Skip to content

Commit 3ef5985

Browse files
committed
fix(kyverno): use static RESTIC_REPOSITORY from 1Password instead of template
Problem: Kyverno cannot generate ExternalSecrets with Go templates because it tries to parse {{ }} as Kyverno variables, regardless of escaping method. Solution: Store RESTIC_REPOSITORY base URL in 1Password rustfs item: restic_repository: s3:http://192.168.10.133:30292/volsync/ Note: This is the base URL - per-PVC paths will be handled by VolSync itself using the repository secret name pattern.
1 parent 7055689 commit 3ef5985

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

docs/secrets/volsync-secrets.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,12 @@ Create a **Password** item in your 1Password vault:
1616
| **access_key** | RustFS access key |
1717
| **secret_key** | RustFS secret key |
1818
| **restic_password** | A strong random password (32+ characters) |
19+
| **restic_repository** | `s3:http://192.168.10.133:30292/volsync/` |
1920

2021
The `restic_password` encrypts all backup repositories stored in S3.
2122

23+
The `restic_repository` is the S3 endpoint - each PVC will have its namespace and name appended automatically.
24+
2225
**Generate a secure password:**
2326
```bash
2427
openssl rand -base64 32

0 commit comments

Comments
 (0)