From b4572bf19a376384f23ca05d0d7139db3ba16c63 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Mon, 26 Dec 2022 14:05:34 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20backube?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../base/repositories/helm/backube.yaml | 10 +++ .../base/repositories/helm/kustomization.yaml | 2 + .../base/repositories/helm/piraeus.yaml | 10 +++ .../cluster-0/apps/storage/kustomization.yaml | 2 + .../snapshot-controller/app/helmrelease.yaml | 68 +++++++++++++++++++ .../app/kustomization.yaml | 7 ++ .../apps/storage/snapshot-controller/ks.yaml | 27 ++++++++ .../apps/storage/volsync/kustomization.yaml | 10 +++ .../apps/storage/volsync/namespace.yaml | 7 ++ .../snapscheduler/app/helmrelease.yaml | 28 ++++++++ .../snapscheduler/app/kustomization.yaml | 7 ++ .../storage/volsync/snapscheduler/ks.yaml | 46 +++++++++++++ .../schedules/kustomization.yaml | 6 ++ .../snapscheduler/schedules/snapschedule.yaml | 17 +++++ .../volsync/volsync/app/helmrelease.yaml | 28 ++++++++ .../volsync/volsync/app/kustomization.yaml | 8 +++ .../volsync/volsync/app/prometheusrule.yaml | 29 ++++++++ .../apps/storage/volsync/volsync/ks.yaml | 25 +++++++ .../notifications/github/notification.yaml | 4 +- .../flux-system/webhook/github/receiver.yaml | 3 +- kubernetes/flux/flux-cluster.yaml | 23 +++++++ 21 files changed, 365 insertions(+), 2 deletions(-) create mode 100644 kubernetes/base/repositories/helm/backube.yaml create mode 100644 kubernetes/base/repositories/helm/piraeus.yaml create mode 100644 kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml create mode 100644 kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/namespace.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml create mode 100644 kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml diff --git a/kubernetes/base/repositories/helm/backube.yaml b/kubernetes/base/repositories/helm/backube.yaml new file mode 100644 index 000000000..3d2aaf425 --- /dev/null +++ b/kubernetes/base/repositories/helm/backube.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: backube + namespace: flux-system +spec: + interval: 2h + url: https://backube.github.io/helm-charts/ diff --git a/kubernetes/base/repositories/helm/kustomization.yaml b/kubernetes/base/repositories/helm/kustomization.yaml index f854e68e3..c6fdcfe15 100644 --- a/kubernetes/base/repositories/helm/kustomization.yaml +++ b/kubernetes/base/repositories/helm/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./backube.yaml - ./bitnami.yaml - ./bjw-s.yaml - ./cert-manager-webhook-ovh.yaml @@ -21,6 +22,7 @@ resources: - ./kyverno.yaml - ./metrics-server.yaml - ./node-feature-discovery.yaml + - ./piraeus.yaml - ./postfinance.yaml - ./prometheus-community.yaml - ./rook-ceph.yaml diff --git a/kubernetes/base/repositories/helm/piraeus.yaml b/kubernetes/base/repositories/helm/piraeus.yaml new file mode 100644 index 000000000..b3ecf4e9e --- /dev/null +++ b/kubernetes/base/repositories/helm/piraeus.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: piraeus + namespace: flux-system +spec: + interval: 2h + url: https://piraeus.io/helm-charts/ diff --git a/kubernetes/cluster-0/apps/storage/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kustomization.yaml index 1e7c5d31b..a39d3a48f 100644 --- a/kubernetes/cluster-0/apps/storage/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kustomization.yaml @@ -6,4 +6,6 @@ resources: - ./kopia-web - ./resilio-sync - ./smartctl-exporter + - ./snapshot-controller/ks.yaml - ./truecommand + - ./volsync diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml b/kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml new file mode 100644 index 000000000..d93fafd74 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml @@ -0,0 +1,68 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: snapshot-controller + namespace: kube-system +spec: + interval: 15m + chart: + spec: + chart: snapshot-controller + version: 1.6.2 + sourceRef: + kind: HelmRepository + name: piraeus + namespace: flux-system + install: + createNamespace: true + crds: CreateReplace + remediation: + retries: 3 + upgrade: + crds: CreateReplace + remediation: + retries: 3 + values: + replicaCount: 3 + volumeSnapshotClasses: + - name: csi-ceph-blockpool + driver: rook-ceph.rbd.csi.ceph.com + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" + parameters: + clusterID: rook-ceph + csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/snapshotter-secret-namespace: rook-ceph + deletionPolicy: Delete + serviceMonitor: + create: true +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: snapshot-validation-webhook + namespace: kube-system +spec: + interval: 15m + chart: + spec: + chart: snapshot-validation-webhook + version: 1.6.2 + sourceRef: + kind: HelmRepository + name: piraeus + namespace: flux-system + install: + createNamespace: true + crds: Skip + remediation: + retries: 3 + upgrade: + crds: Skip + remediation: + retries: 3 + dependsOn: + - name: snapshot-controller diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml b/kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml new file mode 100644 index 000000000..a09cef314 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml b/kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml new file mode 100644 index 000000000..056439a05 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-snapshot-controller + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/cluster-0/apps/storage/snapshot-controller/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: snapshot-controller + namespace: kube-system + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: snapshot-validation-webhook + namespace: kube-system + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml b/kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml new file mode 100644 index 000000000..8d8663071 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Pre Flux-Kustomizations + - ./namespace.yaml + # Flux-Kustomizations + - ./snapscheduler/ks.yaml + - ./volsync/ks.yaml diff --git a/kubernetes/cluster-0/apps/storage/volsync/namespace.yaml b/kubernetes/cluster-0/apps/storage/volsync/namespace.yaml new file mode 100644 index 000000000..b20620550 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: volsync + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml new file mode 100644 index 000000000..3c3a524fb --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: snapscheduler + namespace: volsync +spec: + interval: 15m + chart: + spec: + chart: snapscheduler + version: 3.2.0 + sourceRef: + kind: HelmRepository + name: backube + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + manageCRDs: true + metrics: + disableAuth: true diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml new file mode 100644 index 000000000..f8f5b9cf9 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: volsync +resources: + - ./helmrelease.yaml diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml new file mode 100644 index 000000000..ac4d99d56 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-snapscheduler + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: cluster-apps-snapshot-controller + path: ./kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: snapscheduler + namespace: volsync + interval: 30m + retryInterval: 1m + timeout: 3m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-snapscheduler-schedules + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: cluster-apps-snapscheduler + path: ./kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: true + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml new file mode 100644 index 000000000..5be33ab76 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./snapschedule.yaml diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml new file mode 100644 index 000000000..264d064ea --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml @@ -0,0 +1,17 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/snapshotschedule_v1.json +apiVersion: snapscheduler.backube/v1 +kind: SnapshotSchedule +metadata: + name: main + namespace: default +spec: + disabled: false + claimSelector: + matchLabels: + snapshot.home.arpa/enabled: "true" + retention: + expires: 48h + schedule: "@daily" + snapshotTemplate: + snapshotClassName: csi-ceph-blockpool diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml new file mode 100644 index 000000000..9660dd91c --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: volsync + namespace: volsync +spec: + interval: 15m + chart: + spec: + chart: volsync + version: 0.5.0 + sourceRef: + kind: HelmRepository + name: backube + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + manageCRDs: true + metrics: + disableAuth: true diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml new file mode 100644 index 000000000..8c682d547 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: volsync +resources: + - ./helmrelease.yaml + - ./prometheusrule.yaml diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml new file mode 100644 index 000000000..d755aab73 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/prometheusrule_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: volsync + namespace: volsync +spec: + groups: + - name: volsync.rules + rules: + - alert: VolSyncComponentAbsent + annotations: + summary: VolSync component has disappeared from Prometheus target discovery. + expr: | + absent(up{job=~".*volsync.*"} == 1) + for: 15m + labels: + severity: critical + - alert: VolSyncVolumeOutOfSync + annotations: + summary: >- + {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume + is out of sync. + expr: | + volsync_volume_out_of_sync == 1 + for: 15m + labels: + severity: critical diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml b/kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml new file mode 100644 index 000000000..e4fd44dff --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml @@ -0,0 +1,25 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: cluster-apps-volsync-app + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: cluster-apps-snapshot-controller + path: ./kubernetes/cluster-0/apps/storage/volsync/volsync/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: volsync + namespace: volsync + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml index 9151413aa..70c608264 100644 --- a/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml +++ b/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/provider_v1beta2.json apiVersion: notification.toolkit.fluxcd.io/v1beta2 kind: Provider metadata: @@ -10,7 +11,8 @@ spec: secretRef: name: github-token --- -apiVersion: notification.toolkit.fluxcd.io/v1beta1 +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/alert_v1beta2.json +apiVersion: notification.toolkit.fluxcd.io/v1beta2 kind: Alert metadata: name: github diff --git a/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml index f431d92b5..fb6664b27 100644 --- a/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml +++ b/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml @@ -1,5 +1,6 @@ --- -apiVersion: notification.toolkit.fluxcd.io/v1beta1 +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/receiver_v1beta2.json +apiVersion: notification.toolkit.fluxcd.io/v1beta2 kind: Receiver metadata: name: home-ops diff --git a/kubernetes/flux/flux-cluster.yaml b/kubernetes/flux/flux-cluster.yaml index 9d8b2c754..015410b8c 100644 --- a/kubernetes/flux/flux-cluster.yaml +++ b/kubernetes/flux/flux-cluster.yaml @@ -14,6 +14,7 @@ spec: secretRef: name: github-deploy-key --- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: @@ -28,6 +29,7 @@ spec: kind: GitRepository name: home-ops --- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: @@ -45,6 +47,7 @@ spec: secretRef: name: sops-age --- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: @@ -71,6 +74,7 @@ spec: - kind: Secret name: cluster-secrets --- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: @@ -96,3 +100,22 @@ spec: name: cluster-settings - kind: Secret name: cluster-secrets + patches: + - patch: |- + apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 + kind: Kustomization + metadata: + name: not-used + spec: + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets + target: + labelSelector: substitution.flux.home.arpa/enabled=true