DevFW-CICD/stacks
DevFW-CICD/stacks
14
0
Fork 2
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

WIP: feat(manifest): 🎉 WIP Add CronJob and Secret for S3 backups #33

Draft
Daniel.Sy wants to merge 5 commits from WIP-s3-backup-cronjob into main
pull from: WIP-s3-backup-cronjob
merge into: DevFW-CICD:main
Conversation 1 Commits 5 Files changed 5 +96 -2
5 changed files with 96 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

83
template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml Normal file
View file

@ -0,0 +1,83 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: forgejo-s3-backup
namespace: gitea
spec:
schedule: "0 1 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: rclone
image: rclone/rclone:1.70
imagePullPolicy: IfNotPresent
env:
- name: SOURCE_BUCKET
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: bucket-name
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: access-key
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: secret-key
volumeMounts:
- name: rclone-config
mountPath: /config/rclone
readOnly: true
- name: backup-dir
mountPath: /backup
readOnly: false
command:
- /bin/sh
- -c
- |
rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
restartPolicy: OnFailure
volumes:
- name: rclone-config
secret:
secretName: forgejo-s3-backup
- name: backup-dir
persistentVolumeClaim:
claimName: s3-backup
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: s3-backup
namespace: gitea
annotations:
everest.io/disk-volume-type: SATA
everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
spec:
storageClassName: csi-disk
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: Secret
metadata:
name: forgejo-s3-backup
namespace: gitea
type: Opaque
stringData:
rclone.conf: |
[source]
type = s3
provider = HuaweiOBS
env_auth = true
endpoint = obs.eu-de.otc.t-systems.com
region = eu-de
acl = private

3
template/stacks/forgejo/forgejo-server/values.yaml
View file

@ -1,3 +1,4 @@
# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules
{{{- define "BUCKET_NAME" -}}}
{{{- if (getenv "FORGEJO_BUCKET_NAME") -}}}
{{{ getenv "FORGEJO_BUCKET_NAME" }}}
@ -27,8 +28,10 @@ postgresql-ha:
persistence:
enabled: true
size: 200Gi
storageClass: csi-disk
annotations:
everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
everest.io/disk-volume-type: SATA
test:
enabled: false

4
template/stacks/observability/grafana-operator/manifests/grafana.yaml
View file

@ -6,7 +6,11 @@ metadata:
dashboards: "grafana"
spec:
persistentVolumeClaim:
metadata:
annotations:
everest.io/disk-volume-type: SATA
spec:
storageClassName: csi-disk
accessModes:
- ReadWriteOnce
resources:

4
template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
View file

@ -9,7 +9,9 @@ spec:
storageMetadata:
annotations:
everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
everest.io/disk-volume-type: SATA
storage:
storageClassName: csi-disk
accessModes:
- ReadWriteOnce
resources:
@ -21,4 +23,4 @@ spec:
cpu: 500m
limits:
memory: 10Gi
cpu: 2
cpu: 2

4
template/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -289,7 +289,9 @@ vmsingle:
storageMetadata:
annotations:
everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
everest.io/disk-volume-type: SATA
storage:
storageClassName: csi-disk
accessModes:
- ReadWriteOnce
resources:
@ -880,7 +882,7 @@ grafana:
enabled: false
# all values for grafana helm chart can be specified here
persistence:
enabled: true
enabled: false
type: pvc
storageClassName: "default"
grafana.ini: