Compare commits
2 commits
f87492fb84
...
f4ec9777a5
Author | SHA1 | Date | |
---|---|---|---|
f4ec9777a5 | |||
3f2c831c66 |
9 changed files with 178 additions and 31 deletions
|
@ -5,3 +5,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./remove-cpu-limits.yaml
|
- ./remove-cpu-limits.yaml
|
||||||
- ./schematic-to-pod.yaml
|
- ./schematic-to-pod.yaml
|
||||||
|
- ./volsync-movers.yaml
|
||||||
|
|
46
kubernetes/apps/kyverno/kyverno/policies/volsync-movers.yaml
Normal file
46
kubernetes/apps/kyverno/kyverno/policies/volsync-movers.yaml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
|
||||||
|
apiVersion: kyverno.io/v1
|
||||||
|
kind: ClusterPolicy
|
||||||
|
metadata:
|
||||||
|
name: volsync-movers
|
||||||
|
annotations:
|
||||||
|
policies.kyverno.io/title: Set custom config on the Volsync mover Jobs
|
||||||
|
policies.kyverno.io/description: |
|
||||||
|
This policy sets custom configuration on the Volsync mover Jobs.
|
||||||
|
policies.kyverno.io/subject: Pod
|
||||||
|
spec:
|
||||||
|
generateExistingOnPolicyUpdate: true
|
||||||
|
rules:
|
||||||
|
- name: set-volsync-movers-custom-config
|
||||||
|
match:
|
||||||
|
any:
|
||||||
|
- resources:
|
||||||
|
kinds: ["batch/v1/Job"]
|
||||||
|
namespaces: ["default"]
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/created-by: volsync
|
||||||
|
mutate:
|
||||||
|
patchStrategicMerge:
|
||||||
|
spec:
|
||||||
|
podReplacementPolicy: Failed
|
||||||
|
podFailurePolicy:
|
||||||
|
rules:
|
||||||
|
- action: FailJob
|
||||||
|
onExitCodes:
|
||||||
|
containerName: restic
|
||||||
|
operator: In
|
||||||
|
values: [11]
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: restic
|
||||||
|
volumeMounts:
|
||||||
|
- name: repository
|
||||||
|
mountPath: /repository
|
||||||
|
volumes:
|
||||||
|
- name: repository
|
||||||
|
nfs:
|
||||||
|
server: shadowfax.jahanson.tech
|
||||||
|
path: /nahar/volsync
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -8,30 +8,33 @@ spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: volsync
|
chart: ./helm/volsync
|
||||||
version: 0.10.0
|
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: GitRepository
|
||||||
name: backube
|
name: volsync
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 30m
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
strategy: rollback
|
||||||
|
retries: 3
|
||||||
|
dependsOn:
|
||||||
|
- name: kyverno
|
||||||
|
namespace: kyverno
|
||||||
|
- name: snapshot-controller
|
||||||
|
namespace: volsync-system
|
||||||
values:
|
values:
|
||||||
manageCRDs: true
|
manageCRDs: true
|
||||||
metrics:
|
metrics:
|
||||||
disableAuth: true
|
disableAuth: true
|
||||||
|
image: &image
|
||||||
# TODO: Refactor if/when https://github.com/backube/volsync/pull/1054 gets merged
|
repository: quay.io/backube/volsync
|
||||||
postRenderers:
|
tag: release-0.11
|
||||||
- kustomize:
|
rclone: *image
|
||||||
patches:
|
restic: *image
|
||||||
- target:
|
rsync: *image
|
||||||
version: v1
|
rsync-tls: *image
|
||||||
kind: Deployment
|
syncthing: *image
|
||||||
name: volsync
|
|
||||||
patch: |
|
|
||||||
- op: add
|
|
||||||
path: /spec/template/metadata/labels/egress.home.arpa~1apiserver
|
|
||||||
value: allow
|
|
||||||
- op: add
|
|
||||||
path: /spec/template/metadata/labels/egress.home.arpa~1kubedns
|
|
||||||
value: allow
|
|
||||||
|
|
|
@ -1,22 +1,22 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: &appname volsync
|
name: &app volsync
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
targetNamespace: volsync-system
|
targetNamespace: volsync-system
|
||||||
commonMetadata:
|
commonMetadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: *appname
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
dependsOn:
|
||||||
path: "./kubernetes/apps/volsync-system/volsync/app"
|
- name: cluster-policies
|
||||||
|
path: ./kubernetes/apps/volsync-system/volsync/app
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: theshire
|
name: theshire
|
||||||
dependsOn:
|
|
||||||
- name: snapshot-controller
|
|
||||||
wait: false
|
wait: false
|
||||||
timeout: 2m
|
interval: 30m
|
||||||
|
timeout: 5m
|
||||||
|
|
6
kubernetes/flux/repositories/git/kustomization.yaml
Normal file
6
kubernetes/flux/repositories/git/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./volsync.yaml
|
17
kubernetes/flux/repositories/git/volsync.yaml
Normal file
17
kubernetes/flux/repositories/git/volsync.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: volsync
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://github.com/backube/volsync
|
||||||
|
ref:
|
||||||
|
branch: release-0.11
|
||||||
|
ignore: |
|
||||||
|
# exclude all
|
||||||
|
/*
|
||||||
|
# include kubernetes directory
|
||||||
|
!/helm/volsync
|
|
@ -4,5 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
resources:
|
resources:
|
||||||
|
- ./git
|
||||||
- ./helm
|
- ./helm
|
||||||
- ./oci
|
- ./oci
|
||||||
|
|
|
@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./claim.yaml
|
- ./claim.yaml
|
||||||
- ./minio.yaml
|
- ./nfs.yaml
|
||||||
- ./r2.yaml
|
- ./r2.yaml
|
||||||
|
|
73
kubernetes/templates/volsync/nfs.yaml
Normal file
73
kubernetes/templates/volsync/nfs.yaml
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: "${APP}-volsync"
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: onepassword-connect
|
||||||
|
target:
|
||||||
|
name: "${APP}-volsync-secret"
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
RESTIC_REPOSITORY: "/repository/${APP}"
|
||||||
|
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
|
||||||
|
dataFrom:
|
||||||
|
- extract:
|
||||||
|
key: volsync-template
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
|
||||||
|
apiVersion: volsync.backube/v1alpha1
|
||||||
|
kind: ReplicationSource
|
||||||
|
metadata:
|
||||||
|
name: "${APP}"
|
||||||
|
spec:
|
||||||
|
sourcePVC: "${APP}"
|
||||||
|
trigger:
|
||||||
|
schedule: "0 * * * *"
|
||||||
|
restic:
|
||||||
|
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
||||||
|
pruneIntervalDays: 7
|
||||||
|
repository: "${APP}-volsync-secret"
|
||||||
|
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||||
|
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||||
|
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||||
|
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||||
|
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||||
|
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||||
|
moverSecurityContext:
|
||||||
|
runAsUser: ${VOLSYNC_PUID:-568}
|
||||||
|
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||||
|
fsGroup: ${VOLSYNC_PGID:-568}
|
||||||
|
retain:
|
||||||
|
hourly: 24
|
||||||
|
daily: 14
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
|
||||||
|
apiVersion: volsync.backube/v1alpha1
|
||||||
|
kind: ReplicationDestination
|
||||||
|
metadata:
|
||||||
|
name: "${APP}-dst"
|
||||||
|
spec:
|
||||||
|
trigger:
|
||||||
|
manual: restore-once
|
||||||
|
restic:
|
||||||
|
repository: "${APP}-volsync-secret"
|
||||||
|
copyMethod: Snapshot
|
||||||
|
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||||
|
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||||
|
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||||
|
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||||
|
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||||
|
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||||
|
capacity: "${VOLSYNC_CAPACITY}"
|
||||||
|
moverSecurityContext:
|
||||||
|
runAsUser: ${VOLSYNC_PUID:-568}
|
||||||
|
runAsGroup: ${VOLSYNC_PGID:-568}
|
||||||
|
fsGroup: ${VOLSYNC_PGID:-568}
|
||||||
|
enableFileDeletion: true
|
||||||
|
cleanupCachePVC: true
|
||||||
|
cleanupTempPVC: true
|
Loading…
Reference in a new issue