feat(storage): install restic rest-server

Author: martinohmann

kubernetes/storage/apps/default/kustomization.yaml

@@ -7,4 +7,5 @@ resources:
   - ./filebrowser/ks.yaml
   - ./kopia/ks.yaml
   - ./minio/ks.yaml
+  - ./restic/ks.yaml
   - ./zot/ks.yaml

kubernetes/storage/apps/default/restic/app/certificate.yaml

@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.18b.haus/cert-manager.io/certificate_v1.json
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: restic
+spec:
+  secretName: restic-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: restic.18b.haus
+  dnsNames:
+    - restic.18b.haus

kubernetes/storage/apps/default/restic/app/helmrelease.yaml

@@ -0,0 +1,85 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: restic
+spec:
+  interval: 2h
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  values:
+    controllers:
+      restic:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: docker.io/restic/rest-server
+              tag: 0.13.0
+            envFrom:
+              - secretRef:
+                  name: restic-secret
+            env:
+              OPTIONS: >
+                --listen 0.0.0.0:443
+                --private-repos
+                --prometheus
+                --prometheus-no-auth
+                --tls
+                --tls-cert /certs/tls.crt
+                --tls-key /certs/tls.key
+            probes:
+              liveness:
+                enabled: false
+              readiness:
+                enabled: false
+              startup:
+                enabled: false
+            resources:
+              requests:
+                cpu: 5m
+                memory: 128Mi
+            securityContext:
+              privileged: true
+              runAsUser: 0
+    service:
+      app:
+        controller: restic
+        type: LoadBalancer
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: restic.18b.haus
+          io.cilium/lb-ipam-ips: 192.168.40.156
+        ports:
+          https:
+            port: 443
+    serviceMonitor:
+      app:
+        serviceName: restic
+        endpoints:
+          - port: metrics
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    persistence:
+      certs:
+        type: secret
+        name: restic-tls
+        globalMounts:
+          - path: /certs
+            readOnly: true
+      repository:
+        type: hostPath
+        hostPath: /io/restic
+        hostPathType: Directory
+        globalMounts:
+          - path: /data

kubernetes/storage/apps/default/restic/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./certificate.yaml
+  - ./helmrelease.yaml

kubernetes/storage/apps/default/restic/ks.yaml

@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app restic
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager-issuers
+  path: ./kubernetes/storage/apps/default/restic/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m