Dustin C. Hatch
26422d9f3c
Restic backups are now stored in MinIO on _chromie.pyrocufflink.blue_. All data have been migrated from _burp1.p.b_, which is being decommissioned. The instance of MinIO on _chromie_ uses a certificate signed by DCH CA, rather than the _pyrocufflink.blue_ wildcard certificate signed by ZeroSSL. As such, we need to configure `restic` to trust the DCH Root CA certificate in order to use the MinIO S3 API.
40 lines
858 B
YAML
40 lines
858 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: restic-exporter
|
|
labels:
|
|
app.kubernetes.io/name: restic-exporter
|
|
app.kubernetes.io/component: restic-exporter
|
|
spec:
|
|
egress:
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
podSelector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
- port: 53
|
|
protocol: TCP
|
|
- to:
|
|
- ipBlock:
|
|
cidr: 172.30.0.15/32
|
|
ports:
|
|
- port: 443
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: victoria-metrics
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: vmagent
|
|
ports:
|
|
- port: metrics
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: restic-exporter
|