorn-jobs/longhorn-jobs.yaml
- ../../configs/barman-config/barman-config.yaml

5
configs/artifacts.yaml
View File

@@ -29,3 +29,8 @@ spec:
copy: copy:
- from: "@foundation/configs/longhorn-jobs/**" - from: "@foundation/configs/longhorn-jobs/**"
to: "@artifact/" to: "@artifact/"
- name: barman-config
originRevision: "@foundation"
copy:
- from: "@foundation/configs/barman-config/**"
to: "@artifact/"

21
configs/barman-config/barman-config.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: barman-config
namespace: flux-system
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: barman-cloud-plugin
sourceRef:
kind: ExternalArtifact
name: barman-config
path: .
prune: true
wait: true

5
configs/barman-config/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- object-store.yaml
- secret-s3-garage.enc.yaml

18
configs/barman-config/object-store.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: garage-store
namespace: cnpg-system
spec:
configuration:
destinationPath: s3://cnpg-backup/
endpointURL: http://192.178.1.1:3900
s3Credentials:
accessKeyId:
name: s3-garage
key: ACCESS_KEY_ID
secretAccessKey:
name: s3-garage
key: ACCESS_SECRET_KEY
wal:
compression: gzip

54
configs/barman-config/secret-s3-garage.enc.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: v1
kind: Secret
metadata:
name: s3-garage
namespace: cnpg-system
type: Opaque
stringData:
ACCESS_KEY_ID: ENC[AES256_GCM,data:TOEQMG/kHs5XUk77ijyV089ZTq1dKsoZUas=,iv:mVDOkl5qOxGdvCvdcXUuUjX85oKqbd+n5maHsKwCiFg=,tag:pho0oWPTwtM6lGQ2vA1d5A==,type:str]
SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mc42T/AQ8NRi32SzvwGJA6LEq1x0Yz3Tu+CPDYPf+E2+C00zQcGRk6tACPvRoMxRzU4ZZpK346e2K/8ajU77hg==,iv:Isxe81aQEbI5xd1dRjXDKj/2Jp9eTHdv0/XVBBHoRyE=,tag:gtcmKmfUIfIy977Df11P4g==,type:str]
sops:
age:
- recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmd2NkxFOVB0a1R3MHVN
RWRwbFVVaHF6Mlo4UElIZ1ROd1pyV1czSEYwCmFQMGM3Nkw0U0hzcWdyQVpnZTZL
eFNLWW5iNWpZVU9BQm9KakV4dEJzaGsKLS0tIGZ0ajdRZjZIUnNRSElzeENYRG4r
eUJHQVAzeWJSUDZTYy8zbTJIQ3pscjAKERe7k/VVNqMhqe2rLLRA9dO71bjieffX
YMIzJ0/UNMo2el4bcefwRnqwl0oyPG+pMXZ3F6UXyEoZw3ZIc4Nzvg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhakxrQ1Zrd3FRekZwZkU4
MVBpdloxeTJWQm1GZjA4M2NFVk1IYWtrTG1RCnpaRGh1WDZ4dCtzeFhkK1YzczYz
dmFNSWQ1bXgwQjJ1VlkrQnFhMXJ3bGcKLS0tIDhpcWx0MklNazJ0SjUzRmlyV0Er
K09tZGI0Z2w0eXh5eHcvcEttMy82aU0K2fnCDfYIShzw2Zipof+C8zf9pcOmiDg9
2SCiIfAJs9MB3n078P068z77KpvdlJYOi9pUTKSBhNw+mBI24y6X6A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-15T03:46:42Z"
mac: ENC[AES256_GCM,data:UG9rSQ4ep7Ln4g5QCtvD6U90Oc8iWpni+kypMpJ+AQM8LC0TTs9zFQgcxmo2wjZn38Fp+br/5KC172SqBNG4Q1yXhlRiqiIeyx9ynrZeceRSqHaaruB1hj83/0FwahqjB/t6yutWIfnp00UC92mMKGlef48UNZ8IW17e5uHE0m4=,iv:LvR4BEkgAr6PJ8fYATFois4j8/rgztn/Jggj/mFgCIk=,tag:W38qDd1RkCdK3bVMqOVnjA==,type:str]
pgp:
- created_at: "2025-12-11T23:56:15Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoARAA2+TLPMKYQFUjyuER+HZgY5Zl4qcF94sYcZuTdcvl/Pam
l//PcgU80DLb/3IZ1K12EYyuZ+QVdJxmUQt1OvBUWv2p0/5mU7zbkxc8YJ/vc46b
yMX7mmDnzuyU2Lss0hUl5dDDk3pdC4SgjrBz15g9TvS2jOWDTOwKCb1DEghfzB07
/9Yfj6Rfds2gqsUgfyxVCzHXzC0SNpuqqPLmnzNmjYiQGNFOCOdyxP6c2ehCI6Bq
Lu38n6rjTj2QWJZvtr57a2IVqmFVcD9wcy7ITUk8u9+ncYemLmx1LTQKD6n0WDHm
DwjRjziqdJRpHo70Q6TUanFppqTB2q1CReS4yk9sc3CINq9fRJrKtOeJxW8x81yZ
o3X++3gYbsRIrApVAFECJyKA4H6eK1gp4djNV7K0MmbQcR/7wSqaYrE6vTPml7jG
Ribd7eGvF2FnH5P/z3ckh6HH2Ln+i+iVy+ZeY+lgWuIrVNDWwR8mDH8AkjXuGTu4
K6ra+kCna6v7CAKwlGd31rk9i0CTNTqyHEQeqYuto/HTEC0Jj/lRyFPq+KuuvoAq
vxQlmP6VnYR0gTfkneBAny4neu3zrbYMuIMWoA9pAhZBNOLPuPXZtUwhAStHBS1V
Sdc6AI9CXSPFIP2WDn6iwjwXElkG5+iYyngf3tXrJUVXs0SQeFH05j3r5zVNT0zS
XgFAiWuLAOyWWvP+Jlre5dgKnbiaSs3wIVL9Qw9MuHIWdlXmTyuQ5SQKErQLSQ2j
b5ogtCcgcbVd+OsZCHWQbPtLI2yk/n0afA9D6cRvLHbNZGrWRZjdTYUHU2Drp0w=
=/yAN
-----END PGP MESSAGE-----
fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9
encrypted_regex: ^(data|stringData)$
version: 3.11.0