Move blackbox to databases ns

author: Joe Banks <[email protected]> 2024-04-15 12:28:47 +0100
committer: Joe Banks <[email protected]> 2024-04-15 12:28:47 +0100
commit: 4ba44ca64ce3b0a19bfba96c6acfc13fcb2c2fcf (patch)
tree: 203748451a15d158ed7fe4069627e49d8d575d1b /kubernetes/namespaces/databases
parent: Move pinnwand to web (diff)
4 files changed, 106 insertions, 0 deletions
diff --git a/kubernetes/namespaces/databases/blackbox/README.md b/kubernetes/namespaces/databases/blackbox/README.md
new file mode 100644
index 0000000..f53ef87
--- /dev/null
+++ b/kubernetes/namespaces/databases/blackbox/README.md
@@ -0,0 +1,18 @@
+# Blackbox
+These manifests provision a CronJob for blackbox, our database backup tool.
+
+You can find the repository for blackbox at [lemonsaurus/blackbox](https://github.com/lemonsaurus/blackbox).
+
+## Secrets
+blackbox requires the following secrets in a secret titled `blackbox-env`:
+
+| Variable                       | Description            |
+|--------------------------------|------------------------|
+| **POSTGRES_USER**              | Postgres username      |
+| **POSTGRES_PASSWORD**          | Postgres password      |
+| **REDIS_PASSWORD**             | Redis password         |
+| **MONGO_INITDB_ROOT_USERNAME** | MongoDB username       |
+| **MONGO_INITDB_ROOT_PASSWORD** | MongoDB password       |
+| **AWS_ACCESS_KEY_ID**          | Access key for S3      |
+| **AWS_SECRET_ACCESS_KEY**      | Secret key for S3      |
+| **DEVOPS_WEBHOOK**             | Webhook for #dev-ops   |
diff --git a/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml b/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml
new file mode 100644
index 0000000..9cdb6ad
--- /dev/null
+++ b/kubernetes/namespaces/databases/blackbox/blackbox-configmap.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: blackbox-config
+  namespace: databases
+data:
+  blackbox.yaml: |
+    databases:
+      mongodb:
+        main_mongodb:
+          connection_string: mongodb://{{ MONGO_INITDB_ROOT_USERNAME }}:{{ MONGO_INITDB_ROOT_PASSWORD }}@mongodb.default.svc.cluster.local:27017
+      postgres:
+        main_postgres:
+          username: {{ POSTGRES_USER }}
+          password: {{ POSTGRES_PASSWORD }}
+          host: postgres.default.svc.cluster.local
+          port: "5432"
+      redis:
+        main_redis:
+          password: {{ REDIS_PASSWORD }}
+          host: redis.default.svc.cluster.local
+          port: "6379"
+
+    storage:
+      s3:
+        frankfurt_s3:
+          bucket: blackbox
+          endpoint: eu-central-1.linodeobjects.com
+          aws_access_key_id: {{ AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: {{ AWS_SECRET_ACCESS_KEY }}
+        newark_s3:
+          bucket: blackbox
+          endpoint: us-east-1.linodeobjects.com
+          aws_access_key_id: {{ AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: {{ AWS_SECRET_ACCESS_KEY }}
+        singapore_s3:
+          bucket: blackbox
+          endpoint: ap-south-1.linodeobjects.com
+          aws_access_key_id: {{ AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: {{ AWS_SECRET_ACCESS_KEY }}
+
+
+    notifiers:
+      discord:
+        dev_ops:
+          webhook: {{ DEVOPS_WEBHOOK }}
+
+    retention_days: 7
diff --git a/kubernetes/namespaces/databases/blackbox/cronjob.yaml b/kubernetes/namespaces/databases/blackbox/cronjob.yaml
new file mode 100644
index 0000000..7732aa9
--- /dev/null
+++ b/kubernetes/namespaces/databases/blackbox/cronjob.yaml
@@ -0,0 +1,40 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: blackbox
+  namespace: databases
+spec:
+  schedule: "0 15 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: blackbox
+            image: lemonsaurus/blackbox:main
+            imagePullPolicy: Always
+            envFrom:
+              - secretRef:
+                  name: blackbox-env
+            env:
+              - name: BLACKBOX_CONFIG_PATH
+                value: "/blackbox/config_file/blackbox.yaml"
+            volumeMounts:
+              - mountPath: /blackbox/config_file
+                name: blackbox-config
+              - mountPath: /tmp
+                name: blackbox-tmp
+            securityContext:
+              readOnlyRootFilesystem: true
+          volumes:
+            - name: blackbox-config
+              configMap:
+                name: blackbox-config
+            - name: blackbox-tmp
+              emptyDir: {}
+          restartPolicy: OnFailure
+          nodeSelector:
+            # NOTE: This should be updated to match the highest spec
+            # instance that is being used by the cluster.
+            node.kubernetes.io/instance-type: g6-standard-4
+      backoffLimit: 3
diff --git a/kubernetes/namespaces/databases/blackbox/secrets.yaml b/kubernetes/namespaces/databases/blackbox/secrets.yaml
new file mode 100644
index 0000000..4255b48
--- /dev/null
+++ b/kubernetes/namespaces/databases/blackbox/secrets.yaml
author	Joe Banks <[email protected]>	2024-04-15 12:28:47 +0100
committer	Joe Banks <[email protected]>	2024-04-15 12:28:47 +0100
commit	4ba44ca64ce3b0a19bfba96c6acfc13fcb2c2fcf (patch)
tree	203748451a15d158ed7fe4069627e49d8d575d1b /kubernetes/namespaces/databases
parent	Move pinnwand to web (diff)