Skip to content

WIP: Move backup deployment to nerc-shift-1 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aabaris wants to merge 1 commit into
base: main
Choose a base branch
from
Open

WIP: Move backup deployment to nerc-shift-1 #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions k8s/base/openstack-api-backup-cron.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,21 @@ spec:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
runAsNonRoot: true
seccompProfileProfile:
type: RuntimeDefault
containers:
- name: openstack-api-backup
image: ghcr.io/nerc-project/openstack-api-backup:main
imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: HOME
value: '/tmp'
Expand Down
9 changes: 9 additions & 0 deletions k8s/overlays/nerc-shift-1/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
namespace: default
resources:
- ../../base
- secrets
- pvc.yaml

patchesStrategicMerge:
- patches/patch-openstack-api-backup-cron.yaml
53 changes: 53 additions & 0 deletions k8s/overlays/nerc-shift-1/patches/patch-openstack-api-backup-cron.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: openstack-api-backup
namespace: openstack-api-backup
spec:
schedule: 4 * * * *
jobTemplate:
spec:
template:
spec:
containers:
- name: openstack-api-backup
env:
- name: S3_ENDPOINT
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: s3_endpoint
- name: S3_BUCKET_URI
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: s3_bucket_uri
- name: BACKUP_ROTATE
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: backup_rotate
- name: OS_AUTH_TYPE
value: v3applicationcredential
- name: OS_AUTH_URL
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: os_auth_url
- name: OS_APPLICATION_CREDENTIAL_ID
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: os_application_credential_id
- name: OS_APPLICATION_CREDENTIAL_SECRET
valueFrom:
$path: replace
secretKeyRef:
name: openstack-api-backup
key: os_application_credential_secret
11 changes: 11 additions & 0 deletions k8s/overlays/nerc-shift-1/pvc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openstack-api-backup
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
3 changes: 3 additions & 0 deletions k8s/overlays/nerc-shift-1/secrets/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
resources:
- openstack-api-backup.yaml
42 changes: 42 additions & 0 deletions k8s/overlays/nerc-shift-1/secrets/openstack-api-backup.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: openstack-api-backup
namespace: openstack-api-backup
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: openstack-api-backup
data:
- secretKey: aws_credentials
remoteRef:
key: accounts/holecs
property: awscli_credentials
- secretKey: backup_rotate
remoteRef:
key: openstack-api-backup/config
property: backup_rotate
- secretKey: s3_endpoint
remoteRef:
key: openstack-api-backup/config
property: s3_endpoint
- secretKey: s3_bucket_uri
remoteRef:
key: openstack-api-backup/config
property: s3_bucket_uri
- secretKey: os_auth_url
remoteRef:
key: openstack-api-backup/config
property: os_auth_url
- secretKey: os_application_credential_id
remoteRef:
key: openstack-api-backup/config
property: os_application_credential_id
- secretKey: os_application_credential_secret
remoteRef:
key: openstack-api-backup/config
property: os_application_credential_secret
9 changes: 9 additions & 0 deletions k8s/overlays/ocp-aa-test/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
namespace: openstack-api-backup
resources:
- ../../base
- secrets
- pvc.yaml

patchesStrategicMerge:
- patches/patch-openstack-api-backup-cron.yaml
52 changes: 52 additions & 0 deletions k8s/overlays/ocp-aa-test/patches/patch-openstack-api-backup-cron.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: openstack-api-backup
namespace: openstack-api-backup
spec:
jobTemplate:
spec:
template:
spec:
containers:
- name: openstack-api-backup
env:
- name: S3_ENDPOINT
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: s3_endpoint
- name: S3_BUCKET_URI
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: s3_bucket_uri
- name: BACKUP_ROTATE
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: backup_rotate
- name: OS_AUTH_TYPE
value: v3applicationcredential
- name: OS_AUTH_URL
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: os_auth_url
- name: OS_APPLICATION_CREDENTIAL_ID
valueFrom:
$patch: replace
secretKeyRef:
name: openstack-api-backup
key: os_application_credential_id
- name: OS_APPLICATION_CREDENTIAL_SECRET
valueFrom:
$path: replace
secretKeyRef:
name: openstack-api-backup
key: os_application_credential_secret
11 changes: 11 additions & 0 deletions k8s/overlays/ocp-aa-test/pvc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openstack-api-backup
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
3 changes: 3 additions & 0 deletions k8s/overlays/ocp-aa-test/secrets/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
resources:
- openstack-api-backup.yaml
42 changes: 42 additions & 0 deletions k8s/overlays/ocp-aa-test/secrets/openstack-api-backup.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: openstack-api-backup
namespace: openstack-api-backup
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: openstack-api-backup
data:
- secretKey: aws_credentials
remoteRef:
key: accounts/holecs
property: awscli_credentials
- secretKey: backup_rotate
remoteRef:
key: openstack-api-backup/config
property: backup_rotate
- secretKey: s3_endpoint
remoteRef:
key: openstack-api-backup/config
property: s3_endpoint
- secretKey: s3_bucket_uri
remoteRef:
key: openstack-api-backup/config
property: s3_bucket_uri
- secretKey: os_auth_url
remoteRef:
key: openstack-api-backup/config
property: os_auth_url
- secretKey: os_application_credential_id
remoteRef:
key: openstack-api-backup/config
property: os_application_credential_id
- secretKey: os_application_credential_secret
remoteRef:
key: openstack-api-backup/config
property: os_application_credential_secret
Loading