stack/kustomizations/forgejo/snapshots/resources.yaml

90 lines
2.9 KiB
YAML

apiVersion: batch/v1
kind: CronJob
metadata:
name: snapshot-creator
spec:
schedule: "@daily"
jobTemplate:
spec:
template:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
restartPolicy: OnFailure
serviceAccountName: forgejo-snapshot
initContainers:
- name: template-snapshot-name
image: bitnami/kubectl:1.27.1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["/bin/sh"]
args:
- -c
- |-
sed \
-e "s/TEMPLATE_NAME/forgejo-snapshot-$(date -u --rfc-3339=date)/" \
-e "s/TEMPLATE_PVC_NAME/forgejo-data-forgejo-0/" \
< /in/forgejo-volume-snapshot-template.yaml \
> /out/forgejo-volume-snapshot.yaml
volumeMounts:
- name: snapshot-template
mountPath: /in
- name: snapshot-yaml
mountPath: /out
containers:
- name: create-volume-snapshot
image: bitnami/kubectl:1.27.1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
args:
- -n
- $(POD_NAMESPACE)
- apply
- -f
- /in/forgejo-volume-snapshot.yaml
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: snapshot-yaml
mountPath: /in
- name: cleanup-volume-snapshot
image: bitnami/kubectl:1.27.1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["sh"]
args:
- -c
- |-
datestr="$(date -d '2 weeks ago' -Ins --utc | sed 's/+0000/Z/')"
kubectl -n forgejo get volumesnapshots \
--template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \
| while read snapshot_name snapshot_date; do
echo "$snapshot_name" "$snapshot_date" "$datestr" | awk '$2 <= $3 { print $1 }'
done \
| xargs -n 1 kubectl -n $(POD_NAMESPACE) delete volumesnapshot "$snapshot_name"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumes:
- name: snapshot-template
configMap:
name: forgejo-volume-snapshot-template
- name: snapshot-yaml
emptyDir: {}