jleechpe/k3s
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add pg_dumpall backup and core services

Browse source 
Services are non-kustomize so will likely be rebuilt in the future
This commit is contained in:
JLP 2025-02-20 20:28:36 -05:00
parent 78ecd63c50
commit e97111a775
No known key found for this signature in database
GPG key ID: 414E00D1FF7519DC
8 changed files with 391 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
namespaces/core/backup-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: backup-pvc
namespace: core
spec:
storageClassName: longhorn-private
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi

7
namespaces/core/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
homelab-access: "true"
name: core

51
namespaces/core/pgdump/kustomization.yaml Normal file
View file

@ -0,0 +1,51 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: core
unsetOnly: true
namePrefix: pgdump-
resources:
- ../../../kustomize/backups/
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: pgdump
- pairs:
app.kubernetes.io/appNamespace: core
configMapGenerator:
- name: config
literals:
- HEALTHCHECK_BASE_URL="https://healthchecks.leechpepin.com"
- HEALTHCHECK_ID="ping/7iBSS9akyokIWq-sbfEjHQ/pgdump"
- ROTATE_PREFIX="pgdump"
- BACKUP_COMMAND="pg_dumpall -U postgres -h postgres.core -p 5432"
patches:
- path: patches/batch.yaml
target:
kind: CronJob
name: backup
replacements:
- source:
kind: CronJob
name: backup
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: CronJob
name: backup
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.jobTemplate.spec.template.spec.containers.0.envFrom.0.configMapRef.name

13
namespaces/core/pgdump/patches/batch.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: cimg/postgres:17.3

108
namespaces/core/postgres.yaml Normal file
View file

@ -0,0 +1,108 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
namespace: core
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
name: postgres
template:
metadata:
labels:
name: postgres
spec:
restartPolicy: Always
containers:
- name: postgres
image: postgres:17
ports:
- name: http
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-data
subPath: "data"
env:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: ROOT_PASSWORD
name: postgres-secrets
startupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
volumeClaimTemplates:
- metadata:
name: postgres-data
annotations:
name: postgres-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: core
spec:
type: ClusterIP
selector:
name: postgres
ports:
- port: 5432
name: http
targetPort: http
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: postgres
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: postgres
kind: Gateway
namespace: homelab
# hostnames:
# - postgres.leechpepin.local
rules:
# - matches:
# - path:
# type: PathPrefix
# value: /
- backendRefs:
- name: postgres
namespace: core
port: 5432

82
namespaces/core/redis.yaml Normal file
View file

@ -0,0 +1,82 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: core
spec:
serviceName: redis
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
labels:
name: redis
spec:
restartPolicy: Always
containers:
- name: redis
image: redis:latest
ports:
- name: http
containerPort: 6379
protocol: TCP
volumeMounts:
- mountPath: /data
name: redis-data
subPath: "data"
volumeClaimTemplates:
- metadata:
name: redis-data
annotations:
name: redis-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 0.5Gi
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: core
spec:
type: ClusterIP
selector:
name: redis
ports:
- port: 6379
name: http
targetPort: http
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: redis
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: redis
kind: Gateway
namespace: homelab
hostnames:
- redis.leechpepin.local
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: redis
namespace: core
port: 6379

27
namespaces/core/secrets.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: core-postgres-secrets
namespace: infisical
labels:
label-to-be-passed-to-managed-secret: homelab
annotations:
example.com/annotation-to-be-passed-to-managed-secret: "homelab"
spec:
hostAPI: https://app.infisical.com/api
resyncInterval: 10
authentication:
# Universal Auth
universalAuth:
secretsScope:
projectSlug: homelab-n-f-yj
envSlug: prod
secretsPath: "/core/postgres" # Root is "/"
recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
credentialsRef:
secretName: universal-auth-credentials
secretNamespace: infisical
managedSecretReference:
secretName: postgres-secrets
secretNamespace: core
creationPolicy: "Orphan" ## Owner | Orphan

91
namespaces/core/syncthing.yaml Normal file
View file

@ -0,0 +1,91 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: syncthing
namespace: core
spec:
replicas: 1
selector:
matchLabels:
name: syncthing
template:
metadata:
labels:
name: syncthing
spec:
restartPolicy: Always
containers:
- name: syncthing
image: syncthing/syncthing:latest
ports:
- name: http
containerPort: 8384
protocol: TCP
volumeMounts:
- mountPath: /var/syncthing
name: syncthing-data
subPath: "data"
env:
- name: PUID
value: "976"
- name: PGID
value: "976"
volumes:
- name: syncthing-data
persistentVolumeClaim:
claimName: syncthing-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: syncthing-data
namespace: core
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: Service
metadata:
name: syncthing
namespace: core
spec:
type: ClusterIP
selector:
name: syncthing
ports:
- port: 8384
name: http
targetPort: http
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: syncthing
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: web
kind: Gateway
namespace: homelab
hostnames:
- syncthing.leechpepin.local
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: syncthing
namespace: core
port: 8384