@@ -6,11 +6,11 @@ It uses a **Service Bridge** to allow Kyverno to "look before it leaps" by check
66
77## Core Components
88
9- ### 1. The Bridge (Service )
10- ** File :** ` infrastructure/storage/volsync/rustfs-service.yaml `
11- Maps the external NAS IP (192.168.10.133) to an internal DNS name ` rustfs.volsync-system ` .
12- * ** Protocol :** TCP/ 9000
13- * ** Purpose :** Allows policies to target ` http://rustfs.volsync-system:9000/... `
9+ ### 1. The Bridge (Direct IP )
10+ ** Strategy :** Direct Connection
11+ Instead of creating a Kubernetes Service (which causes ArgoCD sync issues for external IPs), we connect directly to the TrueNAS IP .
12+ * ** Target :** ` 192.168.10.133 ` (Port 9000)
13+ * ** Benefit :** Zero-friction GitOps state (no "ExcludedResourceWarning").
1414
1515### 2. The Credentials (ExternalSecret)
1616** File:** ` infrastructure/storage/volsync/rustfs-credentials.yaml ` (Existing)
@@ -27,10 +27,9 @@ Logic: "Check for Restic Config. If found, Restore. Else, Backup."
2727
2828** Rule 2: Smart Restore (Conditional)**
2929* Trigger: PVC ` backup: hourly `
30- * ** Context (apiCall):**
31- * Target: ` http://rustfs.volsync-system:9000/volsync-backups/<ns>/<pvc>/config `
32- * Method: ` HEAD `
33- * Note: Checking ` /config ` verifies it's a valid Restic repo, not just an empty folder.
30+ * ** (apiCall):**
31+ * Target: ` http://192.168.10.133:9000/volsync-backups/<ns>/<pvc>/config ` (Direct IP)
32+ * Method: ` GET ` (Kyverno compatible)
3433* ** Condition:** Response == 200 OK.
3534* ** Action:** Create ` ReplicationDestination ` .
3635
0 commit comments