From 63e58ba1628945749af266ea76d18fba7eef0f51 Mon Sep 17 00:00:00 2001 From: Nikita Volodin Date: Fri, 21 Jun 2024 20:49:01 -0400 Subject: [PATCH] wip: try kustomization components --- .../default/prowlarr/app/externalsecret.yaml | 24 ------ .../default/prowlarr/app/helmrelease.yaml | 8 +- .../default/prowlarr/app/kustomization.yaml | 3 +- .../apps/default/prowlarr/app/volsync.yaml | 50 ------------ kubernetes/main/apps/default/prowlarr/ks.yaml | 6 ++ kubernetes/main/templates/volsync/README.md | 40 +++++++++ .../main/templates/volsync/kustomization.yaml | 7 ++ kubernetes/main/templates/volsync/minio.yaml | 81 +++++++++++++++++++ kubernetes/main/templates/volsync/pvc.yaml | 15 ++++ 9 files changed, 152 insertions(+), 82 deletions(-) delete mode 100644 kubernetes/main/apps/default/prowlarr/app/volsync.yaml create mode 100644 kubernetes/main/templates/volsync/README.md create mode 100644 kubernetes/main/templates/volsync/kustomization.yaml create mode 100644 kubernetes/main/templates/volsync/minio.yaml create mode 100644 kubernetes/main/templates/volsync/pvc.yaml diff --git a/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml b/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml index 7b728c45c..f318b5fc4 100644 --- a/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml @@ -37,27 +37,3 @@ spec: key: everything - extract: key: service-hosts ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: prowlarr-volsync -spec: - secretStoreRef: - kind: ClusterSecretStore - name: store-k8s - target: - name: prowlarr-restic-secret - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: "s3:{{ .MINIO_URL }}/{{ .prowlarr_restic_minio_user }}" - RESTIC_PASSWORD: "{{ .prowlarr_restic_pass }}" - AWS_ACCESS_KEY_ID: "{{ .prowlarr_restic_minio_user }}" - AWS_SECRET_ACCESS_KEY: "{{ .prowlarr_restic_minio_pass }}" - dataFrom: - - extract: - key: everything - - extract: - key: service-hosts diff --git a/kubernetes/main/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/main/apps/default/prowlarr/app/helmrelease.yaml index bbf7f7844..ddb6b6328 100644 --- a/kubernetes/main/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/prowlarr/app/helmrelease.yaml @@ -102,13 +102,7 @@ spec: persistence: config: type: persistentVolumeClaim - storageClass: truenas-nfs-main - accessMode: ReadWriteMany - size: 1Gi - dataSourceRef: - kind: ReplicationDestination - apiGroup: volsync.backube - name: prowlarr-dst + existingClaim: prowlarr-config advancedMounts: prowlarr: main: diff --git a/kubernetes/main/apps/default/prowlarr/app/kustomization.yaml b/kubernetes/main/apps/default/prowlarr/app/kustomization.yaml index 7df2f9e46..0d3a07a8c 100644 --- a/kubernetes/main/apps/default/prowlarr/app/kustomization.yaml +++ b/kubernetes/main/apps/default/prowlarr/app/kustomization.yaml @@ -4,4 +4,5 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./volsync.yaml +components: + - ../../../../templates/volsync diff --git a/kubernetes/main/apps/default/prowlarr/app/volsync.yaml b/kubernetes/main/apps/default/prowlarr/app/volsync.yaml deleted file mode 100644 index ab20e404d..000000000 --- a/kubernetes/main/apps/default/prowlarr/app/volsync.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: prowlarr -spec: - sourcePVC: prowlarr-config - trigger: - schedule: "0 * * * *" - restic: - repository: prowlarr-restic-secret - copyMethod: Snapshot - pruneIntervalDays: 7 - volumeSnapshotClassName: truenas-nfs-main - cacheStorageClassName: openebs-hostpath - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 4Gi - storageClassName: truenas-nfs-main - accessModes: ["ReadWriteMany"] - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - retain: - hourly: 24 - daily: 7 - weekly: 5 ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationDestination -metadata: - name: prowlarr-dst -spec: - trigger: - manual: restore-once - restic: - repository: prowlarr-restic-secret - copyMethod: Snapshot # must be Snapshot - volumeSnapshotClassName: truenas-nfs-main - cacheStorageClassName: openebs-hostpath - cacheAccessModes: ["ReadWriteOnce"] - cacheCapacity: 4Gi - storageClassName: truenas-nfs-main - accessModes: ["ReadWriteOnce"] - capacity: 1Gi - moverSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 diff --git a/kubernetes/main/apps/default/prowlarr/ks.yaml b/kubernetes/main/apps/default/prowlarr/ks.yaml index b72920241..b6a261007 100644 --- a/kubernetes/main/apps/default/prowlarr/ks.yaml +++ b/kubernetes/main/apps/default/prowlarr/ks.yaml @@ -14,6 +14,12 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + postBuild: + substitute: + APP: *app + PVC_CAPACITY: 1Gi + PVC_NAME_SUFFIX: "-config" + PVC_ACCESSMODE: ReadWriteMany prune: true sourceRef: kind: GitRepository diff --git a/kubernetes/main/templates/volsync/README.md b/kubernetes/main/templates/volsync/README.md new file mode 100644 index 000000000..458827356 --- /dev/null +++ b/kubernetes/main/templates/volsync/README.md @@ -0,0 +1,40 @@ +# Volsync + +Comes with PVC, which it backs up. + +## Usage + +1. In kustomization.yaml import with: + + ```yaml + components: + - ../../../path/to/templates/volsync + ``` + +2. In fluxtomization `ks.yaml` add this: + + ```yaml + spec: + postBuild: + substitute: + APP: *app + ``` + +3. Inside substitute these variables are supported: + + - `APP` (required) + + - `PVC_CAPACITY` (required) + - `PVC_STORAGECLASS` (optional, default `"truenas-nfs-main"`) + - `PVC_ACCESSMODE` (optional, default `"ReadWriteOnce"`) + - `PVC_NAME_PREFIX` (optional, default `""`) + - `PVC_NAME_SUFFIX` (optional, default `""`) + + - `VOLSYNC_COPYMETHOD` (optional, default `"Snapshot"`) + - `VOLSYNC_SNAPSHOTCLASS` (optional, default `"truenas-nfs-main"`) + - `VOLSYNC_CACHE_SNAPSHOTCLASS` (optional, default `"openebs-hostpath"`) + - `VOLSYNC_CACHE_ACCESSMODE` (optional, default `"ReadWriteOnce"`) + - `VOLSYNC_CACHE_CAPACITY` (optional, default `"4Gi"`) + - `VOLSYNC_REPO_EXTRA_SUBPATH` (optional, default `""`) - should not start + with `/`. Adds extra subpath to backup location in minio. Allows to have + multiple volsync backups to go into the same bucket. diff --git a/kubernetes/main/templates/volsync/kustomization.yaml b/kubernetes/main/templates/volsync/kustomization.yaml new file mode 100644 index 000000000..304793f08 --- /dev/null +++ b/kubernetes/main/templates/volsync/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./pvc.yaml + - ./minio.yaml diff --git a/kubernetes/main/templates/volsync/minio.yaml b/kubernetes/main/templates/volsync/minio.yaml new file mode 100644 index 000000000..c3f0c2817 --- /dev/null +++ b/kubernetes/main/templates/volsync/minio.yaml @@ -0,0 +1,81 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "${APP}-volsync" +spec: + secretStoreRef: + kind: ClusterSecretStore + name: store-k8s + target: + name: "${APP}-volsync-secret" + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "s3:{{ .MINIO_URL }}/{{ .${APP//-/_}_restic_minio_user }}/${VOLSYNC_REPO_EXTRA_SUBPATH:-}" + RESTIC_PASSWORD: "{{ .${APP//-/_}_restic_pass }}" + AWS_ACCESS_KEY_ID: "{{ .${APP//-/_}_restic_minio_user }}" + AWS_SECRET_ACCESS_KEY: "{{ .${APP//-/_}_restic_minio_pass }}" + dataFrom: + - extract: + key: everything + - extract: + key: service-hosts +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: "${APP}" +spec: + sourcePVC: "${PVC_NAME_PREFIX:-}${APP}${PVC_NAME_SUFFIX:-}" + trigger: + schedule: "0 * * * *" + restic: + repository: "${APP}-volsync-secret" + copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}" + + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-truenas-nfs-main}" + storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}" + accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"] + + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODE:-ReadWriteOnce}"] + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" + + pruneIntervalDays: 7 + retain: + hourly: 24 + daily: 7 + weekly: 5 + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: "${APP}-dst" +spec: + trigger: + manual: restore-once + restic: + repository: "${APP}-volsync-secret" + copyMethod: Snapshot # must be Snapshot + + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-truenas-nfs-main}" + storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}" + accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"] + capacity: "${PVC_CAPACITY}" + + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODE:-ReadWriteOnce}"] + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" + + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 diff --git a/kubernetes/main/templates/volsync/pvc.yaml b/kubernetes/main/templates/volsync/pvc.yaml new file mode 100644 index 000000000..407ef0085 --- /dev/null +++ b/kubernetes/main/templates/volsync/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "${PVC_NAME_PREFIX:-}${APP}${PVC_NAME_SUFFIX:-}" +spec: + accessModes: ["${PVC_ACCESSMODE:-ReadWriteOnce}"] + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: "${APP}-dst" + resources: + requests: + storage: "${PVC_CAPACITY}" + storageClassName: "${PVC_STORAGECLASS:-truenas-nfs-main}"