Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ring-mqtt): add pvc and init-container to persist token and config #4436

Merged
merged 2 commits into from
Feb 1, 2025
Merged

feat(ring-mqtt): add pvc and init-container to persist token and config #4436

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b005517
feat(ring-mqtt): add pvc and init-container to persist token and config
tyriis Feb 1, 2025
198c12a
Merge branch 'main' into feature/ring-mqtt-refinments
tyriis Feb 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 25 additions & 8 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/helm-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,21 @@ spec:
ring-mqtt:
annotations:
reloader.stakater.com/auto: "true"
initContainers:
copy-config:
image:
repository: busybox
tag: 1.33.1
command:
- sh
- -c
- |
if [ ! -f /data/config.json ]; then
cp /config/config.json /data/config.json
fi
if [ ! -f /data/ring-state.json ]; then
cp /config/ring-state.json /data/ring-state.json
fi
containers:
app:
env:
Expand Down Expand Up @@ -97,16 +112,18 @@ spec:

persistence:
data:
type: emptyDir
existingClaim: ring-mqtt-data
globalMounts:
- path: /data
credentials:
type: secret
name: ring-mqtt-config
globalMounts:
- path: /data/config.json
subPath: config.json
readOnly: true
- path: /data/ring-state.json
subPath: ring-state.json
readOnly: true
advancedMounts:
ring-mqtt:
copy-config:
- path: /config/config.json
subPath: config.json
readOnly: true
- path: /config/ring-state.json
subPath: ring-state.json
readOnly: true
4 changes: 4 additions & 0 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- secret.sops.yaml
- persistent-volume-claim.yaml
- replication-source.yaml
- replication-destination.yaml
- helm-release.yaml
16 changes: 16 additions & 0 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/persistent-volume-claim.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ring-mqtt-data
spec:
accessModes:
- ReadWriteOnce
dataSourceRef:
kind: ReplicationDestination
apiGroup: volsync.backube
name: ring-mqtt-data
resources:
requests:
storage: 10Mi
storageClassName: ceph-block
31 changes: 31 additions & 0 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/replication-destination.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: ring-mqtt-data
labels:
# https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources
kustomize.toolkit.fluxcd.io/ssa: IfNotPresent
spec:
trigger:
manual: restore-once
restic:
repository: ring-mqtt-volsync
copyMethod: Snapshot
volumeSnapshotClassName: csi-ceph-blockpool
cacheStorageClassName: ceph-block
cacheAccessModes:
- ReadWriteOnce
cacheCapacity: 10Mi
storageClassName: ceph-block
accessModes:
- ReadWriteOnce
capacity: 10Mi
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
enableFileDeletion: true
cleanupCachePVC: true
cleanupTempPVC: true
28 changes: 28 additions & 0 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/replication-source.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: ring-mqtt-data
spec:
sourcePVC: ring-mqtt-data
trigger:
schedule: "15 * * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 1
repository: ring-mqtt-volsync
volumeSnapshotClassName: csi-ceph-blockpool
cacheCapacity: 10Mi
cacheStorageClassName: ceph-block
cacheAccessModes:
- ReadWriteOnce
storageClassName: ceph-block
accessModes:
- ReadWriteOnce
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
retain:
hourly: 24
31 changes: 31 additions & 0 deletions kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/secret.sops.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: ring-mqtt-volsync
type: Opaque
stringData:
RESTIC_REPOSITORY: ENC[AES256_GCM,data:cKZ32zpgkuv9c9N2vIpykoQ2O0foCkhDwXKG0Sstuq4xaI0aS2J+ilOWWk0wCYaBK+MNG7ov0ESoilqisdidBKTYpMDRj7Y=,iv:AMNP9Gx/Ik/j/MKtqdTiGYttZPITlcxUqS9aXVSpurE=,tag:GsH0fbCWFDv4e3sRzGmr9g==,type:str]
RESTIC_PASSWORD: ENC[AES256_GCM,data:aZN+GSkhZ1lkUNjhN5F6Ve2hRwU3Jguna7tV6wP25xJmx7OEA+6lH7WyPqD2PoUUUi1msrx85NToxFxOec2jHg==,iv:SwySPIfWkgVngdMunyjk1KWEzQ/aa3/L7zvy5Z7+xJo=,tag:EbHYG9o0g6Vqp7kubkny+w==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:JEXZW41lEw==,iv:pduvJsbyBRNMiP6rJ5T7mz79rdW5VLpR/Y3lOXHKU8A=,tag:HZKS59FvxO4FwZrb3LhKmg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:aguU70F7QhX2FSEJFmknY8+31PbPIXdF0iGArAkBIihiGhAfOMkD6upDfpZmuZYQcJJgRPpH2jk=,iv:I/9UIpgz0uXHzhhlbV4481gS9KRtm1ZhzvoxJScGsxg=,tag:ax0t2h1ltyPkk+0TgnMCIg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16zqeqx5y6ay3flwz0d06rn83yjv9ckys3j8tpkysf9v6295fhc6sf4r0uj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYjdZeVptaDlPZW9idmtP
UkRGdmxyb0REM2s4dnZVSERQNFFSRHlqVkcwClJlZHVhQUVnUm16QVloazMyUUFx
Q24vakF5RUEvMTExZ0lPa1RXblFEV3cKLS0tIFNMcGx3NzRQT0U4MTZER0FQUzh3
SThDODl4ZFFMMUlxM3BneWlrNDdjdUUKm16agevW+HLV4al0q2m5W/SyS84E5SXh
QfWlkG1byRaLRQ+tMeTuCN0tk2A2asmSPygQ1IKo4AO9kMirDEjQ6w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-01T17:41:56Z"
mac: ENC[AES256_GCM,data:4zhtkkc0AASF4O2bWCnxkNj6zfw0nfq7wc2RA9RvH9UDf1LasqchFf3dPeVtKRQpx3RaFgIwhxWgA8NzdT95bor0ZmIJJaTYl6MLVygp0a19jhLqxk8ZAdURp/JuOOVfqRkIt3KWlSuDffRUaY4SXttB7U+IVil0IvYnvsVf+0A=,iv:r3UQ81IDllGoCS4AxVkM7kTOZEL83Sd4rS56euaP3iw=,tag:SaTWt6KwXfkik+ms81goKw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.3