---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "${APP}-volsync"
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: "${APP}-volsync-secret"
    template:
      engineVersion: v2
      data:
        RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
        AWS_ACCESS_KEY_ID: "{{ .volsync_access_key }}"
        AWS_SECRET_ACCESS_KEY: "{{ .volsync_secret_key }}"
  dataFrom:
    - extract:
        key: minio
    - extract:
        key: volsync-minio-template
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
  name: "${APP}"
spec:
  sourcePVC: "${APP}"
  trigger:
    schedule: "0 * * * *"
  restic:
    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
    pruneIntervalDays: 7
    repository: "${APP}-volsync-secret"
    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
    storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
    moverSecurityContext:
      runAsUser: ${APP_UID:-568}
      runAsGroup: ${APP_GID:-568}
      fsGroup: ${APP_GID:-568}
    retain:
      hourly: 24
      daily: 7
      weekly: 5
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
  name: "${APP}-dst"
spec:
  trigger:
    manual: restore-once
  restic:
    repository: "${APP}-volsync-secret"
    copyMethod: Snapshot # must be Snapshot
    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
    storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
    capacity: "${VOLSYNC_CAPACITY}"
    moverSecurityContext:
      runAsUser: ${APP_UID:-568}
      runAsGroup: ${APP_GID:-568}
      fsGroup: ${APP_GID:-568}