Compare commits
1 commit
8d0fc88a7d
...
93c89ab364
Author | SHA1 | Date | |
---|---|---|---|
93c89ab364 |
9 changed files with 31 additions and 178 deletions
|
@ -5,4 +5,3 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./remove-cpu-limits.yaml
|
- ./remove-cpu-limits.yaml
|
||||||
- ./schematic-to-pod.yaml
|
- ./schematic-to-pod.yaml
|
||||||
- ./volsync-movers.yaml
|
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
|
|
||||||
apiVersion: kyverno.io/v1
|
|
||||||
kind: ClusterPolicy
|
|
||||||
metadata:
|
|
||||||
name: volsync-movers
|
|
||||||
annotations:
|
|
||||||
policies.kyverno.io/title: Set custom config on the Volsync mover Jobs
|
|
||||||
policies.kyverno.io/description: |
|
|
||||||
This policy sets custom configuration on the Volsync mover Jobs.
|
|
||||||
policies.kyverno.io/subject: Pod
|
|
||||||
spec:
|
|
||||||
generateExistingOnPolicyUpdate: true
|
|
||||||
rules:
|
|
||||||
- name: set-volsync-movers-custom-config
|
|
||||||
match:
|
|
||||||
any:
|
|
||||||
- resources:
|
|
||||||
kinds: ["batch/v1/Job"]
|
|
||||||
namespaces: ["default"]
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/created-by: volsync
|
|
||||||
mutate:
|
|
||||||
patchStrategicMerge:
|
|
||||||
spec:
|
|
||||||
podReplacementPolicy: Failed
|
|
||||||
podFailurePolicy:
|
|
||||||
rules:
|
|
||||||
- action: FailJob
|
|
||||||
onExitCodes:
|
|
||||||
containerName: restic
|
|
||||||
operator: In
|
|
||||||
values: [11]
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: restic
|
|
||||||
volumeMounts:
|
|
||||||
- name: repository
|
|
||||||
mountPath: /repository
|
|
||||||
volumes:
|
|
||||||
- name: repository
|
|
||||||
nfs:
|
|
||||||
server: shadowfax.jahanson.tech
|
|
||||||
path: /nahar/volsync
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -8,33 +8,30 @@ spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: ./helm/volsync
|
chart: volsync
|
||||||
|
version: 0.10.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: HelmRepository
|
||||||
name: volsync
|
name: backube
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
install:
|
interval: 30m
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
strategy: rollback
|
|
||||||
retries: 3
|
|
||||||
dependsOn:
|
|
||||||
- name: kyverno
|
|
||||||
namespace: kyverno
|
|
||||||
- name: snapshot-controller
|
|
||||||
namespace: volsync-system
|
|
||||||
values:
|
values:
|
||||||
manageCRDs: true
|
manageCRDs: true
|
||||||
metrics:
|
metrics:
|
||||||
disableAuth: true
|
disableAuth: true
|
||||||
image: &image
|
|
||||||
repository: quay.io/backube/volsync
|
# TODO: Refactor if/when https://github.com/backube/volsync/pull/1054 gets merged
|
||||||
tag: release-0.11
|
postRenderers:
|
||||||
rclone: *image
|
- kustomize:
|
||||||
restic: *image
|
patches:
|
||||||
rsync: *image
|
- target:
|
||||||
rsync-tls: *image
|
version: v1
|
||||||
syncthing: *image
|
kind: Deployment
|
||||||
|
name: volsync
|
||||||
|
patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/metadata/labels/egress.home.arpa~1apiserver
|
||||||
|
value: allow
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/metadata/labels/egress.home.arpa~1kubedns
|
||||||
|
value: allow
|
||||||
|
|
|
@ -1,22 +1,22 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: &app volsync
|
name: &appname volsync
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
targetNamespace: volsync-system
|
targetNamespace: volsync-system
|
||||||
commonMetadata:
|
commonMetadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: *app
|
app.kubernetes.io/name: *appname
|
||||||
dependsOn:
|
interval: 10m
|
||||||
- name: cluster-policies
|
path: "./kubernetes/apps/volsync-system/volsync/app"
|
||||||
path: ./kubernetes/apps/volsync-system/volsync/app
|
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: theshire
|
name: theshire
|
||||||
|
dependsOn:
|
||||||
|
- name: snapshot-controller
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
timeout: 2m
|
||||||
timeout: 5m
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./volsync.yaml
|
|
|
@ -1,17 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: GitRepository
|
|
||||||
metadata:
|
|
||||||
name: volsync
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
url: https://github.com/backube/volsync
|
|
||||||
ref:
|
|
||||||
branch: release-0.11
|
|
||||||
ignore: |
|
|
||||||
# exclude all
|
|
||||||
/*
|
|
||||||
# include kubernetes directory
|
|
||||||
!/helm/volsync
|
|
|
@ -4,6 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
resources:
|
resources:
|
||||||
- ./git
|
|
||||||
- ./helm
|
- ./helm
|
||||||
- ./oci
|
- ./oci
|
||||||
|
|
|
@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./claim.yaml
|
- ./claim.yaml
|
||||||
- ./nfs.yaml
|
- ./minio.yaml
|
||||||
- ./r2.yaml
|
- ./r2.yaml
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
|
||||||
apiVersion: external-secrets.io/v1beta1
|
|
||||||
kind: ExternalSecret
|
|
||||||
metadata:
|
|
||||||
name: "${APP}-volsync"
|
|
||||||
spec:
|
|
||||||
secretStoreRef:
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
name: onepassword-connect
|
|
||||||
target:
|
|
||||||
name: "${APP}-volsync-secret"
|
|
||||||
template:
|
|
||||||
engineVersion: v2
|
|
||||||
data:
|
|
||||||
RESTIC_REPOSITORY: "/repository/${APP}"
|
|
||||||
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
|
|
||||||
dataFrom:
|
|
||||||
- extract:
|
|
||||||
key: volsync-template
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationSource
|
|
||||||
metadata:
|
|
||||||
name: "${APP}"
|
|
||||||
spec:
|
|
||||||
sourcePVC: "${APP}"
|
|
||||||
trigger:
|
|
||||||
schedule: "0 * * * *"
|
|
||||||
restic:
|
|
||||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
|
||||||
pruneIntervalDays: 7
|
|
||||||
repository: "${APP}-volsync-secret"
|
|
||||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
|
||||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
|
||||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
|
||||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
moverSecurityContext:
|
|
||||||
runAsUser: ${VOLSYNC_PUID:-568}
|
|
||||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
|
||||||
fsGroup: ${VOLSYNC_PGID:-568}
|
|
||||||
retain:
|
|
||||||
hourly: 24
|
|
||||||
daily: 14
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationDestination
|
|
||||||
metadata:
|
|
||||||
name: "${APP}-dst"
|
|
||||||
spec:
|
|
||||||
trigger:
|
|
||||||
manual: restore-once
|
|
||||||
restic:
|
|
||||||
repository: "${APP}-volsync-secret"
|
|
||||||
copyMethod: Snapshot
|
|
||||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
|
||||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
|
||||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
capacity: "${VOLSYNC_CAPACITY}"
|
|
||||||
moverSecurityContext:
|
|
||||||
runAsUser: ${VOLSYNC_PUID:-568}
|
|
||||||
runAsGroup: ${VOLSYNC_PGID:-568}
|
|
||||||
fsGroup: ${VOLSYNC_PGID:-568}
|
|
||||||
enableFileDeletion: true
|
|
||||||
cleanupCachePVC: true
|
|
||||||
cleanupTempPVC: true
|
|
Loading…
Reference in a new issue