k/forgejo: add pvc snapshots

kustomizations/forgejo/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - namespace.yaml
 - resources.yaml
 - ingress.yaml
+- snapshots
 patches:
 - path: forgejo-env-vars.patch.yaml
   target:

kustomizations/forgejo/snapshots/forgejo-volume-snapshot-template.yaml

@@ -0,0 +1,7 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshot
+metadata:
+  name: TEMPLATE_NAME
+spec:
+  source:
+    persistentVolumeClaimName: TEMPLATE_PVC_NAME

kustomizations/forgejo/snapshots/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- resources.yaml
+- rbac.yaml
+configMapGenerator:
+- name: forgejo-volume-snapshot-template
+  files:
+  - forgejo-volume-snapshot-template.yaml

kustomizations/forgejo/snapshots/rbac.yaml

@@ -0,0 +1,42 @@
+apiVersion: v1
+automountServiceAccountToken: true
+kind: ServiceAccount
+metadata:
+  name: forgejo-snapshot
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: forgejo-snapshot
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: forgejo-snapshot
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: forgejo-snapshot
+subjects:
+- kind: ServiceAccount
+  name: forgejo-snapshot
+  namespace: default

kustomizations/forgejo/snapshots/resources.yaml

@@ -0,0 +1,70 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: snapshot-creator
+spec:
+  schedule: "@daily"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          serviceAccountName: forgejo-snapshot
+          initContainers:
+          - name: template-snapshot-name
+            image: bitnami/kubectl:1.27.1
+            command: ["/bin/sh"]
+            args:
+            - -c
+            - |-
+                sed \
+                -e "s/TEMPLATE_NAME/forgejo-snapshot-$(date -u --rfc-3339=date)/" \
+                -e "s/TEMPLATE_PVC_NAME/forgejo-data-forgejo-0/" \
+                < /in/forgejo-volume-snapshot-template.yaml \
+                > /out/forgejo-volume-snapshot.yaml
+            volumeMounts:
+            - name: snapshot-template
+              mountPath: /in
+            - name: snapshot-yaml
+              mountPath: /out
+          containers:
+          - name: create-volume-snapshot
+            image: bitnami/kubectl:1.27.1
+            args:
+            - -n
+            - $(POD_NAMESPACE)
+            - apply
+            - -f
+            - /in/forgejo-volume-snapshot.yaml
+            env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            volumeMounts:
+            - name: snapshot-yaml
+              mountPath: /in
+          - name: cleanup-volume-snapshot
+            image: bitnami/kubectl:1.27.1
+            command: ["sh"]
+            args:
+            - -c
+            - |-
+                datestr="$(date -d '2 weeks ago' -Ins --utc | sed 's/+0000/Z/')"
+                kubectl -n forgejo get volumesnapshots \
+                  --template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \
+                | while read snapshot_name snapshot_date; do
+                  echo "$snapshot_name" "$snapshot_date" "$datestr" | awk '$2 <= $3 { print $1 }'
+                done \
+                | xargs -n 1 kubectl -n $(POD_NAMESPACE) delete volumesnapshot "$snapshot_name"
+            env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumes:
+          - name: snapshot-template
+            configMap:
+              name: forgejo-volume-snapshot-template
+          - name: snapshot-yaml
+            emptyDir: {}