feat: atuin sqlite #8538
Merged
feat: atuin sqlite #8538
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Devin Buhl <devin@buhl.casa>
bot-ross
bot
added
area/kubernetes
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/atuin
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/atuin
@@ -13,14 +13,13 @@
app.kubernetes.io/name: atuin
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- - name: cloudnative-pg-cluster
- - name: external-secrets-stores
+ - name: volsync
interval: 30m
path: ./kubernetes/main/apps/default/atuin/app
postBuild:
substitute:
APP: atuin
GATUS_SUBDOMAIN: sh
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin
@@ -1,32 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: atuin
- kustomize.toolkit.fluxcd.io/name: atuin
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: atuin
- namespace: default
-spec:
- dataFrom:
- - extract:
- key: atuin
- - extract:
- key: cloudnative-pg
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: atuin-secret
- template:
- data:
- ATUIN_DB_URI: postgres://{{ .ATUIN_POSTGRES_USER }}:{{ .ATUIN_POSTGRES_PASS
- }}@postgres16-rw.database.svc.cluster.local/atuin
- INIT_POSTGRES_DBNAME: atuin
- INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
- INIT_POSTGRES_PASS: '{{ .ATUIN_POSTGRES_PASS }}'
- INIT_POSTGRES_SUPER_PASS: '{{ .POSTGRES_SUPER_PASS }}'
- INIT_POSTGRES_USER: '{{ .ATUIN_POSTGRES_USER }}'
- engineVersion: v2
-
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin HelmRelease: default/atuin
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin HelmRelease: default/atuin
@@ -14,45 +14,40 @@
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
version: 3.5.1
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
controllers:
atuin:
- annotations:
- reloader.stakater.com/auto: 'true'
containers:
app:
- args:
- - server
- - start
env:
- ATUIN_HOST: 0.0.0.0
ATUIN_METRICS__ENABLE: 'true'
ATUIN_METRICS__HOST: 0.0.0.0
ATUIN_METRICS__PORT: 8080
ATUIN_OPEN_REGISTRATION: 'true'
ATUIN_PORT: 80
ATUIN_TLS__ENABLE: 'false'
- envFrom:
- - secretRef:
- name: atuin-secret
+ TZ: America/New_York
image:
- repository: ghcr.io/atuinsh/atuin
- tag: 18.3.0@sha256:678def8e9d59652a502759ca431f9c5b54ebdd5e9361507c7fcf24705c9862e0
+ repository: ghcr.io/onedr0p/atuin-server-sqlite
+ tag: main@sha256:1a4070373a39f1c0729f3e4371e31a3433cc6f36201a85fa0857dab6430d7a29
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
@@ -81,24 +76,16 @@
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- initContainers:
- init-db:
- envFrom:
- - secretRef:
- name: atuin-secret
- image:
- repository: ghcr.io/onedr0p/postgres-init
- tag: 16
- replicas: 2
- strategy: RollingUpdate
defaultPodOptions:
securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
ingress:
@@ -110,13 +97,13 @@
- path: /
service:
identifier: app
port: http
persistence:
config:
- type: emptyDir
+ existingClaim: atuin
service:
app:
controller: atuin
ports:
http:
port: 80
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin PersistentVolumeClaim: default/atuin
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin PersistentVolumeClaim: default/atuin
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: atuin
+ namespace: default
+spec:
+ accessModes:
+ - ReadWriteOnce
+ dataSourceRef:
+ apiGroup: volsync.backube
+ kind: ReplicationDestination
+ name: atuin-dst
+ resources:
+ requests:
+ storage: 5Gi
+ storageClassName: ceph-block
+
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync
@@ -0,0 +1,25 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: atuin-volsync
+ namespace: default
+spec:
+ dataFrom:
+ - extract:
+ key: volsync-template
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: atuin-volsync-secret
+ template:
+ data:
+ RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
+ RESTIC_REPOSITORY: /repository/atuin
+ engineVersion: v2
+
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationSource: default/atuin
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationSource: default/atuin
@@ -0,0 +1,34 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: atuin
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 2Gi
+ cacheStorageClassName: ceph-block
+ copyMethod: Snapshot
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ pruneIntervalDays: 14
+ repository: atuin-volsync-secret
+ retain:
+ daily: 7
+ hourly: 24
+ storageClassName: ceph-block
+ volumeSnapshotClassName: csi-ceph-blockpool
+ sourcePVC: atuin
+ trigger:
+ schedule: 0 * * * *
+
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationDestination: default/atuin-dst
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationDestination: default/atuin-dst
@@ -0,0 +1,34 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ kustomize.toolkit.fluxcd.io/ssa: IfNotPresent
+ name: atuin-dst
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 2Gi
+ cacheStorageClassName: ceph-block
+ capacity: 5Gi
+ cleanupCachePVC: true
+ cleanupTempPVC: true
+ copyMethod: Snapshot
+ enableFileDeletion: true
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ repository: atuin-volsync-secret
+ storageClassName: ceph-block
+ volumeSnapshotClassName: csi-ceph-blockpool
+ trigger:
+ manual: restore-once
+
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync-r2
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ExternalSecret: default/atuin-volsync-r2
@@ -0,0 +1,29 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: atuin-volsync-r2
+ namespace: default
+spec:
+ dataFrom:
+ - extract:
+ key: cloudflare
+ - extract:
+ key: volsync-r2-template
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: atuin-volsync-r2-secret
+ template:
+ data:
+ AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
+ AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
+ RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
+ RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/atuin'
+ engineVersion: v2
+
--- kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationSource: default/atuin-r2
+++ kubernetes/main/apps/default/atuin/app Kustomization: flux-system/atuin ReplicationSource: default/atuin-r2
@@ -0,0 +1,33 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ labels:
+ app.kubernetes.io/name: atuin
+ kustomize.toolkit.fluxcd.io/name: atuin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: atuin-r2
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 2Gi
+ cacheStorageClassName: ceph-block
+ copyMethod: Snapshot
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ pruneIntervalDays: 14
+ repository: atuin-volsync-r2-secret
+ retain:
+ daily: 7
+ storageClassName: ceph-block
+ volumeSnapshotClassName: csi-ceph-blockpool
+ sourcePVC: atuin
+ trigger:
+ schedule: 30 0 * * *
+ |
--- HelmRelease: default/atuin Deployment: default/atuin
+++ HelmRelease: default/atuin Deployment: default/atuin
@@ -5,19 +5,17 @@
name: atuin
labels:
app.kubernetes.io/component: atuin
app.kubernetes.io/instance: atuin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: atuin
- annotations:
- reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
- replicas: 2
+ replicas: 1
strategy:
- type: RollingUpdate
+ type: Recreate
selector:
matchLabels:
app.kubernetes.io/component: atuin
app.kubernetes.io/name: atuin
app.kubernetes.io/instance: atuin
template:
@@ -28,53 +26,40 @@
app.kubernetes.io/name: atuin
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- initContainers:
- - envFrom:
- - secretRef:
- name: atuin-secret
- image: ghcr.io/onedr0p/postgres-init:16
- name: init-db
- volumeMounts:
- - mountPath: /config
- name: config
containers:
- - args:
- - server
- - start
- env:
- - name: ATUIN_HOST
- value: 0.0.0.0
+ - env:
- name: ATUIN_METRICS__ENABLE
value: 'true'
- name: ATUIN_METRICS__HOST
value: 0.0.0.0
- name: ATUIN_METRICS__PORT
value: '8080'
- name: ATUIN_OPEN_REGISTRATION
value: 'true'
- name: ATUIN_PORT
value: '80'
- name: ATUIN_TLS__ENABLE
value: 'false'
- envFrom:
- - secretRef:
- name: atuin-secret
- image: ghcr.io/atuinsh/atuin:18.3.0@sha256:678def8e9d59652a502759ca431f9c5b54ebdd5e9361507c7fcf24705c9862e0
+ - name: TZ
+ value: America/New_York
+ image: ghcr.io/onedr0p/atuin-server-sqlite:main@sha256:1a4070373a39f1c0729f3e4371e31a3433cc6f36201a85fa0857dab6430d7a29
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 80
initialDelaySeconds: 0
@@ -101,9 +86,10 @@
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /config
name: config
volumes:
- - emptyDir: {}
- name: config
+ - name: config
+ persistentVolumeClaim:
+ claimName: atuin
|
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.