forked from public/stack
90 lines
2.9 KiB
YAML
90 lines
2.9 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: snapshot-creator
|
|
spec:
|
|
schedule: "@daily"
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
restartPolicy: OnFailure
|
|
serviceAccountName: forgejo-snapshot
|
|
initContainers:
|
|
- name: template-snapshot-name
|
|
image: bitnami/kubectl:1.27.1
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["/bin/sh"]
|
|
args:
|
|
- -c
|
|
- |-
|
|
sed \
|
|
-e "s/TEMPLATE_NAME/forgejo-snapshot-$(date -u --rfc-3339=date)/" \
|
|
-e "s/TEMPLATE_PVC_NAME/forgejo-data-forgejo-0/" \
|
|
< /in/forgejo-volume-snapshot-template.yaml \
|
|
> /out/forgejo-volume-snapshot.yaml
|
|
volumeMounts:
|
|
- name: snapshot-template
|
|
mountPath: /in
|
|
- name: snapshot-yaml
|
|
mountPath: /out
|
|
containers:
|
|
- name: create-volume-snapshot
|
|
image: bitnami/kubectl:1.27.1
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
args:
|
|
- -n
|
|
- $(POD_NAMESPACE)
|
|
- apply
|
|
- -f
|
|
- /in/forgejo-volume-snapshot.yaml
|
|
env:
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
volumeMounts:
|
|
- name: snapshot-yaml
|
|
mountPath: /in
|
|
- name: cleanup-volume-snapshot
|
|
image: bitnami/kubectl:1.27.1
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["sh"]
|
|
args:
|
|
- -c
|
|
- |-
|
|
datestr="$(date -d '2 weeks ago' -Ins --utc | sed 's/+0000/Z/')"
|
|
kubectl -n forgejo get volumesnapshots \
|
|
--template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \
|
|
| while read snapshot_name snapshot_date; do
|
|
echo "$snapshot_name" "$snapshot_date" "$datestr" | awk '$2 <= $3 { print $1 }'
|
|
done \
|
|
| xargs --no-run-if-empty -n 1 echo kubectl -n $(POD_NAMESPACE) delete volumesnapshot "$snapshot_name"
|
|
env:
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
volumes:
|
|
- name: snapshot-template
|
|
configMap:
|
|
name: forgejo-volume-snapshot-template
|
|
- name: snapshot-yaml
|
|
emptyDir: {}
|