Skip to content

Commit d1cee70

Browse files
committed
up
1 parent 6e4569b commit d1cee70

2 files changed

Lines changed: 7 additions & 0 deletions

File tree

infrastructure/controllers/kyverno/policies/volsync-pvc-backup-restore.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,15 @@ spec:
1515
background: true
1616
rules:
1717
# Rule 1: Conditionally add dataSourceRef if backup exists in S3
18+
# IMPORTANT: Only trigger on CREATE to avoid race conditions during PVC deletion
1819
- name: add-datasource-if-backup-exists
1920
match:
2021
any:
2122
- resources:
2223
kinds:
2324
- PersistentVolumeClaim
25+
operations:
26+
- CREATE
2427
selector:
2528
matchExpressions:
2629
- key: backup
@@ -56,12 +59,15 @@ spec:
5659
name: "{{request.object.metadata.name}}-restore"
5760

5861
# Rule 2: Generate ExternalSecret for per-PVC restic repository
62+
# IMPORTANT: Only trigger on CREATE to avoid race conditions during PVC deletion
5963
- name: generate-restic-secret
6064
match:
6165
any:
6266
- resources:
6367
kinds:
6468
- PersistentVolumeClaim
69+
operations:
70+
- CREATE
6571
selector:
6672
matchExpressions:
6773
- key: backup

my-apps/media/karakeep/karakeep/pvc-data.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,4 @@ spec:
1616
storageClassName: longhorn
1717
# dataSourceRef is added dynamically by Kyverno if a backup exists
1818

19+

0 commit comments

Comments
 (0)