Dustin C. Hatch
26422d9f3c
Restic backups are now stored in MinIO on _chromie.pyrocufflink.blue_. All data have been migrated from _burp1.p.b_, which is being decommissioned. The instance of MinIO on _chromie_ uses a certificate signed by DCH CA, rather than the _pyrocufflink.blue_ wildcard certificate signed by ZeroSSL. As such, we need to configure `restic` to trust the DCH Root CA certificate in order to use the MinIO S3 API.
49 lines
1008 B
YAML
49 lines
1008 B
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: restic-exporter
|
|
|
|
labels:
|
|
- pairs:
|
|
app.kubernetes.io/instance: restic-exporter
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- network-policy.yaml
|
|
- restic-exporter.yaml
|
|
- secrets.yaml
|
|
- ../dch-root-ca
|
|
|
|
configMapGenerator:
|
|
- name: restic-exporter
|
|
envs:
|
|
- restic-exporter.env
|
|
|
|
patches:
|
|
- patch: |-
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: restic-exporter
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: restic-exporter
|
|
env:
|
|
- name: RESTIC_CACERT
|
|
value: /run/dch-ca/dch-root-ca.crt
|
|
envFrom:
|
|
- secretRef:
|
|
name: restic-s3
|
|
- configMapRef:
|
|
name: restic-exporter
|
|
volumeMounts:
|
|
- mountPath: /run/dch-ca
|
|
name: dch-ca
|
|
readOnly: true
|
|
volumes:
|
|
- name: dch-ca
|
|
configMap:
|
|
name: dch-root-ca
|