restic: Add restic-prune CronJob

This CronJob schedules a periodic run of `restic forget`, which deletes snapshots according to the specified retention period (14 daily, 4 weekly, 12 monthly). This task used to run on my workstation, scheduled by a systemd timer unit. I've kept the same schedule and retention period as before. Now, instead of relying on my PC to be on and awake, the cleanup will occur more regularly. There's also the added benefit of getting the logs into Loki.
2025-04-01 19:36:10 -05:00
parent 5c819ef120
commit cf9eae14b4
7 changed files with 163 additions and 0 deletions
--- a/restic/kustomization.yaml
+++ b/restic/kustomization.yaml
@@ -0,0 +1,50 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: restic
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: restic
+  includeSelectors: true
+- pairs:
+    app.kubernetes.io/part-of: restic
+  includeTemplates: true
+
+resources:
+- namespace.yaml
+- network-policy.yaml
+- restic-prune.yaml
+- secrets.yaml
+- ../dch-root-ca
+
+configMapGenerator:
+- name: restic-env
+  envs:
+  - restic.env
+
+patches:
+- patch: |-
+    apiVersion: batch/v1
+    kind: CronJob
+    metadata:
+      name: restic-prune
+    spec:
+      jobTemplate:
+        spec:
+          template:
+            spec:
+              containers:
+              - name: restic-prune
+                env:
+                - name: RESTIC_CACERT
+                  value: /run/dch-ca/dch-root-ca.crt
+                volumeMounts:
+                - mountPath: /run/dch-ca
+                  name: dch-ca
+                  readOnly: true
+              volumes:
+              - name: dch-ca
+                configMap:
+                  name: dch-root-ca
+