local volsync backup from s3 --> nfs #767

Merged
jahanson merged 1 commit from volsync-s3-->nfs into main 2024-10-22 14:18:13 -05:00
9 changed files with 178 additions and 31 deletions
Showing only changes of commit 3f2c831c66 - Show all commits

View file

@ -5,3 +5,4 @@ kind: Kustomization
resources: resources:
- ./remove-cpu-limits.yaml - ./remove-cpu-limits.yaml
- ./schematic-to-pod.yaml - ./schematic-to-pod.yaml
- ./volsync-movers.yaml

View file

@ -0,0 +1,46 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: volsync-movers
annotations:
policies.kyverno.io/title: Set custom config on the Volsync mover Jobs
policies.kyverno.io/description: |
This policy sets custom configuration on the Volsync mover Jobs.
policies.kyverno.io/subject: Pod
spec:
generateExistingOnPolicyUpdate: true
rules:
- name: set-volsync-movers-custom-config
match:
any:
- resources:
kinds: ["batch/v1/Job"]
namespaces: ["default"]
selector:
matchLabels:
app.kubernetes.io/created-by: volsync
mutate:
patchStrategicMerge:
spec:
podReplacementPolicy: Failed
podFailurePolicy:
rules:
- action: FailJob
onExitCodes:
containerName: restic
operator: In
values: [11]
template:
spec:
containers:
- name: restic
volumeMounts:
- name: repository
mountPath: /repository
volumes:
- name: repository
nfs:
server: shadowfax.jahanson.tech
path: /nahar/volsync

View file

@ -1,5 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json # yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -8,30 +8,33 @@ spec:
interval: 30m interval: 30m
chart: chart:
spec: spec:
chart: volsync chart: ./helm/volsync
version: 0.10.0
sourceRef: sourceRef:
kind: HelmRepository kind: GitRepository
name: backube name: volsync
namespace: flux-system namespace: flux-system
interval: 30m install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: kyverno
namespace: kyverno
- name: snapshot-controller
namespace: volsync-system
values: values:
manageCRDs: true manageCRDs: true
metrics: metrics:
disableAuth: true disableAuth: true
image: &image
# TODO: Refactor if/when https://github.com/backube/volsync/pull/1054 gets merged repository: quay.io/backube/volsync
postRenderers: tag: release-0.11
- kustomize: rclone: *image
patches: restic: *image
- target: rsync: *image
version: v1 rsync-tls: *image
kind: Deployment syncthing: *image
name: volsync
patch: |
- op: add
path: /spec/template/metadata/labels/egress.home.arpa~1apiserver
value: allow
- op: add
path: /spec/template/metadata/labels/egress.home.arpa~1kubedns
value: allow

View file

@ -1,22 +1,22 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: &appname volsync name: &app volsync
namespace: flux-system namespace: flux-system
spec: spec:
targetNamespace: volsync-system targetNamespace: volsync-system
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *appname app.kubernetes.io/name: *app
interval: 10m dependsOn:
path: "./kubernetes/apps/volsync-system/volsync/app" - name: cluster-policies
path: ./kubernetes/apps/volsync-system/volsync/app
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
name: theshire name: theshire
dependsOn:
- name: snapshot-controller
wait: false wait: false
timeout: 2m interval: 30m
timeout: 5m

View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./volsync.yaml

View file

@ -0,0 +1,17 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: volsync
namespace: flux-system
spec:
interval: 30m
url: https://github.com/backube/volsync
ref:
branch: release-0.11
ignore: |
# exclude all
/*
# include kubernetes directory
!/helm/volsync

View file

@ -4,5 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: flux-system namespace: flux-system
resources: resources:
- ./git
- ./helm - ./helm
- ./oci - ./oci

View file

@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./claim.yaml - ./claim.yaml
- ./minio.yaml - ./nfs.yaml
- ./r2.yaml - ./r2.yaml

View file

@ -0,0 +1,73 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "${APP}-volsync"
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: "${APP}-volsync-secret"
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: "/repository/${APP}"
RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
dataFrom:
- extract:
key: volsync-template
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 * * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: ${VOLSYNC_PUID:-568}
runAsGroup: ${VOLSYNC_PGID:-568}
fsGroup: ${VOLSYNC_PGID:-568}
retain:
hourly: 24
daily: 14
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: "${APP}-dst"
spec:
trigger:
manual: restore-once
restic:
repository: "${APP}-volsync-secret"
copyMethod: Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}"
moverSecurityContext:
runAsUser: ${VOLSYNC_PUID:-568}
runAsGroup: ${VOLSYNC_PGID:-568}
fsGroup: ${VOLSYNC_PGID:-568}
enableFileDeletion: true
cleanupCachePVC: true
cleanupTempPVC: true