diff --git a/clusters/cl01tl/manifests/gitea/CronJob-gitea-backup.yaml b/clusters/cl01tl/manifests/gitea/CronJob-gitea-backup.yaml deleted file mode 100644 index 33a3f7efc..000000000 --- a/clusters/cl01tl/manifests/gitea/CronJob-gitea-backup.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: gitea-backup - labels: - app.kubernetes.io/controller: backup - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-backup - helm.sh/chart: backup-4.5.0 - namespace: gitea -spec: - suspend: false - concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central - schedule: "0 4 */2 * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 - jobTemplate: - spec: - parallelism: 1 - backoffLimit: 3 - template: - metadata: - labels: - app.kubernetes.io/controller: backup - app.kubernetes.io/instance: gitea-backup - app.kubernetes.io/name: gitea-backup - spec: - enableServiceLinks: false - serviceAccountName: gitea-backup - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - restartPolicy: Never - initContainers: - - args: - - -ec - - | - kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip; - kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip; - command: - - sh - image: bitnami/kubectl:latest - imagePullPolicy: IfNotPresent - name: backup - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - - args: - - -ec - - | - echo ">> Running S3 backup for Gitea" - s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - echo ">> Completed S3 backup for Gitea" - command: - - /bin/sh - env: - - name: BUCKET - valueFrom: - secretKeyRef: - key: BUCKET - name: gitea-s3cmd-config - image: d3fk/s3cmd:latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc - imagePullPolicy: IfNotPresent - name: s3-backup - resources: - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - mountPath: /opt/backup - name: config - - mountPath: /root/.s3cfg - mountPropagation: None - name: s3cmd-config - readOnly: true - subPath: .s3cfg - - args: - - -ec - - | - export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d); - export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip" - echo ">> Running S3 prune for Gitea backup repository" - echo ">> Backups prior to '$DATE_RANGE' will be removed" - echo ">> Backups to be removed:" - s3cmd ls ${BUCKET}/cl01tl/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' - echo ">> Deleting ..." - s3cmd ls ${BUCKET}/cl01tl/ | - awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' | - while read file; do - s3cmd del "$file"; - done; - echo ">> Completed S3 prune for Gitea backup repository" - command: - - /bin/sh - env: - - name: BUCKET - valueFrom: - secretKeyRef: - key: BUCKET - name: gitea-s3cmd-config - image: d3fk/s3cmd:latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc - imagePullPolicy: IfNotPresent - name: s3-prune - resources: - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - mountPath: /root/.s3cfg - mountPropagation: None - name: s3cmd-config - readOnly: true - subPath: .s3cfg - volumes: - - name: config - persistentVolumeClaim: - claimName: gitea-nfs-storage-backup - - name: s3cmd-config - secret: - secretName: gitea-s3cmd-config diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-s3cmd-config.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-s3cmd-config.yaml deleted file mode 100644 index cd10f3640..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-s3cmd-config.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-s3cmd-config - namespace: gitea - labels: - app.kubernetes.io/name: gitea-s3cmd-config - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: .s3cfg - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: s3cfg - - secretKey: BUCKET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: BUCKET diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml new file mode 100644 index 000000000..f3aac3cf3 --- /dev/null +++ b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gitea-shared-storage-backup-secret-local + namespace: gitea + labels: + helm.sh/chart: volsync-target-storage-0.5.0 + app.kubernetes.io/instance: gitea + app.kubernetes.io/part-of: gitea + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gitea-shared-storage-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/gitea/gitea-shared-storage" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-nfs-storage-backup.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-nfs-storage-backup.yaml deleted file mode 100644 index 99f474b07..000000000 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-nfs-storage-backup.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-nfs-storage-backup - namespace: gitea - labels: - app.kubernetes.io/name: gitea-nfs-storage-backup - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml index aba0b198c..0e74321f0 100644 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml +++ b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/part-of: gitea spec: volumeMode: Filesystem - storageClassName: nfs-client + storageClassName: ceph-filesystem accessModes: - - ReadWriteOnce + - ReadWriteMany resources: requests: storage: 1Gi diff --git a/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml b/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml new file mode 100644 index 000000000..5d01b7948 --- /dev/null +++ b/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: gitea-shared-storage-backup-source-local + namespace: gitea + labels: + helm.sh/chart: volsync-target-storage-0.5.0 + app.kubernetes.io/instance: gitea + app.kubernetes.io/part-of: gitea + app.kubernetes.io/version: "0.5.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gitea-shared-storage-backup +spec: + sourcePVC: gitea-shared-storage + trigger: + schedule: 0 0 0 * * * + restic: + pruneIntervalDays: 3 + repository: gitea-shared-storage-backup-secret-local + retain: + daily: 1 + hourly: 1 + monthly: 0 + weekly: 3 + yearly: 0 + copyMethod: Snapshot + storageClassName: ceph-filesystem + volumeSnapshotClassName: ceph-filesystem + cacheCapacity: 40Gi diff --git a/clusters/cl01tl/manifests/gitea/Role-gitea-backup.yaml b/clusters/cl01tl/manifests/gitea/Role-gitea-backup.yaml deleted file mode 100644 index 7324e3a39..000000000 --- a/clusters/cl01tl/manifests/gitea/Role-gitea-backup.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gitea-backup - namespace: gitea - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -rules: - - apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - list - - apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list diff --git a/clusters/cl01tl/manifests/gitea/RoleBinding-gitea-backup.yaml b/clusters/cl01tl/manifests/gitea/RoleBinding-gitea-backup.yaml deleted file mode 100644 index 6f5f63f27..000000000 --- a/clusters/cl01tl/manifests/gitea/RoleBinding-gitea-backup.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gitea-backup - namespace: gitea - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gitea-backup -subjects: - - kind: ServiceAccount - name: gitea-backup - namespace: gitea diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-backup.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-backup.yaml deleted file mode 100644 index b8d2068e0..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-backup.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-backup - labels: - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-backup - helm.sh/chart: backup-4.5.0 - namespace: gitea