Skip to content

Commit 43b55d7

Browse files
committed
redo
1 parent 936b0fd commit 43b55d7

19 files changed

Lines changed: 229 additions & 759 deletions

.gitignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,3 +119,7 @@ credentials.base64
119119
/my-apps/privacy/proxitok/source
120120
/my-apps/privacy/proxitok/docker/misc
121121
/my-apps/privacy/proxitok/docker
122+
123+
# Reference implementations (not deployed)
124+
/home-ops/
125+
/reference/

docs/backup-restore.md

Lines changed: 101 additions & 189 deletions
Large diffs are not rendered by default.

docs/notes/volsync-comparison-homeops.md

Lines changed: 0 additions & 166 deletions
This file was deleted.

infrastructure/controllers/argocd/apps/kustomization.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,7 @@ resources:
99
- external-secrets.yaml # Wave 0 - External Secrets CRDs (required by Longhorn)
1010
- longhorn-app.yaml # Wave 1 - Storage foundation
1111
- snapshot-controller-app.yaml # Wave 1 - VolumeSnapshot controller + CRDs
12-
- volsync-app.yaml # Wave 1 - PVC backup and replication
13-
- pvc-plumber-app.yaml # Wave 2 - Backup existence checker (before Kyverno)
12+
- volsync-app.yaml # Wave 1 - PVC backup and replication (Kopia + NFS)
1413
# ApplicationSets for automatic discovery
1514
- infrastructure-appset.yaml # Wave 4
1615
- monitoring-appset.yaml # Wave 3

infrastructure/controllers/argocd/apps/pvc-plumber-app.yaml

Lines changed: 0 additions & 29 deletions
This file was deleted.

infrastructure/controllers/kyverno/policies/volsync-pvc-backup-restore.yaml

Lines changed: 12 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -5,61 +5,17 @@ metadata:
55
name: volsync-pvc-backup-restore
66
annotations:
77
argocd.argoproj.io/sync-wave: "4"
8-
policies.kyverno.io/title: VolSync PVC Backup and Restore (Kopia)
8+
policies.kyverno.io/title: VolSync PVC Backup and Restore (Kopia NFS)
99
policies.kyverno.io/description: >-
1010
Automatically configures VolSync backup and restore for PVCs with the
11-
label backup: "hourly" or backup: "daily". Uses Kopia for faster backups
12-
with compression. Checks S3 for existing backup via pvc-plumber and
13-
conditionally enables restore via VolumePopulator.
11+
label backup: "hourly" or backup: "daily". Uses Kopia with NFS filesystem
12+
backend for faster backups with compression. MutatingAdmissionPolicy injects
13+
NFS mount into mover pods.
1414
spec:
1515
mutateExistingOnPolicyUpdate: false
1616
background: true
1717
rules:
18-
# Rule 1: Conditionally add dataSourceRef if backup exists in S3
19-
# IMPORTANT: Only trigger on CREATE to avoid race conditions during PVC deletion
20-
- name: add-datasource-if-backup-exists
21-
match:
22-
any:
23-
- resources:
24-
kinds:
25-
- PersistentVolumeClaim
26-
operations:
27-
- CREATE
28-
selector:
29-
matchExpressions:
30-
- key: backup
31-
operator: In
32-
values: ["hourly", "daily"]
33-
exclude:
34-
any:
35-
- resources:
36-
namespaces:
37-
- kube-system
38-
- volsync-system
39-
- kyverno
40-
context:
41-
- name: backupCheck
42-
apiCall:
43-
method: GET
44-
service:
45-
url: "http://pvc-plumber.volsync-system.svc.cluster.local/exists/{{request.object.metadata.namespace}}/{{request.object.metadata.name}}"
46-
preconditions:
47-
all:
48-
- key: "{{ backupCheck.exists || false }}"
49-
operator: Equals
50-
value: true
51-
- key: "{{ request.object.spec.dataSourceRef || '' }}"
52-
operator: Equals
53-
value: ""
54-
mutate:
55-
patchStrategicMerge:
56-
spec:
57-
dataSourceRef:
58-
apiGroup: volsync.backube
59-
kind: ReplicationDestination
60-
name: "{{request.object.metadata.name}}-restore"
61-
62-
# Rule 2: Generate ExternalSecret for per-PVC Kopia repository
18+
# Rule 1: Generate ExternalSecret for Kopia repository credentials
6319
- name: generate-kopia-secret
6420
skipBackgroundRequests: false
6521
match:
@@ -106,28 +62,17 @@ spec:
10662
app.kubernetes.io/managed-by: kyverno
10763
volsync.backup/pvc: "{{request.object.metadata.name}}"
10864
data:
109-
# Kopia S3 repository configuration
110-
# Full S3 URL with path: s3://bucket/namespace/pvc-name
111-
KOPIA_REPOSITORY: "s3://volsync-kopia/{{request.object.metadata.namespace}}/{{request.object.metadata.name}}"
112-
# S3 endpoint for non-AWS S3 (RustFS/MinIO)
113-
AWS_S3_ENDPOINT: "http://192.168.10.133:30292"
114-
# Disable TLS since endpoint is HTTP
115-
KOPIA_S3_DISABLE_TLS: "true"
65+
# Kopia NFS filesystem repository configuration
66+
# MutatingAdmissionPolicy injects NFS mount at /repository
67+
KOPIA_REPOSITORY: "filesystem:///repository"
68+
KOPIA_FS_PATH: "/repository"
11669
data:
117-
- secretKey: AWS_ACCESS_KEY_ID
118-
remoteRef:
119-
key: rustfs
120-
property: k8s-admin-access-key
121-
- secretKey: AWS_SECRET_ACCESS_KEY
122-
remoteRef:
123-
key: rustfs
124-
property: k8s-admin-secret-key
12570
- secretKey: KOPIA_PASSWORD
12671
remoteRef:
12772
key: rustfs
12873
property: kopia_password
12974

130-
# Rule 3: Generate ReplicationSource (backup schedule)
75+
# Rule 2: Generate ReplicationSource (backup schedule)
13176
- name: generate-replication-source
13277
skipBackgroundRequests: false
13378
match:
@@ -165,16 +110,13 @@ spec:
165110
schedule: "{{ request.object.metadata.labels.backup == 'hourly' && '0 * * * *' || '0 2 * * *' }}"
166111
kopia:
167112
repository: "volsync-{{request.object.metadata.name}}"
168-
# Kopia-specific optimizations
169113
compression: zstd-fastest
170114
parallelism: 2
171-
# Retention policy
172115
retain:
173116
hourly: 24
174117
daily: 7
175118
weekly: 4
176119
monthly: 2
177-
# Snapshot-based backup via Longhorn
178120
copyMethod: Snapshot
179121
storageClassName: longhorn
180122
volumeSnapshotClassName: longhorn-snapclass
@@ -184,7 +126,7 @@ spec:
184126
runAsGroup: 568
185127
fsGroup: 568
186128

187-
# Rule 4: Generate ReplicationDestination (restore capability)
129+
# Rule 3: Generate ReplicationDestination (restore capability)
188130
- name: generate-replication-destination
189131
skipBackgroundRequests: false
190132
match:
@@ -230,4 +172,4 @@ spec:
230172
moverSecurityContext:
231173
runAsUser: 568
232174
runAsGroup: 568
233-
fsGroup: 568
175+
fsGroup: 568

0 commit comments

Comments
 (0)