- folder structure revision - ops scripts revision - helm chart update version - 12.5.0
This commit is contained in:
15
deploy/app/.env.d/.env.example
Normal file
15
deploy/app/.env.d/.env.example
Normal file
@@ -0,0 +1,15 @@
|
||||
APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_USERNAME="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_PASSWORD="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_EMAIL="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET="????"
|
||||
@@ -1,3 +0,0 @@
|
||||
**
|
||||
!.gitignore
|
||||
!*.example
|
||||
@@ -1 +0,0 @@
|
||||
BORG_KEY an valid borg key
|
||||
@@ -1,3 +0,0 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
AND VALID PRIVATE SSH KEY WITH ACCESS TO SSH SERVER
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
@@ -1,7 +0,0 @@
|
||||
PBS_REPOSITORY="pbs repository"
|
||||
PBS_PASSWORD="pbs access passwordd"
|
||||
PBS_FINGERPRINT="00:00:00:00:00" # the pbs finger print
|
||||
BORG_REPO="ssh://user@reposerver/path" # required by offsite babckup
|
||||
BORG_PASSPHRASE="borg passphare" # required by offsite babckup
|
||||
OFFSITE_TARGET_FOLDER="test:target_path" # follow rclone naming convension
|
||||
|
||||
@@ -1,163 +0,0 @@
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: backup-borg-offsite
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
schedule: "0 16 * * 0" #every sunday at 4pm
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: offsite-backup
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: postgres-export
|
||||
resources:
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "250m"
|
||||
image: postgres:latest
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
set -e
|
||||
. /root/.gitea-inline-config/database
|
||||
export PGPASSWORD=$PASSWD
|
||||
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
|
||||
|
||||
volumeMounts:
|
||||
|
||||
- name: backup-var-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: gitea-inline-config
|
||||
mountPath: /root/.gitea-inline-config
|
||||
readOnly: true
|
||||
|
||||
|
||||
|
||||
containers:
|
||||
- name: borg-client
|
||||
image: git.limbosolutions.com/kb/borg-backup:latest
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "250m"
|
||||
env:
|
||||
- name: BORG_REPO
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: BORG_REPO
|
||||
|
||||
- name: BORG_PASSPHRASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: BORG_PASSPHRASE
|
||||
|
||||
|
||||
- name: OFFSITE_TARGET_FOLDER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: OFFSITE_TARGET_FOLDER
|
||||
|
||||
|
||||
- name: BORG_RSH
|
||||
value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR
|
||||
|
||||
- name: REPO_SYNC_MAX_SIZE
|
||||
value: "21474836480" # 20GB
|
||||
|
||||
- name: MODE
|
||||
value: SHELL
|
||||
|
||||
|
||||
args:
|
||||
- |
|
||||
set -e
|
||||
|
||||
SCRIPT_START_TIME=$(date +%s)
|
||||
|
||||
# while true; do
|
||||
# sleep 5
|
||||
# done
|
||||
|
||||
borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export
|
||||
borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data --exclude /data/packages --exclude /data/tmp
|
||||
|
||||
#cleanup
|
||||
borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='gitea-data*'
|
||||
borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='postgresql-export*'
|
||||
borg compact ${BORG_REPO}
|
||||
|
||||
# check repo size
|
||||
REPO_SIZE_IN_BYTES=$(remote-get-folder-size)
|
||||
echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB"
|
||||
|
||||
if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \
|
||||
echo "ERROR: Repository size $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB exceeds $((REPO_SYNC_MAX_SIZE / 1024 / 1024))MB";
|
||||
exit 1;
|
||||
else
|
||||
# Repository size is within limits for offsite sync
|
||||
# ssh to backup server and enforce rclone to onedrive
|
||||
remote-connect "rclone sync $SSH_FOLDER $OFFSITE_TARGET_FOLDER --stats=0" && \
|
||||
echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) "
|
||||
fi
|
||||
|
||||
#outputs info
|
||||
borg info ${BORG_REPO}
|
||||
#borg info ${BORG_REPO} --json
|
||||
|
||||
volumeMounts:
|
||||
- name: gitea-data
|
||||
mountPath: /data/gitea-data
|
||||
|
||||
- name: backup-var-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: gitea-backup-secrets
|
||||
mountPath: /root/.ssh/id_rsa
|
||||
subPath: SSH_ID_RSA
|
||||
readOnly: true
|
||||
|
||||
- name: gitea-backup-secrets
|
||||
mountPath: /app/borg/key
|
||||
subPath: BORG_KEY
|
||||
|
||||
volumes:
|
||||
|
||||
- name: gitea-data
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-shared-storage
|
||||
|
||||
- name: gitea-inline-config
|
||||
secret:
|
||||
secretName: gitea-inline-config
|
||||
|
||||
- name: gitea-backup-secrets
|
||||
secret:
|
||||
secretName: gitea-backup
|
||||
defaultMode: 0600
|
||||
|
||||
- name: backup-var-data
|
||||
emptyDir: {}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,123 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: backup-pbs
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
schedule: "0 1 * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pbs-backup
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: postgres-export
|
||||
image: postgres:latest
|
||||
resources:
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "250m"
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
#echo "INFO: Starting export"
|
||||
. /root/.gitea-inline-config/database
|
||||
export PGPASSWORD=$PASSWD
|
||||
#echo "INFO: Exporting database"
|
||||
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Exporting database failed"
|
||||
exit 1
|
||||
fi
|
||||
#echo "INFO: Exporting database finished"
|
||||
|
||||
volumeMounts:
|
||||
|
||||
- name: backup-run-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: gitea-inline-config
|
||||
mountPath: /root/.gitea-inline-config
|
||||
readOnly: true
|
||||
|
||||
containers:
|
||||
- name: gitea-pbs-client
|
||||
image: git.limbosolutions.com/kb/pbsclient
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "250m"
|
||||
env:
|
||||
- name: MODE
|
||||
value: shell
|
||||
- name: PBS_REPOSITORY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: PBS_REPOSITORY
|
||||
- name: PBS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: PBS_PASSWORD
|
||||
- name: PBS_FINGERPRINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-backup
|
||||
key: PBS_FINGERPRINT
|
||||
|
||||
command: ["bash", "-c"]
|
||||
args:
|
||||
- |
|
||||
set -e
|
||||
# while true; do
|
||||
# sleep 1s
|
||||
# done
|
||||
SCRIPT_START_TIME=$(date +%s)
|
||||
proxmox-backup-client backup gitea-data.pxar:/data/gitea-data postgresql-data.pxar:/data/postgresql-data postgresql-export.pxar:/data/postgresql-export --include-dev /data/postgresql-data --include-dev /data/postgresql-export --include-dev /data/gitea-data --backup-id "gitea-full" -ns git.limbosolutions.com
|
||||
SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME))
|
||||
echo "INFO: Finished Backup of git.limbosolutions.com ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) "
|
||||
|
||||
volumeMounts:
|
||||
- name: gitea-shared-storage
|
||||
mountPath: /data/gitea-data
|
||||
|
||||
- name: db-postgresql-data
|
||||
mountPath: /data/postgresql-data
|
||||
|
||||
- name: backup-run-data
|
||||
mountPath: /data/postgresql-export
|
||||
subPath: postgresql-export
|
||||
|
||||
- name: backup-run-data
|
||||
mountPath: /tmp
|
||||
subPath: tmp
|
||||
|
||||
|
||||
volumes:
|
||||
- name: gitea-shared-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-shared-storage
|
||||
|
||||
- name: db-postgresql-data
|
||||
persistentVolumeClaim:
|
||||
claimName: data-gitea-postgresql-0
|
||||
|
||||
- name: backup-run-data
|
||||
emptyDir: {}
|
||||
|
||||
- name: gitea-inline-config
|
||||
secret:
|
||||
secretName: gitea-inline-config
|
||||
150
deploy/app/helm-values.yaml
Normal file
150
deploy/app/helm-values.yaml
Normal file
@@ -0,0 +1,150 @@
|
||||
image:
|
||||
registry: ""
|
||||
repository: gitea/gitea
|
||||
pullPolicy: Always
|
||||
tag: "1"
|
||||
|
||||
cache:
|
||||
enabled: false
|
||||
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
|
||||
valkey:
|
||||
enabled: true
|
||||
architecture: standalone
|
||||
global:
|
||||
valkey:
|
||||
password: "???"
|
||||
master:
|
||||
count: 1
|
||||
service:
|
||||
ports:
|
||||
valkey: 6379
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
image:
|
||||
registry: ""
|
||||
repository: bitnami/postgresql
|
||||
tag: 16
|
||||
imagePullPolicy: IfNotPresent
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
postgresPassword: "???"
|
||||
password: "???"
|
||||
database: "???"
|
||||
username: "???"
|
||||
service:
|
||||
ports:
|
||||
postgresql: 5432
|
||||
primary:
|
||||
persistence:
|
||||
size: 10Gi
|
||||
metrics:
|
||||
enabled: true
|
||||
collectors:
|
||||
wal: false
|
||||
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
service:
|
||||
ssh:
|
||||
type: LoadBalancer
|
||||
enabled: true
|
||||
port: 2222
|
||||
loadBalancerIP: "" # optional
|
||||
externalTrafficPolicy: Local
|
||||
http:
|
||||
clusterIP: "" # empty string → Kubernetes assigns a routable ClusterIP
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
gitea:
|
||||
admin:
|
||||
username: "???"
|
||||
password: "???"
|
||||
email: "???"
|
||||
config:
|
||||
oauth2:
|
||||
JWT_SECRET: "???"
|
||||
actions:
|
||||
ENABLED: true
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
indexer:
|
||||
ISSUE_INDEXER_TYPE: bleve
|
||||
REPO_INDEXER_ENABLED: true
|
||||
picture:
|
||||
AVATAR_UPLOAD_PATH: /data/avatars
|
||||
server:
|
||||
DOMAIN: git.limbosolutions.com
|
||||
SSH_DOMAIN: git.limbosolutions.com
|
||||
ROOT_URL: https://git.limbosolutions.com
|
||||
DISABLE_SSH: false
|
||||
SSH_PORT: 2222
|
||||
SSH_LISTEN_PORT: 2222
|
||||
LFS_START_SERVER: true
|
||||
START_SSH_SERVER: true
|
||||
LFS_PATH: /data/git/lfs
|
||||
LFS_JWT_SECRET: "???"
|
||||
OFFLINE_MODE: false
|
||||
#MFF 03/08/2024
|
||||
REPO_INDEXER_ENABLED: true
|
||||
REPO_INDEXER_PATH: indexers/repos.bleve
|
||||
MAX_FILE_SIZE: 1048576
|
||||
REPO_INDEXER_INCLUDE:
|
||||
REPO_INDEXER_EXCLUDE: resources/bin/**
|
||||
####
|
||||
|
||||
service:
|
||||
DISABLE_REGISTRATION: true
|
||||
REQUIRE_SIGNIN_VIEW: false
|
||||
REGISTER_EMAIL_CONFIRM: false
|
||||
ENABLE_NOTIFY_MAIL: false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION: false
|
||||
ENABLE_CAPTCHA: true
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE : true
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION: true
|
||||
DEFAULT_ENABLE_TIMETRACKING: true
|
||||
NO_REPLY_ADDRESS: noreply.localhost
|
||||
oauth2:
|
||||
JWT_SECRET: "???"
|
||||
mailer:
|
||||
ENABLED: false
|
||||
|
||||
openid:
|
||||
ENABLE_OPENID_SIGNIN: false
|
||||
ENABLE_OPENID_SIGNUP: false
|
||||
|
||||
|
||||
security:
|
||||
INSTALL_LOCK: true
|
||||
SECRET_KEY: "???"
|
||||
REVERSE_PROXY_LIMIT: 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES: "???"
|
||||
INTERNAL_TOKEN: "???"
|
||||
PASSWORD_HASH_ALGO: "???"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure, public-https
|
||||
hosts:
|
||||
- host: git.limbosolutions.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: limbosolutions-com-tls
|
||||
hosts:
|
||||
- "git.limbosolutions.com"
|
||||
|
||||
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- cronjobs/backups/backup-borg-offsite-cronjob.yaml
|
||||
- cronjobs/backups/backup-pbs-cronjob.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: gitea-backup
|
||||
namespace: git-limbosolutions-com
|
||||
envs:
|
||||
- cronjobs/backups/.env.d/secrets
|
||||
files:
|
||||
- BORG_KEY=cronjobs/backups/.env.d/borg_key
|
||||
- SSH_ID_RSA=cronjobs/backups/.env.d/id_rsa
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
Reference in New Issue
Block a user