Compare commits
3 Commits
rclone-buc
...
volsync-ta
| Author | SHA1 | Date | |
|---|---|---|---|
| 1a535ae4c2 | |||
| 5a73a500a2 | |||
| 67d0dbcf71 |
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: rclone-bucket
|
||||
version: 0.4.1
|
||||
version: 0.4.3
|
||||
description: Rclone CronJob to replicate buckets
|
||||
keywords:
|
||||
- rclone-bucket
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# rclone-bucket
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Rclone CronJob to replicate buckets
|
||||
|
||||
|
||||
@@ -43,35 +43,35 @@ Generate the secret name
|
||||
{{/*
|
||||
Common env names
|
||||
*/}}
|
||||
{{- define "secret.envAccessKey" -}}
|
||||
{{- define "secretRclone.envAccessKey" -}}
|
||||
ACCESS_KEY_ID
|
||||
{{- end }}
|
||||
{{- define "secret.envSecretKey" -}}
|
||||
{{- define "secretRclone.envSecretKey" -}}
|
||||
ACCESS_SECRET_KEY
|
||||
{{- end }}
|
||||
{{- define "secret.envRegion" -}}
|
||||
{{- define "secretRclone.envRegion" -}}
|
||||
ACCESS_REGION
|
||||
{{- end }}
|
||||
{{- define "secret.envSrcEndpoint" -}}
|
||||
{{- define "secretRclone.envSrcEndpoint" -}}
|
||||
SRC_ENDPOINT
|
||||
{{- end }}
|
||||
{{- define "secret.envDestEndpoint" -}}
|
||||
{{- define "secretRclone.envDestEndpoint" -}}
|
||||
DEST_ENDPOINT
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "secret.chart" -}}
|
||||
{{- define "secretRclone.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "secret.labels" -}}
|
||||
helm.sh/chart: {{ include "secret.chart" $ }}
|
||||
{{ include "secret.selectorLabels" $ }}
|
||||
{{- define "secretRclone.labels" -}}
|
||||
helm.sh/chart: {{ include "secretRclone.chart" $ }}
|
||||
{{ include "secretRclone.selectorLabels" $ }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
{{- end }}
|
||||
@@ -84,7 +84,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "secret.selectorLabels" -}}
|
||||
{{- define "secretRclone.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
@@ -24,15 +24,15 @@ controllers:
|
||||
- --s3-no-check-bucket
|
||||
{{- if .Values.prune.enabled }}
|
||||
- --min-age
|
||||
- {{ .Values.prune.ageToPrune }}
|
||||
- {{ .Values.prune.ageToPrune | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.prune.include }}
|
||||
- --include
|
||||
- {{ .Values.prune.include }}
|
||||
- {{ .Values.prune.include | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.prune.exclude }}
|
||||
- --exclude
|
||||
- {{ .Values.prune.exclude }}
|
||||
- {{ .Values.prune.exclude | quote }}
|
||||
{{- end }}
|
||||
- --verbose
|
||||
env:
|
||||
@@ -43,57 +43,57 @@ controllers:
|
||||
- name: RCLONE_CONFIG_SRC_PROVIDER
|
||||
value: {{ .Values.rclone.source.providerType }}
|
||||
- name: RCLONE_CONFIG_SRC_ENV_AUTH
|
||||
value: false
|
||||
value: "false"
|
||||
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.sourceSecretName" . }}
|
||||
key: {{ include "secret.envAccessKey" . }}
|
||||
key: {{ include "secretRclone.envAccessKey" . }}
|
||||
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.sourceSecretName" . }}
|
||||
key: {{ include "secret.envSecretKey" . }}
|
||||
key: {{ include "secretRclone.envSecretKey" . }}
|
||||
- name: RCLONE_CONFIG_SRC_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.sourceSecretName" . }}
|
||||
key: {{ include "secret.envRegion" . }}
|
||||
key: {{ include "secretRclone.envRegion" . }}
|
||||
- name: RCLONE_CONFIG_SRC_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.sourceSecretName" . }}
|
||||
key: {{ include "secret.envSrcEndpoint" . }}
|
||||
key: {{ include "secretRclone.envSrcEndpoint" . }}
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: {{ .Values.rclone.source.forcePathStyle }}
|
||||
value: {{ .Values.rclone.source.forcePathStyle | quote }}
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: {{ .Values.rclone.destination.providerType }}
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
value: "false"
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envAccessKey" . }}
|
||||
key: {{ include "secretRclone.envAccessKey" . }}
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envSecretKey" . }}
|
||||
key: {{ include "secretRclone.envSecretKey" . }}
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envRegion" . }}
|
||||
key: {{ include "secretRclone.envRegion" . }}
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envDestEndpoint" . }}
|
||||
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
|
||||
value: {{ .Values.rclone.destination.forcePathStyle }}
|
||||
key: {{ include "secretRclone.envDestEndpoint" . }}
|
||||
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
|
||||
value: {{ .Values.rclone.destination.forcePathStyle | quote }}
|
||||
{{- if .Values.prune.enabled }}
|
||||
prune:
|
||||
image:
|
||||
@@ -104,7 +104,7 @@ controllers:
|
||||
- delete
|
||||
- dest:{{ .Values.rclone.destination.bucketName }}
|
||||
- --min-age
|
||||
- {{ .Values.prune.ageToPrune }}
|
||||
- {{ .Values.prune.ageToPrune | quote }}
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
@@ -112,29 +112,29 @@ controllers:
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: {{ .Values.rclone.destination.providerType }}
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
value: "false"
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envAccessKey" . }}
|
||||
key: {{ include "secretRclone.envAccessKey" . }}
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envSecretKey" . }}
|
||||
key: {{ include "secretRclone.envSecretKey" . }}
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envRegion" . }}
|
||||
key: {{ include "secretRclone.envRegion" . }}
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
key: {{ include "secret.envDestEndpoint" . }}
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: {{ .Values.rclone.destination.forcePathStyle }}
|
||||
key: {{ include "secretRclone.envDestEndpoint" . }}
|
||||
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
|
||||
value: {{ .Values.rclone.destination.forcePathStyle | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- $_ := mergeOverwrite .Values (include "rclone.hardcodedValues" . | fromYaml) -}}
|
||||
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
name: {{ include "rclone.sourceSecretName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "secret.labels" . | nindent 4 }}
|
||||
{{- include "secretRclone.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "rclone.sourceSecretName" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
@@ -16,19 +16,19 @@ spec:
|
||||
kind: ClusterSecretStore
|
||||
name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
|
||||
data:
|
||||
- secretKey: {{ include "secret.envAccessKey" . }}
|
||||
- secretKey: {{ include "secretRclone.envAccessKey" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.source.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.source.credentials.keyIdProperty }}
|
||||
- secretKey: {{ include "secret.envSecretKey" . }}
|
||||
- secretKey: {{ include "secretRclone.envSecretKey" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.source.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.source.credentials.secretKeyProperty }}
|
||||
- secretKey: {{ include "secret.envRegion" . }}
|
||||
- secretKey: {{ include "secretRclone.envRegion" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.source.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.source.credentials.regionProperty }}
|
||||
- secretKey: {{ include "secret.envSrcEndpoint" . }}
|
||||
- secretKey: {{ include "secretRclone.envSrcEndpoint" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.source.config.path }}
|
||||
property: {{ .Values.secret.externalSecret.source.config.endpointProperty }}
|
||||
@@ -40,7 +40,7 @@ metadata:
|
||||
name: {{ include "rclone.destinationSecretName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "secret.labels" . | nindent 4 }}
|
||||
{{- include "secretRclone.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "rclone.destinationSecretName" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
@@ -50,19 +50,19 @@ spec:
|
||||
kind: ClusterSecretStore
|
||||
name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
|
||||
data:
|
||||
- secretKey: {{ include "secret.envAccessKey" . }}
|
||||
- secretKey: {{ include "secretRclone.envAccessKey" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.destination.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
|
||||
- secretKey: {{ include "secret.envSecretKey" . }}
|
||||
- secretKey: {{ include "secretRclone.envSecretKey" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.destination.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.destination.credentials.secretKeyProperty }}
|
||||
- secretKey: {{ include "secret.envRegion" . }}
|
||||
- secretKey: {{ include "secretRclone.envRegion" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.destination.credentials.path }}
|
||||
property: {{ .Values.secret.externalSecret.destination.credentials.regionProperty }}
|
||||
- secretKey: {{ include "secret.envDestEndpoint" . }}
|
||||
- secretKey: {{ include "secretRclone.envDestEndpoint" . }}
|
||||
remoteRef:
|
||||
key: {{ .Values.secret.externalSecret.destination.config.path }}
|
||||
property: {{ .Values.secret.externalSecret.destination.config.endpointProperty }}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: volsync-target
|
||||
version: 1.0.0
|
||||
version: 1.1.0
|
||||
description: Volsync Replication set to target specific PVC with preconfigured settings
|
||||
keywords:
|
||||
- volsync-target
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# volsync-target
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Volsync Replication set to target specific PVC with preconfigured settings
|
||||
|
||||
@@ -33,6 +33,7 @@ Volsync Replication set to target specific PVC with preconfigured settings
|
||||
| moverSecurityContext | object | `{}` | Glocal security context for restic mover |
|
||||
| nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
|
||||
| namespaceOverride | string | `""` | Override the namespace of the chart |
|
||||
| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
|
||||
| pvcTarget | string | `"data"` | Name of the PVC target |
|
||||
| remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * *"}` | Remote backup configuration |
|
||||
| remote.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |
|
||||
|
||||
35
charts/volsync-target/templates/prometheus-rule.yaml
Normal file
35
charts/volsync-target/templates/prometheus-rule.yaml
Normal file
@@ -0,0 +1,35 @@
|
||||
{{- if .Values.prometheusRule.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ include "volsync.name" . }}-source-local
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
- name: volsync.alerts
|
||||
rules:
|
||||
- alert: VolSyncBackupPodFailed
|
||||
expr: |
|
||||
kube_pod_container_status_last_terminated_exit_code > 0
|
||||
* on(pod, namespace) group_left(owner_name)
|
||||
label_replace(
|
||||
kube_pod_owner{owner_kind="Job"},
|
||||
"owner_name", "$1", "owner_name", "(.*)"
|
||||
)
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "VolSync Backup Pod failed in {{ `{{ $labels.namespace }}` }}"
|
||||
description: |
|
||||
A pod for the VolSync backup of PVC '{{ .Values.pvcTarget }}' failed with exit code {{ `{{ $value }}` }}.
|
||||
Job: {{ `{{ $labels.owner_name }}` }}
|
||||
Namespace: {{ `{{ $labels.namespace }}` }}
|
||||
{{- end }}
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -16,6 +16,10 @@ pvcTarget: "data"
|
||||
# -- Glocal security context for restic mover
|
||||
moverSecurityContext: {}
|
||||
|
||||
# -- Prometheus Rule
|
||||
prometheusRule:
|
||||
enabled: true
|
||||
|
||||
# -- Use external secrets
|
||||
externalSecrets:
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user