From bdf36c81426053ff126dda665006f3617e82c6f2 Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Thu, 19 Dec 2024 18:23:00 +0100 Subject: [PATCH] feat(backup): Add on-demand backups and recovery file Also remove legacy ingress --- manifests/database-ondemande-backup.yaml | 8 ++++ manifests/database-recovery.yaml | 48 ++++++++++++++++++++++++ manifests/ingress.yaml | 13 ------- 3 files changed, 56 insertions(+), 13 deletions(-) create mode 100644 manifests/database-ondemande-backup.yaml create mode 100644 manifests/database-recovery.yaml diff --git a/manifests/database-ondemande-backup.yaml b/manifests/database-ondemande-backup.yaml new file mode 100644 index 0000000..f6dbc3f --- /dev/null +++ b/manifests/database-ondemande-backup.yaml @@ -0,0 +1,8 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Backup +metadata: + name: vaultwarden-db-ondemand-backup + namespace: vaultwarden +spec: + cluster: + name: vaultwarden-db diff --git a/manifests/database-recovery.yaml b/manifests/database-recovery.yaml new file mode 100644 index 0000000..9adb269 --- /dev/null +++ b/manifests/database-recovery.yaml @@ -0,0 +1,48 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: vaultwarden-db + namespace: vaultwarden + +spec: + instances: 3 + + storage: + size: 1Gi + storageClass: local-path + + bootstrap: + recovery: + source: vaultwarden-db + + postgresql: + pg_hba: + - host all all all md5 + + externalClusters: + - name: vaultwarden-db + barmanObjectStore: + serverName: vaultwarden-db + destinationPath: "s3://halis/cloudnativepg" + endpointURL: https://s3.halia.dev + s3Credentials: + accessKeyId: + name: s3-secret + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: s3-secret + key: AWS_SECRET_ACCESS_KEY + region: + name: s3-secret + key: AWS_REGION + wal: + compression: gzip + maxParallel: 8 + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml index 176a6df..1b74f29 100644 --- a/manifests/ingress.yaml +++ b/manifests/ingress.yaml @@ -12,9 +12,6 @@ spec: - hosts: - bitwarden.halis.io secretName: bitwarden-halis-io-tls - - hosts: - - bitwarden.halia.dev - secretName: bitwarden-halia-dev-tls ingressClassName: nginx-external rules: - host: bitwarden.halis.io @@ -27,13 +24,3 @@ spec: name: vaultwarden-svc port: number: 80 - - host: bitwarden.halia.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vaultwarden-svc - port: - number: 80