infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

restic: Add restic-prune CronJob

Browse Source 
This CronJob schedules a periodic run of `restic forget`, which deletes
snapshots according to the specified retention period (14 daily, 4
weekly, 12 monthly).

This task used to run on my workstation, scheduled by a systemd timer
unit.  I've kept the same schedule and retention period as before.  Now,
instead of relying on my PC to be on and awake, the cleanup will occur
more regularly.  There's also the added benefit of getting the logs into
Loki.
This commit is contained in:
Dustin
2025-04-01 19:36:10 -05:00
parent 5c819ef120
commit cf9eae14b4
7 changed files with 163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
restic/restic-prune.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: restic-prune
labels:
app.kubernetes.io/name: restic-prune
app.kubernetes.io/component: restic
spec:
schedule: 38 9 * * 5
timeZone: America/Chicago
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels: &labels
app.kubernetes.io/name: restic-prune
app.kubernetes.io/component: restic
spec:
template:
metadata:
labels: *labels
spec:
restartPolicy: Never
containers:
- name: restic-prune
image: ghcr.io/restic/restic
args:
- forget
- --keep-daily=14
- --keep-weekly=4
- --keep-monthly=12
env:
- name: XDG_CACHE_HOME
value: /var/cache
envFrom:
- configMapRef:
name: restic-env
securityContext:
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /run/secrets/restic
name: secrets
readOnly: true
- mountPath: /var/cache
name: cache
- mountPath: /tmp
name: tmp
securityContext:
runAsUser: 32142
runAsGroup: 32142
fsGroup: 32142
runAsNonRoot: true
volumes:
- name: cache
emptyDir: {}
- name: secrets
secret:
secretName: restic-secrets
- name: tmp
emptyDir:
medium: Memory