111 lines
2.7 KiB
YAML
111 lines
2.7 KiB
YAML
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: rosdump-config
|
||
|
data:
|
||
|
script.sh: |
|
||
|
#!/bin/bash
|
||
|
set -e
|
||
|
if [ -d rosdump ]; then
|
||
|
echo "Pulling Git repo"
|
||
|
cd rosdump
|
||
|
git pull
|
||
|
else
|
||
|
echo "Cloning Git repo"
|
||
|
git clone git@git.k-space.ee:k-space/rosdump.git
|
||
|
cd rosdump
|
||
|
fi
|
||
|
git rm *.k-space.ee
|
||
|
for target in $(cat /config/targets | grep -v '^#'); do
|
||
|
echo "Exporting configuration for $target"
|
||
|
ssh rosdump@$target '/export' | grep -v '^# serial number =' | grep -v '^#.* by RouterOS' > $target
|
||
|
git add $target
|
||
|
done
|
||
|
if [[ `git status --porcelain` ]]; then
|
||
|
echo "Attempting Git check in"
|
||
|
git commit -m "Update $(git ls-files -m) file(s)"
|
||
|
git push
|
||
|
else
|
||
|
echo "No changes to commit"
|
||
|
fi
|
||
|
targets: |
|
||
|
router.mgmt.k-space.ee
|
||
|
sw_core01.mgmt.k-space.ee
|
||
|
sw_core02.mgmt.k-space.ee
|
||
|
sw_mgmt.mgmt.k-space.ee
|
||
|
sw_poe.mgmt.k-space.ee
|
||
|
sw_ha.mgmt.k-space.ee
|
||
|
sw_cyber.mgmt.k-space.ee
|
||
|
sw_chaos.mgmt.k-space.ee
|
||
|
sw_asocial.mgmt.k-space.ee
|
||
|
sw_kitchen.mgmt.k-space.ee
|
||
|
---
|
||
|
apiVersion: batch/v1
|
||
|
kind: CronJob
|
||
|
metadata:
|
||
|
name: rosdump-cronjob
|
||
|
spec:
|
||
|
schedule: "0 * * * *"
|
||
|
concurrencyPolicy: Forbid
|
||
|
jobTemplate:
|
||
|
spec:
|
||
|
activeDeadlineSeconds: 300
|
||
|
template:
|
||
|
spec:
|
||
|
nodeSelector:
|
||
|
dedicated: monitoring
|
||
|
tolerations:
|
||
|
- key: dedicated
|
||
|
operator: Equal
|
||
|
value: monitoring
|
||
|
effect: NoSchedule
|
||
|
restartPolicy: OnFailure
|
||
|
containers:
|
||
|
- name: rosdump
|
||
|
image: harbor.k-space.ee/k-space/microscript-base
|
||
|
imagePullPolicy: Always
|
||
|
args:
|
||
|
- bash
|
||
|
- /config/script.sh
|
||
|
volumeMounts:
|
||
|
- name: config
|
||
|
mountPath: /config
|
||
|
volumes:
|
||
|
- name: config
|
||
|
projected:
|
||
|
sources:
|
||
|
- secret:
|
||
|
name: rosdump-secrets
|
||
|
items:
|
||
|
- key: ssh_identity
|
||
|
path: ssh_identity
|
||
|
mode: 0600
|
||
|
- configMap:
|
||
|
name: rosdump-known-hosts
|
||
|
items:
|
||
|
- key: ssh_known_hosts
|
||
|
path: ssh_known_hosts
|
||
|
- configMap:
|
||
|
name: rosdump-config
|
||
|
|
||
|
---
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: NetworkPolicy
|
||
|
metadata:
|
||
|
name: rosdump
|
||
|
spec:
|
||
|
podSelector: {}
|
||
|
policyTypes:
|
||
|
- Egress
|
||
|
egress:
|
||
|
- to:
|
||
|
- ipBlock:
|
||
|
cidr: 193.40.103.0/24
|
||
|
- ipBlock:
|
||
|
cidr: 172.23.0.0/24
|
||
|
- ipBlock:
|
||
|
cidr: 100.102.1.0/24
|
||
|
ports:
|
||
|
- protocol: TCP
|
||
|
port: 22
|