add volsync target chart

charts/volsync-target/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: volsync-target
+version: 0.1.0
+description: Volsync Replication set to target specific PVC with preconfigured settings
+keywords:
+  - volsync-target
+  - volsync
+  - storage
+  - kubernetes
+sources:
+  - https://github.com/backube/volsync
+  - https://github.com/backube/volsync/tree/main/helm/volsync
+maintainers:
+  - name: alexlebens
+icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
+appVersion: 0.14.0

charts/volsync-target/README.md

@@ -0,0 +1,41 @@
+# volsync-target
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 0.14.0](https://img.shields.io/badge/AppVersion-0.14.0-informational?style=flat-square)
+
+Volsync Replication set to target specific PVC with preconfigured settings
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/backube/volsync>
+* <https://github.com/backube/volsync/tree/main/helm/volsync>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalLabels | object | `{}` | Add additional labels |
+| external | object | `{"enabled":true,"externalSecret":{"credentialPath":"/digital-ocean/home-infra/volsync-backups","volsyncPath":"/volsync/restic/digital-ocean"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 4 * * *"}` | External backup configuration |
+| external.externalSecret | object | `{"credentialPath":"/digital-ocean/home-infra/volsync-backups","volsyncPath":"/volsync/restic/digital-ocean"}` | External Secret configuration |
+| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| external.schedule | string | `"0 4 * * *"` | 5 character cron schedule |
+| externalSecrets | object | `{"enabled":true}` | Use external secrets |
+| local | object | `{"enabled":true,"externalSecret":{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-local"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 2 * * *"}` | Local backup configuration |
+| local.externalSecret | object | `{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-local"}` | External Secret configuration |
+| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| local.schedule | string | `"0 2 * * *"` | 5 character cron schedule |
+| nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
+| namespaceOverride | string | `""` | Override the namespace of the chart |
+| pvcTarget | string | `"data"` | Name of the PVC target |
+| remote | object | `{"enabled":true,"externalSecret":{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-remote"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 3 * * *"}` | Remote backup configuration |
+| remote.externalSecret | object | `{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-remote"}` | External Secret configuration |
+| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":3,"hourly":1,"monthly":2,"weekly":2,"yearly":4},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| remote.schedule | string | `"0 3 * * *"` | 5 character cron schedule |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/volsync-target/templates/_helpers.tpl

@@ -0,0 +1,75 @@
+{{/*
+Expand the names
+*/}}
+{{- define "volsync.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-backup" .Values.pvcTarget -}}
+  {{- end }}
+{{- end }}
+
+{{- define "volsync.localRepoName" -}}
+  {{- if .Values.local.restic.repository }}
+    {{- .Values.local.restic.repository | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-secret-local" (include "volsync.name" .) -}}
+  {{- end }}
+{{- end }}
+
+{{- define "volsync.remoteRepoName" -}}
+  {{- if .Values.remote.restic.repository }}
+    {{- .Values.remote.restic.repository | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-secret-remote" (include "volsync.name" .) -}}
+  {{- end }}
+{{- end }}
+
+{{- define "volsync.externalRepoName" -}}
+  {{- if .Values.external.restic.repository }}
+    {{- .Values.external.restic.repository | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-secret-external" (include "volsync.name" .) -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "volsync.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "volsync.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "volsync.labels" -}}
+helm.sh/chart: {{ include "volsync.chart" $ }}
+{{ include "volsync.selectorLabels" $ }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "volsync.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}

charts/volsync-target/templates/external-secret.yaml

@@ -0,0 +1,182 @@
+{{- if and (.Values.local.enabled) (.Values.externalSecrets.enabled) }}
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: {{ include "volsync.localRepoName" . }}
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.localRepoName" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }}
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }}
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+{{- end }}
+
+{{- if and (.Values.remote.enabled) (.Values.externalSecrets.enabled) }}
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: {{ include "volsync.remoteRepoName" . }}
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.remoteRepoName" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }}
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }}
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+{{- end }}
+
+{{- if and (.Values.external.enabled) (.Values.externalSecrets.enabled) }}
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: {{ include "volsync.externalRepoName" . }}
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.externalRepoName" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }}
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }}
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+{{- end }}

charts/volsync-target/templates/replication-source.yaml

@@ -0,0 +1,89 @@
+{{- if .Values.local.enabled }}
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: {{ include "volsync.name" . }}-source-local
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  sourcePVC: {{ .Values.pvcTarget }}
+  trigger:
+    schedule: {{ .Values.local.schedule }}
+  restic:
+    pruneIntervalDays: {{ .Values.local.restic.pruneIntervalDays }}
+    repository: {{ include "volsync.localRepoName" . }}
+    retain:
+    {{- with .Values.local.restic.retain }}
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    copyMethod: {{ .Values.local.restic.copyMethod }}
+    storageClassName: {{ .Values.local.restic.storageClassName }}
+    volumeSnapshotClassName: {{ .Values.local.restic.volumeSnapshotClassName }}
+    cacheCapacity: {{ .Values.local.restic.cacheCapacity }}
+{{- end }}
+
+{{- if .Values.remote.enabled }}
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: {{ include "volsync.name" . }}-source-remote
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  sourcePVC: {{ .Values.pvcTarget | required "PVC target is required" }}
+  trigger:
+    schedule: {{ .Values.remote.schedule }}
+  restic:
+    pruneIntervalDays: {{ .Values.remote.restic.pruneIntervalDays }}
+    repository: {{ include "volsync.remoteRepoName" . }}
+    retain:
+    {{- with .Values.remote.restic.retain }}
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    copyMethod: {{ .Values.remote.restic.copyMethod }}
+    storageClassName: {{ .Values.remote.restic.storageClassName }}
+    volumeSnapshotClassName: {{ .Values.remote.restic.volumeSnapshotClassName }}
+    cacheCapacity: {{ .Values.remote.restic.cacheCapacity }}
+{{- end }}
+
+{{- if .Values.external.enabled }}
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: {{ include "volsync.name" . }}-source-external
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  sourcePVC: {{ .Values.pvcTarget }}
+  trigger:
+    schedule: {{ .Values.external.schedule }}
+  restic:
+    pruneIntervalDays: {{ .Values.external.restic.pruneIntervalDays }}
+    repository: {{ include "volsync.externalRepoName" . }}
+    retain:
+    {{- with .Values.external.restic.retain }}
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    copyMethod: {{ .Values.external.restic.copyMethod }}
+    storageClassName: {{ .Values.external.restic.storageClassName }}
+    volumeSnapshotClassName: {{ .Values.external.restic.volumeSnapshotClassName }}
+    cacheCapacity: {{ .Values.external.restic.cacheCapacity }}
+{{- end }}

charts/volsync-target/values.yaml

@@ -0,0 +1,102 @@
+# -- Default pattern follows <pvcTarget>-backup
+nameOverride: ""
+
+# -- Override the namespace of the chart
+namespaceOverride: ""
+
+# -- Add additional labels
+additionalLabels: {}
+
+# -- Name of the PVC target
+pvcTarget: "data"
+
+# -- Use external secrets
+externalSecrets:
+  enabled: true
+
+# -- Local backup configuration
+local:
+  enabled: true
+
+  # -- 5 character cron schedule
+  schedule: 0 2 * * *
+
+  # -- Backup configuration, inserted directly into the yaml
+  restic:
+    pruneIntervalDays: 7
+    repository: ""
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi
+
+  # -- External Secret configuration
+  externalSecret:
+    # This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
+    volsyncPath: /volsync/restic/garage-local
+    # This path must contain the AWS/S3 credentials
+    credentialPath: /garage/home-infra/volsync-backups
+
+# -- Remote backup configuration
+remote:
+  enabled: true
+
+  # -- 5 character cron schedule
+  schedule: 0 3 * * *
+
+  # -- Backup configuration, inserted directly into the yaml
+  restic:
+    pruneIntervalDays: 7
+    repository: ""
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi
+
+  # -- External Secret configuration
+  externalSecret:
+    # This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
+    volsyncPath: /volsync/restic/garage-remote
+    # This path must contain the AWS/S3 credentials
+    credentialPath: /garage/home-infra/volsync-backups
+
+# -- External backup configuration
+external:
+  enabled: true
+
+  # -- 5 character cron schedule
+  schedule: 0 4 * * *
+
+  # -- Backup configuration, inserted directly into the yaml
+  restic:
+    pruneIntervalDays: 7
+    repository: ""
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 1Gi
+
+  # -- External Secret configuration
+  externalSecret:
+    # This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
+    volsyncPath: /volsync/restic/digital-ocean
+    # This path must contain the AWS/S3 credentials
+    credentialPath: /digital-ocean/home-infra/volsync-backups