From fb28ca96834f4d177aa14e8a5889b56c7b3b3d56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Wed, 10 Apr 2024 16:36:48 +0200 Subject: [PATCH] fix --- share/authentik/backups.tf | 38 ++++++++++++++++++++++++++++++ share/authentik/index.yaml | 47 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 share/authentik/backups.tf diff --git a/share/authentik/backups.tf b/share/authentik/backups.tf new file mode 100644 index 0000000..eab99b7 --- /dev/null +++ b/share/authentik/backups.tf @@ -0,0 +1,38 @@ +resource "kubectl_manifest" "backup_schedule" { + count = var.backups.enable ? 1 : 0 + yaml_body = <<-EOF + apiVersion: k8up.io/v1 + kind: Schedule + metadata: + name: "${var.instance}-backup" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + backend: + repoPasswordSecretRef: + key: "${var.backups.restic_key}" + name: "${var.backups.secret_name}" + s3: + accessKeyIDSecretRef: + key: "${var.backups.key_id_key}" + name: "${var.backups.secret_name}" + bucket: "${var.instance}-${var.namespace}" + endpoint: "${var.backups.endpoint}/authentik" + secretAccessKeySecretRef: + key: "${var.backups.secret_key}" + name: "${var.backups.secret_name}" + backup: + schedule: "${var.backups.schedule.backup}" + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 2 + check: + schedule: "${var.backups.schedule.check}" + prune: + retention: + keepDaily: ${var.backups.retention.keepDaily} + keepMonthly: ${var.backups.retention.keepMonthly} + keepWeekly: ${var.backups.retention.keepWeekly} + keepYearly: ${var.backups.retention.keepYearly} + schedule: "${var.backups.schedule.prune}" + EOF +} diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 9323482..0318d4d 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -21,10 +21,18 @@ options: enable: false endpoint: '' key_id_key: s3-id + restic_key: bck-password retention: db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 schedule: + backup: 20 3 * * * + check: 20 5 * * 1 db: 0 3 * * * + prune: 20 1 * * 0 secret_key: s3-secret secret_name: backup-settings use_barman: false @@ -32,10 +40,18 @@ options: - enable: false endpoint: '' key_id_key: s3-id + restic_key: bck-password retention: db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 schedule: + backup: 20 3 * * * + check: 20 5 * * 1 db: 0 3 * * * + prune: 20 1 * * 0 secret_key: s3-secret secret_name: backup-settings use_barman: false @@ -49,21 +65,52 @@ options: key_id_key: default: s3-id type: string + restic_key: + default: bck-password + type: string retention: default: db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 properties: db: default: 30d type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer type: object schedule: default: + backup: 20 3 * * * + check: 20 5 * * 1 db: 0 3 * * * + prune: 20 1 * * 0 properties: + backup: + default: 20 3 * * * + type: string + check: + default: 20 5 * * 1 + type: string db: default: 0 3 * * * type: string + prune: + default: 20 1 * * 0 + type: string type: object secret_key: default: s3-secret