Skip to content

Commit

Permalink
feat: backups for data pipeline (#340)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bo0tzz
bo0tzz authored Jan 9, 2025
1 parent 25f4b57 commit 70f8635
Show file tree
Hide file tree
Showing 9 changed files with 140 additions and 0 deletions.
2 changes: 2 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ spec:
enabled: false
coreDns:
enabled: false
kubeApiServer:
enabled: false
kubeControllerManager:
enabled: false
kubeScheduler:
Expand Down
7 changes: 7 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/backup-secrets/backup-bucket.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: data-pipeline-vmetrics-backup-bucket
namespace: flux-system
spec:
itemPath: "vaults/Kubernetes/items/mich-cloudflare-r2-data-pipeline-vmetrics-backup-bucket"
5 changes: 5 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/backup-secrets/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./backup-bucket.yaml
19 changes: 19 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/backup/backup.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: data-pipeline-vmetrics-backup
namespace: data
spec:
sourcePVC: vmsingle-vmetrics-data
trigger:
schedule: 0 18 * * *
restic:
pruneIntervalDays: 14
repository: data-pipeline-vmetrics-backup-secret
retain:
daily: 5
weekly: 1
monthly: 2
copyMethod: Direct
cacheStorageClassName: zfs
cacheAccessModes: ["ReadWriteOnce"]
6 changes: 6 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/backup/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.yaml
- ./backup.yaml
11 changes: 11 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/backup/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: data-pipeline-vmetrics-backup-secret
namespace: data
type: Opaque
stringData:
RESTIC_REPOSITORY: "s3:${api_endpoint}/${bucket_name}"
RESTIC_PASSWORD: "${restic_secret}"
AWS_ACCESS_KEY_ID: "${id}"
AWS_SECRET_ACCESS_KEY: "${secret}"
50 changes: 50 additions & 0 deletions kubernetes/apps/pipelines/data/victoria-metrics/ks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,53 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 5m
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: data-pipeline-vmetrics-backup-secrets
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: data-pipeline-vmetrics-backup-secrets
dependsOn:
- name: data-pipeline-vmetrics
path: ./kubernetes/apps/pipelines/data/victoria-metrics/backup-secrets
prune: true
sourceRef:
kind: GitRepository
name: immich-kubernetes
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: data-pipeline-vmetrics-backup
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: data-pipeline-vmetrics-backup
dependsOn:
- name: vmetrics-backup-secrets
- name: data-pipeline-vmetrics-backup-secrets
path: ./kubernetes/apps/pipelines/data/victoria-metrics/backup
prune: true
sourceRef:
kind: GitRepository
name: immich-kubernetes
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substituteFrom:
- kind: Secret
name: data-pipeline-vmetrics-backup-bucket
- kind: Secret
name: victoriametrics-backup-secret

34 changes: 34 additions & 0 deletions tf/deployment/modules/cloudflare/account/1password.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,40 @@ resource "onepassword_item" "mich_cloudflare_r2_victoriametrics_backups_bucket"
}
}

resource "random_password" "data_pipeline_vmetrics_backups_restic_secret" {
length = 40
special = true
override_special = "!@#$%^&*()_+"
}


resource "onepassword_item" "mich_cloudflare_r2_data_pipeline_vmetrics_backups_bucket" {
vault = data.onepassword_vault.kubernetes.uuid
title = "mich-cloudflare-r2-data-pipeline-vmetrics-backup-bucket"
category = "secure_note"
section {
label = "Cloudflare R2 Token"

field {
label = "bucket_name"
type = "STRING"
value = cloudflare_r2_bucket.data_pipeline_vmetrics_backups.name
}

field {
label = "api_endpoint"
type = "STRING"
value = "https://${cloudflare_r2_bucket.data_pipeline_vmetrics_backups.account_id}.r2.cloudflarestorage.com"
}

field {
label = "restic_secret"
type = "CONCEALED"
value = random_password.data_pipeline_vmetrics_backups_restic_secret.result
}
}
}

resource "random_password" "outline_backups_restic_secret" {
length = 40
special = true
Expand Down
6 changes: 6 additions & 0 deletions tf/deployment/modules/cloudflare/account/r2.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ resource "cloudflare_r2_bucket" "victoriametrics_backups" {
location = "WEUR"
}

resource "cloudflare_r2_bucket" "data_pipeline_vmetrics_backups" {
account_id = var.cloudflare_account_id
name = "data-pipeline-vmetrics-backups"
location = "WEUR"
}

resource "cloudflare_r2_bucket" "outline_database_backups" {
account_id = var.cloudflare_account_id
name = "outline-database-backups"
Expand Down

0 comments on commit 70f8635

Please sign in to comment.