infrastructure/k8s-cluster
1
0
Fork 2
Code Issues 29 Pull requests 10 Projects Releases Packages Wiki Activity

forgejo-next: incremental backups for v8 #497

Closed
GhostPLACEHOLDER wants to merge 0 commits from refs/pull/62/head3de89061022b17684df7930b34d48854463413d0 into mainb7623d4bc2060d7314b1fa148acb2e859c9894df
pull from: refs/pull/62/head3de89061022b17684df7930b34d48854463413d0
merge into: infrastructure:mainb7623d4bc2060d7314b1fa148acb2e859c9894df
Conversation 4 Commits - Files changed -
GhostPLACEHOLDER commented 2025-05-29 20:27:09 +00:00
First-time contributor
Copy link

Refs: infrastructure/k8s-cluster#61

Manual test

Refs: infrastructure/k8s-cluster#61 ## Manual test * Created the secret as documented * Created a job (not cron job) copy/pasting the cronjob comment part https://paste.centos.org/view/b8818efa * `kubectl apply --server-side -f job.yaml` * `kubectl logs -n forgejo-next job.batch/backup-v8` https://paste.centos.org/view/1b9b5adb
GhostPLACEHOLDER commented 2025-05-29 20:27:09 +00:00
Author
First-time contributor
Copy link

TODO:

TODO: - [x] document - [x] create a SSH key as a secret - [x] use the SSH key in the rsync - [x] select a container image with rsync - [ ] mirror the container image to https://code.forgejo.org/oci/-/packages
GhostPLACEHOLDER commented 2025-05-29 20:27:09 +00:00
Author
First-time contributor
Copy link

I can't find the documentation explaining how to mount secrets as volumes.

* https://kubernetes.io/docs/concepts/configuration/secret/#secret-types suggests using kubernetes.io/ssh-auth as a type * https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets has an example which can be translated as a commandline `kubectl create secret generic --type=kubernetes.io/ssh-auth backup-ssh-key --from-file=ssh-privatekey=backup --from-file=ssh-publickey=backup.pub` I can't find the documentation explaining how to mount secrets as volumes. * https://kubernetes.io/docs/concepts/storage/volumes/#secret does not explain and refers to https://kubernetes.io/docs/concepts/configuration/secret/#using-a-secret * https://kubernetes.io/docs/concepts/configuration/secret/#using-a-secret does not explain it * https://kubernetes.io/docs/concepts/configuration/secret/#restriction-secret-must-exist has an example that does not explain how to map keys in the secret to files
root closed this pull request 2025-05-29 20:27:09 +00:00
GhostPLACEHOLDER commented 2025-05-29 20:27:09 +00:00
Author
First-time contributor
Copy link

Found some documentation

but still not the documentation related to secrets mounted as volumes

Found some documentation * https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#entrypoint * https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 but still not the documentation related to secrets mounted as volumes
GhostPLACEHOLDER commented 2025-05-29 20:27:10 +00:00
Author
First-time contributor
Copy link

Manually tested it to work using the following job, after creating the readonly PV+PVC.

apiVersion: batch/v1
kind: Job
metadata:
  name: backup-v8
spec:
     template:
        spec:
          containers:

          - name: backup-v8

            image: ghcr.io/visualon/builder

            imagePullPolicy: IfNotPresent

            command: ["/bin/sh"]
            #args: ["-c", "env; find $$HOME; ls -lR $$HOME/.ssh"]
            args: ["-c", "set -x ; rsync -e 'ssh -oStrictHostKeyChecking=no -p23' -zvaHSn --delete --link-dest ../../forgejo-next-v8/backup-day-`date +%d -d yesterday`/  /data/ u432374@u432374.your-storagebox.de:forgejo-next-v8/backup-day-`date +%d -d tomorrow`/"]
            volumeMounts:

            - name: data-volume
              mountPath: /data

            - name: sshdir
              mountPath: /root/.ssh
              readOnly: true

          volumes:

          - name: data-volume
            persistentVolumeClaim:
              claimName: forgejo-next-readonly-v8

          - name: sshdir
            secret:
              secretName: backup-ssh-key
              defaultMode: 0400
              items:
                - key: ssh-privatekey
                  path: id_ed25519

          restartPolicy: Never
Manually tested it to work using the following job, after creating the readonly PV+PVC. <details> ```yaml apiVersion: batch/v1 kind: Job metadata: name: backup-v8 spec: template: spec: containers: - name: backup-v8 image: ghcr.io/visualon/builder imagePullPolicy: IfNotPresent command: ["/bin/sh"] #args: ["-c", "env; find $$HOME; ls -lR $$HOME/.ssh"] args: ["-c", "set -x ; rsync -e 'ssh -oStrictHostKeyChecking=no -p23' -zvaHSn --delete --link-dest ../../forgejo-next-v8/backup-day-`date +%d -d yesterday`/ /data/ u432374@u432374.your-storagebox.de:forgejo-next-v8/backup-day-`date +%d -d tomorrow`/"] volumeMounts: - name: data-volume mountPath: /data - name: sshdir mountPath: /root/.ssh readOnly: true volumes: - name: data-volume persistentVolumeClaim: claimName: forgejo-next-readonly-v8 - name: sshdir secret: secretName: backup-ssh-key defaultMode: 0400 items: - key: ssh-privatekey path: id_ed25519 restartPolicy: Never ``` </details>

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
cleanup

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
forgefriends

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
help wanted

Need some help

  
invalid

Something is wrong

  
label workflow

a workflow is associated with this issue and will trigger when labels are updated

  
need more info

   
question

More information is needed

  
refactor

No functional change, reorganization

  
static-site

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
sync

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/build.yml

  
wontfix

This won't be fixed

No labels
bug
cleanup
duplicate
enhancement
forgefriends
help wanted
invalid
label workflow
need more info
question
refactor
static-site
sync
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/k8s-cluster#497
No description provided.
Delete branch "refs/pull/62/head3de89061022b17684df7930b34d48854463413d0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?