diff --git a/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml index dabe41da..45d57e5b 100644 --- a/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml +++ b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml @@ -136,11 +136,7 @@ spec: persistence: config: enabled: true - existingClaim: qbittorrent-config - advancedMounts: - main: - main: - - path: /config + existingClaim: qbittorrent media: type: nfs server: 10.1.1.30 diff --git a/kubernetes/apps/default/qbittorrent/app/kustomization.yaml b/kubernetes/apps/default/qbittorrent/app/kustomization.yaml new file mode 100644 index 00000000..1e256ecb --- /dev/null +++ b/kubernetes/apps/default/qbittorrent/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ../../../../templates/volsync +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/default/qbittorrent/ks.yaml b/kubernetes/apps/default/qbittorrent/ks.yaml index e85ab334..34382e89 100644 --- a/kubernetes/apps/default/qbittorrent/ks.yaml +++ b/kubernetes/apps/default/qbittorrent/ks.yaml @@ -3,13 +3,13 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &appname qbittorrent + name: &app qbittorrent namespace: flux-system spec: targetNamespace: default commonMetadata: labels: - app.kubernetes.io/name: *appname + app.kubernetes.io/name: *app interval: 10m path: "./kubernetes/apps/default/qbittorrent/app" prune: true @@ -21,6 +21,13 @@ spec: - name: local-path-provisioner - name: volsync - name: external-secrets-stores + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 2Gi + VOLSYNC_ACCESSMODES: ReadWriteMany + VOLSYNC_STORAGECLASS: ceph-filesystem + VOLSYNC_SNAPSHOTCLASS: csi-ceph-filesystem # --- # # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json # apiVersion: kustomize.toolkit.fluxcd.io/v1 diff --git a/kubernetes/templates/volsync/claim.yaml b/kubernetes/templates/volsync/claim.yaml new file mode 100644 index 00000000..1f2d9e16 --- /dev/null +++ b/kubernetes/templates/volsync/claim.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "${APP}" +spec: + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: "${APP}-dst" + resources: + requests: + storage: "${VOLSYNC_CAPACITY}" + storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" diff --git a/kubernetes/templates/volsync/kustomization.yaml b/kubernetes/templates/volsync/kustomization.yaml new file mode 100644 index 00000000..12ef510f --- /dev/null +++ b/kubernetes/templates/volsync/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./claim.yaml + - ./minio.yaml + - ./r2.yaml diff --git a/kubernetes/templates/volsync/minio.yaml b/kubernetes/templates/volsync/minio.yaml new file mode 100644 index 00000000..813ad75d --- /dev/null +++ b/kubernetes/templates/volsync/minio.yaml @@ -0,0 +1,75 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "${APP}-volsync" +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: "${APP}-volsync-secret" + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}" + RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" + AWS_ACCESS_KEY_ID: "{{ .volsync_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ .volsync_secret_key }}" + dataFrom: + - extract: + key: minio + - extract: + key: volsync-minio-template +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: "${APP}" +spec: + sourcePVC: "${APP}" + trigger: + schedule: "0 * * * *" + restic: + copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}" + pruneIntervalDays: 7 + repository: "${APP}-volsync-secret" + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + retain: + hourly: 24 + daily: 7 + weekly: 5 +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: "${APP}-dst" +spec: + trigger: + manual: restore-once + restic: + repository: "${APP}-volsync-secret" + copyMethod: Snapshot # must be Snapshot + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" + storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + capacity: "${VOLSYNC_CAPACITY}" + # moverSecurityContext: + # runAsUser: 568 + # runAsGroup: 568 + # fsGroup: 568 diff --git a/kubernetes/templates/volsync/r2.yaml b/kubernetes/templates/volsync/r2.yaml new file mode 100644 index 00000000..3d12e32f --- /dev/null +++ b/kubernetes/templates/volsync/r2.yaml @@ -0,0 +1,50 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "${APP}-volsync-r2" +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: "${APP}-volsync-r2-secret" + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}" + RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" + AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" + AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" + dataFrom: + - extract: + key: cloudflare + - extract: + key: volsync-r2-template +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: "${APP}-r2" +spec: + sourcePVC: "${APP}" + trigger: + schedule: "0 0 * * *" + restic: + copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}" + pruneIntervalDays: 7 + repository: "${APP}-volsync-r2-secret" + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + retain: + daily: 7