wip: try kustomization components

kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml

@@ -37,27 +37,3 @@ spec:
         key: everything
     - extract:
         key: service-hosts
----
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: prowlarr-volsync
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: store-k8s
-  target:
-    name: prowlarr-restic-secret
-    template:
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "s3:{{ .MINIO_URL }}/{{ .prowlarr_restic_minio_user }}"
-        RESTIC_PASSWORD: "{{ .prowlarr_restic_pass }}"
-        AWS_ACCESS_KEY_ID: "{{ .prowlarr_restic_minio_user }}"
-        AWS_SECRET_ACCESS_KEY: "{{ .prowlarr_restic_minio_pass }}"
-  dataFrom:
-    - extract:
-        key: everything
-    - extract:
-        key: service-hosts

kubernetes/main/apps/default/prowlarr/app/helmrelease.yaml

@@ -102,13 +102,7 @@ spec:
     persistence:
       config:
         type: persistentVolumeClaim
-        storageClass: truenas-nfs-main
-        accessMode: ReadWriteMany
-        size: 1Gi
-        dataSourceRef:
-          kind: ReplicationDestination
-          apiGroup: volsync.backube
-          name: prowlarr-dst
+        existingClaim: prowlarr-config
         advancedMounts:
           prowlarr:
             main:

kubernetes/main/apps/default/prowlarr/app/kustomization.yaml

@@ -4,4 +4,5 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
-  - ./volsync.yaml
+components:
+  - ../../../../templates/volsync

kubernetes/main/apps/default/prowlarr/ks.yaml

@@ -14,6 +14,12 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
+  postBuild:
+    substitute:
+      APP: *app
+      PVC_CAPACITY: 1Gi
+      PVC_NAME_SUFFIX: "-config"
+      PVC_ACCESSMODE: ReadWriteMany
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/main/templates/volsync/README.md

@@ -0,0 +1,40 @@
+# Volsync
+
+Comes with PVC, which it backs up.
+
+## Usage
+
+1. In kustomization.yaml import with:
+
+   ```yaml
+   components:
+     - ../../../path/to/templates/volsync
+   ```
+
+2. In fluxtomization `ks.yaml` add this:
+
+   ```yaml
+   spec:
+     postBuild:
+       substitute:
+         APP: *app
+   ```
+
+3. Inside substitute these variables are supported:
+
+   - `APP` (required)
+
+   - `PVC_CAPACITY` (required)
+   - `PVC_STORAGECLASS` (optional, default `"truenas-nfs-main"`)
+   - `PVC_ACCESSMODE` (optional, default `"ReadWriteOnce"`)
+   - `PVC_NAME_PREFIX` (optional, default `""`)
+   - `PVC_NAME_SUFFIX` (optional, default `""`)
+
+   - `VOLSYNC_COPYMETHOD` (optional, default `"Snapshot"`)
+   - `VOLSYNC_SNAPSHOTCLASS` (optional, default `"truenas-nfs-main"`)
+   - `VOLSYNC_CACHE_SNAPSHOTCLASS` (optional, default `"openebs-hostpath"`)
+   - `VOLSYNC_CACHE_ACCESSMODE` (optional, default `"ReadWriteOnce"`)
+   - `VOLSYNC_CACHE_CAPACITY` (optional, default `"4Gi"`)
+   - `VOLSYNC_REPO_EXTRA_SUBPATH` (optional, default `""`) - should not start
+     with `/`. Adds extra subpath to backup location in minio. Allows to have
+     multiple volsync backups to go into the same bucket.

kubernetes/main/templates/volsync/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+  - ./pvc.yaml
+  - ./minio.yaml

kubernetes/main/templates/volsync/minio.yaml

@@ -0,0 +1,81 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "${APP}-volsync"
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: store-k8s
+  target:
+    name: "${APP}-volsync-secret"
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "s3:{{ .MINIO_URL }}/{{ .${APP//-/_}_restic_minio_user }}/${VOLSYNC_REPO_EXTRA_SUBPATH:-}"
+        RESTIC_PASSWORD: "{{ .${APP//-/_}_restic_pass }}"
+        AWS_ACCESS_KEY_ID: "{{ .${APP//-/_}_restic_minio_user }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .${APP//-/_}_restic_minio_pass }}"
+  dataFrom:
+    - extract:
+        key: everything
+    - extract:
+        key: service-hosts
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: "${APP}"
+spec:
+  sourcePVC: "${PVC_NAME_PREFIX:-}${APP}${PVC_NAME_SUFFIX:-}"
+  trigger:
+    schedule: "0 * * * *"
+  restic:
+    repository: "${APP}-volsync-secret"
+    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
+
+    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-truenas-nfs-main}"
+    storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}"
+    accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"]
+
+    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
+    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODE:-ReadWriteOnce}"]
+    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
+
+    pruneIntervalDays: 7
+    retain:
+      hourly: 24
+      daily: 7
+      weekly: 5
+    moverSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: "${APP}-dst"
+spec:
+  trigger:
+    manual: restore-once
+  restic:
+    repository: "${APP}-volsync-secret"
+    copyMethod: Snapshot # must be Snapshot
+
+    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-truenas-nfs-main}"
+    storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}"
+    accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"]
+    capacity: "${PVC_CAPACITY}"
+
+    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
+    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODE:-ReadWriteOnce}"]
+    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
+
+    moverSecurityContext:
+      runAsUser: 568
+      runAsGroup: 568
+      fsGroup: 568

kubernetes/main/templates/volsync/pvc.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: "${PVC_NAME_PREFIX:-}${APP}${PVC_NAME_SUFFIX:-}"
+spec:
+  accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"]
+  dataSourceRef:
+    kind: ReplicationDestination
+    apiGroup: volsync.backube
+    name: "${APP}-dst"
+  resources:
+    requests:
+      storage: "${PVC_CAPACITY}"
+  storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}"