alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

add backup mechanism

Browse Source
This commit is contained in:
Alex Lebens
2024-07-02 14:15:23 -05:00
parent 1757b73a30
commit 265c8a7f4d
6 changed files with 178 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/platform/gitea/Chart.yaml
View File

@@ -25,6 +25,10 @@ dependencies:
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.4.0
- name: app-template
alias: backup
repository: https://bjw-s.github.io/helm-charts/
version: 3.2.1
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.6.0

46
clusters/cl01tl/platform/gitea/templates/external-secret.yaml
View File

@@ -86,6 +86,52 @@ spec:
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-backup-s3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-backup-s3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/backup/s3
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/backup/s3
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ENDPOINT_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/backup/s3
metadataPolicy: None
property: AWS_ENDPOINT_URL
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/backup/s3
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret

19
clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-nfs-storage-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

19
clusters/cl01tl/platform/gitea/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitea-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitea-backup
subjects:
- kind: ServiceAccount
name: gitea-backup
namespace: {{ .Release.Namespace }}

15
clusters/cl01tl/platform/gitea/templates/role.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitea-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]

75
clusters/cl01tl/platform/gitea/values.yaml
View File

@@ -86,6 +86,14 @@ gitea:
key: password
persistence:
storageClass: ceph-block
extraVolumes:
- name: gitea-nfs-storage-backup
persistentVolumeClaim:
claimName: gitea-nfs-storage-backup
extraVolumeMounts:
- mountPath: /opt/backup
name: gitea-nfs-storage-backup
readOnly: false
postgresql:
enabled: false
postgresql-ha:
@@ -94,6 +102,73 @@ gitea:
enabled: true
cloudflared:
existingSecretName: gitea-cloudflared-secret
backup:
global:
fullnameOverride: gitea-backup
controllers:
backup:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "@every 24h"
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: bitnami/kubectl
tag: 1.30.2
pullPolicy: IfNotPresent
command:
- /bin/ash
args:
- -ec
- |
kubectl exec -it deploy/gitea -n gitea -- su - git -c /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip
cp /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
cp /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-s3.zip;
resources:
requests:
cpu: 100m
memory: 128Mi
s3:
image:
repository: amazon/aws-cli
tag: 2.17.5
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
until [ -f /opt/backup/gitea-backup-s3.zip ]; do sleep 5; done;
aws s3 cp /opt/backup/gitea-backup-s3.zip s3://cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
rm /opt/backup/gitea-backup-s3.zip;
envFrom:
- secretRef:
name: gitea-backup-s3
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
create: true
persistence:
config:
existingClaim: gitea-nfs-storage-backup
advancedMounts:
backup:
backup:
- path: /opt/backup
readOnly: false
s3:
- path: /opt/backup
readOnly: false
postgres-16-cluster:
mode: standalone
cluster: