From 3bb4d1cb6045592b713635e18e9374a5cffdb48a Mon Sep 17 00:00:00 2001 From: Automated pipeline Date: Wed, 13 Aug 2025 08:26:49 +0000 Subject: [PATCH] Automated upload for forgejo-test.t09.de --- .../manifests/forgejo-s3-backup-cronjob.yaml | 86 +++++++++++-------- .../grafana-operator/manifests/grafana.yaml | 5 ++ .../victoria-k8s-stack/manifests/alerts.yaml | 13 ++- .../victoria-k8s-stack/manifests/vlogs.yaml | 4 +- .../victoria-k8s-stack/values.yaml | 13 +-- 5 files changed, 77 insertions(+), 44 deletions(-) diff --git a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml index ba0aebd..04be392 100644 --- a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml +++ b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -5,57 +5,69 @@ metadata: namespace: gitea spec: schedule: "0 1 * * *" + concurrencyPolicy: "Forbid" + successfulJobsHistoryLimit: 5 + failedJobsHistoryLimit: 5 + startingDeadlineSeconds: 600 # 10 minutes jobTemplate: spec: + # 60 min until backup - 10 min start - (backoffLimit * activeDeadlineSeconds) - some time sync buffer + activeDeadlineSeconds: 1350 + backoffLimit: 2 + ttlSecondsAfterFinished: 259200 # template: spec: containers: - - name: rclone - image: rclone/rclone:1.70 - imagePullPolicy: IfNotPresent - env: - - name: SOURCE_BUCKET - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: bucket-name - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: access-key - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: forgejo-cloud-credentials - key: secret-key - volumeMounts: - - name: rclone-config - mountPath: /config/rclone - readOnly: true - - name: backup-dir - mountPath: /backup - readOnly: false - command: - - /bin/sh - - -c - - | - rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum + - name: rclone + image: rclone/rclone:1.70 + imagePullPolicy: IfNotPresent + env: + - name: SOURCE_BUCKET + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: bucket-name + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: access-key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: secret-key + volumeMounts: + - name: rclone-config + mountPath: /config/rclone + readOnly: true + - name: backup-dir + mountPath: /backup + readOnly: false + command: + - /bin/sh + - -c + - | + rclone sync source:/${SOURCE_BUCKET} /backup -v --ignore-checksum restartPolicy: OnFailure volumes: - - name: rclone-config - secret: - secretName: forgejo-s3-backup - - name: backup-dir - persistentVolumeClaim: - claimName: s3-backup + - name: rclone-config + secret: + secretName: forgejo-s3-backup + - name: backup-dir + persistentVolumeClaim: + claimName: s3-backup --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: s3-backup namespace: gitea + annotations: + everest.io/disk-volume-type: SATA + everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d spec: + storageClassName: csi-disk accessModes: - ReadWriteOnce resources: diff --git a/otc/forgejo-test.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml b/otc/forgejo-test.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml index d79a8fd..852fe58 100644 --- a/otc/forgejo-test.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml +++ b/otc/forgejo-test.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml @@ -6,7 +6,12 @@ metadata: dashboards: "grafana" spec: persistentVolumeClaim: + metadata: + annotations: + everest.io/disk-volume-type: SATA + everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d spec: + storageClassName: csi-disk accessModes: - ReadWriteOnce resources: diff --git a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml index f884bd9..9419609 100644 --- a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml +++ b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/alerts.yaml @@ -11,8 +11,19 @@ spec: expr: sum by(cluster_environment) (up{pod=~"forgejo-server-.*"}) < 1 for: 30s labels: - severity: major + severity: critical job: "{{ $labels.job }}" annotations: value: "{{ $value }}" description: 'forgejo is down in cluster environment {{ $labels.cluster_environment }}' + - name: forgejo-backup + rules: + - alert: forgejo s3 backup job failed + expr: max by(cluster_environment) (kube_job_status_failed{job_name=~"forgejo-s3-backup-.*"}) != 0 + for: 30s + labels: + severity: critical + job: "{{ $labels.job }}" + annotations: + value: "{{ $value }}" + description: 'forgejo s3 backup job failed in cluster environment {{ $labels.cluster_environment }}' diff --git a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml index 85f1948..33d8096 100644 --- a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml +++ b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml @@ -9,7 +9,9 @@ spec: storageMetadata: annotations: everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d + everest.io/disk-volume-type: SATA storage: + storageClassName: csi-disk accessModes: - ReadWriteOnce resources: @@ -21,4 +23,4 @@ spec: cpu: 500m limits: memory: 10Gi - cpu: 2 \ No newline at end of file + cpu: 2 diff --git a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml index 509b93e..670dc1f 100644 --- a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml +++ b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml @@ -289,7 +289,9 @@ vmsingle: storageMetadata: annotations: everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d + everest.io/disk-volume-type: SATA storage: + storageClassName: csi-disk accessModes: - ReadWriteOnce resources: @@ -540,12 +542,13 @@ alertmanager: # -- (object) Alertmanager configuration config: route: - receiver: "outlook" + receiver: "blackhole" routes: - matchers: - - alertname=~".*" + - severity=~"critical|major" receiver: outlook receivers: + - name: blackhole - name: outlook email_configs: - smarthost: 'mail.mms-support.de:465' @@ -801,7 +804,7 @@ grafana: enabled: false # all values for grafana helm chart can be specified here persistence: - enabled: true + enabled: false type: pvc storageClassName: "default" grafana.ini: @@ -1017,7 +1020,7 @@ kubeApiServer: # Component scraping the kube controller manager kubeControllerManager: # -- Enable kube controller manager metrics scraping - enabled: true + enabled: false # -- If your kube controller manager is not deployed as a pod, specify IPs it can be found on endpoints: [] @@ -1150,7 +1153,7 @@ kubeEtcd: # Component scraping kube scheduler kubeScheduler: # -- Enable KubeScheduler metrics scraping - enabled: true + enabled: false # -- If your kube scheduler is not deployed as a pod, specify IPs it can be found on endpoints: []