k/forgejo: add pvc snapshots

This commit is contained in:
ryan-distrust.co 2023-05-16 04:04:06 -04:00
parent 811bfc4aa3
commit 1c16a03900
Signed by untrusted user who does not match committer: ryan
GPG Key ID: 8E401478A3FBEF72
5 changed files with 129 additions and 0 deletions

View File

@ -5,6 +5,7 @@ resources:
- namespace.yaml - namespace.yaml
- resources.yaml - resources.yaml
- ingress.yaml - ingress.yaml
- snapshots
patches: patches:
- path: forgejo-env-vars.patch.yaml - path: forgejo-env-vars.patch.yaml
target: target:

View File

@ -0,0 +1,7 @@
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: TEMPLATE_NAME
spec:
source:
persistentVolumeClaimName: TEMPLATE_PVC_NAME

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources.yaml
- rbac.yaml
configMapGenerator:
- name: forgejo-volume-snapshot-template
files:
- forgejo-volume-snapshot-template.yaml

View File

@ -0,0 +1,42 @@
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
name: forgejo-snapshot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: forgejo-snapshot
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: forgejo-snapshot
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: forgejo-snapshot
subjects:
- kind: ServiceAccount
name: forgejo-snapshot
namespace: default

View File

@ -0,0 +1,70 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: snapshot-creator
spec:
schedule: "@daily"
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
serviceAccountName: forgejo-snapshot
initContainers:
- name: template-snapshot-name
image: bitnami/kubectl:1.27.1
command: ["/bin/sh"]
args:
- -c
- |-
sed \
-e "s/TEMPLATE_NAME/forgejo-snapshot-$(date -u --rfc-3339=date)/" \
-e "s/TEMPLATE_PVC_NAME/forgejo-data-forgejo-0/" \
< /in/forgejo-volume-snapshot-template.yaml \
> /out/forgejo-volume-snapshot.yaml
volumeMounts:
- name: snapshot-template
mountPath: /in
- name: snapshot-yaml
mountPath: /out
containers:
- name: create-volume-snapshot
image: bitnami/kubectl:1.27.1
args:
- -n
- $(POD_NAMESPACE)
- apply
- -f
- /in/forgejo-volume-snapshot.yaml
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: snapshot-yaml
mountPath: /in
- name: cleanup-volume-snapshot
image: bitnami/kubectl:1.27.1
command: ["sh"]
args:
- -c
- |-
datestr="$(date -d '2 weeks ago' -Ins --utc | sed 's/+0000/Z/')"
kubectl -n forgejo get volumesnapshots \
--template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \
| while read snapshot_name snapshot_date; do
echo "$snapshot_name" "$snapshot_date" "$datestr" | awk '$2 <= $3 { print $1 }'
done \
| xargs -n 1 kubectl -n $(POD_NAMESPACE) delete volumesnapshot "$snapshot_name"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumes:
- name: snapshot-template
configMap:
name: forgejo-volume-snapshot-template
- name: snapshot-yaml
emptyDir: {}