From e724ff94a9ece83ffc4e5067cc31621462cac76c Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 14 Jul 2024 12:25:20 +0200 Subject: [PATCH] feat(longhorn): Reference PV from PVC refactor(freshrss): Rename k8s resources --- kubenix-modules/custom/longhorn-volume.nix | 152 +++++++++++++++------ kubenix-modules/freshrss.nix | 25 ++-- kubenix-modules/volumes.nix | 5 +- 3 files changed, 129 insertions(+), 53 deletions(-) diff --git a/kubenix-modules/custom/longhorn-volume.nix b/kubenix-modules/custom/longhorn-volume.nix index e261cab..868e16f 100644 --- a/kubenix-modules/custom/longhorn-volume.nix +++ b/kubenix-modules/custom/longhorn-volume.nix @@ -12,6 +12,28 @@ let }; }; }; + + longhornPVOpts = { name, ... }: { + options = { + storage = lib.mkOption { + type = lib.types.str; + }; + }; + }; + + longhornPVCOpts = { name, ... }: { + options = { + volumeName = lib.mkOption { + type = lib.types.str; + default = name; + }; + + # TODO: ideally we take this from the longhornPV so we don't duplicate this information. + storage = lib.mkOption { + type = lib.types.str; + }; + }; + }; in { options = { @@ -19,55 +41,109 @@ in type = with lib.types; attrsOf (submodule longhornVolumeOpts); default = { }; }; + + lab.longhorn = { + persistentVolume = lib.mkOption { + type = with lib.types; attrsOf (submodule longhornPVOpts); + default = { }; + }; + + persistentVolumeClaim = lib.mkOption { + type = with lib.types; attrsOf (submodule longhornPVCOpts); + default = { }; + }; + }; }; config = { kubernetes.resources = { - persistentVolumes = builtins.mapAttrs - (name: longhornVolume: { - spec = { - accessModes = [ "ReadWriteOnce" ]; - capacity.storage = longhornVolume.storage; - persistentVolumeReclaimPolicy = "Delete"; - volumeMode = "Filesystem"; + persistentVolumes = lib.mergeAttrs + (builtins.mapAttrs + (name: longhornVolume: { + spec = { + accessModes = [ "ReadWriteOnce" ]; + capacity.storage = longhornVolume.storage; + persistentVolumeReclaimPolicy = "Delete"; + volumeMode = "Filesystem"; - claimRef = { - inherit name; - namespace = longhornVolume.namespace; - }; + claimRef = { + inherit name; + namespace = longhornVolume.namespace; + }; - csi = { - driver = "driver.longhorn.io"; - fsType = "ext4"; - volumeHandle = name; - - volumeAttributes = { - dataLocality = "disabled"; - fromBackup = ""; + csi = { + driver = "driver.longhorn.io"; fsType = "ext4"; - numberOfReplicas = "2"; - staleReplicaTimeout = "30"; - unmapMarkSnapChainRemoved = "ignored"; + volumeHandle = name; - recurringJobSelector = lib.generators.toYAML { } [{ - name = "backup-nfs"; - isGroup = false; - }]; + volumeAttributes = { + dataLocality = "disabled"; + fromBackup = ""; + fsType = "ext4"; + numberOfReplicas = "2"; + staleReplicaTimeout = "30"; + unmapMarkSnapChainRemoved = "ignored"; + + recurringJobSelector = lib.generators.toYAML { } [{ + name = "backup-nfs"; + isGroup = false; + }]; + }; }; }; - }; - }) - config.lab.longhornVolumes; + }) + config.lab.longhornVolumes) + (builtins.mapAttrs + (name: longhornPV: { + spec = { + accessModes = [ "ReadWriteOnce" ]; + capacity.storage = longhornPV.storage; + persistentVolumeReclaimPolicy = "Delete"; + volumeMode = "Filesystem"; - persistentVolumeClaims = builtins.mapAttrs - (name: longhornVolume: { - spec = { - accessModes = [ "ReadWriteOnce" ]; - resources.requests.storage = longhornVolume.storage; - storageClassName = ""; - }; - }) - config.lab.longhornVolumes; + csi = { + driver = "driver.longhorn.io"; + fsType = "ext4"; + volumeHandle = name; + + volumeAttributes = { + dataLocality = "disabled"; + fromBackup = ""; + fsType = "ext4"; + numberOfReplicas = "2"; + staleReplicaTimeout = "30"; + unmapMarkSnapChainRemoved = "ignored"; + + recurringJobSelector = lib.generators.toYAML { } [{ + name = "backup-nfs"; + isGroup = false; + }]; + }; + }; + }; + }) + config.lab.longhorn.persistentVolume); + + persistentVolumeClaims = lib.mergeAttrs + (builtins.mapAttrs + (name: longhornVolume: { + spec = { + accessModes = [ "ReadWriteOnce" ]; + resources.requests.storage = longhornVolume.storage; + storageClassName = ""; + }; + }) + config.lab.longhornVolumes) + (builtins.mapAttrs + (name: longhornPVC: { + spec = { + accessModes = [ "ReadWriteOnce" ]; + resources.requests.storage = longhornPVC.storage; + storageClassName = ""; + volumeName = longhornPVC.volumeName; + }; + }) + config.lab.longhorn.persistentVolumeClaim); }; }; } diff --git a/kubenix-modules/freshrss.nix b/kubenix-modules/freshrss.nix index 0f62a40..200b46c 100644 --- a/kubenix-modules/freshrss.nix +++ b/kubenix-modules/freshrss.nix @@ -1,8 +1,8 @@ -{ namespace, ... }: { +{ kubernetes.resources = { - secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; + secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; - deployments.freshrss = { + deployments.server = { metadata.labels.app = "freshrss"; spec = { @@ -33,12 +33,12 @@ PUBLISHED_PORT.value = "443"; ADMIN_PASSWORD.valueFrom.secretKeyRef = { - name = "freshrss"; + name = "server"; key = "adminPassword"; }; ADMIN_API_PASSWORD.valueFrom.secretKeyRef = { - name = "freshrss"; + name = "server"; key = "adminPassword"; }; }; @@ -49,7 +49,7 @@ }]; }; - volumes.data.persistentVolumeClaim.claimName = "freshrss"; + volumes.data.persistentVolumeClaim.claimName = "data"; securityContext = { fsGroup = 33; @@ -60,7 +60,7 @@ }; }; - services.freshrss.spec = { + services.web.spec = { selector.app = "freshrss"; ports.web = { @@ -71,21 +71,18 @@ }; lab = { - ingresses.freshrss = { + ingresses.web = { host = "rss.kun.is"; service = { - name = "freshrss"; + name = "web"; portName = "web"; }; }; - # TODO: Maybe we should revisit this architecture? - # The PVs are cluster-wide and should probably be defined elsewhere. - # Then the PVC should reference the PV probably. - longhornVolumes.freshrss = { + longhorn.persistentVolumeClaim.data = { + volumeName = "freshrss"; storage = "1Gi"; - inherit namespace; }; }; } diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix index ecd3d09..f279db7 100644 --- a/kubenix-modules/volumes.nix +++ b/kubenix-modules/volumes.nix @@ -16,7 +16,6 @@ longhornVolumes = { hedgedoc-uploads.storage = "50Mi"; hedgedoc-db.storage = "100Mi"; - # freshrss.storage = "1Gi"; radicale.storage = "200Mi"; minecraft.storage = "1Gi"; nextcloud.storage = "50Gi"; @@ -44,6 +43,10 @@ immich-db.storage = "5Gi"; }; + longhorn.persistentVolume = { + freshrss.storage = "1Gi"; + }; + nfsVolumes = { media.path = "media"; music.path = "media/music";