limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

start using kubernetes Kustomization, prep for continuous deploy

Browse Source
This commit is contained in:
Márcio Fernandes
2025-11-25 04:13:47 +00:00
parent a23cbcdf93
commit aa3f8f824b
16 changed files with 42 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -2,5 +2,4 @@ tmp
**.env **.env
**.private.** **.private.**
**.local.** **.local.**
.kube/** .kube/**
kb

14
deploy-scripts/apply-app.sh
View File

@@ -1,14 +0,0 @@
# set -a
# source ./backups/.env
# set +a
# envsubst < ./backups/backup-secrets.yaml | kubectl apply -n git-limbosolutions-com -f -
# SSH_ID_RSA=$(echo -n "$SSH_ID_RSA" | base64 -w 0)
# BORG_KEY=$(echo -n "$BORG_KEY" | base64 -w 0)
# kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"ssh_id_rsa\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com
# kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"borg_key\":\"$BORG_KEY\"}}" -n git-limbosolutions-com
# kubectl apply -f ./backups/backup-pbs-cronjob.yaml -n git-limbosolutions-com
# kubectl apply -f ./backups/backup-borg-offsite-cronjob.yaml -n git-limbosolutions-com

0
deploy-scripts/apply.sh
View File

2
deploy/app/cronjobs/backups/.env.d/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
**
!.gitignore

10
manifests/app/cronjobs/backups/backup-borg-offsite-cronjob.yaml → deploy/app/cronjobs/backups/backup-borg-offsite-cronjob.yaml
View File

@@ -54,20 +54,20 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-backup-secret name: gitea-backup-secret
key: borg_repo key: BORG_REPO
- name: BORG_PASSPHRASE - name: BORG_PASSPHRASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-backup-secret name: gitea-backup-secret
key: borg_passphrase key: BORG_PASSPHRASE
- name: OFFSITE_TARGET_FOLDER - name: OFFSITE_TARGET_FOLDER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-backup-secret name: gitea-backup-secret
key: offsite_target_folder key: OFFSITE_TARGET_FOLDER
- name: BORG_RSH - name: BORG_RSH
@@ -126,12 +126,12 @@ spec:
- name: gitea-backup-secret - name: gitea-backup-secret
mountPath: /root/.ssh/id_rsa mountPath: /root/.ssh/id_rsa
subPath: ssh_id_rsa subPath: SSH_ID_RSA
readOnly: true readOnly: true
- name: gitea-backup-secret - name: gitea-backup-secret
mountPath: /app/borg/key mountPath: /app/borg/key
subPath: borg_key subPath: BORG_KEY
volumes: volumes:

4
manifests/app/cronjobs/backups/backup-pbs-cronjob.yaml → deploy/app/cronjobs/backups/backup-pbs-cronjob.yaml
View File

@@ -57,12 +57,12 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-backup-secret name: gitea-backup-secret
key: pbs_password key: PBS_PASSWORD
- name: PBS_FINGERPRINT - name: PBS_FINGERPRINT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-backup-secret name: gitea-backup-secret
key: pbs_fingerprint key: PBS_FINGERPRINT
command: ["bash", "-c"] command: ["bash", "-c"]
args: args:

17
deploy/app/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cronjobs/backups/backup-borg-offsite-cronjob.yaml
- cronjobs/backups/backup-pbs-cronjob.yaml
secretGenerator:
- name: gitea-backup-secret
namespace: git-limbosolutions-com
envs:
- cronjobs/backups/.env.d/secrets
files:
- BORG_KEY=cronjobs/backups/.env.d/borg_key
- SSH_ID_RSA=cronjobs/backups/.env.d/id_rsa
generatorOptions:
disableNameSuffixHash: true

3
deploy/apply-all.sh Executable file
View File

@@ -0,0 +1,3 @@
#/bin/bash
deploy/apply-infra.sh
deploy/apply-app.sh

2
deploy/apply-app.sh Executable file
View File

@@ -0,0 +1,2 @@
#/bin/bash
kubectl kustomize deploy/app | kubectl apply -f -

5
deploy-scripts/apply-infra.sh → deploy/apply-infra.sh
View File

@@ -1,12 +1,11 @@
kubectl apply -f manifests/infra/namespace.yaml #/bin/bash
kubectl kustomize deploy/infra | kubectl apply -f -
helm repo add gitea-charts https://dl.gitea.com/charts/ helm repo add gitea-charts https://dl.gitea.com/charts/
helm repo update helm repo update
helm upgrade --install gitea gitea-charts/gitea \ helm upgrade --install gitea gitea-charts/gitea \
--values helm/values.yaml \ --values helm/values.yaml \
--values helm/values.private.yaml \ --values helm/values.private.yaml \
--namespace=git-limbosolutions-com --namespace=git-limbosolutions-com
kubectl apply -f manifests/infra/ssh-ingress.yaml

7
deploy/infra/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- ssh-ingress.yaml

0
manifests/infra/namespace.yaml → deploy/infra/namespace.yaml
View File

0
manifests/infra/ssh-ingress.yaml → deploy/infra/ssh-ingress.yaml
View File

0
manifests/app/borgbackup-sidekick.yaml → deploy/utils/borgbackup-sidekick.yaml
View File

2
docs/backups.md
View File

@@ -3,7 +3,7 @@
**Create borgbackup-sidekick pod:** **Create borgbackup-sidekick pod:**
```bash ```bash
kubectl apply -f manifests/borgbackup-sidekick.yaml kubectl apply -f deploy/utils/borgbackup-sidekick.yaml
``` ```
**Remove borgbackup-sidekick pod:** **Remove borgbackup-sidekick pod:**

16
manifests/app/cronjobs/backups/secrets.template.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-backup-secret
namespace: git-limbosolutions-com
type: Opaque
data:
pbs_repository: ${PBS_REPOSITORY}
pbs_password: ${PBS_PASSWORD}
pbs_fingerprint: ${PBS_FINGERPRINT}
borg_repo: ${BORG_REPO}
borg_passphrase: ${BORG_PASSPHRASE}
offsite_target_folder: ${OFFSITE_TARGET_FOLDER}
ssh_id_rsa: ${SSH_ID_RSA}
borg_key: ${BORG_KEY}