Add Grimmory as separate from Booklore (#5020)

Reviewed-on: #5020

clusters/cl01tl/helm/grimmory/templates/external-secret.yaml

@@ -0,0 +1,143 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: grimmory-database-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-database-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: password
+      remoteRef:
+        key: /cl01tl/grimmory/database
+        property: password
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: grimmory-data-replication-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-data-replication-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: psk.txt
+      remoteRef:
+        key: /cl01tl/grimmory/replication
+        property: psk.txt
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: grimmory-mariadb-cluster-backup-secret-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: access
+      remoteRef:
+        key: /digital-ocean/home-infra/mariadb-backups
+        property: access
+    - secretKey: secret
+      remoteRef:
+        key: /digital-ocean/home-infra/mariadb-backups
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: grimmory-mariadb-cluster-backup-secret-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: access
+      remoteRef:
+        key: /garage/home-infra/mariadb-backups
+        property: access
+    - secretKey: secret
+      remoteRef:
+        key: /garage/home-infra/mariadb-backups
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-config-backup-secret-local
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-config-backup-secret-local
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        RESTIC_REPOSITORY: '{{ .BUCKET_ENDPOINT }}/booklore/booklore-config'
+  data:
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+      secretKey: BUCKET_ENDPOINT
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+      secretKey: RESTIC_PASSWORD
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+      secretKey: AWS_DEFAULT_REGION
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+      secretKey: AWS_ACCESS_KEY_ID
+    - remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+      secretKey: AWS_SECRET_ACCESS_KEY

clusters/cl01tl/helm/grimmory/templates/namespace.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: grimmory
+  annotations:
+    volsync.backube/privileged-movers: "true"
+  labels:
+    app.kubernetes.io/name: grimmory
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grimmory-books-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-books-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: grimmory-books-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grimmory-books-import-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-books-import-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: grimmory-books-import-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: grimmory-books-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-books-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Books
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: grimmory-books-import-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-books-import-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Books Import
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/helm/grimmory/templates/replication-destination.yaml

@@ -0,0 +1,16 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: grimmory-config-restore
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grimmory-config-restore
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  trigger:
+    manual: restore-once
+  restic:
+    repository: booklore-config-backup-secret-local
+    destinationPVC: grimmory-config
+    copyMethod: Direct