diff --git a/infrastructure/docker-backup/image/resources/backup.sh b/infrastructure/docker-backup/image/resources/backup.sh index c28cf98..e2b9d07 100755 --- a/infrastructure/docker-backup/image/resources/backup.sh +++ b/infrastructure/docker-backup/image/resources/backup.sh @@ -15,7 +15,8 @@ function main() { backup-roles 'oc_' backup-db-dump - backup-directory '/var/backups/' +g touch "/var/tmpfile123" + backup-directory '/var/tmpfile123' end-maintenance.sh } diff --git a/nc.yaml b/nc.yaml new file mode 100644 index 0000000..9702451 --- /dev/null +++ b/nc.yaml @@ -0,0 +1,465 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-config + labels: + app: postgres +data: + postgres-db: postgres + postgresql.conf: | + max_connections = 700 + work_mem = 3MB + shared_buffers = 2048MB + +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgres-secret +type: Opaque +data: + postgres-user: bmV4dGNsb3Vk + postgres-password: bmV4dGNsb3VkLWRiLXBhc3N3b3Jk + +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: postgres-pv-volume + labels: + type: local +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + capacity: + storage: 10Gi + hostPath: + path: /var/postgres + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-claim + labels: + app: postgres +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgresql +spec: + selector: + matchLabels: + app: postgresql + strategy: + type: Recreate + template: + metadata: + labels: + app: postgresql + spec: + containers: + - image: postgres + name: postgresql + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: postgres-config + key: postgres-db + ports: + - containerPort: 5432 + name: postgresql + volumeMounts: + - name: postgres-config-volume + mountPath: /etc/postgresql/postgresql.conf + subPath: postgresql.conf + readOnly: true + - name: postgre-data-volume + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-config-volume + configMap: + name: postgres-config + - name: postgre-data-volume + persistentVolumeClaim: + claimName: postgres-claim + +--- +apiVersion: v1 +kind: Service +metadata: + name: postgresql-service +spec: + selector: + app: postgresql + ports: + - port: 5432 + +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: cloud-pv-volume + labels: + type: local + app.kubernetes.io/application: cloud +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + capacity: + storage: 200Gi + hostPath: + path: /var/cloud + +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloud-secret +type: Opaque +data: + nextcloud-admin-user: Y2xvdWRhZG1pbg== + nextcloud-admin-password: Y2xvdWRwYXNzd29yZA== + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: cloud-pvc + labels: + app.kubernetes.io/application: cloud +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + selector: + matchLabels: + app.kubernetes.io/application: cloud + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloud-deployment +spec: + selector: + matchLabels: + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud + redeploy: v3 + spec: + containers: + - image: domaindrivenarchitecture/c4k-cloud + name: cloud-app + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - PGPASSWORD=$POSTGRES_PASSWORD psql -h postgresql-service -U $POSTGRES_USER $POSTGRES_DB + initialDelaySeconds: 1 + periodSeconds: 5 + env: + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: cloud-secret + key: nextcloud-admin-user + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: cloud-secret + key: nextcloud-admin-password + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: cloudhost + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: postgres-config + key: postgres-db + - name: POSTGRES_HOST + value: postgresql-service:5432 + volumeMounts: + - name: cloud-data-volume + mountPath: /var/www/html + volumes: + - name: cloud-data-volume + persistentVolumeClaim: + claimName: cloud-pvc + +--- +apiVersion: v1 +kind: Service +metadata: + name: cloud-service + labels: + app.kubernetes.io/name: cloud-service + app.kubernetes.io/application: cloud +spec: + selector: + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud + ports: + - port: 80 + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cloud-cert + namespace: default +spec: + secretName: cloud-secret + commonName: cloudhost + dnsNames: + - cloudhost + issuerRef: + name: letsencrypt-staging-issuer + kind: ClusterIssuer + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-cloud + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging-issuer + nginx.ingress.kubernetes.io/proxy-body-size: 256m + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-connect-timeout: '300' + nginx.ingress.kubernetes.io/proxy-send-timeout: '300' + nginx.ingress.kubernetes.io/proxy-read-timeout: '300' + namespace: default +spec: + tls: + - hosts: + - cloudhost + secretName: cloud-secret + rules: + - host: cloudhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: cloud-service + port: + number: 80 + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: backup-config + labels: + app.kubernetes.io/name: backup + app.kubernetes.io/part-of: cloud +data: + restic-repository: s3://k3stesthost:mybucket + +--- +apiVersion: v1 +kind: Secret +metadata: + name: backup-secret +type: Opaque +data: + aws-access-key-id: YXdzLWlk + aws-secret-access-key: YXdzLXNlY3JldA== + restic-password: cmVzdGljLXBhc3N3b3Jk + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: cloud-backup + labels: + app.kubernetes.part-of: cloud +spec: + schedule: 10 23 * * * + successfulJobsHistoryLimit: 0 + failedJobsHistoryLimit: 0 + jobTemplate: + spec: + template: + spec: + containers: + - name: backup-app + image: domaindrivenarchitecture/c4k-cloud-backup + imagePullPolicy: IfNotPresent + command: + - /entrypoint.sh + env: + - name: POSTGRES_USER_FILE + value: /var/run/secrets/cloud-secrets/postgres-user + - name: POSTGRES_DB_FILE + value: /var/run/secrets/cloud-secrets/postgres-db + - name: POSTGRES_PASSWORD_FILE + value: /var/run/secrets/cloud-secrets/postgres-password + - name: POSTGRES_HOST + value: postgresql-service:5432 + - name: POSTGRES_SERVICE + value: postgresql-service + - name: POSTGRES_PORT + value: '5432' + - name: AWS_DEFAULT_REGION + value: eu-central-1 + - name: AWS_ACCESS_KEY_ID_FILE + value: /var/run/secrets/backup-secrets/aws-access-key-id + - name: AWS_SECRET_ACCESS_KEY_FILE + value: /var/run/secrets/backup-secrets/aws-secret-access-key + - name: RESTIC_REPOSITORY + valueFrom: + configMapKeyRef: + name: backup-config + key: restic-repository + - name: RESTIC_PASSWORD_FILE + value: /var/run/secrets/backup-secrets/restic-password + volumeMounts: + - name: cloud-data-volume + mountPath: /var/backups + - name: backup-secret-volume + mountPath: /var/run/secrets/backup-secrets + readOnly: true + - name: cloud-secret-volume + mountPath: /var/run/secrets/cloud-secrets + readOnly: true + volumes: + - name: cloud-data-volume + persistentVolumeClaim: + claimName: cloud-pvc + - name: cloud-secret-volume + secret: + secretName: cloud-secret + - name: backup-secret-volume + secret: + secretName: backup-secret + restartPolicy: OnFailure + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backup-restore +spec: + replicas: 0 + selector: + matchLabels: + app: backup-restore + strategy: + type: Recreate + template: + metadata: + labels: + app: backup-restore + app.kubernetes.io/name: backup-restore + app.kubernetes.io/part-of: cloud + spec: + containers: + - name: backup-app + image: domaindrivenarchitecture/c4k-cloud-backup + imagePullPolicy: IfNotPresent + command: + - /entrypoint-start-and-wait.sh + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: postgres-config + key: postgres-db + - name: POSTGRES_HOST + value: postgresql-service:5432 + - name: POSTGRES_SERVICE + value: postgresql-service + - name: POSTGRES_PORT + value: '5432' + - name: AWS_DEFAULT_REGION + value: eu-central-1 + - name: AWS_ACCESS_KEY_ID_FILE + value: /var/run/secrets/backup-secrets/aws-access-key-id + - name: AWS_SECRET_ACCESS_KEY_FILE + value: /var/run/secrets/backup-secrets/aws-secret-access-key + - name: RESTIC_REPOSITORY + valueFrom: + configMapKeyRef: + name: backup-config + key: restic-repository + - name: RESTIC_PASSWORD_FILE + value: /var/run/secrets/backup-secrets/restic-password + volumeMounts: + - name: cloud-data-volume + mountPath: /var/backups + - name: backup-secret-volume + mountPath: /var/run/secrets/backup-secrets + readOnly: true + - name: cloud-secret-volume + mountPath: /var/run/secrets/cloud-secrets + readOnly: true + volumes: + - name: cloud-data-volume + persistentVolumeClaim: + claimName: cloud-pvc + - name: cloud-secret-volume + secret: + secretName: cloud-secret + - name: backup-secret-volume + secret: + secretName: backup-secret + diff --git a/valid-config.edn b/valid-config.edn index 87ebb80..4d95c1c 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -1,5 +1,5 @@ -{:fqdn "cloud.test.meissa-gmbh.de" +{:fqdn "cloudhost" :issuer :staging :nextcloud-data-volume-path "/var/cloud" :postgres-data-volume-path "/var/postgres" - :restic-repository "s3:s3.amazonaws.com/your-bucket/your-folder"} \ No newline at end of file + :restic-repository "s3://k3stesthost:mybucket"} \ No newline at end of file