repo refactoring continuous-deploy prep

2025-11-23 22:03:49 +00:00
parent fc1d941dde
commit a23cbcdf93
14 changed files with 70 additions and 77 deletions
--- a/manifests/app/cronjobs/backups/backup-borg-offsite-cronjob.yaml
+++ b/manifests/app/cronjobs/backups/backup-borg-offsite-cronjob.yaml
@@ -0,0 +1,156 @@
+
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup-borg-offsite
+  namespace: git-limbosolutions-com
+spec:
+  schedule: "0 16 * * 0" #every sunday at 4pm
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        metadata:
+          labels:
+            app: offsite-backup
+        spec:
+          restartPolicy: Never
+          initContainers:
+            - name: postgres-export
+              image: postgres:latest
+              command: ["sh", "-c"]
+              args:
+                - |
+                  set -e
+                  . /root/.gitea-inline-config/database
+                  export PGPASSWORD=$PASSWD
+                  pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
+  
+              volumeMounts:
+                
+              - name: backup-var-data
+                mountPath: /data/postgresql-export
+                subPath: postgresql-export
+
+              - name: gitea-inline-config
+                mountPath: /root/.gitea-inline-config
+                readOnly: true
+
+
+     
+          containers:
+            - name: borg-client
+              image: git.limbosolutions.com/kb/borg-backup:latest
+              imagePullPolicy: Always
+              # resources:
+              #   limits:
+              #     memory: "512Mi"
+              #     cpu: "500m"
+              #   requests:
+              #     memory: "256Mi"
+              #     cpu: "250m"
+              env:
+                - name: BORG_REPO
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key: borg_repo
+
+                - name: BORG_PASSPHRASE
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key: borg_passphrase
+
+          
+                - name: OFFSITE_TARGET_FOLDER
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key: offsite_target_folder
+
+
+                - name: BORG_RSH
+                  value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR
+
+                - name: REPO_SYNC_MAX_SIZE
+                  value: "10737418240" # 10GB
+
+                - name: MODE
+                  value: SHELL
+           
+
+              args:
+              - |
+                set -e
+                
+                SCRIPT_START_TIME=$(date +%s)
+
+                # while true; do
+                #   sleep 5
+                # done
+                
+                borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export
+                borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data
+
+                #cleanup
+                borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='gitea-data*'
+                borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='postgresql-export*'
+                borg compact ${BORG_REPO} 
+
+                # check repo size
+                REPO_SIZE_IN_BYTES=$(remote-get-folder-size)
+                echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB"
+                
+                if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \
+                  echo "ERROR: Repository size $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB exceeds $((REPO_SYNC_MAX_SIZE / 1024 / 1024))MB";
+                  exit 1;
+                else 
+                  # Repository size is within limits for offsite sync
+                  # ssh to backup server and enforce rclone to onedrive
+                  remote-connect "rclone sync $SSH_FOLDER $OFFSITE_TARGET_FOLDER --progress" && \
+                  echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) "
+                fi
+
+                #outputs info
+                borg info ${BORG_REPO}
+                #borg info ${BORG_REPO} --json
+
+              volumeMounts:
+                - name: gitea-data
+                  mountPath: /data/gitea-data
+
+                - name: backup-var-data
+                  mountPath: /data/postgresql-export
+                  subPath: postgresql-export
+              
+                - name: gitea-backup-secret
+                  mountPath: /root/.ssh/id_rsa
+                  subPath: ssh_id_rsa
+                  readOnly: true
+
+                - name: gitea-backup-secret
+                  mountPath: /app/borg/key
+                  subPath: borg_key
+
+          volumes:
+
+            - name: gitea-data
+              persistentVolumeClaim:
+                claimName: gitea-shared-storage
+
+            - name: gitea-inline-config
+              secret:
+                secretName: gitea-inline-config
+
+            - name: gitea-backup-secret
+              secret:
+                secretName: gitea-backup-secret
+                defaultMode: 0600
+
+            - name: backup-var-data
+              emptyDir: {}
+
+
+
+
--- a/manifests/app/cronjobs/backups/backup-pbs-cronjob.yaml
+++ b/manifests/app/cronjobs/backups/backup-pbs-cronjob.yaml
@@ -0,0 +1,109 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup-pbs
+  namespace: git-limbosolutions-com
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        metadata:
+          labels:
+            app: pbs-backup
+        spec:
+          restartPolicy: Never
+          initContainers:
+            - name: postgres-export
+              image: postgres:latest
+              command: ["sh", "-c"]
+              args:
+                - |
+                  #echo "INFO: Starting export"
+                  . /root/.gitea-inline-config/database
+                  export PGPASSWORD=$PASSWD
+                  #echo "INFO: Exporting database"
+                  pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
+                  if [ $? -ne 0 ]; then
+                    echo "ERROR: Exporting database failed"
+                    exit 1
+                  fi 
+                  #echo "INFO: Exporting database finished"
+
+              volumeMounts:
+
+              - name: backup-run-data
+                mountPath: /data/postgresql-export
+                subPath: postgresql-export
+
+              - name: gitea-inline-config
+                mountPath: /root/.gitea-inline-config
+                readOnly: true
+
+          containers:
+            - name: gitea-pbs-client
+              image: git.limbosolutions.com/kb/pbsclient
+              imagePullPolicy: Always
+              env:  
+                - name: MODE
+                  value: shell
+                - name: PBS_REPOSITORY
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key:  pbs_repository
+                - name: PBS_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key: pbs_password
+                - name: PBS_FINGERPRINT
+                  valueFrom:
+                    secretKeyRef:
+                      name: gitea-backup-secret
+                      key: pbs_fingerprint
+
+              command: ["bash", "-c"]
+              args:
+                - |
+                  set -e
+                  #  while true; do
+                  #    sleep 1s
+                  #  done
+                  SCRIPT_START_TIME=$(date +%s)
+                  proxmox-backup-client backup gitea-data.pxar:/data/gitea-data postgresql-data.pxar:/data/postgresql-data postgresql-export.pxar:/data/postgresql-export --include-dev /data/postgresql-data --include-dev /data/postgresql-export --include-dev /data/gitea-data --backup-id "gitea-full" -ns git.limbosolutions.com
+                  SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME))
+                  echo "INFO: Finished Backup of git.limbosolutions.com ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) "
+
+              volumeMounts:
+              - name: gitea-shared-storage
+                mountPath: /data/gitea-data
+
+              - name: db-postgresql-data
+                mountPath: /data/postgresql-data
+              
+              - name: backup-run-data
+                mountPath: /data/postgresql-export
+                subPath: postgresql-export
+
+              - name: backup-run-data
+                mountPath: /tmp
+                subPath: tmp
+        
+
+          volumes:
+            - name: gitea-shared-storage
+              persistentVolumeClaim:
+                claimName: gitea-shared-storage
+
+            - name: db-postgresql-data
+              persistentVolumeClaim:
+                claimName: data-gitea-postgresql-0
+          
+            - name: backup-run-data
+              emptyDir: {}
+
+            - name: gitea-inline-config
+              secret:
+                secretName: gitea-inline-config
--- a/manifests/app/cronjobs/backups/secrets.template.yaml
+++ b/manifests/app/cronjobs/backups/secrets.template.yaml
@@ -0,0 +1,16 @@
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-backup-secret
+  namespace: git-limbosolutions-com
+type: Opaque
+data:
+  pbs_repository: ${PBS_REPOSITORY}
+  pbs_password: ${PBS_PASSWORD}
+  pbs_fingerprint: ${PBS_FINGERPRINT}
+  borg_repo: ${BORG_REPO}
+  borg_passphrase: ${BORG_PASSPHRASE}
+  offsite_target_folder: ${OFFSITE_TARGET_FOLDER}
+  ssh_id_rsa: ${SSH_ID_RSA}
+  borg_key: ${BORG_KEY}