♻️ flux kustomizations

tools/kopia-restore.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: ${APP}-${CLAIM}-restore
+  namespace: ${NAMESPACE}
+spec:
+  ttlSecondsAfterFinished: 3600
+  template:
+    spec:
+      automountServiceAccountToken: false
+      restartPolicy: OnFailure
+      containers:
+        - name: restore
+          image: ghcr.io/onedr0p/kopia:0.12.1@sha256:01ed9b934fa40216f17ffc8a906cf7a7e21c8d41a93f5ed571f2e5efa43844a7
+          env:
+            - name: KOPIA_PASSWORD
+              value: "none"
+          command:
+            - /bin/bash
+            - -c
+            - |-
+              shopt -s dotglob
+              printf "\e[1;32m%-6s\e[m\n" "[01/04] Connect to repo ..."      && kopia repo connect filesystem --path=/snapshots --override-hostname=cluster --override-username=root
+              printf "\e[1;32m%-6s\e[m\n" "[02/04] Remove previous data ..." && rm -rf /data/${NAMESPACE}/${APP}/${CLAIM}/*
+              printf "\e[1;32m%-6s\e[m\n" "[03/04] Restore snapshot ..."     && kopia snap restore "${SNAPSHOT}" /data/${NAMESPACE}/${APP}/${CLAIM}
+              printf "\e[1;32m%-6s\e[m\n" "[04/04] Disconnect from repo ..." && kopia repo disconnect
+          volumeMounts:
+            - name: data
+              mountPath: /data/${NAMESPACE}/${APP}/${CLAIM}
+            - name: snapshots
+              mountPath: /snapshots
+          securityContext:
+            privileged: true
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: ${CLAIM}
+        - name: snapshots
+          nfs:
+            server: 192.168.9.10
+            path: /mnt/storage/backups/kubernetes

tools/wipe-rook.yaml

@@ -0,0 +1,96 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: disk-wipe-talos-node-2
+spec:
+  restartPolicy: Never
+  nodeName: talos-node-2
+  containers:
+    - name: disk-wipe
+      image: rook/ceph:v1.10.8
+      securityContext:
+        privileged: true
+      command:
+        [
+          "/bin/sh",
+          "-c",
+          "sgdisk --zap-all /dev/nvme0n1",
+          "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1",
+          "blkdiscard /dev/nvme0n1",
+          "partprobe /dev/nvme0n1",
+        ]
+      volumeMounts:
+        - mountPath: /dev
+          name: dev
+  securityContext:
+    runAsUser: 0
+    runAsGroup: 0
+  volumes:
+    - name: dev
+      hostPath:
+        path: /dev
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: disk-wipe-talos-node-3
+spec:
+  restartPolicy: Never
+  nodeName: talos-node-3
+  containers:
+    - name: disk-wipe
+      image: rook/ceph:v1.10.8
+      securityContext:
+        privileged: true
+      command:
+        [
+          "/bin/sh",
+          "-c",
+          "sgdisk --zap-all /dev/nvme0n1",
+          "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1",
+          "blkdiscard /dev/nvme0n1",
+          "partprobe /dev/nvme0n1",
+        ]
+      volumeMounts:
+        - mountPath: /dev
+          name: dev
+  securityContext:
+    runAsUser: 0
+    runAsGroup: 0
+  volumes:
+    - name: dev
+      hostPath:
+        path: /dev
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: disk-wipe-talos-node-4
+spec:
+  restartPolicy: Never
+  nodeName: talos-node-4
+  containers:
+    - name: disk-wipe
+      image: rook/ceph:v1.10.8
+      securityContext:
+        privileged: true
+      command:
+        [
+          "/bin/sh",
+          "-c",
+          "sgdisk --zap-all /dev/nvme0n1",
+          "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1",
+          "blkdiscard /dev/nvme0n1",
+          "partprobe /dev/nvme0n1",
+        ]
+      volumeMounts:
+        - mountPath: /dev
+          name: dev
+  securityContext:
+    runAsUser: 0
+    runAsGroup: 0
+  volumes:
+    - name: dev
+      hostPath:
+        path: /dev