Templating volsync.

This commit is contained in:
Joseph Hanson 2024-01-17 15:18:22 -06:00
parent 703fd34ac0
commit d8833bd684
7 changed files with 167 additions and 7 deletions

View file

@ -136,11 +136,7 @@ spec:
persistence:
config:
enabled: true
existingClaim: qbittorrent-config
advancedMounts:
main:
main:
- path: /config
existingClaim: qbittorrent
media:
type: nfs
server: 10.1.1.30

View file

@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ../../../../templates/volsync
generatorOptions:
disableNameSuffixHash: true

View file

@ -3,13 +3,13 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &appname qbittorrent
name: &app qbittorrent
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *appname
app.kubernetes.io/name: *app
interval: 10m
path: "./kubernetes/apps/default/qbittorrent/app"
prune: true
@ -21,6 +21,13 @@ spec:
- name: local-path-provisioner
- name: volsync
- name: external-secrets-stores
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi
VOLSYNC_ACCESSMODES: ReadWriteMany
VOLSYNC_STORAGECLASS: ceph-filesystem
VOLSYNC_SNAPSHOTCLASS: csi-ceph-filesystem
# ---
# # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
# apiVersion: kustomize.toolkit.fluxcd.io/v1

View file

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "${APP}"
spec:
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
dataSourceRef:
kind: ReplicationDestination
apiGroup: volsync.backube
name: "${APP}-dst"
resources:
requests:
storage: "${VOLSYNC_CAPACITY}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"

View file

@ -0,0 +1,8 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./claim.yaml
- ./minio.yaml
- ./r2.yaml

View file

@ -0,0 +1,75 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "${APP}-volsync"
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: "${APP}-volsync-secret"
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
AWS_ACCESS_KEY_ID: "{{ .volsync_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ .volsync_secret_key }}"
dataFrom:
- extract:
key: minio
- extract:
key: volsync-minio-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 * * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
hourly: 24
daily: 7
weekly: 5
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: "${APP}-dst"
spec:
trigger:
manual: restore-once
restic:
repository: "${APP}-volsync-secret"
copyMethod: Snapshot # must be Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}"
# moverSecurityContext:
# runAsUser: 568
# runAsGroup: 568
# fsGroup: 568

View file

@ -0,0 +1,50 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "${APP}-volsync-r2"
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: "${APP}-volsync-r2-secret"
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
dataFrom:
- extract:
key: cloudflare
- extract:
key: volsync-r2-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}-r2"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 0 * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-r2-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7