diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml index fd99c8a15..81db22949 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml @@ -4,5 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: monitoring resources: + - ./volsync - ./helmrelease.yaml - ./scrapeconfigs diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/kustomization.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/kustomization.yaml new file mode 100644 index 000000000..8b7436a73 --- /dev/null +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: monitoring +resources: + - ./secret.sops.yaml + - ./minio.yaml diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/minio.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/minio.yaml new file mode 100644 index 000000000..d878e5b36 --- /dev/null +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/minio.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.18b.haus/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: prometheus +spec: + sourcePVC: prometheus-kube-prometheus-stack-db-prometheus-kube-prometheus-stack-0 + trigger: + schedule: "30 2 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 7 + repository: "prometheus-volsync" + volumeSnapshotClassName: "longhorn" + cacheCapacity: 1Gi + cacheStorageClassName: local-path + cacheAccessModes: ["ReadWriteOnce"] + storageClassName: longhorn + accessModes: ["ReadWriteOnce"] + retain: + daily: 7 + weekly: 4 + monthly: 6 + moverSecurityContext: + fsGroup: 2000 + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/secret.sops.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/secret.sops.yaml new file mode 100644 index 000000000..85d4a8427 --- /dev/null +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/volsync/secret.sops.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prometheus-volsync +stringData: + RESTIC_REPOSITORY: ENC[AES256_GCM,data:m3avkkQ7mB8+c13MBOh5IXWP9aiHrm9mwiSHoNOVtzB4wCoAWG4BBikNnHZ/xDKsbli0HhxM8PNUomiu4aK0HHA=,iv:ZC1CY40KqIKFoHes8rvKC41urKRwhnkpNddfPAhmE40=,tag:vczuRzKGZC8Kor5kwy+Wpw==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:giDNkZC39TwBPxI4w0qA/C2RfZLY4t+f,iv:MhTOzxmjDv90JlYxSxL1A2oaae3wW23QoAmwHqRzDpk=,tag:uF7OYelshJfhNTPb7DvwqQ==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:QJXfbFaTfKmrjGN2FdQxJqeQrt8=,iv:NgNAgihqk9YABrg27bbJf6JvNCZ7ruplemsqvJ008eU=,tag:e37dQCNItIlXFxZjNgBfdw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:ltOO1uhUSy5DCaf6MeFBCj47/dqIwTloXmNUIl+AdAykUeEj+deMEw==,iv:nCjGTJVKWQF5m8kpqKtjtkbMHwWanXgdANpB/ww3ml0=,tag:3rV0WJTLTtth2QCJksdr2Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1u79ltfzz5k79ddwgv59r76p2532xnaehzz7vggttctudr6gdkvhq33edn6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZVl1TUs4SVJWcEZRVGV4 + ZnJTQk4vRkpSU3dFTWpOZEpwYnNHK3BUclVvClRmZ1JTeUNJMUdCMFIyM1h4bmdB + M2J0TmIvRXVkdjBQbEo1eWd1MDJhYXMKLS0tICsvdzN2Ylp2ZmVCNk9CSlJzWGN5 + YVJOem5RL0MvMGc5Y2lYaCtPWU1GTFkKZgC+vtc21R2pj4eHjarcLULey6nW59NJ + tSY0foFp1JJaljxoBkSD7dlqh5mycqvYU22OzZid1/OrLRKCQAkJ+Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-17T19:04:08Z" + mac: ENC[AES256_GCM,data:q31xluQP3bZ3ufjlo0V3JFAre6lg0Wy01QbBtZLpgHPnIaDoIftRNp+VCPqiOj2clF2iDfnPOuYfTlY46BGAT6tJ2dbJv4NakxXD9b7M5R/khF4ap1uYNbJP8xUw9f9HgZq0cvaB+GgaW4+Zw0awhVPEw+/kCqi7kDpD6yScIzg=,iv:tozP572MuDr+7QedtR+/6GBrc2SFrb71jTBuC+zObJ8=,tag:o0w78OCkl7It6cwkOJNnfA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1