alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Automated Manifest Update (#2584)

Browse Source 
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2584
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
This commit was merged in pull request #2584.
This commit is contained in:
gitea-bot
2025-12-16 04:51:53 +00:00
committed by Alex Lebens
parent 176ec83374
commit 55ec39a026
9 changed files with 89 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
clusters/cl01tl/manifests/gitea/CronJob-gitea-backup.yaml
View File

@@ -1,129 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-backup
labels:
app.kubernetes.io/controller: backup
app.kubernetes.io/instance: gitea
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gitea-backup
helm.sh/chart: backup-4.5.0
namespace: gitea
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 90
timeZone: US/Central
schedule: "0 4 */2 * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/controller: backup
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
spec:
enableServiceLinks: false
serviceAccountName: gitea-backup
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
restartPolicy: Never
initContainers:
- args:
- -ec
- |
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
command:
- sh
image: bitnami/kubectl:latest
imagePullPolicy: IfNotPresent
name: backup
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
- args:
- -ec
- |
echo ">> Running S3 backup for Gitea"
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
echo ">> Completed S3 backup for Gitea"
command:
- /bin/sh
env:
- name: BUCKET
valueFrom:
secretKeyRef:
key: BUCKET
name: gitea-s3cmd-config
image: d3fk/s3cmd:latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
imagePullPolicy: IfNotPresent
name: s3-backup
resources:
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /opt/backup
name: config
- mountPath: /root/.s3cfg
mountPropagation: None
name: s3cmd-config
readOnly: true
subPath: .s3cfg
- args:
- -ec
- |
export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d);
export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip"
echo ">> Running S3 prune for Gitea backup repository"
echo ">> Backups prior to '$DATE_RANGE' will be removed"
echo ">> Backups to be removed:"
s3cmd ls ${BUCKET}/cl01tl/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
echo ">> Deleting ..."
s3cmd ls ${BUCKET}/cl01tl/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
while read file; do
s3cmd del "$file";
done;
echo ">> Completed S3 prune for Gitea backup repository"
command:
- /bin/sh
env:
- name: BUCKET
valueFrom:
secretKeyRef:
key: BUCKET
name: gitea-s3cmd-config
image: d3fk/s3cmd:latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
imagePullPolicy: IfNotPresent
name: s3-prune
resources:
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /root/.s3cfg
mountPropagation: None
name: s3cmd-config
readOnly: true
subPath: .s3cfg
volumes:
- name: config
persistentVolumeClaim:
claimName: gitea-nfs-storage-backup
- name: s3cmd-config
secret:
secretName: gitea-s3cmd-config

28
clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-s3cmd-config.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-s3cmd-config
namespace: gitea
labels:
app.kubernetes.io/name: gitea-s3cmd-config
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/gitea-backup
metadataPolicy: None
property: s3cfg
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/gitea-backup
metadataPolicy: None
property: BUCKET

58
clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-shared-storage-backup-secret-local
namespace: gitea
labels:
helm.sh/chart: volsync-target-storage-0.5.0
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
app.kubernetes.io/version: "0.5.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gitea-shared-storage-backup-secret-local
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/gitea/gitea-shared-storage"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

17
clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-nfs-storage-backup.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-nfs-storage-backup
namespace: gitea
labels:
app.kubernetes.io/name: gitea-nfs-storage-backup
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

4
clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/part-of: gitea app.kubernetes.io/part-of: gitea
spec: spec:
volumeMode: Filesystem volumeMode: Filesystem
storageClassName: nfs-client storageClassName: ceph-filesystem
accessModes: accessModes:
- ReadWriteOnce - ReadWriteMany
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

29
clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: gitea-shared-storage-backup-source-local
namespace: gitea
labels:
helm.sh/chart: volsync-target-storage-0.5.0
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
app.kubernetes.io/version: "0.5.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gitea-shared-storage-backup
spec:
sourcePVC: gitea-shared-storage
trigger:
schedule: 0 0 0 * * *
restic:
pruneIntervalDays: 3
repository: gitea-shared-storage-backup-secret-local
retain:
daily: 1
hourly: 1
monthly: 0
weekly: 3
yearly: 0
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem
cacheCapacity: 40Gi

25
clusters/cl01tl/manifests/gitea/Role-gitea-backup.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitea-backup
namespace: gitea
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list

17
clusters/cl01tl/manifests/gitea/RoleBinding-gitea-backup.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitea-backup
namespace: gitea
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: gitea
app.kubernetes.io/part-of: gitea
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitea-backup
subjects:
- kind: ServiceAccount
name: gitea-backup
namespace: gitea

10
clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-backup.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitea-backup
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gitea-backup
helm.sh/chart: backup-4.5.0
namespace: gitea