restic-exporter: Point at chromie.p.b
Restic backups are now stored in MinIO on _chromie.pyrocufflink.blue_. All data have been migrated from _burp1.p.b_, which is being decommissioned. The instance of MinIO on _chromie_ uses a certificate signed by DCH CA, rather than the _pyrocufflink.blue_ wildcard certificate signed by ZeroSSL. As such, we need to configure `restic` to trust the DCH Root CA certificate in order to use the MinIO S3 API.
This commit is contained in:
@@ -12,6 +12,7 @@ resources:
|
||||
- network-policy.yaml
|
||||
- restic-exporter.yaml
|
||||
- secrets.yaml
|
||||
- ../dch-root-ca
|
||||
|
||||
configMapGenerator:
|
||||
- name: restic-exporter
|
||||
@@ -29,8 +30,19 @@ patches:
|
||||
spec:
|
||||
containers:
|
||||
- name: restic-exporter
|
||||
env:
|
||||
- name: RESTIC_CACERT
|
||||
value: /run/dch-ca/dch-root-ca.crt
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: restic-s3
|
||||
- configMapRef:
|
||||
name: restic-exporter
|
||||
volumeMounts:
|
||||
- mountPath: /run/dch-ca
|
||||
name: dch-ca
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: dch-ca
|
||||
configMap:
|
||||
name: dch-root-ca
|
||||
|
||||
Reference in New Issue
Block a user