limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

refactoring (documentation review for runme)

Browse Source
This commit is contained in:
Márcio Fernandes
2025-04-18 15:18:28 +00:00
parent 82c13f834e
commit 4288e7fc03
9 changed files with 161 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
backups/backup-cronjob.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-backup
namespace: git-limbosolutions-com
spec:
schedule: "0 1 * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: postgres-export
image: postgres:latest
command: ["sh", "-c"]
args:
- |
#echo "INFO: Starting export"
. /root/.gitea-inline-config/database
export PGPASSWORD=$PASSWD
#echo "INFO: Exporting database"
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
if [ $? -ne 0 ]; then
echo "ERROR: Exporting database failed"
exit 1
fi
#echo "INFO: Exporting database finished"
volumeMounts:
- name: backup-run-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: gitea-inline-config
mountPath: /root/.gitea-inline-config
readOnly: true
containers:
- name: gitea-pbs-client
image: git.limbosolutions.com/kb/pbsclient
env:
- name: MODE
value: shell
- name: PBS_REPOSITORY
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_REPOSITORY
- name: PBS_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_PASSWORD
- name: PBS_FINGERPRINT
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_FINGERPRINT
command: ["bash", "-c"]
args:
- |
proxmox-backup-client backup gitea-data.pxar:/data/gitea-data postgresql-data.pxar:/data/postgresql-data postgresql-export.pxar:/data/postgresql-export --include-dev /data/postgresql-data --include-dev /data/postgresql-export --include-dev /data/gitea-data --backup-id "gitea-full" -ns git.limbosolutions.com
echo "INFO: Backup git.limbosolutions.com finished"
volumeMounts:
- name: gitea-shared-storage
mountPath: /data/gitea-data
- name: db-postgresql-data
mountPath: /data/postgresql-data
- name: backup-run-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: backup-run-data
mountPath: /tmp
subPath: tmp
volumes:
- name: gitea-shared-storage
persistentVolumeClaim:
claimName: gitea-shared-storage
- name: db-postgresql-data
persistentVolumeClaim:
claimName: data-gitea-postgresql-0
- name: backup-run-data
emptyDir: {}
- name: gitea-inline-config
secret:
secretName: gitea-inline-config

123
backups/borgbackup-offsite-cronjob.yaml Normal file
View File

@@ -0,0 +1,123 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-backup-offsite
namespace: git-limbosolutions-com
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: postgres-export
image: postgres:latest
command: ["sh", "-c"]
args:
- |
set -e
. /root/.gitea-inline-config/database
export PGPASSWORD=$PASSWD
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
volumeMounts:
- name: backup-var-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: gitea-inline-config
mountPath: /root/.gitea-inline-config
readOnly: true
containers:
- name: borg-client
image: git.limbosolutions.com/kb/borg-backup:latest
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
env:
- name: BORG_REPO
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_REPO
- name: BORG_PASSPHRASE
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_PASSPHRASE
- name: BORG_RSH
value: ssh -o StrictHostKeyChecking=no -o LogLevel=ERROR
- name: BORG_KEY_FILE
value: /root/.borg/key
command: ["sh", "-c"]
args:
- |
set -e
borg create ${BORG_REPO}::"postgresql-export-$(date +%Y-%m-%d_%H:%M:%S)" /data/postgresql-export
borg create ${BORG_REPO}::"gitea-data-$(date +%Y-%m-%d_%H:%M:%S)" /data/gitea-data
# ssh to backup server and enforce rclone to onedrive
${BORG_RSH} mf@backupsrv01.dev.lan \
"rclone sync ~/borg-repos/git.limbosolutions.com mf.onedrive:.backups/git.limbosolutions.com/borg" &&
echo "INFO: Backup git.limbosolutions.com (offsite) finished"
#cleanup
borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='gitea-data*'
borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='postgresql-export*'
borg compact ${BORG_REPO}
#outputs info
borg info ${BORG_REPO}
#borg info ${BORG_REPO} --json
volumeMounts:
- name: gitea-data
mountPath: /data/gitea-data
- name: backup-var-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: gitea-backup-secret
mountPath: /root/.borg/key
subPath: BORG_KEY_FILE
- name: gitea-backup-secret
mountPath: /root/.ssh/id_rsa
subPath: SSH_ID_RSA
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-shared-storage
- name: gitea-inline-config
secret:
secretName: gitea-inline-config
- name: gitea-backup-secret
secret:
secretName: gitea-backup-secret
defaultMode: 0600
- name: backup-var-data
emptyDir: {}

59
backups/borgbackup-sidekick.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: Pod
metadata:
name: borgbackup-sidekick
namespace: git-limbosolutions-com
labels:
app: borgbackup-sidekick
spec:
containers:
- name: borgbackup-sidekick
image: git.limbosolutions.com/kb/borg-backup:latest
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
env:
- name: BORG_REPO
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_REPO
- name: BORG_PASSPHRASE
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: BORG_PASSPHRASE
- name: BORG_RSH
value: ssh -o StrictHostKeyChecking=no
- name: BORG_KEY_FILE
value: /root/.borg/key
command: ["sh", "-c"]
args:
- |
while true; do
sleep 1s
done
volumeMounts:
- name: gitea-backup-secret
mountPath: /root/.borg/key
subPath: BORG_KEY_FILE
- name: gitea-backup-secret
mountPath: /root/.ssh/id_rsa
subPath: SSH_ID_RSA
volumes:
- name: gitea-backup-secret
secret:
secretName: gitea-backup-secret
defaultMode: 0600

11
backups/gitea-backup-secret-deploy.sh Executable file
View File

@@ -0,0 +1,11 @@
#/bin/bash
# set source env variables
. ./.env
# set variables in env file as export
export $(cut -d= -f1 ./.env)
envsubst < gitea-backup-secret.yaml | kubectl apply -f -

15
backups/gitea-backup-secret.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-backup-secret
namespace: git-limbosolutions-com
type: Opaque
stringData:
PBS_REPOSITORY: ${PBS_REPOSITORY}
PBS_PASSWORD: ${PBS_PASSWORD}
PBS_FINGERPRINT: ${PBS_FINGERPRINT}
BORG_KEY_FILE: ${BORG_KEY_FILE}
BORG_REPO: ${BORG_REPO}
BORG_PASSPHRASE: ${BORG_PASSPHRASE}
SSH_ID_RSA: ${SSH_ID_RSA}