diff --git a/k8s/backup.yml b/k8s/backup.yml index 4c9562ee8..f01c1cfe1 100644 --- a/k8s/backup.yml +++ b/k8s/backup.yml @@ -1,3 +1,11 @@ +# HOW TO RESTORE +# copy backup into django +# kubectl -n squest cp ~/Desktop/db-2023-12-06-182115.dump django-54b69fbb48-wrt9j:/app/backup +# check backup is listed +# kubectl -n squest exec -it django-54b69fbb48-wrt9j python manage.py listbackups +# restore by passing backup file name +# kubectl -n squest exec -it django-54b69fbb48-wrt9j -- python manage.py dbrestore --database default -i db-2023-12-06-182115.dump + - name: "Execute a one shot backup of Squest" hosts: localhost gather_facts: true diff --git a/k8s/inventory/group_vars/all/squest.yml b/k8s/inventory/group_vars/all/squest.yml index 3aad5535c..35aecb50b 100644 --- a/k8s/inventory/group_vars/all/squest.yml +++ b/k8s/inventory/group_vars/all/squest.yml @@ -52,7 +52,7 @@ squest_django: TZ: "Europe/Paris" DB_HOST: "mariadb" DB_PORT: "3306" - REDIS_CACHE_HOST: "rfrm-redisfailover" + REDIS_CACHE_HOST: "redis" DB_USER: "{{ squest_db.user }}" DB_PASSWORD: "{{ squest_db.password }}" WAIT_HOSTS: "mariadb:3306,rabbitmq:5672" @@ -65,4 +65,4 @@ squest_django: private_ssh_key: "{{ lookup('file', '/home/nico/Desktop/id_ed25519_squest_k8s_dev') + '\n' }}" ssh_user: "squest_k8s_dev" ssh_server: "siam017.gre.hpecorp.net" - remote_path: "/backup/squest_k8s_dev/backup" + remote_path: "/backup/squest_k8s_dev/" diff --git a/k8s/squest_k8s/tasks/02-db.yml b/k8s/squest_k8s/tasks/02-db.yml index 6804af0bf..1e7885b8b 100644 --- a/k8s/squest_k8s/tasks/02-db.yml +++ b/k8s/squest_k8s/tasks/02-db.yml @@ -29,6 +29,9 @@ apiVersion: v1 metadata: name: "mariadb" + labels: + app: squest + service: mariadb data: root-password: "{{ squest_db.root_password |b64encode }}" password: "{{ squest_db.password |b64encode }}" @@ -43,6 +46,9 @@ kind: MariaDB metadata: name: mariadb + labels: + app: squest + service: mariadb spec: rootPasswordSecretKeyRef: name: mariadb @@ -100,6 +106,7 @@ namespace: "{{ squest_namespace }}" labels: app: squest + service: phpmyadmin name: phpmyadmin-env data: "{{ squest_phpmyadmin.env }}" @@ -114,6 +121,7 @@ namespace: "{{ squest_namespace }}" labels: app: squest + service: phpmyadmin name: phpmyadmin spec: replicas: 1 @@ -148,7 +156,7 @@ namespace: "{{ squest_namespace }}" labels: app: squest - app.kubernetes.io/name: squest-phpmyadmin + service: phpmyadmin name: phpmyadmin-service spec: ports: @@ -167,6 +175,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + labels: + app: squest + service: phpmyadmin namespace: "{{ squest_namespace }}" name: phpmyadmin-ingress annotations: "{{ squest_phpmyadmin.ingress.annotation }}" diff --git a/k8s/squest_k8s/tasks/03-rabbitmq.yml b/k8s/squest_k8s/tasks/03-rabbitmq.yml index 430c7ac84..fec9efef3 100644 --- a/k8s/squest_k8s/tasks/03-rabbitmq.yml +++ b/k8s/squest_k8s/tasks/03-rabbitmq.yml @@ -48,6 +48,9 @@ kind: Secret metadata: name: rabbitmq-user-secret + labels: + app: squest + service: rabbitmq type: Opaque stringData: username: "{{ squest_rabbitmq.user }}" @@ -63,6 +66,9 @@ kind: User metadata: name: rabbitmq-user + labels: + app: squest + service: rabbitmq spec: tags: - administrator @@ -81,7 +87,8 @@ kind: RabbitmqCluster metadata: labels: - app: rabbitmq + app: squest + service: rabbitmq name: rabbitmq spec: replicas: 3 @@ -123,6 +130,9 @@ kind: Vhost metadata: name: squest-vhost + labels: + app: squest + service: rabbitmq spec: name: squest # vhost name defaultQueueType: quorum # default queue type for this vhost; require RabbitMQ version 3.11.12 or above diff --git a/k8s/squest_k8s/tasks/04-redis.yml b/k8s/squest_k8s/tasks/04-redis.yml index 466cbc0a5..6b408a46c 100644 --- a/k8s/squest_k8s/tasks/04-redis.yml +++ b/k8s/squest_k8s/tasks/04-redis.yml @@ -38,7 +38,7 @@ type: Available status: "True" -- name: Deploy Redis stack via CRD +- name: Deploy Redis kubernetes.core.k8s: kubeconfig: "{{ k8s_kubeconfig_path }}" state: present @@ -46,8 +46,11 @@ apiVersion: databases.spotahome.com/v1 kind: RedisFailover metadata: - name: redisfailover + name: redis namespace: "{{ squest_namespace }}" + labels: + app: squest + service: redis spec: sentinel: replicas: 3 diff --git a/k8s/squest_k8s/tasks/05-django.yml b/k8s/squest_k8s/tasks/05-django.yml index 9c96e153a..fca17d5f5 100644 --- a/k8s/squest_k8s/tasks/05-django.yml +++ b/k8s/squest_k8s/tasks/05-django.yml @@ -8,6 +8,9 @@ apiVersion: v1 metadata: name: squest-sa + labels: + app: squest + service: django automountServiceAccountToken: true - name: Create a role allowed to get info on jobs @@ -20,6 +23,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: role-get-jobs + labels: + app: squest + service: django rules: - verbs: - list @@ -39,7 +45,10 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: my-app + name: django-role-binding + labels: + app: squest + service: django subjects: - kind: ServiceAccount name: squest-sa @@ -77,8 +86,8 @@ kind: PersistentVolumeClaim metadata: labels: - service: django app: squest + service: django name: "{{ item }}" spec: accessModes: @@ -105,8 +114,6 @@ backoffLimit: 3 spec: securityContext: -# runAsUser: 1000 -# runAsGroup: 1000 fsGroup: 999 containers: - name: django @@ -302,6 +309,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + labels: + app: squest + service: django name: squest-ingress annotations: "{{ squest_django.ingress.annotations }}" spec: diff --git a/k8s/squest_k8s/tasks/07-maintenance.yml b/k8s/squest_k8s/tasks/07-maintenance.yml index 51c4aafc1..3f37bef82 100644 --- a/k8s/squest_k8s/tasks/07-maintenance.yml +++ b/k8s/squest_k8s/tasks/07-maintenance.yml @@ -10,7 +10,7 @@ namespace: "{{ squest_namespace }}" labels: app: squest - service: nginx + service: maintenance name: nginx-config-maintenance data: nginx.conf: "{{ lookup('file', playbook_dir + '/../docker/maintenance.nginx.conf') }}" @@ -48,7 +48,6 @@ containers: - name: nginx image: nginx:1.23.4-alpine -# command: ["nginx", "-c", "/etc/nginx/squest/nginx.conf"] ports: - containerPort: 8080 volumeMounts: diff --git a/k8s/squest_k8s/tasks/08-backup.yml b/k8s/squest_k8s/tasks/08-backup.yml index d406a8660..9e99ecbcd 100644 --- a/k8s/squest_k8s/tasks/08-backup.yml +++ b/k8s/squest_k8s/tasks/08-backup.yml @@ -9,6 +9,9 @@ kind: CronJob metadata: name: squest-backup + labels: + app: squest + service: backup spec: schedule: "{{ squest_django.backup.crontab }}" jobTemplate: @@ -61,6 +64,9 @@ kind: Secret metadata: name: squest-rsync-ssh-key + labels: + app: squest + service: backup type: Opaque data: ssh.key: "{{ squest_django.externalize_backup_via_rsync.private_ssh_key |b64encode }}" @@ -75,6 +81,9 @@ kind: CronJob metadata: name: squest-rsync-backup + labels: + app: squest + service: backup spec: schedule: "{{ squest_django.externalize_backup_via_rsync.crontab }}" jobTemplate: