feat(db): Add backup and refine ingress
This commit is contained in:
parent
dd74c00888
commit
b3484f22f1
10
manifests/database-backup.yaml
Normal file
10
manifests/database-backup.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: postgresql.cnpg.io/v1
|
||||||
|
kind: ScheduledBackup
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden-db-backup
|
||||||
|
namespace: vaultwarden
|
||||||
|
spec:
|
||||||
|
schedule: "0 0 0 * * *"
|
||||||
|
backupOwnerReference: self
|
||||||
|
cluster:
|
||||||
|
name: vaultwarden-db
|
@ -5,11 +5,11 @@ metadata:
|
|||||||
namespace: vaultwarden
|
namespace: vaultwarden
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
instances: 2
|
instances: 3
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
size: 1Gi
|
size: 1Gi
|
||||||
storageClass: redundant-storage-class
|
storageClass: local-path
|
||||||
|
|
||||||
bootstrap:
|
bootstrap:
|
||||||
initdb:
|
initdb:
|
||||||
@ -22,6 +22,24 @@ spec:
|
|||||||
pg_hba:
|
pg_hba:
|
||||||
- host all all all md5
|
- host all all all md5
|
||||||
|
|
||||||
|
backup:
|
||||||
|
barmanObjectStore:
|
||||||
|
destinationPath: "s3://halis/cloudnativepg"
|
||||||
|
endpointURL: https://s3.halia.dev
|
||||||
|
s3Credentials:
|
||||||
|
accessKeyId:
|
||||||
|
name: s3-secret
|
||||||
|
key: AWS_ACCESS_KEY_ID
|
||||||
|
secretAccessKey:
|
||||||
|
name: s3-secret
|
||||||
|
key: AWS_SECRET_ACCESS_KEY
|
||||||
|
region:
|
||||||
|
name: s3-secret
|
||||||
|
key: AWS_REGION
|
||||||
|
wal:
|
||||||
|
compression: gzip
|
||||||
|
maxParallel: 8
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
@ -30,23 +48,5 @@ spec:
|
|||||||
cpu: 500m
|
cpu: 500m
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
|
|
||||||
backup:
|
monitoring:
|
||||||
barmanObjectStore:
|
enablePodMonitor: true
|
||||||
destinationPath: s3://cluster-example-full-backup
|
|
||||||
endpointURL: http://10.10.0.32:9000
|
|
||||||
s3Credentials:
|
|
||||||
accessKeyId:
|
|
||||||
name: backup-creds
|
|
||||||
key: ACCESS_KEY_ID
|
|
||||||
secretAccessKey:
|
|
||||||
name: backup-creds
|
|
||||||
key: ACCESS_SECRET_KEY
|
|
||||||
region:
|
|
||||||
name: backup-creds
|
|
||||||
key: REGION
|
|
||||||
wal:
|
|
||||||
compression: gzip
|
|
||||||
data:
|
|
||||||
compression: gzip
|
|
||||||
jobs: 2
|
|
||||||
retentionPolicy: "30d"
|
|
||||||
|
@ -4,7 +4,7 @@ metadata:
|
|||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
namespace: vaultwarden
|
namespace: vaultwarden
|
||||||
spec:
|
spec:
|
||||||
replicas: 2
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: vaultwarden
|
app: vaultwarden
|
||||||
@ -17,7 +17,7 @@ spec:
|
|||||||
subdomain: vaultwarden
|
subdomain: vaultwarden
|
||||||
containers:
|
containers:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
image: vaultwarden/server
|
image: vaultwarden/server:1.32.6
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
env:
|
env:
|
||||||
@ -35,7 +35,10 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: vaultwarden-admin
|
name: vaultwarden-admin
|
||||||
key: token
|
key: token
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: "/data"
|
||||||
|
name: vaultwarden-data
|
||||||
volumes:
|
volumes:
|
||||||
- name: vaultwarden-pv
|
- name: vaultwarden-data
|
||||||
hostPath:
|
persistentVolumeClaim:
|
||||||
path: "/mnt/vaultwarden"
|
claimName: vaultwarden-pvc
|
||||||
|
@ -1,23 +1,26 @@
|
|||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: vaultwarden-ingress
|
name: vaultwarden-ingress
|
||||||
namespace: vaultwarden
|
namespace: vaultwarden
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "traefik"
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
kubernetes.io/ingress.class: nginx-external
|
||||||
|
acme.cert-manager.io/http01-edit-in-place: "true"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- secretName: vaultwarden-beta-tls
|
- hosts:
|
||||||
hosts:
|
- bitwarden.halis.io
|
||||||
- bitwarden.beta.halia.dev
|
secretName: bitwarden-halis-io-tls
|
||||||
rules:
|
ingressClassName: nginx-external
|
||||||
- host: bitwarden.beta.halia.dev
|
rules:
|
||||||
http:
|
- host: bitwarden.halis.io
|
||||||
paths:
|
http:
|
||||||
- path: /
|
paths:
|
||||||
pathType: Prefix
|
- path: /
|
||||||
backend:
|
pathType: Prefix
|
||||||
service:
|
backend:
|
||||||
name: vaultwarden-svc
|
service:
|
||||||
port:
|
name: vaultwarden-svc
|
||||||
number: 80
|
port:
|
||||||
|
number: 80
|
||||||
|
@ -5,6 +5,7 @@ resources:
|
|||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- secrets.yaml
|
- secrets.yaml
|
||||||
- database.yaml
|
- database.yaml
|
||||||
|
- database-backup.yaml
|
||||||
- service.yaml
|
- service.yaml
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
- pvc.yaml
|
- pvc.yaml
|
||||||
|
@ -3,10 +3,13 @@ kind: PersistentVolumeClaim
|
|||||||
metadata:
|
metadata:
|
||||||
name: vaultwarden-pvc
|
name: vaultwarden-pvc
|
||||||
namespace: vaultwarden
|
namespace: vaultwarden
|
||||||
|
labels:
|
||||||
|
recurring-job.longhorn.io/source: enabled
|
||||||
|
recurring-job-group.longhorn.io/standard-pvc: enabled
|
||||||
spec:
|
spec:
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
storageClassName: redundant-storage-class
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 1Gi
|
storage: 5Gi
|
||||||
|
storageClassName: redundant-storage-class
|
||||||
|
@ -9,7 +9,7 @@ spec:
|
|||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
repoURL: https://git.halis.io/athens-school/k3s-secrets.git
|
repoURL: https://git.halis.io/athens-school/k3s-secrets.git
|
||||||
targetRevision: dev
|
targetRevision: prod-migration
|
||||||
path: vaultwarden
|
path: vaultwarden
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
automated:
|
automated:
|
||||||
|
Loading…
Reference in New Issue
Block a user