Nik Afiq
83f46c9748
feat(gitea): create PersistentVolume and PersistentVolumeClaim for Gitea feat(gitea): add script to create Gitea runner registration token secret feat(gitea): deploy Gitea Actions runner with Docker socket access feat(media): deploy JDownloader with Ingress configuration feat(media): set up Jellyfin media server with NFS and Ingress feat(media): configure qBittorrent deployment with Ingress feat(monitoring): add Grafana Loki datasource ConfigMap feat(monitoring): create Grafana admin credentials secret feat(monitoring): define PersistentVolumes for monitoring stack feat(network): implement DDNS CronJob for Porkbun DNS updates feat(network): create secret for Porkbun DDNS API credentials feat(network): set up Glances service and Ingress for Debian node fix(network): patch Pi-hole DNS services with external IPs feat(network): configure Traefik dashboard Ingress with Authentik auth feat(network): set up Watch Party service and Ingress for Mac Mini refactor(values): update Helm values files for various services
109 lines
3.0 KiB
YAML
109 lines
3.0 KiB
YAML
# Apply: kubectl apply -f manifests/gitea/gitea-backup.yaml
|
|
# Delete: kubectl delete -f manifests/gitea/gitea-backup.yaml
|
|
# Description: CronJob that backs up Gitea to NFS every 7 days, with RBAC and PV/PVC.
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: gitea-backup
|
|
namespace: gitea-backup
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: gitea-backup
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/exec"]
|
|
verbs: ["create"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: gitea-backup
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gitea-backup
|
|
namespace: gitea-backup
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: gitea-backup
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: gitea-backup
|
|
namespace: gitea-backup
|
|
spec:
|
|
schedule: "0 3 */7 * *"
|
|
successfulJobsHistoryLimit: 1
|
|
failedJobsHistoryLimit: 1
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: gitea-backup
|
|
restartPolicy: OnFailure
|
|
nodeSelector:
|
|
node-role: primary
|
|
containers:
|
|
- name: backup
|
|
image: bitnami/kubectl:latest
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
echo "Finding Gitea pod..."
|
|
GITEA_POD=$(kubectl get pod -n gitea -l app=gitea -o jsonpath='{.items[0].metadata.name}')
|
|
echo "Running gitea dump in pod $GITEA_POD..."
|
|
kubectl exec -n gitea $GITEA_POD -- rm -f /tmp/gitea-backup.zip
|
|
kubectl exec -n gitea $GITEA_POD -- gitea dump \
|
|
--config /data/gitea/conf/app.ini \
|
|
--file /tmp/gitea-backup.zip \
|
|
--type zip
|
|
echo "Copying backup to NFS..."
|
|
rm -f /backup/gitea-backup.zip
|
|
kubectl cp gitea/$GITEA_POD:/tmp/gitea-backup.zip /backup/gitea-backup.zip
|
|
echo "Cleaning up temp file..."
|
|
kubectl exec -n gitea $GITEA_POD -- rm /tmp/gitea-backup.zip
|
|
echo "Backup complete: /backup/gitea-backup.zip"
|
|
volumeMounts:
|
|
- name: backup
|
|
mountPath: /backup
|
|
volumes:
|
|
- name: backup
|
|
persistentVolumeClaim:
|
|
claimName: gitea-backup-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: gitea-backup-pv
|
|
spec:
|
|
capacity:
|
|
storage: 50Gi
|
|
accessModes:
|
|
- ReadWriteMany
|
|
nfs:
|
|
server: 192.168.7.183
|
|
path: /home/nik/backups/gitea
|
|
persistentVolumeReclaimPolicy: Retain
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: gitea-backup-pvc
|
|
namespace: gitea-backup
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 50Gi
|
|
volumeName: gitea-backup-pv
|
|
storageClassName: ""
|