🩹 bootstrap

.taskfiles/VolSync/ReplicationDestination.tmpl.yaml

@@ -17,4 +17,4 @@ spec:
     #   from a application that started with default data in the PVC.
     #   Do not restore snapshots made after the following RFC3339 Timestamp.
     #   date --rfc-3339=seconds (--utc)
-    # restoreAsOf: "2022-12-10T16:00:00-05:00"
+    restoreAsOf: "2022-12-29T01:00:00-05:00"

kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml

@@ -24,7 +24,7 @@ spec:
         maxParallel: 8
       destinationPath: s3://postgresql/
       endpointURL: https://truenas.${SECRET_DOMAIN}:51515
-      serverName: postgres-v4
+      serverName: postgres-v5
       s3Credentials:
         accessKeyId:
           name: postgres-minio
@@ -32,20 +32,20 @@ spec:
         secretAccessKey:
           name: postgres-minio
           key: MINIO_SECRET_KEY
-  # bootstrap:
-  #   recovery:
-  #     source: postgres
-  # externalClusters:
-  #   - name: postgres
-  #     barmanObjectStore:
-  #       destinationPath: s3://postgresql/
-  #       endpointURL: https://truenas.${SECRET_DOMAIN}:51515
-  #       s3Credentials:
-  #         accessKeyId:
-  #           name: postgres-minio
-  #           key: MINIO_ACCESS_KEY
-  #         secretAccessKey:
-  #           name: postgres-minio
-  #           key: MINIO_SECRET_KEY
-  #       wal:
-  #         maxParallel: 8
+  bootstrap:
+    recovery:
+      source: postgres-v4
+  externalClusters:
+    - name: postgres-v4
+      barmanObjectStore:
+        destinationPath: s3://postgresql/
+        endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+        s3Credentials:
+          accessKeyId:
+            name: postgres-minio
+            key: MINIO_ACCESS_KEY
+          secretAccessKey:
+            name: postgres-minio
+            key: MINIO_SECRET_KEY
+        wal:
+          maxParallel: 8

kubernetes/apps/default/drone/app/kustomization.yaml

@@ -5,4 +5,3 @@ kind: Kustomization
 namespace: default
 resources:
   - ./helmrelease.yaml
-  - ./secret.sops.yaml

kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml

@@ -5,3 +5,4 @@ kind: Kustomization
 namespace: default
 resources:
   - ./helmrelease.yaml
+  - ./secret.sops.yaml

kubernetes/apps/default/tandoor/app/kustomization.yaml

@@ -4,6 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
+  - ./backups
   - ./helmrelease.yaml
   - ./secret.sops.yaml
   - ./volume.yaml

kubernetes/apps/default/unifi/replicationsource.yaml

@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: unifi
+  namespace: default
+spec:
+  sourcePVC: unifi-config
+  trigger:
+    schedule: "0 0 * * *"
+  restic:
+    copyMethod: Snapshot
+    pruneIntervalDays: 10
+    repository: bazarr-restic-secret
+    cacheCapacity: 2Gi
+    volumeSnapshotClassName: csi-ceph-blockpool
+    storageClassName: rook-ceph-block
+    retain:
+      hourly: 0
+      daily: 10
+      weekly: 0
+      monthly: 0

kubernetes/apps/kube-system/kustomization.yaml

@@ -9,7 +9,7 @@ resources:
   - ./cilium/ks.yaml
   - ./descheduler/ks.yaml
   - ./intel-gpu/ks.yaml
-  - ./kubelet-csr-approver/ks.yaml
+  # - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml
   - ./node-feature-discovery/ks.yaml
   - ./reloader/ks.yaml

kubernetes/apps/kustomization.yaml

@@ -3,13 +3,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  # - ./cert-manager
-  # - ./default
-  # - ./flux-system
-  # - ./kube-system
-  # - ./kyverno
-  # - ./monitoring
-  # - ./networking
+  - ./cert-manager
+  - ./default
+  - ./flux-system
+  - ./kube-system
+  - ./kyverno
+  - ./monitoring
+  - ./networking
   - ./rook-ceph
-  # - ./trivy-system
-  # - ./volsync
+  - ./volsync

kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml

@@ -10,6 +10,7 @@ metadata:
 spec:
   dependsOn:
     - name: cluster-apps-rook-ceph-cluster
+    - name: cluster-apps-thanos-app
   path: ./kubernetes/apps/monitoring/kube-prometheus-stack/app
   prune: true
   sourceRef:

kubernetes/apps/monitoring/kustomization.yaml

@@ -6,9 +6,9 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./grafana/ks.yaml
+  # - ./grafana/ks.yaml
   - ./kube-prometheus-stack/ks.yaml
-  - ./loki/ks.yaml
-  - ./smartctl-exporter/ks.yaml
+  # - ./loki/ks.yaml
+  # - ./smartctl-exporter/ks.yaml
   - ./thanos/ks.yaml
-  - ./vector/ks.yaml
+  # - ./vector/ks.yaml

kubernetes/apps/monitoring/thanos/ks.yaml

@@ -9,7 +9,7 @@ metadata:
     substitution.flux.home.arpa/enabled: "true"
 spec:
   dependsOn:
-    - name: cluster-apps-kube-prometheus-stack-app
+    - name: cluster-apps-rook-ceph-cluster
   path: ./kubernetes/apps/monitoring/thanos/app
   prune: true
   sourceRef:

kubernetes/apps/rook-ceph/namespace.yaml

@@ -6,4 +6,3 @@ metadata:
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
     pod-security.kubernetes.io/enforce: privileged
-    pod-security.kubernetes.io/enforce-version: latest

kubernetes/flux/config/flux.yaml

@@ -46,3 +46,20 @@ spec:
       target:
         kind: Deployment
         name: "(kustomize-controller|helm-controller|source-controller)"
+    - patch: |
+        apiVersion: v1
+        kind: Deployment
+        metadata:
+          name: helm-controller
+        spec:
+          template:
+            spec:
+              containers:
+                - name: manager
+                  resources:
+                    limits:
+                      memory:
+                      $patch: delete
+      target:
+        kind: Deployment
+        name: helm-controller