shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

⬆️ update go-tasks

Browse Source
This commit is contained in:
auricom
2023-09-24 17:51:58 +02:00
parent 46db2ef17d
commit d6b2bb0cc2
6 changed files with 99 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.github/renovate.json5 vendored
View File

@@ -26,26 +26,49 @@
"commitMessagePrefix": "⬆️", "commitMessagePrefix": "⬆️",
"ignorePaths": ["archive/**"], "ignorePaths": ["archive/**"],
"flux": { "flux": {
"fileMatch": ["kubernetes/.+\\.ya?ml$"] "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"]
}, },
"helm-values": { "helm-values": {
"fileMatch": ["kubernetes/.+\\.ya?ml$"] "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"]
}, },
"kubernetes": { "kubernetes": {
"fileMatch": ["kubernetes/.+\\.ya?ml$"] "fileMatch": [
"(^|/)\\.taskfiles/.+\\.ya?ml(\\.j2)?$",
"(^|/)ansible/.+\\.ya?ml(\\.j2)?$",
"(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
]
}, },
"regexManagers": [ "regexManagers": [
{ {
"description": "Process custom dependencies", "description": "Process custom dependencies",
"fileMatch": [ "fileMatch": [
"ansible/.+\\.ya?ml$", "(^|/)ansible/.+\\.ya?ml(\\.j2)?$",
"kubernetes/.+\\.ya?ml$" "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
], ],
"matchStrings": [ "matchStrings": [
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?\"(?<currentValue>.*)\"\n" // Example: `k3s_release_version: "v1.27.3+k3s1"`
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?\"(?<currentValue>.*)\"\n",
// Example: `- https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml`
// `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/install.yaml`
// `- https://github.com/argoproj/argo-cd/raw/v2.7.10/manifests/ha/install.yaml`
// `- https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/21.1.1/kubernetes/kubernetes.yml`
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?-\\s(.*?)\/(?<currentValue>(v|\\d)[^/]+)\/\\S+\n",
// Example: apiVersion=helm.cattle.io/v1 kind=HelmChart
"datasource=(?<datasource>\\S+)\n.*?repo: (?<registryUrl>\\S+)\n.*?chart: (?<depName>\\S+)\n.*?version: (?<currentValue>\\S+)\n"
], ],
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
},
{
"description": "Process CloudnativePG Postgresql version",
"fileMatch": [
"(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
],
"matchStrings": [
"imageName: (?<depName>\\S+):(?<currentValue>.*\\-.*)"
],
"datasourceTemplate": "docker",
"versioningTemplate": "redhat"
} }
], ],
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",

2
.taskfiles/VolSync/ListJob.tmpl.yaml
View File

@@ -12,7 +12,7 @@ spec:
restartPolicy: OnFailure restartPolicy: OnFailure
containers: containers:
- name: list - name: list
image: docker.io/restic/restic:0.14.0 image: docker.io/restic/restic:0.16.0
args: ["snapshots"] args: ["snapshots"]
envFrom: envFrom:
- secretRef: - secretRef:

13
.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
View File

@@ -11,10 +11,21 @@ spec:
repository: "${rsrc}-restic-secret" repository: "${rsrc}-restic-secret"
destinationPVC: "${claim}" destinationPVC: "${claim}"
copyMethod: Direct copyMethod: Direct
storageClassName: rook-ceph-block
# IMPORTANT NOTE:
# Set to the last X number of snapshots to restore from
previous: ${previous}
# OR;
# IMPORTANT NOTE: # IMPORTANT NOTE:
# On bootstrap set `restoreAsOf` to the time the old cluster was destroyed. # On bootstrap set `restoreAsOf` to the time the old cluster was destroyed.
# This will essentially prevent volsync from trying to restore a backup # This will essentially prevent volsync from trying to restore a backup
# from a application that started with default data in the PVC. # from a application that started with default data in the PVC.
# Do not restore snapshots made after the following RFC3339 Timestamp. # Do not restore snapshots made after the following RFC3339 Timestamp.
# date --rfc-3339=seconds (--utc) # date --rfc-3339=seconds (--utc)
# restoreAsOf: "2022-12-27T01:00:00-05:00" # restoreAsOf: "2022-12-10T16:00:00-05:00"
#
# MIGHT BE NEEDED
# moverSecurityContext:
# runAsUser: 568
# runAsGroup: 568
# fsGroup: 568

50
.taskfiles/VolSync/Tasks.yml
View File

@@ -8,21 +8,23 @@ x-task-vars: &task-vars
claim: '{{.claim}}' claim: '{{.claim}}'
ts: '{{.ts}}' ts: '{{.ts}}'
kustomization: '{{.kustomization}}' kustomization: '{{.kustomization}}'
previous: '{{.previous}}'
vars: vars:
destinationTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml" destinationTemplate: "{{.ROOT_DIR}}/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml"
wipeJobTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/WipeJob.tmpl.yaml" wipeJobTemplate: "{{.ROOT_DIR}}/.taskfiles/VolSync/WipeJob.tmpl.yaml"
waitForJobScript: "{{.PROJECT_DIR}}/.taskfiles/VolSync/wait-for-job.sh" waitForJobScript: "{{.ROOT_DIR}}/.taskfiles/VolSync/wait-for-job.sh"
listJobTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/ListJob.tmpl.yaml" listJobTemplate: "{{.ROOT_DIR}}/.taskfiles/VolSync/ListJob.tmpl.yaml"
unlockJobTemplate: "{{.ROOT_DIR}}/.taskfiles/VolSync/UnlockJob.tmpl.yaml"
ts: '{{now | date "150405"}}' ts: '{{now | date "150405"}}'
tasks: tasks:
list: list:
desc: List all snapshots taken by restic for a given ReplicationSource (ex. task vs:list rsrc=plex [namespace=default]) desc: List all snapshots taken by restic for a given ReplicationSource (ex. task volsync:list rsrc=plex [namespace=default])
silent: true silent: true
cmds: cmds:
- envsubst < {{.listJobTemplate}} | kubectl apply -f - - envsubst < <(cat {{.listJobTemplate}}) | kubectl apply -f -
- bash {{.waitForJobScript}} list-{{.rsrc}}-{{.ts}} {{.namespace}} - bash {{.waitForJobScript}} list-{{.rsrc}}-{{.ts}} {{.namespace}}
- kubectl -n {{.namespace}} wait job/list-{{.rsrc}}-{{.ts}} --for condition=complete --timeout=1m - kubectl -n {{.namespace}} wait job/list-{{.rsrc}}-{{.ts}} --for condition=complete --timeout=1m
- kubectl -n {{.namespace}} logs job/list-{{.rsrc}}-{{.ts}} --container list - kubectl -n {{.namespace}} logs job/list-{{.rsrc}}-{{.ts}} --container list
@@ -35,16 +37,34 @@ tasks:
- sh: test -f {{.waitForJobScript}} - sh: test -f {{.waitForJobScript}}
- sh: test -f {{.listJobTemplate}} - sh: test -f {{.listJobTemplate}}
unlock:
desc: Unlocks restic repository for a given ReplicationSource (ex. task volsync:unlock rsrc=plex [namespace=default])
silent: true
cmds:
- envsubst < <(cat {{.unlockJobTemplate}}) | kubectl apply -f -
- bash {{.waitForJobScript}} unlock-{{.rsrc}}-{{.ts}} {{.namespace}}
- kubectl -n {{.namespace}} wait job/unlock-{{.rsrc}}-{{.ts}} --for condition=complete --timeout=1m
- kubectl -n {{.namespace}} logs job/unlock-{{.rsrc}}-{{.ts}} --container unlock
- kubectl -n {{.namespace}} delete job unlock-{{.rsrc}}-{{.ts}}
vars:
rsrc: '{{ or .rsrc (fail "ReplicationSource `rsrc` is required") }}'
namespace: '{{.namespace | default "default"}}'
env: *task-vars
preconditions:
- sh: test -f {{.waitForJobScript}}
- sh: test -f {{.unlockJobTemplate}}
# To run backup jobs in parallel for all replicationsources: # To run backup jobs in parallel for all replicationsources:
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task vs:snapshot rsrc=$0 namespace=$1' # - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:snapshot rsrc=$0 namespace=$1'
# #
snapshot: snapshot:
desc: Trigger a Restic ReplicationSource snapshot (ex. task vs:snapshot rsrc=plex [namespace=default]) desc: Trigger a Restic ReplicationSource snapshot (ex. task volsync:snapshot rsrc=plex [namespace=default])
cmds: cmds:
- kubectl -n {{.namespace}} patch replicationsources {{.rsrc}} --type merge -p '{"spec":{"trigger":{"manual":"{{.ts}}"}}}' - kubectl -n {{.namespace}} patch replicationsources {{.rsrc}} --type merge -p '{"spec":{"trigger":{"manual":"{{.ts}}"}}}'
- bash {{.waitForJobScript}} volsync-src-{{.rsrc}} {{.namespace}} - bash {{.waitForJobScript}} volsync-src-{{.rsrc}} {{.namespace}}
- kubectl -n {{.namespace}} wait job/volsync-src-{{.rsrc}} --for condition=complete --timeout=120m - kubectl -n {{.namespace}} wait job/volsync-src-{{.rsrc}} --for condition=complete --timeout=120m
# TODO: Error from server (NotFound): jobs.batch "volsync-src-zzztest" not found # TODO: Find a way to output logs
# Error from server (NotFound): jobs.batch "volsync-src-zzztest" not found
# - kubectl -n {{.namespace}} logs job/volsync-src-{{.rsrc}} # - kubectl -n {{.namespace}} logs job/volsync-src-{{.rsrc}}
vars: vars:
rsrc: '{{ or .rsrc (fail "ReplicationSource `rsrc` is required") }}' rsrc: '{{ or .rsrc (fail "ReplicationSource `rsrc` is required") }}'
@@ -56,10 +76,10 @@ tasks:
msg: "ReplicationSource '{{.rsrc}}' not found in namespace '{{.namespace}}'" msg: "ReplicationSource '{{.rsrc}}' not found in namespace '{{.namespace}}'"
# To run restore jobs in parallel for all replicationdestinations: # To run restore jobs in parallel for all replicationdestinations:
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task vs:restore rsrc=$0 namespace=$1' # - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=2 -l bash -c 'task volsync:restore rsrc=$0 namespace=$1'
# #
restore: restore:
desc: Trigger a Restic ReplicationSource restore (ex. task vs:restore rsrc=plex [namespace=default]) desc: Trigger a Restic ReplicationSource restore (ex. task volsync:restore rsrc=plex [namespace=default])
cmds: cmds:
- task: restore-suspend-app - task: restore-suspend-app
vars: *task-vars vars: *task-vars
@@ -86,10 +106,12 @@ tasks:
controller: controller:
sh: | sh: |
app=$(kubectl -n {{.namespace}} get persistentvolumeclaim {{.claim}} -o jsonpath="{.metadata.labels.app\.kubernetes\.io/name}") app=$(kubectl -n {{.namespace}} get persistentvolumeclaim {{.claim}} -o jsonpath="{.metadata.labels.app\.kubernetes\.io/name}")
if [[ $(kubectl -n {{.namespace}} get deployment ${app}) ]]; then if kubectl -n {{ .namespace }} get deployment.apps/$app >/dev/null 2>&1 ; then
echo "deployments.apps/$app" && exit 0 echo "deployment.apps/$app"
else
echo "statefulset.apps/$app"
fi fi
echo "statefulsets.apps/$app" previous: "{{.previous | default 2}}"
env: *task-vars env: *task-vars
preconditions: preconditions:
- sh: test -f {{.wipeJobTemplate}} - sh: test -f {{.wipeJobTemplate}}

19
.taskfiles/VolSync/UnlockJob.tmpl.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: "unlock-${rsrc}-${ts}"
namespace: "${namespace}"
spec:
ttlSecondsAfterFinished: 3600
template:
spec:
automountServiceAccountToken: false
restartPolicy: OnFailure
containers:
- name: unlock
image: docker.io/restic/restic:0.16.0
args: ["unlock", "--remove-all"]
envFrom:
- secretRef:
name: "${rsrc}-restic-secret"

4
.taskfiles/VolSync/WipeJob.tmpl.yaml
View File

@@ -12,8 +12,8 @@ spec:
restartPolicy: OnFailure restartPolicy: OnFailure
containers: containers:
- name: wipe - name: wipe
image: ghcr.io/onedr0p/alpine:3.17.0@sha256:8e1eb13c3ca5c038f3bf22a5fe9e354867f97f98a78027c44b7c76fce81fa61d image: public.ecr.aws/docker/library/busybox:latest
command: ["/bin/bash", "-c", "cd /config; find . -delete"] command: ["/bin/sh", "-c", "cd /config; find . -delete"]
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /config mountPath: /config