145 lines
4.4 KiB
YAML
145 lines
4.4 KiB
YAML
etcd-backup:
|
|
controllers:
|
|
main:
|
|
type: cronjob
|
|
pod:
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: ""
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
cronjob:
|
|
suspend: false
|
|
concurrencyPolicy: Forbid
|
|
timeZone: US/Central
|
|
schedule: "0 2 * * *"
|
|
startingDeadlineSeconds: 90
|
|
successfulJobsHistory: 3
|
|
failedJobsHistory: 3
|
|
backoffLimit: 3
|
|
parallelism: 1
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: ghcr.io/siderolabs/talos-backup
|
|
tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /talos-backup
|
|
workingDir: /tmp
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
allowPrivilegeEscalation: false
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
env:
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: talos-etcd-backup-secret
|
|
key: AWS_ACCESS_KEY_ID
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: talos-etcd-backup-secret
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: AWS_REGION
|
|
value: nyc3
|
|
- name: CUSTOM_S3_ENDPOINT
|
|
value: https://nyc3.digitaloceanspaces.com
|
|
- name: BUCKET
|
|
value: talos-backups-bee8585f7b8a4d0239c9b823
|
|
- name: S3_PREFIX
|
|
value: "cl01tl/etcd"
|
|
- name: CLUSTER_NAME
|
|
value: "cl01tl"
|
|
- name: AGE_X25519_PUBLIC_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: talos-etcd-backup-secret
|
|
key: AGE_X25519_PUBLIC_KEY
|
|
- name: USE_PATH_STYLE
|
|
value: "false"
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
s3-prune:
|
|
image:
|
|
repository: d3fk/s3cmd
|
|
tag: latest@sha256:020f108091ffa7d8ce9b57420176f9f40182bd7047f02a35ca1068d030c774d9
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ);
|
|
export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age"
|
|
echo ">> Running S3 prune for Talos backup repository"
|
|
echo ">> Backups prior to '$DATE_RANGE' will be removed"
|
|
echo ">> Backups to be removed:"
|
|
s3cmd ls ${BUCKET}/cl01tl/etcd/ |
|
|
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
|
|
echo ">> Deleting ..."
|
|
s3cmd ls ${BUCKET}/cl01tl/etcd/ |
|
|
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
|
|
while read file; do
|
|
s3cmd del "$file";
|
|
done;
|
|
echo ">> Completed S3 prune for Talos backup repository"
|
|
env:
|
|
- name: BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: talos-etcd-backup-secret
|
|
key: BUCKET
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
persistence:
|
|
tmp:
|
|
type: emptyDir
|
|
medium: Memory
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /tmp
|
|
readOnly: false
|
|
talos:
|
|
type: emptyDir
|
|
medium: Memory
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /.talos
|
|
readOnly: false
|
|
secret:
|
|
enabled: true
|
|
type: secret
|
|
name: talos-backup-secrets
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /var/run/secrets/talos.dev
|
|
readOnly: true
|
|
mountPropagation: None
|
|
s3cmd-config:
|
|
enabled: true
|
|
type: secret
|
|
name: talos-etcd-backup-secret
|
|
advancedMounts:
|
|
main:
|
|
s3-prune:
|
|
- path: /root/.s3cfg
|
|
readOnly: true
|
|
mountPropagation: None
|
|
subPath: .s3cfg
|