Skip to content

Commit df52a28

Browse files
committed
up
1 parent 43b55d7 commit df52a28

5 files changed

Lines changed: 44 additions & 64 deletions

File tree

docs/backup-restore.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ The system automatically backs up PVCs to NFS storage on TrueNAS using **Kopia**
4949
- **Path:** `/mnt/BigTank/k8s/volsync-kopia-nfs`
5050
- **Encryption:** Kopia encrypts all data with KOPIA_PASSWORD
5151

52-
### 2. MutatingAdmissionPolicy
52+
### 2. Kyverno NFS Injection Policy
5353
- Automatically injects NFS mount into all VolSync mover jobs
5454
- Mounts `/repository` from TrueNAS NFS share
5555
- No per-app configuration needed
@@ -214,8 +214,8 @@ The following namespaces are excluded from automatic backup:
214214

215215
| File | Purpose |
216216
|------|---------|
217-
| `infrastructure/storage/volsync/` | VolSync Helm chart + MutatingAdmissionPolicy |
218-
| `infrastructure/storage/volsync/mutatingadmissionpolicy.yaml` | Injects NFS mount into mover pods |
217+
| `infrastructure/storage/volsync/` | VolSync Helm chart |
218+
| `infrastructure/controllers/kyverno/policies/volsync-nfs-inject.yaml` | Injects NFS mount into mover pods |
219219
| `infrastructure/storage/kopia-ui/` | Kopia web UI for browsing backups |
220220
| `infrastructure/controllers/kyverno/policies/volsync-pvc-backup-restore.yaml` | Kyverno policy |
221221
| `monitoring/prometheus-stack/volsync-alerts.yaml` | Prometheus alerting rules |

infrastructure/controllers/kyverno/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ resources:
55
- namespace.yaml
66
- rbac-patch.yaml
77
- policies/volsync-pvc-backup-restore.yaml
8+
- policies/volsync-nfs-inject.yaml
89
helmCharts:
910
- name: kyverno
1011
repo: https://kyverno.github.io/kyverno
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
---
2+
apiVersion: kyverno.io/v1
3+
kind: ClusterPolicy
4+
metadata:
5+
name: volsync-nfs-inject
6+
annotations:
7+
argocd.argoproj.io/sync-wave: "4"
8+
policies.kyverno.io/title: VolSync NFS Mount Injection
9+
policies.kyverno.io/description: >-
10+
Injects NFS volume mount into VolSync mover jobs so Kopia can
11+
access the shared repository on TrueNAS.
12+
spec:
13+
rules:
14+
- name: inject-nfs-volume
15+
match:
16+
any:
17+
- resources:
18+
kinds:
19+
- Job
20+
selector:
21+
matchLabels:
22+
app.kubernetes.io/created-by: volsync
23+
mutate:
24+
patchStrategicMerge:
25+
spec:
26+
template:
27+
spec:
28+
volumes:
29+
- name: repository
30+
nfs:
31+
server: "192.168.10.133"
32+
path: "/mnt/BigTank/k8s/volsync-kopia-nfs"
33+
foreach:
34+
- list: "request.object.spec.template.spec.containers"
35+
patchesJson6902: |-
36+
- op: add
37+
path: /spec/template/spec/containers/{{@index}}/volumeMounts/-
38+
value:
39+
name: repository
40+
mountPath: /repository

infrastructure/storage/volsync/kustomization.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ namespace: volsync-system
44
resources:
55
- namespace.yaml
66
- volumesnapshotclass.yaml
7-
- mutatingadmissionpolicy.yaml
87
helmCharts:
98
- name: volsync
109
repo: https://perfectra1n.github.io/volsync/charts

infrastructure/storage/volsync/mutatingadmissionpolicy.yaml

Lines changed: 0 additions & 60 deletions
This file was deleted.

0 commit comments

Comments
 (0)