start using kubernetes Kustomization, prep for continuous deploy

.gitignore

@@ -2,5 +2,4 @@ tmp
 **.env
 **.private.**
 **.local.**
-.kube/**
-kb
+.kube/**

deploy-scripts/apply-app.sh

@@ -1,14 +0,0 @@
-# set -a
-# source ./backups/.env
-# set +a
-# envsubst < ./backups/backup-secrets.yaml | kubectl apply -n git-limbosolutions-com -f -
-
-# SSH_ID_RSA=$(echo -n "$SSH_ID_RSA" | base64 -w 0)
-# BORG_KEY=$(echo -n "$BORG_KEY" | base64 -w 0)
-
-# kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"ssh_id_rsa\":\"$SSH_ID_RSA\"}}" -n git-limbosolutions-com 
-# kubectl patch secret gitea-backup-secret --patch "{\"data\":{\"borg_key\":\"$BORG_KEY\"}}" -n git-limbosolutions-com
-
-
-# kubectl apply -f ./backups/backup-pbs-cronjob.yaml -n git-limbosolutions-com
-# kubectl apply -f ./backups/backup-borg-offsite-cronjob.yaml  -n git-limbosolutions-com

deploy/app/cronjobs/backups/.env.d/.gitignore

@@ -0,0 +1,2 @@
+**
+!.gitignore

deploy/app/cronjobs/backups/backup-borg-offsite-cronjob.yaml

@@ -54,20 +54,20 @@ spec:
                   valueFrom:
                     secretKeyRef:
                       name: gitea-backup-secret
-                      key: borg_repo
+                      key: BORG_REPO
 
                 - name: BORG_PASSPHRASE
                   valueFrom:
                     secretKeyRef:
                       name: gitea-backup-secret
-                      key: borg_passphrase
+                      key: BORG_PASSPHRASE
 
           
                 - name: OFFSITE_TARGET_FOLDER
                   valueFrom:
                     secretKeyRef:
                       name: gitea-backup-secret
-                      key: offsite_target_folder
+                      key: OFFSITE_TARGET_FOLDER
 
 
                 - name: BORG_RSH
@@ -126,12 +126,12 @@ spec:
               
                 - name: gitea-backup-secret
                   mountPath: /root/.ssh/id_rsa
-                  subPath: ssh_id_rsa
+                  subPath: SSH_ID_RSA
                   readOnly: true
 
                 - name: gitea-backup-secret
                   mountPath: /app/borg/key
-                  subPath: borg_key
+                  subPath: BORG_KEY
 
           volumes:
 

deploy/app/cronjobs/backups/backup-pbs-cronjob.yaml

@@ -57,12 +57,12 @@ spec:
                   valueFrom:
                     secretKeyRef:
                       name: gitea-backup-secret
-                      key: pbs_password
+                      key: PBS_PASSWORD
                 - name: PBS_FINGERPRINT
                   valueFrom:
                     secretKeyRef:
                       name: gitea-backup-secret
-                      key: pbs_fingerprint
+                      key: PBS_FINGERPRINT
 
               command: ["bash", "-c"]
               args:

deploy/app/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cronjobs/backups/backup-borg-offsite-cronjob.yaml
+  - cronjobs/backups/backup-pbs-cronjob.yaml
+
+secretGenerator:
+- name: gitea-backup-secret
+  namespace: git-limbosolutions-com
+  envs:
+    - cronjobs/backups/.env.d/secrets
+  files:
+    - BORG_KEY=cronjobs/backups/.env.d/borg_key
+    - SSH_ID_RSA=cronjobs/backups/.env.d/id_rsa
+    
+generatorOptions:
+  disableNameSuffixHash: true

deploy/apply-all.sh

@@ -0,0 +1,3 @@
+#/bin/bash
+deploy/apply-infra.sh
+deploy/apply-app.sh

deploy/apply-app.sh

@@ -0,0 +1,2 @@
+#/bin/bash
+kubectl kustomize deploy/app | kubectl apply -f -

deploy/apply-infra.sh

@@ -1,12 +1,11 @@
-kubectl apply -f manifests/infra/namespace.yaml
+#/bin/bash
 
+kubectl kustomize deploy/infra | kubectl apply -f -
 
 helm repo add gitea-charts https://dl.gitea.com/charts/
 helm repo update
-
 helm upgrade --install gitea gitea-charts/gitea \
 --values helm/values.yaml \
 --values helm/values.private.yaml \
 --namespace=git-limbosolutions-com
 
-kubectl apply -f manifests/infra/ssh-ingress.yaml

deploy/infra/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - ssh-ingress.yaml
+
+

docs/backups.md

@@ -3,7 +3,7 @@
 **Create borgbackup-sidekick pod:**
 
 ```bash
-kubectl apply -f manifests/borgbackup-sidekick.yaml
+kubectl apply -f deploy/utils/borgbackup-sidekick.yaml
 ```
 
 **Remove borgbackup-sidekick pod:**

manifests/app/cronjobs/backups/secrets.template.yaml

@@ -1,16 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitea-backup-secret
-  namespace: git-limbosolutions-com
-type: Opaque
-data:
-  pbs_repository: ${PBS_REPOSITORY}
-  pbs_password: ${PBS_PASSWORD}
-  pbs_fingerprint: ${PBS_FINGERPRINT}
-  borg_repo: ${BORG_REPO}
-  borg_passphrase: ${BORG_PASSPHRASE}
-  offsite_target_folder: ${OFFSITE_TARGET_FOLDER}
-  ssh_id_rsa: ${SSH_ID_RSA}
-  borg_key: ${BORG_KEY}