feat(kyverno): volsync policy

.taskfiles/volsync/Taskfile.yaml

@@ -89,20 +89,20 @@ tasks:
       ns: Namespace the PVC is in (default: default)
       app: Application to snapshot (required)
     cmds:
+      - kubectl patch clusterpolicy volsync --type merge -p '{"spec":{"useServerSideApply":true}}'
       - kubectl -n {{.ns}} patch replicationsources {{.app}} --type merge -p '{"spec":{"trigger":{"manual":"{{.now}}"}}}'
       - bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}}
       - kubectl -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=120m
+      - kubectl -n {{.ns}} patch replicationsources {{.app}} --type merge -p '{"spec":{"trigger":{"manual":null}}}'
+      - kubectl patch clusterpolicy volsync --type merge -p '{"spec":{"useServerSideApply":null}}'
     env: *env-vars
     requires:
       vars: ["app"]
     vars:
       now: '{{now | date "150405"}}'
       ns: '{{.ns | default "default"}}'
       job: volsync-src-{{.app}}
-      controller:
-        sh: true && {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh {{.app}} {{.ns}}
     preconditions:
-      - test -f {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh
       - test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh
       - kubectl -n {{.ns}} get replicationsources {{.app}}
 

kubernetes/apps/home/home-assistant/app/kustomization.yaml

@@ -4,4 +4,4 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
-  - ./volsync.yaml
+  - ./pvc.yaml

kubernetes/apps/home/home-assistant/app/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant
+  annotations:
+    volsync.io/enabled: "true"
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: ceph-block

kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml

@@ -4,7 +4,7 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
-  - ./volsync.yaml
+  - ./pvc.yaml
 configMapGenerator:
   - name: zigbee2mqtt-loki-rules
     files:

kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: zigbee2mqtt
+  annotations:
+    volsync.io/enabled: "true"
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ceph-block

kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml

@@ -31,31 +31,30 @@ spec:
       rbac:
         clusterRole:
           extraResources:
-            - apiGroups:
-                - ""
-              resources:
-                - pods
-              verbs:
-                - create
-                - update
-                - delete
+            - apiGroups: [""]
+              resources: ["pods"]
+              verbs: ["create", "update", "delete"]
+            - apiGroups: ["external-secrets.io"]
+              resources: ["externalsecrets"]
+              verbs: ["create", "update", "patch", "delete", "get", "list"]
+            - apiGroups: ["volsync.backube"]
+              resources: ["replicationsources", "replicationdestinations"]
+              verbs: ["create", "update", "patch", "delete", "get", "list"]
       serviceMonitor:
         enabled: true
     backgroundController:
       rbac:
         clusterRole:
           extraResources:
-            - apiGroups:
-                - ""
-              resources:
-                - pods
-              verbs:
-                - create
-                - update
-                - patch
-                - delete
-                - get
-                - list
+            - apiGroups: [""]
+              resources: ["pods"]
+              verbs: ["create", "update", "patch", "delete", "get", "list"]
+            - apiGroups: ["external-secrets.io"]
+              resources: ["externalsecrets"]
+              verbs: ["create", "update", "patch", "delete", "get", "list"]
+            - apiGroups: ["volsync.backube"]
+              resources: ["replicationsources", "replicationdestinations"]
+              verbs: ["create", "update", "patch", "delete", "get", "list"]
       resources:
         requests:
           cpu: 100m

kubernetes/apps/kyverno/kyverno/policies/gatus.yaml

@@ -13,7 +13,6 @@ metadata:
       all Ingresses with the ingressClassName set to external.
     pod-policies.kyverno.io/autogen-controllers: none
 spec:
-  generateExisting: true
   rules:
     - name: *name
       match:
@@ -36,21 +35,22 @@ spec:
       context:
         - name: GATUS_HOST
           variable:
-            value: '{{ request.object.metadata.annotations."gatus.io/host" || request.object.spec.rules[0].host }}'
+            value: "{{ request.object.metadata.annotations.\"gatus.io/host\" || request.object.spec.rules[0].host }}"
             jmesPath: "to_string(@)"
         - name: GATUS_NAME
           variable:
-            value: '{{ request.object.metadata.annotations."gatus.io/name" || request.object.metadata.name }}'
+            value: "{{ request.object.metadata.annotations.\"gatus.io/name\" || request.object.metadata.name }}"
             jmesPath: "to_string(@)"
         - name: GATUS_PATH
           variable:
-            value: '{{ request.object.metadata.annotations."gatus.io/path" || request.object.spec.rules[0].http.paths[0].path }}'
+            value: "{{ request.object.metadata.annotations.\"gatus.io/path\" || request.object.spec.rules[0].http.paths[0].path }}"
             jmesPath: "to_string(@)"
         - name: GATUS_STATUS_CODE
           variable:
-            value: '{{ request.object.metadata.annotations."gatus.io/status-code" || `200` }}'
+            value: "{{ request.object.metadata.annotations.\"gatus.io/status-code\" || '200' }}"
             jmesPath: "to_string(@)"
       generate:
+        generateExisting: true
         apiVersion: v1
         kind: ConfigMap
         name: "{{ request.object.metadata.name }}-gatus-ep"

kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - ./gatus.yaml
   - ./limits.yaml
   - ./ndots.yaml
+  - ./volsync.yaml