feat(db): Add backup and refine ingress

This commit is contained in:
Tanguy Herbron 2024-12-19 11:12:02 +01:00
parent dd74c00888
commit b3484f22f1
7 changed files with 69 additions and 49 deletions

View File

@ -0,0 +1,10 @@
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: vaultwarden-db-backup
namespace: vaultwarden
spec:
schedule: "0 0 0 * * *"
backupOwnerReference: self
cluster:
name: vaultwarden-db

View File

@ -5,11 +5,11 @@ metadata:
namespace: vaultwarden namespace: vaultwarden
spec: spec:
instances: 2 instances: 3
storage: storage:
size: 1Gi size: 1Gi
storageClass: redundant-storage-class storageClass: local-path
bootstrap: bootstrap:
initdb: initdb:
@ -22,6 +22,24 @@ spec:
pg_hba: pg_hba:
- host all all all md5 - host all all all md5
backup:
barmanObjectStore:
destinationPath: "s3://halis/cloudnativepg"
endpointURL: https://s3.halia.dev
s3Credentials:
accessKeyId:
name: s3-secret
key: AWS_ACCESS_KEY_ID
secretAccessKey:
name: s3-secret
key: AWS_SECRET_ACCESS_KEY
region:
name: s3-secret
key: AWS_REGION
wal:
compression: gzip
maxParallel: 8
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@ -30,23 +48,5 @@ spec:
cpu: 500m cpu: 500m
memory: 500Mi memory: 500Mi
backup: monitoring:
barmanObjectStore: enablePodMonitor: true
destinationPath: s3://cluster-example-full-backup
endpointURL: http://10.10.0.32:9000
s3Credentials:
accessKeyId:
name: backup-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: backup-creds
key: ACCESS_SECRET_KEY
region:
name: backup-creds
key: REGION
wal:
compression: gzip
data:
compression: gzip
jobs: 2
retentionPolicy: "30d"

View File

@ -4,7 +4,7 @@ metadata:
name: vaultwarden name: vaultwarden
namespace: vaultwarden namespace: vaultwarden
spec: spec:
replicas: 2 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: vaultwarden app: vaultwarden
@ -17,7 +17,7 @@ spec:
subdomain: vaultwarden subdomain: vaultwarden
containers: containers:
- name: vaultwarden - name: vaultwarden
image: vaultwarden/server image: vaultwarden/server:1.32.6
ports: ports:
- containerPort: 80 - containerPort: 80
env: env:
@ -35,7 +35,10 @@ spec:
secretKeyRef: secretKeyRef:
name: vaultwarden-admin name: vaultwarden-admin
key: token key: token
volumeMounts:
- mountPath: "/data"
name: vaultwarden-data
volumes: volumes:
- name: vaultwarden-pv - name: vaultwarden-data
hostPath: persistentVolumeClaim:
path: "/mnt/vaultwarden" claimName: vaultwarden-pvc

View File

@ -1,23 +1,26 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: vaultwarden-ingress name: vaultwarden-ingress
namespace: vaultwarden namespace: vaultwarden
annotations: annotations:
kubernetes.io/ingress.class: "traefik" cert-manager.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx-external
acme.cert-manager.io/http01-edit-in-place: "true"
spec: spec:
tls: tls:
- secretName: vaultwarden-beta-tls - hosts:
hosts: - bitwarden.halis.io
- bitwarden.beta.halia.dev secretName: bitwarden-halis-io-tls
rules: ingressClassName: nginx-external
- host: bitwarden.beta.halia.dev rules:
http: - host: bitwarden.halis.io
paths: http:
- path: / paths:
pathType: Prefix - path: /
backend: pathType: Prefix
service: backend:
name: vaultwarden-svc service:
port: name: vaultwarden-svc
number: 80 port:
number: 80

View File

@ -5,6 +5,7 @@ resources:
- namespace.yaml - namespace.yaml
- secrets.yaml - secrets.yaml
- database.yaml - database.yaml
- database-backup.yaml
- service.yaml - service.yaml
- ingress.yaml - ingress.yaml
- pvc.yaml - pvc.yaml

View File

@ -3,10 +3,13 @@ kind: PersistentVolumeClaim
metadata: metadata:
name: vaultwarden-pvc name: vaultwarden-pvc
namespace: vaultwarden namespace: vaultwarden
labels:
recurring-job.longhorn.io/source: enabled
recurring-job-group.longhorn.io/standard-pvc: enabled
spec: spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
storageClassName: redundant-storage-class
resources: resources:
requests: requests:
storage: 1Gi storage: 5Gi
storageClassName: redundant-storage-class

View File

@ -9,7 +9,7 @@ spec:
project: default project: default
source: source:
repoURL: https://git.halis.io/athens-school/k3s-secrets.git repoURL: https://git.halis.io/athens-school/k3s-secrets.git
targetRevision: dev targetRevision: prod-migration
path: vaultwarden path: vaultwarden
syncPolicy: syncPolicy:
automated: automated: