From 6dc85a20d4ba1d6641abd5a6dc51fd577b7b0cb2 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Thu, 2 Jan 2025 13:54:53 -0600 Subject: [PATCH] feat(kyverno): volsync policy --- .taskfiles/volsync/Taskfile.yaml | 6 +- .../home-assistant/app/kustomization.yaml | 2 +- .../apps/home/home-assistant/app/pvc.yaml | 13 ++ .../apps/home/home-assistant/app/volsync.yaml | 86 ------------ .../home/zigbee2mqtt/app/kustomization.yaml | 2 +- kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml | 13 ++ .../apps/home/zigbee2mqtt/app/volsync.yaml | 86 ------------ .../apps/kyverno/kyverno/app/helmrelease.yaml | 37 +++-- .../apps/kyverno/kyverno/policies/gatus.yaml | 10 +- .../kyverno/policies/kustomization.yaml | 1 + .../kyverno/kyverno/policies/volsync.yaml | 129 ++++++++++++++++++ .../apps/media/bazarr/app/kustomization.yaml | 2 +- kubernetes/apps/media/bazarr/app/pvc.yaml | 13 ++ kubernetes/apps/media/bazarr/app/volsync.yaml | 86 ------------ .../media/overseerr/app/kustomization.yaml | 1 - kubernetes/apps/media/overseerr/app/pvc.yaml | 13 ++ .../apps/media/overseerr/app/volsync.yaml | 86 ------------ .../apps/media/plex/app/kustomization.yaml | 1 - kubernetes/apps/media/plex/app/pvc.yaml | 13 ++ kubernetes/apps/media/plex/app/volsync.yaml | 86 ------------ .../media/qbittorrent/app/kustomization.yaml | 2 +- .../apps/media/qbittorrent/app/pvc.yaml | 13 ++ .../apps/media/qbittorrent/app/volsync.yaml | 86 ------------ .../media/recyclarr/app/kustomization.yaml | 2 +- kubernetes/apps/media/recyclarr/app/pvc.yaml | 13 ++ .../apps/media/recyclarr/app/volsync.yaml | 86 ------------ .../apps/media/sabnzbd/app/kustomization.yaml | 2 +- kubernetes/apps/media/sabnzbd/app/pvc.yaml | 13 ++ .../apps/media/sabnzbd/app/volsync.yaml | 86 ------------ .../media/tautulli/app/kustomization.yaml | 1 - kubernetes/apps/media/tautulli/app/pvc.yaml | 13 ++ .../apps/media/tautulli/app/volsync.yaml | 86 ------------ .../apps/volsync-system/volsync/ks.yaml | 1 + 33 files changed, 280 insertions(+), 810 deletions(-) create mode 100644 kubernetes/apps/home/home-assistant/app/pvc.yaml delete mode 100644 kubernetes/apps/home/home-assistant/app/volsync.yaml create mode 100644 kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml delete mode 100644 kubernetes/apps/home/zigbee2mqtt/app/volsync.yaml create mode 100644 kubernetes/apps/kyverno/kyverno/policies/volsync.yaml create mode 100644 kubernetes/apps/media/bazarr/app/pvc.yaml delete mode 100644 kubernetes/apps/media/bazarr/app/volsync.yaml delete mode 100644 kubernetes/apps/media/overseerr/app/volsync.yaml delete mode 100644 kubernetes/apps/media/plex/app/volsync.yaml create mode 100644 kubernetes/apps/media/qbittorrent/app/pvc.yaml delete mode 100644 kubernetes/apps/media/qbittorrent/app/volsync.yaml create mode 100644 kubernetes/apps/media/recyclarr/app/pvc.yaml delete mode 100644 kubernetes/apps/media/recyclarr/app/volsync.yaml create mode 100644 kubernetes/apps/media/sabnzbd/app/pvc.yaml delete mode 100644 kubernetes/apps/media/sabnzbd/app/volsync.yaml delete mode 100644 kubernetes/apps/media/tautulli/app/volsync.yaml diff --git a/.taskfiles/volsync/Taskfile.yaml b/.taskfiles/volsync/Taskfile.yaml index ad051acd7e..5ce22ebd96 100644 --- a/.taskfiles/volsync/Taskfile.yaml +++ b/.taskfiles/volsync/Taskfile.yaml @@ -89,9 +89,12 @@ tasks: ns: Namespace the PVC is in (default: default) app: Application to snapshot (required) cmds: + - kubectl patch clusterpolicy volsync --type merge -p '{"spec":{"useServerSideApply":true}}' - kubectl -n {{.ns}} patch replicationsources {{.app}} --type merge -p '{"spec":{"trigger":{"manual":"{{.now}}"}}}' - bash {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh {{.job}} {{.ns}} - kubectl -n {{.ns}} wait job/{{.job}} --for condition=complete --timeout=120m + - kubectl -n {{.ns}} patch replicationsources {{.app}} --type merge -p '{"spec":{"trigger":{"manual":null}}}' + - kubectl patch clusterpolicy volsync --type merge -p '{"spec":{"useServerSideApply":null}}' env: *env-vars requires: vars: ["app"] @@ -99,10 +102,7 @@ tasks: now: '{{now | date "150405"}}' ns: '{{.ns | default "default"}}' job: volsync-src-{{.app}} - controller: - sh: true && {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh {{.app}} {{.ns}} preconditions: - - test -f {{.VOLSYNC_RESOURCES_DIR}}/which-controller.sh - test -f {{.VOLSYNC_RESOURCES_DIR}}/wait-for-job.sh - kubectl -n {{.ns}} get replicationsources {{.app}} diff --git a/kubernetes/apps/home/home-assistant/app/kustomization.yaml b/kubernetes/apps/home/home-assistant/app/kustomization.yaml index 7df2f9e464..bad014b1eb 100644 --- a/kubernetes/apps/home/home-assistant/app/kustomization.yaml +++ b/kubernetes/apps/home/home-assistant/app/kustomization.yaml @@ -4,4 +4,4 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml diff --git a/kubernetes/apps/home/home-assistant/app/pvc.yaml b/kubernetes/apps/home/home-assistant/app/pvc.yaml new file mode 100644 index 0000000000..374e046ca2 --- /dev/null +++ b/kubernetes/apps/home/home-assistant/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/home/home-assistant/app/volsync.yaml b/kubernetes/apps/home/home-assistant/app/volsync.yaml deleted file mode 100644 index 065f25714c..0000000000 --- a/kubernetes/apps/home/home-assistant/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: home-assistant-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: home-assistant-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/home-assistant" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: home-assistant -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: home-assistant - resources: - requests: - storage: 5Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: home-assistant -spec: - trigger: - manual: restore-once - restic: - repository: home-assistant-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 5Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: home-assistant -spec: - sourcePVC: home-assistant - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: home-assistant-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml b/kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml index 016c51ad6d..c0bda12381 100644 --- a/kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml +++ b/kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml configMapGenerator: - name: zigbee2mqtt-loki-rules files: diff --git a/kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml b/kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml new file mode 100644 index 0000000000..a3490ec42e --- /dev/null +++ b/kubernetes/apps/home/zigbee2mqtt/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: zigbee2mqtt + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/home/zigbee2mqtt/app/volsync.yaml b/kubernetes/apps/home/zigbee2mqtt/app/volsync.yaml deleted file mode 100644 index 164d763a41..0000000000 --- a/kubernetes/apps/home/zigbee2mqtt/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: zigbee2mqtt-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: zigbee2mqtt-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/zigbee2mqtt" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: zigbee2mqtt -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: zigbee2mqtt - resources: - requests: - storage: 1Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: zigbee2mqtt -spec: - trigger: - manual: restore-once - restic: - repository: zigbee2mqtt-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 1Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: zigbee2mqtt -spec: - sourcePVC: zigbee2mqtt - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: zigbee2mqtt-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml index 91aa568710..b434479c8d 100644 --- a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml +++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml @@ -31,31 +31,30 @@ spec: rbac: clusterRole: extraResources: - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - update - - delete + - apiGroups: [""] + resources: ["pods"] + verbs: ["create", "update", "delete"] + - apiGroups: ["external-secrets.io"] + resources: ["externalsecrets"] + verbs: ["create", "update", "patch", "delete", "get", "list"] + - apiGroups: ["volsync.backube"] + resources: ["replicationsources", "replicationdestinations"] + verbs: ["create", "update", "patch", "delete", "get", "list"] serviceMonitor: enabled: true backgroundController: rbac: clusterRole: extraResources: - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - update - - patch - - delete - - get - - list + - apiGroups: [""] + resources: ["pods"] + verbs: ["create", "update", "patch", "delete", "get", "list"] + - apiGroups: ["external-secrets.io"] + resources: ["externalsecrets"] + verbs: ["create", "update", "patch", "delete", "get", "list"] + - apiGroups: ["volsync.backube"] + resources: ["replicationsources", "replicationdestinations"] + verbs: ["create", "update", "patch", "delete", "get", "list"] resources: requests: cpu: 100m diff --git a/kubernetes/apps/kyverno/kyverno/policies/gatus.yaml b/kubernetes/apps/kyverno/kyverno/policies/gatus.yaml index b54aa6c7c6..9494348466 100644 --- a/kubernetes/apps/kyverno/kyverno/policies/gatus.yaml +++ b/kubernetes/apps/kyverno/kyverno/policies/gatus.yaml @@ -13,7 +13,6 @@ metadata: all Ingresses with the ingressClassName set to external. pod-policies.kyverno.io/autogen-controllers: none spec: - generateExisting: true rules: - name: *name match: @@ -36,21 +35,22 @@ spec: context: - name: GATUS_HOST variable: - value: '{{ request.object.metadata.annotations."gatus.io/host" || request.object.spec.rules[0].host }}' + value: "{{ request.object.metadata.annotations.\"gatus.io/host\" || request.object.spec.rules[0].host }}" jmesPath: "to_string(@)" - name: GATUS_NAME variable: - value: '{{ request.object.metadata.annotations."gatus.io/name" || request.object.metadata.name }}' + value: "{{ request.object.metadata.annotations.\"gatus.io/name\" || request.object.metadata.name }}" jmesPath: "to_string(@)" - name: GATUS_PATH variable: - value: '{{ request.object.metadata.annotations."gatus.io/path" || request.object.spec.rules[0].http.paths[0].path }}' + value: "{{ request.object.metadata.annotations.\"gatus.io/path\" || request.object.spec.rules[0].http.paths[0].path }}" jmesPath: "to_string(@)" - name: GATUS_STATUS_CODE variable: - value: '{{ request.object.metadata.annotations."gatus.io/status-code" || `200` }}' + value: "{{ request.object.metadata.annotations.\"gatus.io/status-code\" || '200' }}" jmesPath: "to_string(@)" generate: + generateExisting: true apiVersion: v1 kind: ConfigMap name: "{{ request.object.metadata.name }}-gatus-ep" diff --git a/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml b/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml index 15d774b918..a5a86b1c94 100644 --- a/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml +++ b/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml @@ -5,3 +5,4 @@ resources: - ./gatus.yaml - ./limits.yaml - ./ndots.yaml + - ./volsync.yaml diff --git a/kubernetes/apps/kyverno/kyverno/policies/volsync.yaml b/kubernetes/apps/kyverno/kyverno/policies/volsync.yaml new file mode 100644 index 0000000000..617592eb01 --- /dev/null +++ b/kubernetes/apps/kyverno/kyverno/policies/volsync.yaml @@ -0,0 +1,129 @@ +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: volsync + annotations: + policies.kyverno.io/title: Volume Synchronization + policies.kyverno.io/category: Storage + policies.kyverno.io/severity: low + policies.kyverno.io/subject: Pod + policies.kyverno.io/description: >- + This policy will automatically synchronize volumes for all Pods with + the volumeSynchronization set to true. + pod-policies.kyverno.io/autogen-controllers: none +spec: + rules: + - name: volsync-mutate-pvc + match: &match + resources: + kinds: + - PersistentVolumeClaim + annotations: + volsync.io/enabled: "true" + mutate: + patchStrategicMerge: + spec: + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: "{{ request.object.metadata.name }}" + - name: volsync-external-secret + match: *match + generate: + generateExisting: true + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + name: "{{ request.object.metadata.name }}-restic" + namespace: "{{ request.object.metadata.namespace }}" + synchronize: true + data: + spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: "{{ request.object.metadata.name }}-restic-secret" + creationPolicy: Owner + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "\\{{ .REPOSITORY_TEMPLATE }}/{{ request.object.metadata.name }}" + RESTIC_PASSWORD: "\\{{ .RESTIC_PASSWORD }}" + AWS_ACCESS_KEY_ID: "\\{{ .AWS_ACCESS_KEY_ID }}" + AWS_SECRET_ACCESS_KEY: "\\{{ .AWS_SECRET_ACCESS_KEY }}" + dataFrom: + - extract: + key: volsync-restic-template + - name: volsync-replication-destination + match: *match + context: &context + - name: VOLSYNC_USER + variable: + value: "{{ request.object.metadata.annotations.\"volsync.io/user\" || '568' }}" + jmesPath: "to_number(@)" + - name: VOLSYNC_GROUP + variable: + value: "{{ request.object.metadata.annotations.\"volsync.io/group\" || '568' }}" + jmesPath: "to_number(@)" + - name: VOLSYNC_CACHE + variable: + value: "{{ request.object.metadata.annotations.\"volsync.io/cache\" || '8Gi' }}" + jmesPath: "to_string(@)" + generate: + generateExisting: true + apiVersion: volsync.backube/v1alpha1 + kind: ReplicationDestination + name: "{{ request.object.metadata.name }}" + namespace: "{{ request.object.metadata.namespace }}" + synchronize: true + data: + spec: + trigger: + manual: restore-once + restic: + repository: "{{ request.object.metadata.name }}-restic-secret" + copyMethod: Snapshot + accessModes: "{{ request.object.spec.accessModes }}" + storageClassName: "{{ request.object.spec.storageClassName }}" + volumeSnapshotClassName: "csi-{{ request.object.spec.storageClassName }}" + cacheAccessModes: ["ReadWriteOnce"] + cacheCapacity: "{{ VOLSYNC_CACHE }}" + cacheStorageClassName: openebs-hostpath + moverSecurityContext: + runAsUser: "{{ VOLSYNC_USER }}" + runAsGroup: "{{ VOLSYNC_GROUP }}" + fsGroup: "{{ VOLSYNC_GROUP }}" + capacity: "{{ request.object.spec.resources.requests.storage }}" + - name: volsync-replication-source + match: *match + context: *context + generate: + generateExisting: true + apiVersion: volsync.backube/v1alpha1 + kind: ReplicationSource + name: "{{ request.object.metadata.name }}" + namespace: "{{ request.object.metadata.namespace }}" + synchronize: true + data: + spec: + sourcePVC: "{{ request.object.metadata.name }}" + trigger: + schedule: "0 * * * *" + restic: + pruneIntervalDays: 14 + repository: "{{ request.object.metadata.name }}-restic-secret" + copyMethod: Snapshot + accessModes: "{{ request.object.spec.accessModes }}" + storageClassName: "{{ request.object.spec.storageClassName }}" + volumeSnapshotClassName: "csi-{{ request.object.spec.storageClassName }}" + cacheAccessModes: ["ReadWriteOnce"] + cacheCapacity: "{{ VOLSYNC_CACHE }}" + cacheStorageClassName: openebs-hostpath + moverSecurityContext: + runAsUser: "{{ VOLSYNC_USER }}" + runAsGroup: "{{ VOLSYNC_GROUP }}" + fsGroup: "{{ VOLSYNC_GROUP }}" + retain: + hourly: 24 + daily: 7 diff --git a/kubernetes/apps/media/bazarr/app/kustomization.yaml b/kubernetes/apps/media/bazarr/app/kustomization.yaml index 97c37fd959..a1c661c70b 100644 --- a/kubernetes/apps/media/bazarr/app/kustomization.yaml +++ b/kubernetes/apps/media/bazarr/app/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml configMapGenerator: - name: bazarr-scripts files: diff --git a/kubernetes/apps/media/bazarr/app/pvc.yaml b/kubernetes/apps/media/bazarr/app/pvc.yaml new file mode 100644 index 0000000000..4adad82c2f --- /dev/null +++ b/kubernetes/apps/media/bazarr/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bazarr + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/media/bazarr/app/volsync.yaml b/kubernetes/apps/media/bazarr/app/volsync.yaml deleted file mode 100644 index 81482b3434..0000000000 --- a/kubernetes/apps/media/bazarr/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: bazarr-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: bazarr-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/bazarr" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bazarr -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: bazarr - resources: - requests: - storage: 2Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: bazarr -spec: - trigger: - manual: restore-once - restic: - repository: bazarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: bazarr -spec: - sourcePVC: bazarr - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: bazarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/overseerr/app/kustomization.yaml b/kubernetes/apps/media/overseerr/app/kustomization.yaml index 2920d15c8b..c82ceb8bc3 100644 --- a/kubernetes/apps/media/overseerr/app/kustomization.yaml +++ b/kubernetes/apps/media/overseerr/app/kustomization.yaml @@ -4,4 +4,3 @@ kind: Kustomization resources: - ./helmrelease.yaml - ./pvc.yaml - - ./volsync.yaml diff --git a/kubernetes/apps/media/overseerr/app/pvc.yaml b/kubernetes/apps/media/overseerr/app/pvc.yaml index 30adee028e..d332e4fa4b 100644 --- a/kubernetes/apps/media/overseerr/app/pvc.yaml +++ b/kubernetes/apps/media/overseerr/app/pvc.yaml @@ -1,6 +1,19 @@ --- apiVersion: v1 kind: PersistentVolumeClaim +metadata: + name: overseerr + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: ceph-block +--- +apiVersion: v1 +kind: PersistentVolumeClaim metadata: name: overseerr-cache spec: diff --git a/kubernetes/apps/media/overseerr/app/volsync.yaml b/kubernetes/apps/media/overseerr/app/volsync.yaml deleted file mode 100644 index 2629511cff..0000000000 --- a/kubernetes/apps/media/overseerr/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: overseerr-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: overseerr-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/overseerr" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: overseerr -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: overseerr - resources: - requests: - storage: 2Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: overseerr -spec: - trigger: - manual: restore-once - restic: - repository: overseerr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: overseerr -spec: - sourcePVC: overseerr - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: overseerr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/plex/app/kustomization.yaml b/kubernetes/apps/media/plex/app/kustomization.yaml index 87a40e3247..d55e221bbd 100644 --- a/kubernetes/apps/media/plex/app/kustomization.yaml +++ b/kubernetes/apps/media/plex/app/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization resources: - ./helmrelease.yaml - ./pvc.yaml - - ./volsync.yaml configMapGenerator: - name: plex-loki-rules files: diff --git a/kubernetes/apps/media/plex/app/pvc.yaml b/kubernetes/apps/media/plex/app/pvc.yaml index 9398813ba2..74b8861e40 100644 --- a/kubernetes/apps/media/plex/app/pvc.yaml +++ b/kubernetes/apps/media/plex/app/pvc.yaml @@ -1,6 +1,19 @@ --- apiVersion: v1 kind: PersistentVolumeClaim +metadata: + name: plex + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi + storageClassName: ceph-block +--- +apiVersion: v1 +kind: PersistentVolumeClaim metadata: name: plex-cache spec: diff --git a/kubernetes/apps/media/plex/app/volsync.yaml b/kubernetes/apps/media/plex/app/volsync.yaml deleted file mode 100644 index aaf7ec2262..0000000000 --- a/kubernetes/apps/media/plex/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: plex-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: plex-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/plex" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plex -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: plex - resources: - requests: - storage: 50Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: plex -spec: - trigger: - manual: restore-once - restic: - repository: plex-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 50Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: plex -spec: - sourcePVC: plex - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: plex-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/qbittorrent/app/kustomization.yaml b/kubernetes/apps/media/qbittorrent/app/kustomization.yaml index 5f9a766628..f8aa167af9 100644 --- a/kubernetes/apps/media/qbittorrent/app/kustomization.yaml +++ b/kubernetes/apps/media/qbittorrent/app/kustomization.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml configMapGenerator: - name: qbittorrent-loki-rules files: diff --git a/kubernetes/apps/media/qbittorrent/app/pvc.yaml b/kubernetes/apps/media/qbittorrent/app/pvc.yaml new file mode 100644 index 0000000000..32fe431f40 --- /dev/null +++ b/kubernetes/apps/media/qbittorrent/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteMany"] + resources: + requests: + storage: 2Gi + storageClassName: ceph-filesystem diff --git a/kubernetes/apps/media/qbittorrent/app/volsync.yaml b/kubernetes/apps/media/qbittorrent/app/volsync.yaml deleted file mode 100644 index b8494df4a6..0000000000 --- a/kubernetes/apps/media/qbittorrent/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: qbittorrent-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: qbittorrent-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/qbittorrent" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: qbittorrent -spec: - accessModes: ["ReadWriteMany"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: qbittorrent - resources: - requests: - storage: 2Gi - storageClassName: ceph-filesystem ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: qbittorrent -spec: - trigger: - manual: restore-once - restic: - repository: qbittorrent-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteMany"] - storageClassName: ceph-filesystem - volumeSnapshotClassName: csi-ceph-filesystem - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: qbittorrent -spec: - sourcePVC: qbittorrent - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: qbittorrent-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteMany"] - storageClassName: ceph-filesystem - volumeSnapshotClassName: csi-ceph-filesystem - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/recyclarr/app/kustomization.yaml b/kubernetes/apps/media/recyclarr/app/kustomization.yaml index 020d6f4586..7dbbcc71ad 100644 --- a/kubernetes/apps/media/recyclarr/app/kustomization.yaml +++ b/kubernetes/apps/media/recyclarr/app/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml configMapGenerator: - name: recyclarr-configmap files: diff --git a/kubernetes/apps/media/recyclarr/app/pvc.yaml b/kubernetes/apps/media/recyclarr/app/pvc.yaml new file mode 100644 index 0000000000..6f4744a2c7 --- /dev/null +++ b/kubernetes/apps/media/recyclarr/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: recyclarr + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/media/recyclarr/app/volsync.yaml b/kubernetes/apps/media/recyclarr/app/volsync.yaml deleted file mode 100644 index b8ee19255a..0000000000 --- a/kubernetes/apps/media/recyclarr/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: recyclarr-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: recyclarr-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/recyclarr" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: recyclarr -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: recyclarr - resources: - requests: - storage: 2Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: recyclarr -spec: - trigger: - manual: restore-once - restic: - repository: recyclarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: recyclarr -spec: - sourcePVC: recyclarr - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: recyclarr-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/sabnzbd/app/kustomization.yaml b/kubernetes/apps/media/sabnzbd/app/kustomization.yaml index 7df2f9e464..bad014b1eb 100644 --- a/kubernetes/apps/media/sabnzbd/app/kustomization.yaml +++ b/kubernetes/apps/media/sabnzbd/app/kustomization.yaml @@ -4,4 +4,4 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml + - ./pvc.yaml diff --git a/kubernetes/apps/media/sabnzbd/app/pvc.yaml b/kubernetes/apps/media/sabnzbd/app/pvc.yaml new file mode 100644 index 0000000000..cf6bb0bb9d --- /dev/null +++ b/kubernetes/apps/media/sabnzbd/app/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sabnzbd + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: ceph-block diff --git a/kubernetes/apps/media/sabnzbd/app/volsync.yaml b/kubernetes/apps/media/sabnzbd/app/volsync.yaml deleted file mode 100644 index a09fa9c3a1..0000000000 --- a/kubernetes/apps/media/sabnzbd/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: sabnzbd-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: sabnzbd-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/sabnzbd" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sabnzbd -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: sabnzbd - resources: - requests: - storage: 2Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: sabnzbd -spec: - trigger: - manual: restore-once - restic: - repository: sabnzbd-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 2Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: sabnzbd -spec: - sourcePVC: sabnzbd - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: sabnzbd-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/media/tautulli/app/kustomization.yaml b/kubernetes/apps/media/tautulli/app/kustomization.yaml index 2920d15c8b..c82ceb8bc3 100644 --- a/kubernetes/apps/media/tautulli/app/kustomization.yaml +++ b/kubernetes/apps/media/tautulli/app/kustomization.yaml @@ -4,4 +4,3 @@ kind: Kustomization resources: - ./helmrelease.yaml - ./pvc.yaml - - ./volsync.yaml diff --git a/kubernetes/apps/media/tautulli/app/pvc.yaml b/kubernetes/apps/media/tautulli/app/pvc.yaml index d2931fb4b0..e5101ca7b8 100644 --- a/kubernetes/apps/media/tautulli/app/pvc.yaml +++ b/kubernetes/apps/media/tautulli/app/pvc.yaml @@ -1,6 +1,19 @@ --- apiVersion: v1 kind: PersistentVolumeClaim +metadata: + name: tautulli + annotations: + volsync.io/enabled: "true" +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi + storageClassName: ceph-block +--- +apiVersion: v1 +kind: PersistentVolumeClaim metadata: name: tautulli-cache spec: diff --git a/kubernetes/apps/media/tautulli/app/volsync.yaml b/kubernetes/apps/media/tautulli/app/volsync.yaml deleted file mode 100644 index 01ff04c60a..0000000000 --- a/kubernetes/apps/media/tautulli/app/volsync.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: tautulli-restic -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: tautulli-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/tautulli" - RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - dataFrom: - - extract: - key: volsync-restic-template ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tautulli -spec: - accessModes: ["ReadWriteOnce"] - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: tautulli - resources: - requests: - storage: 5Gi - storageClassName: ceph-block ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: tautulli -spec: - trigger: - manual: restore-once - restic: - repository: tautulli-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - capacity: 5Gi # must match the PersistentVolumeClaim `.resources.requests.storage` size above ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: tautulli -spec: - sourcePVC: tautulli - trigger: - schedule: "15 */8 * * *" - restic: - pruneIntervalDays: 7 - repository: tautulli-restic-secret - copyMethod: Snapshot - accessModes: ["ReadWriteOnce"] - storageClassName: ceph-block - volumeSnapshotClassName: csi-ceph-block - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 8Gi - cacheStorageClassName: openebs-hostpath - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 diff --git a/kubernetes/apps/volsync-system/volsync/ks.yaml b/kubernetes/apps/volsync-system/volsync/ks.yaml index 5eae3d7d6e..ae9658b1e4 100644 --- a/kubernetes/apps/volsync-system/volsync/ks.yaml +++ b/kubernetes/apps/volsync-system/volsync/ks.yaml @@ -10,6 +10,7 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: + - name: kyverno-policies - name: snapshot-controller path: ./kubernetes/apps/volsync-system/volsync/app prune: true