local volsync backup from s3 --> nfs
This commit is contained in:
parent
f87492fb84
commit
3f2c831c66
9 changed files with 178 additions and 31 deletions
|
@ -5,3 +5,4 @@ kind: Kustomization
|
|||
resources:
|
||||
- ./remove-cpu-limits.yaml
|
||||
- ./schematic-to-pod.yaml
|
||||
- ./volsync-movers.yaml
|
||||
|
|
46
kubernetes/apps/kyverno/kyverno/policies/volsync-movers.yaml
Normal file
46
kubernetes/apps/kyverno/kyverno/policies/volsync-movers.yaml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: volsync-movers
|
||||
annotations:
|
||||
policies.kyverno.io/title: Set custom config on the Volsync mover Jobs
|
||||
policies.kyverno.io/description: |
|
||||
This policy sets custom configuration on the Volsync mover Jobs.
|
||||
policies.kyverno.io/subject: Pod
|
||||
spec:
|
||||
generateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: set-volsync-movers-custom-config
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds: ["batch/v1/Job"]
|
||||
namespaces: ["default"]
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/created-by: volsync
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
spec:
|
||||
podReplacementPolicy: Failed
|
||||
podFailurePolicy:
|
||||
rules:
|
||||
- action: FailJob
|
||||
onExitCodes:
|
||||
containerName: restic
|
||||
operator: In
|
||||
values: [11]
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: restic
|
||||
volumeMounts:
|
||||
- name: repository
|
||||
mountPath: /repository
|
||||
volumes:
|
||||
- name: repository
|
||||
nfs:
|
||||
server: shadowfax.jahanson.tech
|
||||
path: /nahar/volsync
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
|
@ -8,30 +8,33 @@ spec:
|
|||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: volsync
|
||||
version: 0.10.0
|
||||
chart: ./helm/volsync
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: backube
|
||||
kind: GitRepository
|
||||
name: volsync
|
||||
namespace: flux-system
|
||||
interval: 30m
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
dependsOn:
|
||||
- name: kyverno
|
||||
namespace: kyverno
|
||||
- name: snapshot-controller
|
||||
namespace: volsync-system
|
||||
values:
|
||||
manageCRDs: true
|
||||
metrics:
|
||||
disableAuth: true
|
||||
|
||||
# TODO: Refactor if/when https://github.com/backube/volsync/pull/1054 gets merged
|
||||
postRenderers:
|
||||
- kustomize:
|
||||
patches:
|
||||
- target:
|
||||
version: v1
|
||||
kind: Deployment
|
||||
name: volsync
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/metadata/labels/egress.home.arpa~1apiserver
|
||||
value: allow
|
||||
- op: add
|
||||
path: /spec/template/metadata/labels/egress.home.arpa~1kubedns
|
||||
value: allow
|
||||
image: &image
|
||||
repository: quay.io/backube/volsync
|
||||
tag: release-0.11
|
||||
rclone: *image
|
||||
restic: *image
|
||||
rsync: *image
|
||||
rsync-tls: *image
|
||||
syncthing: *image
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &appname volsync
|
||||
name: &app volsync
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: volsync-system
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *appname
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/volsync-system/volsync/app"
|
||||
app.kubernetes.io/name: *app
|
||||
dependsOn:
|
||||
- name: cluster-policies
|
||||
path: ./kubernetes/apps/volsync-system/volsync/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: theshire
|
||||
dependsOn:
|
||||
- name: snapshot-controller
|
||||
wait: false
|
||||
timeout: 2m
|
||||
interval: 30m
|
||||
timeout: 5m
|
||||
|
|
6
kubernetes/flux/repositories/git/kustomization.yaml
Normal file
6
kubernetes/flux/repositories/git/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./volsync.yaml
|
17
kubernetes/flux/repositories/git/volsync.yaml
Normal file
17
kubernetes/flux/repositories/git/volsync.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: volsync
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://github.com/backube/volsync
|
||||
ref:
|
||||
branch: release-0.11
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# include kubernetes directory
|
||||
!/helm/volsync
|
|
@ -4,5 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
namespace: flux-system
|
||||
resources:
|
||||
- ./git
|
||||
- ./helm
|
||||
- ./oci
|
||||
|
|
|
@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ./claim.yaml
|
||||
- ./minio.yaml
|
||||
- ./nfs.yaml
|
||||
- ./r2.yaml
|
||||
|
|
73
kubernetes/templates/volsync/nfs.yaml
Normal file
73
kubernetes/templates/volsync/nfs.yaml
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: "${APP}-volsync"
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: "${APP}-volsync-secret"
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "/repository/${APP}"
|
||||
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: volsync-template
|
||||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: "${APP}"
|
||||
spec:
|
||||
sourcePVC: "${APP}"
|
||||
trigger:
|
||||
schedule: "0 * * * *"
|
||||
restic:
|
||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
||||
pruneIntervalDays: 7
|
||||
repository: "${APP}-volsync-secret"
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
moverSecurityContext:
|
||||
runAsUser: ${VOLSYNC_PUID:-568}
|
||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||
fsGroup: ${VOLSYNC_PGID:-568}
|
||||
retain:
|
||||
hourly: 24
|
||||
daily: 14
|
||||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationDestination
|
||||
metadata:
|
||||
name: "${APP}-dst"
|
||||
spec:
|
||||
trigger:
|
||||
manual: restore-once
|
||||
restic:
|
||||
repository: "${APP}-volsync-secret"
|
||||
copyMethod: Snapshot
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
capacity: "${VOLSYNC_CAPACITY}"
|
||||
moverSecurityContext:
|
||||
runAsUser: ${VOLSYNC_PUID:-568}
|
||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||
fsGroup: ${VOLSYNC_PGID:-568}
|
||||
enableFileDeletion: true
|
||||
cleanupCachePVC: true
|
||||
cleanupTempPVC: true
|
Reference in a new issue