local volsync backup from s3 --> nfs

This commit is contained in:
Joseph Hanson 2024-10-22 14:08:21 -05:00
parent f87492fb84
commit 3f2c831c66
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
9 changed files with 178 additions and 31 deletions

View file

@ -5,3 +5,4 @@ kind: Kustomization
resources:
- ./remove-cpu-limits.yaml
- ./schematic-to-pod.yaml
- ./volsync-movers.yaml

View file

@ -0,0 +1,46 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: volsync-movers
annotations:
policies.kyverno.io/title: Set custom config on the Volsync mover Jobs
policies.kyverno.io/description: |
This policy sets custom configuration on the Volsync mover Jobs.
policies.kyverno.io/subject: Pod
spec:
generateExistingOnPolicyUpdate: true
rules:
- name: set-volsync-movers-custom-config
match:
any:
- resources:
kinds: ["batch/v1/Job"]
namespaces: ["default"]
selector:
matchLabels:
app.kubernetes.io/created-by: volsync
mutate:
patchStrategicMerge:
spec:
podReplacementPolicy: Failed
podFailurePolicy:
rules:
- action: FailJob
onExitCodes:
containerName: restic
operator: In
values: [11]
template:
spec:
containers:
- name: restic
volumeMounts:
- name: repository
mountPath: /repository
volumes:
- name: repository
nfs:
server: shadowfax.jahanson.tech
path: /nahar/volsync

View file

@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
@ -8,30 +8,33 @@ spec:
interval: 30m
chart:
spec:
chart: volsync
version: 0.10.0
chart: ./helm/volsync
sourceRef:
kind: HelmRepository
name: backube
kind: GitRepository
name: volsync
namespace: flux-system
interval: 30m
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: kyverno
namespace: kyverno
- name: snapshot-controller
namespace: volsync-system
values:
manageCRDs: true
metrics:
disableAuth: true
# TODO: Refactor if/when https://github.com/backube/volsync/pull/1054 gets merged
postRenderers:
- kustomize:
patches:
- target:
version: v1
kind: Deployment
name: volsync
patch: |
- op: add
path: /spec/template/metadata/labels/egress.home.arpa~1apiserver
value: allow
- op: add
path: /spec/template/metadata/labels/egress.home.arpa~1kubedns
value: allow
image: &image
repository: quay.io/backube/volsync
tag: release-0.11
rclone: *image
restic: *image
rsync: *image
rsync-tls: *image
syncthing: *image

View file

@ -1,22 +1,22 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &appname volsync
name: &app volsync
namespace: flux-system
spec:
targetNamespace: volsync-system
commonMetadata:
labels:
app.kubernetes.io/name: *appname
interval: 10m
path: "./kubernetes/apps/volsync-system/volsync/app"
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-policies
path: ./kubernetes/apps/volsync-system/volsync/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
dependsOn:
- name: snapshot-controller
wait: false
timeout: 2m
interval: 30m
timeout: 5m

View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./volsync.yaml

View file

@ -0,0 +1,17 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: volsync
namespace: flux-system
spec:
interval: 30m
url: https://github.com/backube/volsync
ref:
branch: release-0.11
ignore: |
# exclude all
/*
# include kubernetes directory
!/helm/volsync

View file

@ -4,5 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- ./git
- ./helm
- ./oci

View file

@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./claim.yaml
- ./minio.yaml
- ./nfs.yaml
- ./r2.yaml

View file

@ -0,0 +1,73 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "${APP}-volsync"
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: "${APP}-volsync-secret"
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: "/repository/${APP}"
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
dataFrom:
- extract:
key: volsync-template
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 * * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: ${VOLSYNC_PUID:-568}
runAsGroup: ${VOLSYNC_PGID:-568}
fsGroup: ${VOLSYNC_PGID:-568}
retain:
hourly: 24
daily: 14
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: "${APP}-dst"
spec:
trigger:
manual: restore-once
restic:
repository: "${APP}-volsync-secret"
copyMethod: Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}"
moverSecurityContext:
runAsUser: ${VOLSYNC_PUID:-568}
runAsGroup: ${VOLSYNC_PGID:-568}
fsGroup: ${VOLSYNC_PGID:-568}
enableFileDeletion: true
cleanupCachePVC: true
cleanupTempPVC: true