From 4d48b8355d179563fac7261835e23c814acb9212 Mon Sep 17 00:00:00 2001 From: LordMathis Date: Mon, 22 Jan 2024 21:55:48 +0100 Subject: [PATCH 1/8] Create restic backup cronjob --- apps/gitea/restic-backup-cj.yaml | 53 ++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 apps/gitea/restic-backup-cj.yaml diff --git a/apps/gitea/restic-backup-cj.yaml b/apps/gitea/restic-backup-cj.yaml new file mode 100644 index 0000000..fe75a89 --- /dev/null +++ b/apps/gitea/restic-backup-cj.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: restic-backup-cronjob + namespace: gitea +spec: + schedule: "0 2 * * *" # Cron expression for running daily at 2 AM + jobTemplate: + spec: + template: + spec: + volumes: + - name: gitea-data + emptyDir: {} + - name: backup-vol + emptyDir: {} + - name: postgres-data + persistentVolumeClaim: + claimName: data-gitea-postgresql-0 + + initContainers: + - name: postgres-dump-init + image: bitnami/postgresql:15.3.0-debian-11-r24 + command: ["/bin/sh", "-c"] + args: ["pg_dump -U gitea gitea -Fc > /backup-vol/postgres_backup.dump"] + env: + - name: PGPASSWORD + value: "" + volumeMounts: + - name: backup-vol + mountPath: /backup-vol + - name: postgres-data + mountPath: /bitnami/postgresql/data + + - name: gitea-dump-init + image: gitea-image:tag + command: ["/bin/sh", "-c"] + args: ["cp /path/to/backup.zip /backup-vol/backup.zip"] + volumeMounts: + - name: gitea-data + mountPath: /path/to/backup + - name: backup-vol + mountPath: /backup-vol + + containers: + - name: restic-container + image: git.namesny.com/cluster/restic:0.16.2-r0 + command: ["/bin/bash", "/path/to/backup.sh"] + volumeMounts: + - name: backup-vol + mountPath: /backup-vol + + restartPolicy: OnFailure -- 2.40.1 From 76bb29e5662cec2e3ff8cdda1581537201387adc Mon Sep 17 00:00:00 2001 From: LordMathis Date: Tue, 30 Jan 2024 17:12:59 +0100 Subject: [PATCH 2/8] Restic backup cronjob implementation --- apps/gitea/kustomization.yaml | 11 +++++ ...kup-cj.yaml => restic-backup-cronjob.yaml} | 48 +++++++++++-------- apps/gitea/restic-backup.sh | 22 +++++++++ apps/gitea/restic-role-binding.yaml | 13 +++++ apps/gitea/restic-role.yaml | 9 ++++ apps/gitea/restic-sa.yaml | 5 ++ 6 files changed, 87 insertions(+), 21 deletions(-) rename apps/gitea/{restic-backup-cj.yaml => restic-backup-cronjob.yaml} (50%) create mode 100644 apps/gitea/restic-backup.sh create mode 100644 apps/gitea/restic-role-binding.yaml create mode 100644 apps/gitea/restic-role.yaml create mode 100644 apps/gitea/restic-sa.yaml diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index 8026993..b45d206 100755 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -7,6 +7,17 @@ resources: - gitea-ingress.yaml - runner-pvc.yaml - runner-deployment.yaml +- restic-sa.yaml +- restic-role.yaml +- restic-role-binding.yaml +- restic-backup-cronjob.yaml + + +configMapGenerator: +- name: restic-backup-script + behavior: merge + files: + - restic-backup.sh generators: - secret-generator.yaml diff --git a/apps/gitea/restic-backup-cj.yaml b/apps/gitea/restic-backup-cronjob.yaml similarity index 50% rename from apps/gitea/restic-backup-cj.yaml rename to apps/gitea/restic-backup-cronjob.yaml index fe75a89..18892c7 100644 --- a/apps/gitea/restic-backup-cj.yaml +++ b/apps/gitea/restic-backup-cronjob.yaml @@ -9,45 +9,51 @@ spec: spec: template: spec: + + serviceAccountName: restic-admin-sa + volumes: - name: gitea-data - emptyDir: {} - - name: backup-vol - emptyDir: {} + persistentVolumeClaim: + claimName: gitea-shared-storage - name: postgres-data persistentVolumeClaim: claimName: data-gitea-postgresql-0 + - name: postgres-backup-vol + emptyDir: {} + - name: backup-script + configMap: + name: restic-backup-script + - name: repo-env + secret: + secretName: repo-env-secret initContainers: - name: postgres-dump-init image: bitnami/postgresql:15.3.0-debian-11-r24 command: ["/bin/sh", "-c"] - args: ["pg_dump -U gitea gitea -Fc > /backup-vol/postgres_backup.dump"] - env: - - name: PGPASSWORD - value: "" + args: ["pg_dump -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"] volumeMounts: - name: backup-vol - mountPath: /backup-vol + mountPath: /pg_backup - name: postgres-data mountPath: /bitnami/postgresql/data - - name: gitea-dump-init - image: gitea-image:tag - command: ["/bin/sh", "-c"] - args: ["cp /path/to/backup.zip /backup-vol/backup.zip"] - volumeMounts: - - name: gitea-data - mountPath: /path/to/backup - - name: backup-vol - mountPath: /backup-vol - containers: - name: restic-container - image: git.namesny.com/cluster/restic:0.16.2-r0 - command: ["/bin/bash", "/path/to/backup.sh"] + image: git.namesny.com/cluster/restic:latest + imagePullPolicy: Always + command: ["/bin/bash", "/app/restic-backup.sh"] volumeMounts: - name: backup-vol - mountPath: /backup-vol + mountPath: /pg_backup + - name: gitea-data + mountPath: /gitea + - name: backup-script + mountPath: /app + subpath: restic-backup.sh + - name: repo-env + mountPath: /app + subpath: repo.env restartPolicy: OnFailure diff --git a/apps/gitea/restic-backup.sh b/apps/gitea/restic-backup.sh new file mode 100644 index 0000000..1b77597 --- /dev/null +++ b/apps/gitea/restic-backup.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +source .restic.env + +# Set up colors +GREEN='\033[0;32m' +NC='\033[0m' + +echo -e "\n${GREEN}`date` - Starting backup...${NC}\n" + +# Gitea +echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n" +gitea=$(kubectl get po -n gitea -l app=gitea -o name --no-headers=true) +kubectl scale --replicas=0 $gitea -n gitea +restic backup /gitea +restic backup /pg_backup/postgres_backup.dump +kubectl scale --replicas=1 $gitea -n gitea + +# Forget and prune +echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n" +restic forget --prune --keep-daily 7 --keep-weekly 2 +echo -e "\n${GREEN}`date` - Backup finished.${NC}\n" diff --git a/apps/gitea/restic-role-binding.yaml b/apps/gitea/restic-role-binding.yaml new file mode 100644 index 0000000..f1a0a5d --- /dev/null +++ b/apps/gitea/restic-role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: restic-role-binding + namespace: gitea +subjects: +- kind: ServiceAccount + name: restic-sa + namespace: gitea +roleRef: + kind: Role + name: restic-role + apiGroup: rbac.authorization.k8s.io diff --git a/apps/gitea/restic-role.yaml b/apps/gitea/restic-role.yaml new file mode 100644 index 0000000..615c195 --- /dev/null +++ b/apps/gitea/restic-role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: restic-role + namespace: gitea +rules: +- apiGroups: [""] + resources: ["deployments", "pods"] + verbs: ["get", "list", "update", "patch"] \ No newline at end of file diff --git a/apps/gitea/restic-sa.yaml b/apps/gitea/restic-sa.yaml new file mode 100644 index 0000000..b935d5a --- /dev/null +++ b/apps/gitea/restic-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: restic-sa + namespace: gitea \ No newline at end of file -- 2.40.1 From f37f961a10fc05788da785a6ac06d0c43f509d55 Mon Sep 17 00:00:00 2001 From: Mathis Date: Tue, 30 Jan 2024 19:44:56 +0000 Subject: [PATCH 3/8] Working restic backup --- apps/gitea/kustomization.yaml | 7 ++-- apps/gitea/restic-backup.sh | 8 ++--- ...ackup-cronjob.yaml => restic-cronjob.yaml} | 32 ++++++++++--------- apps/gitea/restic-role.yaml | 6 ++-- apps/gitea/restic-sa.yaml | 2 +- apps/gitea/restic-secret.enc.yaml | 30 +++++++++++++++++ apps/gitea/secret-generator.yaml | 2 ++ 7 files changed, 60 insertions(+), 27 deletions(-) rename apps/gitea/{restic-backup-cronjob.yaml => restic-cronjob.yaml} (65%) create mode 100644 apps/gitea/restic-secret.enc.yaml diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index b45d206..3f26ba0 100755 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -10,17 +10,18 @@ resources: - restic-sa.yaml - restic-role.yaml - restic-role-binding.yaml -- restic-backup-cronjob.yaml +- restic-cronjob.yaml configMapGenerator: - name: restic-backup-script - behavior: merge + namespace: gitea files: - - restic-backup.sh + - ./restic-backup.sh generators: - secret-generator.yaml + # - configmap-generator.yaml helmCharts: - name: gitea diff --git a/apps/gitea/restic-backup.sh b/apps/gitea/restic-backup.sh index 1b77597..391ea20 100644 --- a/apps/gitea/restic-backup.sh +++ b/apps/gitea/restic-backup.sh @@ -1,7 +1,5 @@ #!/bin/sh -source .restic.env - # Set up colors GREEN='\033[0;32m' NC='\033[0m' @@ -10,11 +8,11 @@ echo -e "\n${GREEN}`date` - Starting backup...${NC}\n" # Gitea echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n" -gitea=$(kubectl get po -n gitea -l app=gitea -o name --no-headers=true) -kubectl scale --replicas=0 $gitea -n gitea +gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true) +kubectl scale -n gitea --replicas=0 $gitea restic backup /gitea restic backup /pg_backup/postgres_backup.dump -kubectl scale --replicas=1 $gitea -n gitea +kubectl scale -n gitea --replicas=1 $gitea # Forget and prune echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n" diff --git a/apps/gitea/restic-backup-cronjob.yaml b/apps/gitea/restic-cronjob.yaml similarity index 65% rename from apps/gitea/restic-backup-cronjob.yaml rename to apps/gitea/restic-cronjob.yaml index 18892c7..b4fd49d 100644 --- a/apps/gitea/restic-backup-cronjob.yaml +++ b/apps/gitea/restic-cronjob.yaml @@ -1,4 +1,4 @@ -apiVersion: batch/v1beta1 +apiVersion: batch/v1 kind: CronJob metadata: name: restic-backup-cronjob @@ -10,7 +10,7 @@ spec: template: spec: - serviceAccountName: restic-admin-sa + serviceAccountName: restic-sa volumes: - name: gitea-data @@ -21,20 +21,23 @@ spec: claimName: data-gitea-postgresql-0 - name: postgres-backup-vol emptyDir: {} - - name: backup-script + - name: backup-script-vol configMap: name: restic-backup-script - - name: repo-env - secret: - secretName: repo-env-secret initContainers: - name: postgres-dump-init image: bitnami/postgresql:15.3.0-debian-11-r24 command: ["/bin/sh", "-c"] - args: ["pg_dump -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"] + args: ["pg_dump -h gitea-postgresql -p 5432 -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"] + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: gitea-postgresql + key: postgres-password volumeMounts: - - name: backup-vol + - name: postgres-backup-vol mountPath: /pg_backup - name: postgres-data mountPath: /bitnami/postgresql/data @@ -43,17 +46,16 @@ spec: - name: restic-container image: git.namesny.com/cluster/restic:latest imagePullPolicy: Always - command: ["/bin/bash", "/app/restic-backup.sh"] + command: ["/bin/sh", "/app/restic-backup.sh"] + envFrom: + - secretRef: + name: restic-secret volumeMounts: - - name: backup-vol + - name: postgres-backup-vol mountPath: /pg_backup - name: gitea-data mountPath: /gitea - - name: backup-script + - name: backup-script-vol mountPath: /app - subpath: restic-backup.sh - - name: repo-env - mountPath: /app - subpath: repo.env restartPolicy: OnFailure diff --git a/apps/gitea/restic-role.yaml b/apps/gitea/restic-role.yaml index 615c195..83e2e4f 100644 --- a/apps/gitea/restic-role.yaml +++ b/apps/gitea/restic-role.yaml @@ -4,6 +4,6 @@ metadata: name: restic-role namespace: gitea rules: -- apiGroups: [""] - resources: ["deployments", "pods"] - verbs: ["get", "list", "update", "patch"] \ No newline at end of file +- apiGroups: ["apps"] + resources: ["deployments", "deployments/scale"] + verbs: ["get", "list", "update", "patch"] diff --git a/apps/gitea/restic-sa.yaml b/apps/gitea/restic-sa.yaml index b935d5a..9b0c685 100644 --- a/apps/gitea/restic-sa.yaml +++ b/apps/gitea/restic-sa.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: restic-sa - namespace: gitea \ No newline at end of file + namespace: gitea diff --git a/apps/gitea/restic-secret.enc.yaml b/apps/gitea/restic-secret.enc.yaml new file mode 100644 index 0000000..2e9af40 --- /dev/null +++ b/apps/gitea/restic-secret.enc.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Secret +metadata: + name: restic-secret + namespace: gitea +stringData: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:IjDw3i+8BIvA816obn5BpQBTkzo=,iv:A/CrhyIm5kljCwvneQziux36O6+SWG5Z9mOlV+mRIXQ=,tag:XVh4X8Xf587nmbDCtgazAg==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:WdfHxdXnPOLvIOecN+WFONAEDr2Sc/r6bKQ/H9KS1BT2C9cj,iv:GCY6MaSEhu9WEsVA23hWN30Ix7x6dz/umNRsQ0jsb8I=,tag:8Qa0dvU3bq+J2S6trBDFDw==,type:str] + RESTIC_REPOSITORY: ENC[AES256_GCM,data:FZCqro3fpgQ7NJc+4ORVC2yWdqMNCLd4AjCwdolXgu5uJXq0IQ==,iv:nWttNrSvFpcj1HMOFwZNfJqVUy0esR7fVXlvidp3MlY=,tag:T0HzAZ/w83IFrvap8Gx3gg==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:PjSE4FejVPW8e8e/PDtoSCsuskI=,iv:MTUMYim3obMHaYBEoEJBMEj9GMbaqdbdVV09o3ep/fw=,tag:pQ6vakVWHUdk4F/PwqpgAw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RTlocERzUmtUdnhsNHJk + SkNXZFpVdmM5Y1hnQlQzcUg1OUxNYkRiaEFZCi82MW9TbkI2VCtjMDVKYTlWTVBs + QVZMekVoT1JSQWRZV3F3SHgxOGR3a2sKLS0tIGJCd21aY05jS0xva2RmclBlQWdl + UVZSNm9pRUM3YmFFSWl3NGNUdnZOOGsKIuepNrrdgoNoOMZQ77cIrtwPTL8acahG + paE+K2EKa8pqXnAVkxORTkUYRlorKRLjiyalxrDZYsMAbCSrrtfx/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-30T17:21:08Z" + mac: ENC[AES256_GCM,data:mR4vi8WLLiuUY5i7NgIYHfAZcBsQ3u2Cg9TtXcFtwtDAuyy9Xzx07yeR1HC0D+YhiAu+mYAJPmk6jHZsCE2OX26sLTyvEULqDQc71sCgM8dsyl50hoZ2BsbY7o6g8D9Yks+2szuKmlxZ0nN5aHxcf+67+gotzjlBfcmLx+E1TfA=,iv:+9Kv7ZwGoMU0QBTvCgq232nHo+tjoeHTJBdOuOiqpPk=,tag:9VrOFmUFbdiPKSWnt+8z7w==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/gitea/secret-generator.yaml b/apps/gitea/secret-generator.yaml index bf81b2e..96462e1 100644 --- a/apps/gitea/secret-generator.yaml +++ b/apps/gitea/secret-generator.yaml @@ -10,3 +10,5 @@ files: - ./gitea-admin-secret.enc.yaml - ./renovate-bot-secret.enc.yaml - ./runner-secret.enc.yaml +- ./restic-secret.enc.yaml + -- 2.40.1 From 86c4255d538bf4ddaf3766145e40ad517542d6c2 Mon Sep 17 00:00:00 2001 From: Mathis Date: Thu, 1 Feb 2024 16:25:19 +0000 Subject: [PATCH 4/8] Add pvc to restic cronjob --- apps/gitea/restic-backup.sh | 2 +- apps/gitea/restic-cronjob.yaml | 18 +++++++----------- apps/gitea/restic-pvc.yaml | 12 ++++++++++++ 3 files changed, 20 insertions(+), 12 deletions(-) create mode 100755 apps/gitea/restic-pvc.yaml diff --git a/apps/gitea/restic-backup.sh b/apps/gitea/restic-backup.sh index 391ea20..3ab960a 100644 --- a/apps/gitea/restic-backup.sh +++ b/apps/gitea/restic-backup.sh @@ -11,7 +11,7 @@ echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n" gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true) kubectl scale -n gitea --replicas=0 $gitea restic backup /gitea -restic backup /pg_backup/postgres_backup.dump +restic backup /backup/postgres_backup.dump kubectl scale -n gitea --replicas=1 $gitea # Forget and prune diff --git a/apps/gitea/restic-cronjob.yaml b/apps/gitea/restic-cronjob.yaml index b4fd49d..fb7b927 100644 --- a/apps/gitea/restic-cronjob.yaml +++ b/apps/gitea/restic-cronjob.yaml @@ -16,11 +16,9 @@ spec: - name: gitea-data persistentVolumeClaim: claimName: gitea-shared-storage - - name: postgres-data + - name: restic-backup-vol persistentVolumeClaim: - claimName: data-gitea-postgresql-0 - - name: postgres-backup-vol - emptyDir: {} + claimName: restic-backup-vol - name: backup-script-vol configMap: name: restic-backup-script @@ -29,7 +27,7 @@ spec: - name: postgres-dump-init image: bitnami/postgresql:15.3.0-debian-11-r24 command: ["/bin/sh", "-c"] - args: ["pg_dump -h gitea-postgresql -p 5432 -U gitea gitea -Fc > /pg_backup/postgres_backup.dump"] + args: ["pg_dump -h gitea-postgresql -p 5432 -U gitea gitea -Fc > /backup/postgres_backup.dump"] env: - name: PGPASSWORD valueFrom: @@ -37,10 +35,8 @@ spec: name: gitea-postgresql key: postgres-password volumeMounts: - - name: postgres-backup-vol - mountPath: /pg_backup - - name: postgres-data - mountPath: /bitnami/postgresql/data + - name: restic-backup-vol + mountPath: /backup containers: - name: restic-container @@ -51,8 +47,8 @@ spec: - secretRef: name: restic-secret volumeMounts: - - name: postgres-backup-vol - mountPath: /pg_backup + - name: restic-backup-vol + mountPath: /backup - name: gitea-data mountPath: /gitea - name: backup-script-vol diff --git a/apps/gitea/restic-pvc.yaml b/apps/gitea/restic-pvc.yaml new file mode 100755 index 0000000..da1b0de --- /dev/null +++ b/apps/gitea/restic-pvc.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: restic-backup-vol + namespace: gitea +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: retain-local-path -- 2.40.1 From ad3516609ee2e3caf4f369096fb4f09fa0535265 Mon Sep 17 00:00:00 2001 From: Mathis Date: Thu, 1 Feb 2024 17:31:02 +0000 Subject: [PATCH 5/8] Add restic debug pod --- apps/gitea/kustomization.yaml | 2 ++ apps/gitea/restic-debug-pod.yaml | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 apps/gitea/restic-debug-pod.yaml diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index 3f26ba0..55f270e 100755 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -10,6 +10,8 @@ resources: - restic-sa.yaml - restic-role.yaml - restic-role-binding.yaml +- restic-pvc.yaml +- restic-debug-pod.yaml - restic-cronjob.yaml diff --git a/apps/gitea/restic-debug-pod.yaml b/apps/gitea/restic-debug-pod.yaml new file mode 100644 index 0000000..9b68498 --- /dev/null +++ b/apps/gitea/restic-debug-pod.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: restic-debug-pod + namespace: gitea +spec: + serviceAccountName: restic-sa + volumes: + - name: restic-backup-vol + persistentVolumeClaim: + claimName: restic-backup-vol + - name: gitea-data + persistentVolumeClaim: + claimName: gitea-shared-storage + containers: + - name: restic-debug + image: git.namesny.com/cluster/restic:latest + command: ["/bin/sh", "-c"] + args: ["sleep infinity"] + envFrom: + - secretRef: + name: restic-secret + volumeMounts: + - name: restic-backup-vol + mountPath: /backup + - name: gitea-data + mountPath: /gitea + -- 2.40.1 From dbdd1452bff411180f4f8c273afba8fb5898e388 Mon Sep 17 00:00:00 2001 From: Mathis Date: Thu, 1 Feb 2024 17:32:24 +0000 Subject: [PATCH 6/8] Change restic pvc to ReadWriteOnce --- apps/gitea/restic-pvc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/gitea/restic-pvc.yaml b/apps/gitea/restic-pvc.yaml index da1b0de..67d7aaf 100755 --- a/apps/gitea/restic-pvc.yaml +++ b/apps/gitea/restic-pvc.yaml @@ -5,7 +5,7 @@ metadata: namespace: gitea spec: accessModes: - - ReadWriteMany + - ReadWriteOnce resources: requests: storage: 5Gi -- 2.40.1 From 9311774b35504a48343d6a56da77945fe1fb5ee3 Mon Sep 17 00:00:00 2001 From: Mathis Date: Thu, 1 Feb 2024 17:44:03 +0000 Subject: [PATCH 7/8] Move restic to subdir --- apps/gitea/kustomization.yaml | 15 +------------ .../{restic-backup.sh => restic/backup.sh} | 2 ++ .../cronjob.yaml} | 2 +- .../debug-pod.yaml} | 0 apps/gitea/restic/kustomization.yaml | 21 +++++++++++++++++++ .../{restic-pvc.yaml => restic/pvc.yaml} | 0 .../role-binding.yaml} | 0 .../{restic-role.yaml => restic/role.yaml} | 0 apps/gitea/restic/secret-generator.yaml | 11 ++++++++++ .../secret.enc.yaml} | 0 .../service-account.yaml} | 0 apps/gitea/secret-generator.yaml | 1 - 12 files changed, 36 insertions(+), 16 deletions(-) rename apps/gitea/{restic-backup.sh => restic/backup.sh} (97%) rename apps/gitea/{restic-cronjob.yaml => restic/cronjob.yaml} (96%) rename apps/gitea/{restic-debug-pod.yaml => restic/debug-pod.yaml} (100%) create mode 100755 apps/gitea/restic/kustomization.yaml rename apps/gitea/{restic-pvc.yaml => restic/pvc.yaml} (100%) rename apps/gitea/{restic-role-binding.yaml => restic/role-binding.yaml} (100%) rename apps/gitea/{restic-role.yaml => restic/role.yaml} (100%) create mode 100644 apps/gitea/restic/secret-generator.yaml rename apps/gitea/{restic-secret.enc.yaml => restic/secret.enc.yaml} (100%) rename apps/gitea/{restic-sa.yaml => restic/service-account.yaml} (100%) diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index 55f270e..0fc3abf 100755 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -7,23 +7,10 @@ resources: - gitea-ingress.yaml - runner-pvc.yaml - runner-deployment.yaml -- restic-sa.yaml -- restic-role.yaml -- restic-role-binding.yaml -- restic-pvc.yaml -- restic-debug-pod.yaml -- restic-cronjob.yaml - - -configMapGenerator: -- name: restic-backup-script - namespace: gitea - files: - - ./restic-backup.sh +- ./restic generators: - secret-generator.yaml - # - configmap-generator.yaml helmCharts: - name: gitea diff --git a/apps/gitea/restic-backup.sh b/apps/gitea/restic/backup.sh similarity index 97% rename from apps/gitea/restic-backup.sh rename to apps/gitea/restic/backup.sh index 3ab960a..e6e5bc0 100644 --- a/apps/gitea/restic-backup.sh +++ b/apps/gitea/restic/backup.sh @@ -6,6 +6,8 @@ NC='\033[0m' echo -e "\n${GREEN}`date` - Starting backup...${NC}\n" +restic unlock + # Gitea echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n" gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true) diff --git a/apps/gitea/restic-cronjob.yaml b/apps/gitea/restic/cronjob.yaml similarity index 96% rename from apps/gitea/restic-cronjob.yaml rename to apps/gitea/restic/cronjob.yaml index fb7b927..5c76403 100644 --- a/apps/gitea/restic-cronjob.yaml +++ b/apps/gitea/restic/cronjob.yaml @@ -42,7 +42,7 @@ spec: - name: restic-container image: git.namesny.com/cluster/restic:latest imagePullPolicy: Always - command: ["/bin/sh", "/app/restic-backup.sh"] + command: ["/bin/sh", "/app/backup.sh"] envFrom: - secretRef: name: restic-secret diff --git a/apps/gitea/restic-debug-pod.yaml b/apps/gitea/restic/debug-pod.yaml similarity index 100% rename from apps/gitea/restic-debug-pod.yaml rename to apps/gitea/restic/debug-pod.yaml diff --git a/apps/gitea/restic/kustomization.yaml b/apps/gitea/restic/kustomization.yaml new file mode 100755 index 0000000..2a8b5b5 --- /dev/null +++ b/apps/gitea/restic/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: gitea + +resources: +- service-account.yaml +- role.yaml +- role-binding.yaml +- pvc.yaml +- debug-pod.yaml +- cronjob.yaml + +generators: +- secret-generator.yaml + +configMapGenerator: +- name: restic-backup-script + namespace: gitea + files: + - ./backup.sh + diff --git a/apps/gitea/restic-pvc.yaml b/apps/gitea/restic/pvc.yaml similarity index 100% rename from apps/gitea/restic-pvc.yaml rename to apps/gitea/restic/pvc.yaml diff --git a/apps/gitea/restic-role-binding.yaml b/apps/gitea/restic/role-binding.yaml similarity index 100% rename from apps/gitea/restic-role-binding.yaml rename to apps/gitea/restic/role-binding.yaml diff --git a/apps/gitea/restic-role.yaml b/apps/gitea/restic/role.yaml similarity index 100% rename from apps/gitea/restic-role.yaml rename to apps/gitea/restic/role.yaml diff --git a/apps/gitea/restic/secret-generator.yaml b/apps/gitea/restic/secret-generator.yaml new file mode 100644 index 0000000..636967b --- /dev/null +++ b/apps/gitea/restic/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: restic-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: +- ./secret.enc.yaml + diff --git a/apps/gitea/restic-secret.enc.yaml b/apps/gitea/restic/secret.enc.yaml similarity index 100% rename from apps/gitea/restic-secret.enc.yaml rename to apps/gitea/restic/secret.enc.yaml diff --git a/apps/gitea/restic-sa.yaml b/apps/gitea/restic/service-account.yaml similarity index 100% rename from apps/gitea/restic-sa.yaml rename to apps/gitea/restic/service-account.yaml diff --git a/apps/gitea/secret-generator.yaml b/apps/gitea/secret-generator.yaml index 96462e1..124ed06 100644 --- a/apps/gitea/secret-generator.yaml +++ b/apps/gitea/secret-generator.yaml @@ -10,5 +10,4 @@ files: - ./gitea-admin-secret.enc.yaml - ./renovate-bot-secret.enc.yaml - ./runner-secret.enc.yaml -- ./restic-secret.enc.yaml -- 2.40.1 From fce4044036c01401929becc1fa5c829b8fdc1d8c Mon Sep 17 00:00:00 2001 From: Mathis Date: Sat, 10 Feb 2024 22:43:27 +0000 Subject: [PATCH 8/8] Specify restic pod hostname --- apps/gitea/restic/cronjob.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/gitea/restic/cronjob.yaml b/apps/gitea/restic/cronjob.yaml index 5c76403..eb7a21e 100644 --- a/apps/gitea/restic/cronjob.yaml +++ b/apps/gitea/restic/cronjob.yaml @@ -40,6 +40,7 @@ spec: containers: - name: restic-container + hostname: restic-cronjob image: git.namesny.com/cluster/restic:latest imagePullPolicy: Always command: ["/bin/sh", "/app/backup.sh"] -- 2.40.1