feat(volsync): Move to NFS backend

.taskfiles/volsync/Taskfile.yaml

@@ -50,15 +50,18 @@ tasks:
       vars:
         - APP
     vars:
+      WAIT: '{{.WAIT | default "true"}}'
       NS: '{{.NS | default "default"}}'
       JOB: volsync-src-{{.APP}}
     cmds:
       - kubectl --namespace {{.NS}} patch replicationsources {{.APP}} --type merge -p '{"spec":{"trigger":{"manual":"{{now | unixEpoch}}"}}}'
-      - until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done
-      - kubectl --namespace {{.NS}} wait job/{{.JOB}} --for=condition=complete --timeout=120m
+      - |-
+        {{ if eq "true" .WAIT }}until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done{{ end }}
+      - |-
+        {{ if eq "true" .WAIT }}kubectl --namespace {{.NS}} wait job/{{.JOB}} --for=condition=complete --timeout=120m{{ end }}
 
   snapshot-all:
-    desc: Snapshot all apps across all namespaces
+    desc: Snapshot all apps across all namespaces without waiting
     preconditions:
       - which kubectl
     vars:
@@ -71,6 +74,7 @@ tasks:
           split: "\n"
         task: snapshot
         vars:
+          WAIT: "false"
           NS: '{{splitList "," .ITEM | first}}'
           APP: '{{splitList "," .ITEM | last}}'
 

.taskfiles/volsync/resources/list-snapshots.yaml.j2

@@ -20,4 +20,4 @@ spec:
             - snapshots
           envFrom:
             - secretRef:
-                name: {{ ENV.APP }}-volsync-minio
+                name: {{ ENV.APP }}-volsync-nfs

kubernetes/apps/system/volsync/app/mutatingadmissionpolicy.yaml

@@ -79,20 +79,22 @@ spec:
     - patchType: "JSONPatch"
       jsonPatch:
         expression: >
+          [
             JSONPatch{
               op: "add", path: "/spec/template/spec/volumes/-",
               value: Object.spec.template.spec.volumes{
                 name: "repository",
                 nfs: Object.spec.template.spec.volumes.nfs{
                   server: "gladius.bjw-s.internal",
-                  path: "/mnt/tank/Backup"
+                  path: "/mnt/tank/Backup/Volsync"
                 }
               }
             },
             JSONPatch{
               op: "add", path: "/spec/template/spec/containers/0/volumeMounts/-",
               value: Object.spec.template.spec.containers.volumeMounts{
                 name: "repository",
-                mountPath: "/nfs/repository"
+                mountPath: "/repository"
               }
             }
+          ]

kubernetes/templates/volsync/kustomization.yaml

@@ -3,6 +3,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./minio
+  - ./nfs
   - ./r2
   - ./pvc.yaml

kubernetes/templates/volsync/minio/externalsecret.yaml → kubernetes/templates/volsync/nfs/externalsecret.yaml

@@ -3,22 +3,20 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: "${APP}-volsync-minio"
+  name: "${APP}-volsync-nfs"
 spec:
   refreshInterval: 5m
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword-connect
   target:
-    name: "${APP}-volsync-minio"
+    name: "${APP}-volsync-nfs"
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
-        RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
+        RESTIC_REPOSITORY: "/repository/${APP}"
         RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
-        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
-        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
   dataFrom:
     - extract:
         key: volsync-restic-template

kubernetes/templates/volsync/minio/replicationdestination.yaml → kubernetes/templates/volsync/nfs/replicationdestination.yaml

@@ -10,18 +10,19 @@ spec:
   restic:
     accessModes:
       - "${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"
-    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
+    cacheAccessModes:
+      - "${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"
     cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-1Gi}"
     cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
     capacity: "${VOLSYNC_CAPACITY:-1Gi}"
     cleanupCachePVC: true
     cleanupTempPVC: true
     enableFileDeletion: true
-    copyMethod: Snapshot
+    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
     moverSecurityContext:
       runAsUser: ${APP_UID:-2000}
       runAsGroup: ${APP_GID:-2000}
       fsGroup: ${APP_GID:-2000}
-    repository: "${APP}-volsync-minio"
+    repository: "${APP}-volsync-nfs"
     storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
     volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"

kubernetes/templates/volsync/minio/replicationsource.yaml → kubernetes/templates/volsync/nfs/replicationsource.yaml

@@ -9,19 +9,21 @@ spec:
   trigger:
     schedule: "0 * * * *"
   restic:
-    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
+    accessModes:
+      - "${VOLSYNC_SNAP_ACCESSMODES:-ReadWriteOnce}"
+    cacheAccessModes:
+      - "${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"
     cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-1Gi}"
     cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
-    copyMethod: Snapshot
+    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
     moverSecurityContext:
       runAsUser: ${APP_UID:-2000}
       runAsGroup: ${APP_GID:-2000}
       fsGroup: ${APP_GID:-2000}
     pruneIntervalDays: 7
-    repository: ${APP}-volsync-minio
+    repository: ${APP}-volsync-nfs
     retain:
       hourly: 24
       daily: 7
-      weekly: 5
     storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
     volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"