initial migration

unused/backup/backup.pvc.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  namespace: backup
+  name: backup-nfs-access
+  labels:
+    directory: backup
+spec:
+  storageClassName: fast
+  volumeMode: Filesystem
+  accessModes:
+    - ReadOnlyMany
+  capacity:
+    storage: "5M"
+
+  nfs:
+    path: /export/kluster
+    server: 192.168.1.157
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: backup
+  name: backup-nfs-access
+spec:
+  resources:
+    requests:
+      storage: "5M"
+  storageClassName: fast
+  accessModes:
+    - ReadOnlyMany
+  selector:
+    matchLabels:
+      directory: backup

unused/backup/base/cronjob.yaml

@@ -0,0 +1,64 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: restic-backblaze
+  
+spec:
+  schedule: "0 2 * * *"
+  # at 2:00, every tuesday and saturday
+  successfulJobsHistoryLimit: 2
+  failedJobsHistoryLimit: 2
+
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          # nodeSelector:
+          #   kubernetes.io/arch: arm64
+          # TODO no arm64 nodes anymore
+          restartPolicy: Never
+          hostname: restic-k3s-pod
+          # used by restic to identify the host
+          containers:
+          - name: restic-base-container
+            image: restic/restic:latest
+            command:
+              - /bin/sh
+              - -c
+            # >- strips newlines
+            # RESTIC_ARGS Can be for instance: --verbose --dry-run
+            args: []
+            
+            volumeMounts:
+              - mountPath: /data
+                name: backup-nfs-access
+              - mountPath: /credentials
+                name: restic-credentials
+
+            env:
+              - name: RESTIC_REPOSITORY
+                valueFrom:
+                  secretKeyRef:
+                    name: restic-credentials
+                    key: RESTIC_REPOSITORY
+              - name: B2_ACCOUNT_ID
+                valueFrom:
+                  secretKeyRef:
+                    name: restic-credentials
+                    key: B2_ACCOUNT_ID
+              - name: B2_ACCOUNT_KEY
+                valueFrom:
+                  secretKeyRef:
+                    name: restic-credentials
+                    key: B2_ACCOUNT_KEY
+              - name: RESTIC_PASSWORD_FILE
+                value: /credentials/restic-password
+
+          volumes:
+            - name: backup-nfs-access
+              persistentVolumeClaim:
+                claimName: backup-nfs-access
+            - name: restic-credentials
+              secret:
+                secretName: restic-credentials
+                optional: false

unused/backup/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./cronjob.yaml
+- ./restic-credentials.secret.yaml

unused/backup/overlays/applying.md

@@ -0,0 +1,8 @@
+```
+k kustomize backup/overlays/backup | k apply -f -
+> secret/restic-credentials-backup created
+> cronjob.batch/restic-backblaze-backup created
+k kustomize backup/overlays/prune | k apply -f -
+> secret/restic-credentials-prune created
+> cronjob.batch/restic-backblaze-prune created
+```

unused/backup/overlays/backup/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: backup
+nameSuffix: -backup
+resources:
+  - ../../base
+  # - ./restic-commands.yaml
+
+
+# patch the cronjob args field:
+patches:
+  - path: ./restic-commands.yaml
+    target:
+      kind: CronJob
+      

unused/backup/overlays/backup/restic-commands.yaml

@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup-patch
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: restic-base-container
+            args:
+            # >- strips newlines
+            # RESTIC_ARGS Can be for instance: --verbose --dry-run
+            # restic_reository is set in the secret
+              - >-
+                  restic backup
+                  -r $(RESTIC_REPOSITORY)
+                  --verbose=2
+                  /data
+                  --exclude=s3/
+                # &&
+                # restic
+                # -r $(RESTIC_REPOSITORY)
+                # list snapshots
+                # Add command to copy existing backups to here!

unused/backup/overlays/prune/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: backup
+nameSuffix: -prune
+resources:
+  - ../../base
+  # - ./restic-commands.yaml
+
+
+# patch the cronjob args field:
+patches:
+  - path: ./restic-commands.yaml
+    target:
+      kind: CronJob

unused/backup/overlays/prune/restic-commands.yaml

@@ -0,0 +1,23 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: prune-patch
+spec:
+  schedule: "0 0 1/15 * *"
+  # at midnight, the first and 15. of every month
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: restic-base-container
+            args:
+            # >- strips newlines
+            # RESTIC_ARGS Can be for instance: --verbose --dry-run
+            # RESTIC_REPOSITORY is set in the secret
+              - >-
+                  restic forget
+                  -r $(RESTIC_REPOSITORY)
+                  --verbose=2
+                  --keep-daily 7 --keep-weekly 5
+                  --prune