fix: invalid rules

charts/rclone-bucket/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: rclone-bucket
-version: 0.3.0
+version: 0.4.3
 description: Rclone CronJob to replicate buckets
 keywords:
   - rclone-bucket

charts/rclone-bucket/README.md

@@ -1,6 +1,6 @@
 # rclone-bucket
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v1.73.5](https://img.shields.io/badge/AppVersion-v1.73.5-informational?style=flat-square)
+![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![AppVersion: v1.73.5](https://img.shields.io/badge/AppVersion-v1.73.5-informational?style=flat-square)
 
 Rclone CronJob to replicate buckets
 
@@ -29,7 +29,7 @@ Rclone CronJob to replicate buckets
 | cronJob | object | `{"backoffLimit":3,"parallelism":1,"schedule":"0 0 * * *","suspend":false,"timeZone":"America/Chicago"}` | CronJob configuration |
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"rclone/rclone","tag":"1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96"}` | Default image |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
-| prune | object | `{"ageToPrune":"90d","enabled":false}` | Enable prune job |
+| prune | object | `{"ageToPrune":"90d","enabled":false,"exclude":"","include":""}` | Enable prune job |
 | rclone | object | `{"destination":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"},"providerType":"Other","source":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}}` | rclone configuration |
 | rclone.destination | object | `{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}` | Destination configuration |
 | rclone.source | object | `{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}` | Source configuration |

charts/rclone-bucket/templates/_helpers.tpl

@@ -43,35 +43,35 @@ Generate the secret name
 {{/*
 Common env names
 */}}
-{{- define "secret.envAccessKey" -}}
+{{- define "secretRclone.envAccessKey" -}}
 ACCESS_KEY_ID
 {{- end }}
-{{- define "secret.envSecretKey" -}}
+{{- define "secretRclone.envSecretKey" -}}
 ACCESS_SECRET_KEY
 {{- end }}
-{{- define "secret.envRegion" -}}
+{{- define "secretRclone.envRegion" -}}
 ACCESS_REGION
 {{- end }}
-{{- define "secret.envSrcEndpoint" -}}
+{{- define "secretRclone.envSrcEndpoint" -}}
 SRC_ENDPOINT
 {{- end }}
-{{- define "secret.envDestEndpoint" -}}
+{{- define "secretRclone.envDestEndpoint" -}}
 DEST_ENDPOINT
 {{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "secret.chart" -}}
+{{- define "secretRclone.chart" -}}
   {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "secret.labels" -}}
+{{- define "secretRclone.labels" -}}
-helm.sh/chart: {{ include "secret.chart" $ }}
+helm.sh/chart: {{ include "secretRclone.chart" $ }}
-{{ include "secret.selectorLabels" $ }}
+{{ include "secretRclone.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
@@ -84,7 +84,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "secret.selectorLabels" -}}
+{{- define "secretRclone.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}

charts/rclone-bucket/templates/common.yaml

@@ -24,7 +24,15 @@ controllers:
           - --s3-no-check-bucket
           {{- if .Values.prune.enabled }}
           - --min-age
-          - {{ .Values.prune.ageToPrune }}
+          - {{ .Values.prune.ageToPrune | quote }}
+          {{- end }}
+          {{- if .Values.prune.include }}
+          - --include
+          - {{ .Values.prune.include | quote }}
+          {{- end }}
+          {{- if .Values.prune.exclude }}
+          - --exclude
+          - {{ .Values.prune.exclude | quote }}
           {{- end }}
           - --verbose
         env:
@@ -35,57 +43,57 @@ controllers:
           - name: RCLONE_CONFIG_SRC_PROVIDER
             value: {{ .Values.rclone.source.providerType }}
           - name: RCLONE_CONFIG_SRC_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_SRC_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_SRC_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envSrcEndpoint" . }}
+                key: {{ include "secretRclone.envSrcEndpoint" . }}
           - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.source.forcePathStyle }}
+            value: {{ .Values.rclone.source.forcePathStyle | quote }}
           - name: RCLONE_CONFIG_DEST_TYPE
             value: s3
           - name: RCLONE_CONFIG_DEST_PROVIDER
             value: {{ .Values.rclone.destination.providerType }}
           - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_DEST_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_DEST_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envDestEndpoint" . }}
+                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
+          - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle }}
+            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
       {{- if .Values.prune.enabled }}
       prune:
         image:
@@ -96,7 +104,7 @@ controllers:
           - delete
           - dest:{{ .Values.rclone.destination.bucketName }}
           - --min-age
-          - {{ .Values.prune.ageToPrune }}
+          - {{ .Values.prune.ageToPrune | quote }}
           - --verbose
         env:
           - name: RCLONE_CONFIG_DEST_TYPE
@@ -104,29 +112,29 @@ controllers:
           - name: RCLONE_CONFIG_DEST_PROVIDER
             value: {{ .Values.rclone.destination.providerType }}
           - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_DEST_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_DEST_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envDestEndpoint" . }}
+                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
+          - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle }}
+            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
       {{- end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "rclone.hardcodedValues" . | fromYaml) -}}

charts/rclone-bucket/templates/external-secret.yaml

@@ -6,7 +6,7 @@ metadata:
   name: {{ include "rclone.sourceSecretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "secret.labels" . | nindent 4 }}
+    {{- include "secretRclone.labels" . | nindent 4 }}
     app.kubernetes.io/name: {{ include "rclone.sourceSecretName" . }}
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
@@ -16,19 +16,19 @@ spec:
     kind: ClusterSecretStore
     name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
   data:
-    - secretKey: {{ include "secret.envAccessKey" . }}
+    - secretKey: {{ include "secretRclone.envAccessKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.keyIdProperty }}
-    - secretKey: {{ include "secret.envSecretKey" . }}
+    - secretKey: {{ include "secretRclone.envSecretKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secret.envRegion" . }}
+    - secretKey: {{ include "secretRclone.envRegion" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.regionProperty }}
-    - secretKey: {{ include "secret.envSrcEndpoint" . }}
+    - secretKey: {{ include "secretRclone.envSrcEndpoint" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.config.path }}
         property: {{ .Values.secret.externalSecret.source.config.endpointProperty }}
@@ -40,7 +40,7 @@ metadata:
   name: {{ include "rclone.destinationSecretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "secret.labels" . | nindent 4 }}
+    {{- include "secretRclone.labels" . | nindent 4 }}
     app.kubernetes.io/name: {{ include "rclone.destinationSecretName" . }}
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
@@ -50,19 +50,19 @@ spec:
     kind: ClusterSecretStore
     name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
   data:
-    - secretKey: {{ include "secret.envAccessKey" . }}
+    - secretKey: {{ include "secretRclone.envAccessKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
         property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
-    - secretKey: {{ include "secret.envSecretKey" . }}
+    - secretKey: {{ include "secretRclone.envSecretKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secret.envRegion" . }}
+    - secretKey: {{ include "secretRclone.envRegion" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.regionProperty }}
-    - secretKey: {{ include "secret.envDestEndpoint" . }}
+    - secretKey: {{ include "secretRclone.envDestEndpoint" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.config.path }}
         property: {{ .Values.secret.externalSecret.destination.config.endpointProperty }}

charts/rclone-bucket/values.yaml

@@ -38,6 +38,8 @@ rclone:
 prune:
   enabled: false
   ageToPrune: 90d
+  include: ""
+  exclude: ""
 
 # -- Secret configuration
 secret:

charts/volsync-target/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: volsync-target
-version: 1.0.0
+version: 1.1.1
 description: Volsync Replication set to target specific PVC with preconfigured settings
 keywords:
   - volsync-target

charts/volsync-target/README.md

@@ -1,6 +1,6 @@
 # volsync-target
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
+![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
 
 Volsync Replication set to target specific PVC with preconfigured settings
 
@@ -33,6 +33,7 @@ Volsync Replication set to target specific PVC with preconfigured settings
 | moverSecurityContext | object | `{}` | Glocal security context for restic mover |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
+| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
 | pvcTarget | string | `"data"` | Name of the PVC target |
 | remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * *"}` | Remote backup configuration |
 | remote.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |

charts/volsync-target/templates/prometheus-rule.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.prometheusRule.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "volsync.name" . }}-source-local
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+    - name: volsync.alerts
+      rules:
+        - alert: VolSyncBackupPodFailed
+          expr: |
+            (kube_pod_container_status_last_terminated_exitcode > 0)
+            * on(pod, namespace) group_left(owner_name)
+            kube_pod_owner{owner_kind="Job", owner_name=~"volsync-.*"}
+          for: 1m
+          labels:
+            severity: critical
+          annotations:
+            summary: "VolSync Backup Pod failed in {{ `{{ $labels.namespace }}` }}"
+            description: |
+              A pod for the VolSync backup of PVC '{{ .Values.pvcTarget }}' failed with exit code {{ `{{ $value }}` }}.
+              Job: {{ `{{ $labels.owner_name }}` }}
+              Namespace: {{ `{{ $labels.namespace }}` }}
+{{- end }}

charts/volsync-target/templates/replication-source.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: {{ include "volsync.namespace" . }}
   labels:
     {{- include "volsync.labels" . | nindent 4 }}
-    app.kubernetes.io/name: {{ include "volsync.name" . }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}

charts/volsync-target/values.yaml

@@ -16,6 +16,10 @@ pvcTarget: "data"
 # -- Glocal security context for restic mover
 moverSecurityContext: {}
 
+# -- Prometheus Rule
+prometheusRule:
+  enabled: true
+
 # -- Use external secrets
 externalSecrets:
   enabled: true