apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: restic

labels:
- pairs:
    app.kubernetes.io/instance: restic
  includeSelectors: true
- pairs:
    app.kubernetes.io/part-of: restic
  includeTemplates: true

resources:
- namespace.yaml
- network-policy.yaml
- restic-prune.yaml
- secrets.yaml
- ../dch-root-ca

configMapGenerator:
- name: restic-env
  envs:
  - restic.env

patches:
- patch: |-
    apiVersion: batch/v1
    kind: CronJob
    metadata:
      name: restic-prune
    spec:
      jobTemplate:
        spec:
          template:
            spec:
              containers:
              - name: restic-prune
                env:
                - name: RESTIC_CACERT
                  value: /run/dch-ca/dch-root-ca.crt
                volumeMounts:
                - mountPath: /run/dch-ca
                  name: dch-ca
                  readOnly: true
              volumes:
              - name: dch-ca
                configMap:
                  name: dch-root-ca