From b4bfb3e11b341ed02628c0ada72332018e639b88 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sun, 13 Oct 2024 19:26:00 -0400 Subject: [PATCH] fix: try to fix radarr volsync backups --- kubernetes/common/templates/volsync/b2.yaml | 2 +- .../templates/volsync/kustomization.yaml | 1 + .../common/templates/volsync/minio.yaml | 51 +++++++++++++ kubernetes/common/templates/volsync/pvc.yaml | 2 +- .../download/radarr/app/helm-release.yaml | 4 +- .../download/radarr/app/kustomization.yaml | 1 + .../download/radarr/app/minio-creds.sops.yaml | 75 +++++++++++++++++++ 7 files changed, 132 insertions(+), 4 deletions(-) create mode 100644 kubernetes/common/templates/volsync/minio.yaml create mode 100644 kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml diff --git a/kubernetes/common/templates/volsync/b2.yaml b/kubernetes/common/templates/volsync/b2.yaml index 5eb1f63..159e471 100644 --- a/kubernetes/common/templates/volsync/b2.yaml +++ b/kubernetes/common/templates/volsync/b2.yaml @@ -15,7 +15,7 @@ spec: cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}" cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] - storageClassName: "${VOLSYNC_STORAGECLASS:-mainpool-hostpath}" + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] moverSecurityContext: runAsUser: 10000 diff --git a/kubernetes/common/templates/volsync/kustomization.yaml b/kubernetes/common/templates/volsync/kustomization.yaml index 02f9db4..5773b9a 100644 --- a/kubernetes/common/templates/volsync/kustomization.yaml +++ b/kubernetes/common/templates/volsync/kustomization.yaml @@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./pvc.yaml +- ./minio.yaml - ./b2.yaml \ No newline at end of file diff --git a/kubernetes/common/templates/volsync/minio.yaml b/kubernetes/common/templates/volsync/minio.yaml new file mode 100644 index 0000000..51d5440 --- /dev/null +++ b/kubernetes/common/templates/volsync/minio.yaml @@ -0,0 +1,51 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: "${APP}" +spec: + sourcePVC: "${APP}" + trigger: + schedule: "0 * * * *" + restic: + copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}" + pruneIntervalDays: 7 + repository: "${APP}-volsync-secret" + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}" + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + moverSecurityContext: + runAsUser: 10000 + runAsGroup: 10000 + fsGroup: 10000 + retain: + hourly: 24 + daily: 7 + weekly: 5 +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: "${APP}-dst" +spec: + trigger: + manual: restore-once + restic: + repository: "${APP}-volsync-secret" + copyMethod: Snapshot # must be Snapshot + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + capacity: "${VOLSYNC_CAPACITY}" + # moverSecurityContext: + # runAsUser: 10000 + # runAsGroup: 10000 + # fsGroup: 10000 \ No newline at end of file diff --git a/kubernetes/common/templates/volsync/pvc.yaml b/kubernetes/common/templates/volsync/pvc.yaml index 2a93aa4..8293c25 100644 --- a/kubernetes/common/templates/volsync/pvc.yaml +++ b/kubernetes/common/templates/volsync/pvc.yaml @@ -7,7 +7,7 @@ spec: dataSourceRef: kind: ReplicationDestination apiGroup: volsync.backube - name: "${APP}-b2" + name: "${APP}-dst" resources: requests: storage: "${VOLSYNC_CAPACITY}" diff --git a/kubernetes/main/apps/download/radarr/app/helm-release.yaml b/kubernetes/main/apps/download/radarr/app/helm-release.yaml index 2853941..6fd0f2c 100644 --- a/kubernetes/main/apps/download/radarr/app/helm-release.yaml +++ b/kubernetes/main/apps/download/radarr/app/helm-release.yaml @@ -74,11 +74,11 @@ spec: paths: - path: / service: - identifier: radarr + identifier: main port: http service: - app: + main: controller: main ports: diff --git a/kubernetes/main/apps/download/radarr/app/kustomization.yaml b/kubernetes/main/apps/download/radarr/app/kustomization.yaml index 9412966..9867948 100644 --- a/kubernetes/main/apps/download/radarr/app/kustomization.yaml +++ b/kubernetes/main/apps/download/radarr/app/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./backup-creds.sops.yaml +- ./minio-creds.sops.yaml - ./helm-release.yaml - ./radarr-exportarr-metrics.yaml - ../../../../../common/templates/volsync \ No newline at end of file diff --git a/kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml b/kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml new file mode 100644 index 0000000..9dc2849 --- /dev/null +++ b/kubernetes/main/apps/download/radarr/app/minio-creds.sops.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: Secret +metadata: + name: radarr-volsync-secret + namespace: download +type: Opaque +stringData: + RESTIC_REPOSITORY: ENC[AES256_GCM,data:ebolBMyKUaVKCE4oqtXn8tbgwVM+OG5W/oCNiIEy/dZuUOYUW/3kcP8qPcQ/TP+j,iv:MdfKuDIcOMIu7gKnT8nwAAqA8FXH0qIVGumW7XabnHM=,tag:NFCrjnVgKXHbXNDPqwa8LA==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:OWRCCNHPe7izcDDyr1Df/78XSduQ1KmGrtIoC5iz5Hg=,iv:KPaOpeZbFS4Hg8RLYNf7+26OkHwAfcVqHgZmWwv9R1A=,tag:gOamlt5e3MUQ9b+CeSwTbw==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:kzoeP5dV2DBk+VL/31B6sg==,iv:MeQdxt82dWNsvl+OSTnKS+g9zmkwBQxXFlBa813o818=,tag:V2YxoFj3lz4FtGAWutbyFA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:AibU/3Xgi/7qCxXkhdoOlzuN3ETDXg8bvNIg1IjQsfs=,iv:N6U1xM+HDPPHXDRLqY0BIC2ire9ZgN9g68Te8PObRt8=,tag:F8DRJiS4VUX19xO8RhZhEg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-13T23:24:58Z" + mac: ENC[AES256_GCM,data:+BAe3tCH1ZRYvOpktR6Sz4mHkQfNNjso2v70vMGUDgy0hgjkKR/AlvDcHJY6kf5kMoUVEBluPeQ58TVJuCMiXJhTgadTNRes4KPgW1Bm+/QR+TqGsvQYaSkT0YAj3EeUrFfXGU+VGgU/Pf+XE5oM8uqZG9Z3fwS6gZzCFy/JeiY=,iv:jHwrSLB4i9FG9gd4hYO8y+pH/FXhCKxgi3DGw8raSwc=,tag:rJ1sR1FdWcaFcfCOoInSfw==,type:str] + pgp: + - created_at: "2024-10-13T23:24:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ/+K49WTFNnaDigRZz3RtzJsvuQisVxVBsEG7rUNuIfAtRx + AxvmmbhZ97LAwpEcGsXv7uo7HhINX3xNeuLPt77U6lvrWyPDrHwDQKoLEcYpkEBw + 9NXsReKpyvSa1VP9hoIBhvd3+qoeb7rSgp+qWUWgGmvp/MM5GULI8gN0FV/pE85D + fIRd1nbZ6LcGC/gwIO4LgKuFg71V79RVuxFDNWHuyJUvaGnI2up4IFseDXDkfQHg + iA386/fzxtMBKrGcveEBFVXWZ4D3G9cacTSrknOfSnD8oGCzNoUArueOjpLvjx6n + s6lfQarI75kcAclMYwxFINjSBf7VCIkTvYLlUAUaitcbIVQNEUVKAUrosSc7gKEI + lkCty3WCZqRHy5hWIGZpR6tlYSEzqB5GGhBKYnrYn16RtSOXLw37Dl7AzjOB7aOf + u5sge6ssPk5zQ0cb2rxBVTN8KJJNh1eFSKBYCmeTjzfG7LGQWJLvp5HWXiGCF+OF + 6aiUnovEQrr3oNyVQ6oWBM36085hRUM3Gt/AhNaY9anixTYGNHgJO8uQ2HyTSP2p + AK69FFXbTAyYcxP5nZbNWctD3PyrhHM6QcqSH0lltZJiDEb6wIhk6c9zzDydDjuG + SzzGEWMqeqwu39eYW5Nfovd0IcZjVbC+jAnwwXWzP/tFutcM/OtI2Kpb8njLvLGF + AgwDAAAAAAAAAAABEACgTSOriPJ3jzfAGHyeqxHWFLtbBSMfdugXT4T74HNItkoY + 9pHOzox9CgOpyvslMdJtcUgt4TtNmp1bOWCm4JRKG0mlF4zWjV8hjQa+pIzuHSTg + 0SuQ+DqG8NelA94zr+H/jJVSSvhJUrv2GWTNsrZ44OGPY6moxhD67YO/2hiApafs + p8ololtBzxkdDoOJRjrgusoEOCxEW6AJOZV2Ckl4zWba7YyWQFV9mVUfmulcwNUS + 7KTFC0nQB1cRYM8Z682W5VAcxzPvoonPfJBdQUTQmfhCtT9W2yN0QtDOOM+oNJ2K + OXaDwYspvpUb4A53fGKew7oJArDxxI1bDSmyMzq+vHRmQutmiDOxAj6KH8F0ya5y + n7aq4Npas0EPhtu6g8x5NK8TjEmiTn3rkAg0cXwfWuBR+B8ERzSwQGKyHlwBZc2s + E2E+N9A1Dgf/I4CtxHB4wZWHPGCiCaQBrxXwr/rTvcLvKH+mWon3S0G3mtF4SEJA + vIjSuDiE2o+X9BVdtODN4GUmVCj9QlBLy9l39REhL48T+5+pVVcsNOSlxV33nOyJ + Ci0WwmrIZOIHp8Y7Hh4k1uouoaWthHUSwc1DXo6HMfshoWzx6bINtzgErSOc7qTM + 9ULjGQEOQ9AydZJdV+EGBlBNnC8FDGE1z31OmgAYKz0Tdg3Vmvblni3juzr1E9Ro + AQkCEDowXU0V0rKHx7n6ryYIW8u+f97RpQKiBvbYDS+4UvvyseFfSYBrRktp7jOK + mDfsaR4rAqSWvaOBg++8i/FTvdeiYoyjM3+CS+EoSt8e1fZS8zXAK9y+vC4VAAgF + +WWYmy4iQ9c= + =IkMC + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-10-13T23:24:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAARAAiOhijUf04+HMMqZluNZdp7yP4yavnr5jQinHDGSAJirr + +Q/YI1gmWzEsQQ6rBuzDxr+tjObW+M9o9xBTDeb1NC3bfu4+JV9qQMFP6fcj9UGs + HKji1jDFObhK1rg8FZaVTkxUL71ofZCxNo+IMo6PI8/uhJNdJ/EwrdnF08azWavI + 2YsO1pcPCdoW4lvxyuqOxk4ge0zK8su3+uzEBz6sxq6jjWs1970E+ib5nA1KsDsV + wjMsb2SFCcxtDzsi1JTaNiHMvuXl08h3ORsRshG/MlOIDI5o52Nf5RS5Efnjwf4Y + AhQgpNoxNdN8xHzLrnCTxN2LJh0Z3BRzKtgWOHU7aO+YJsrXMWsr7dRHf6YUltJS + RJ+plFusYdoOozfuko+tksz9a6AlWLu9ieLNKnTZuWqqDD4Uy0YLR4DIIPU6+P+k + 86i5klGgBpkB3y5U+nXoWJ/8dBsXOaaxPp/zpB4ttJv2ggC29fDBnf2bVgKo1TP5 + mMMzHoFmJcjPo5DXiazCiViPoJDGUyUPhNKNM72atQDCCArVmlIQbE1LUIAhhaBJ + Cigmb0kIWpHKEBQ8nK2UlGMo8hfy1GKivIAgTSomsI/KLSBt0YeefnWd0kHK7OIX + VnBwPFNLuw9OHDFPTX1M8Dk/iT1J/ACvpbctOZyesSB42fMPjgeh3ZtYzJXoiezU + aAEJAhDyA9q1f+2syN92xpqwMdpew3K5l+xzdUHIjjdxL6XzugJRqyuQee6wCxVj + GTaS8Bsnx7fg6b/jwxXVPDfE7fv74jJ29CgfzWLXxc8GH47hp9VhQDBq3CqceraG + z7N/bgAze6sz + =5cXr + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.9.1