From 1c16a039009d9d9a36ef90769de0715608194405 Mon Sep 17 00:00:00 2001 From: "ryan-distrust.co" Date: Tue, 16 May 2023 04:04:06 -0400 Subject: [PATCH] k/forgejo: add pvc snapshots --- kustomizations/forgejo/kustomization.yaml | 1 + .../forgejo-volume-snapshot-template.yaml | 7 ++ .../forgejo/snapshots/kustomization.yaml | 9 +++ kustomizations/forgejo/snapshots/rbac.yaml | 42 +++++++++++ .../forgejo/snapshots/resources.yaml | 70 +++++++++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 kustomizations/forgejo/snapshots/forgejo-volume-snapshot-template.yaml create mode 100644 kustomizations/forgejo/snapshots/kustomization.yaml create mode 100644 kustomizations/forgejo/snapshots/rbac.yaml create mode 100644 kustomizations/forgejo/snapshots/resources.yaml diff --git a/kustomizations/forgejo/kustomization.yaml b/kustomizations/forgejo/kustomization.yaml index a347d3d..3c3708c 100644 --- a/kustomizations/forgejo/kustomization.yaml +++ b/kustomizations/forgejo/kustomization.yaml @@ -5,6 +5,7 @@ resources: - namespace.yaml - resources.yaml - ingress.yaml +- snapshots patches: - path: forgejo-env-vars.patch.yaml target: diff --git a/kustomizations/forgejo/snapshots/forgejo-volume-snapshot-template.yaml b/kustomizations/forgejo/snapshots/forgejo-volume-snapshot-template.yaml new file mode 100644 index 0000000..7ae1bfd --- /dev/null +++ b/kustomizations/forgejo/snapshots/forgejo-volume-snapshot-template.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: TEMPLATE_NAME +spec: + source: + persistentVolumeClaimName: TEMPLATE_PVC_NAME diff --git a/kustomizations/forgejo/snapshots/kustomization.yaml b/kustomizations/forgejo/snapshots/kustomization.yaml new file mode 100644 index 0000000..c395376 --- /dev/null +++ b/kustomizations/forgejo/snapshots/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources.yaml +- rbac.yaml +configMapGenerator: +- name: forgejo-volume-snapshot-template + files: + - forgejo-volume-snapshot-template.yaml diff --git a/kustomizations/forgejo/snapshots/rbac.yaml b/kustomizations/forgejo/snapshots/rbac.yaml new file mode 100644 index 0000000..6ac7f4e --- /dev/null +++ b/kustomizations/forgejo/snapshots/rbac.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + name: forgejo-snapshot +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: forgejo-snapshot +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: forgejo-snapshot +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: forgejo-snapshot +subjects: +- kind: ServiceAccount + name: forgejo-snapshot + namespace: default diff --git a/kustomizations/forgejo/snapshots/resources.yaml b/kustomizations/forgejo/snapshots/resources.yaml new file mode 100644 index 0000000..8ca8d5d --- /dev/null +++ b/kustomizations/forgejo/snapshots/resources.yaml @@ -0,0 +1,70 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: snapshot-creator +spec: + schedule: "@daily" + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + serviceAccountName: forgejo-snapshot + initContainers: + - name: template-snapshot-name + image: bitnami/kubectl:1.27.1 + command: ["/bin/sh"] + args: + - -c + - |- + sed \ + -e "s/TEMPLATE_NAME/forgejo-snapshot-$(date -u --rfc-3339=date)/" \ + -e "s/TEMPLATE_PVC_NAME/forgejo-data-forgejo-0/" \ + < /in/forgejo-volume-snapshot-template.yaml \ + > /out/forgejo-volume-snapshot.yaml + volumeMounts: + - name: snapshot-template + mountPath: /in + - name: snapshot-yaml + mountPath: /out + containers: + - name: create-volume-snapshot + image: bitnami/kubectl:1.27.1 + args: + - -n + - $(POD_NAMESPACE) + - apply + - -f + - /in/forgejo-volume-snapshot.yaml + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: snapshot-yaml + mountPath: /in + - name: cleanup-volume-snapshot + image: bitnami/kubectl:1.27.1 + command: ["sh"] + args: + - -c + - |- + datestr="$(date -d '2 weeks ago' -Ins --utc | sed 's/+0000/Z/')" + kubectl -n forgejo get volumesnapshots \ + --template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \ + | while read snapshot_name snapshot_date; do + echo "$snapshot_name" "$snapshot_date" "$datestr" | awk '$2 <= $3 { print $1 }' + done \ + | xargs -n 1 kubectl -n $(POD_NAMESPACE) delete volumesnapshot "$snapshot_name" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumes: + - name: snapshot-template + configMap: + name: forgejo-volume-snapshot-template + - name: snapshot-yaml + emptyDir: {}