oleksandr/homelab
1
0
Fork 0
Code Pull Requests Activity

feat(k8s/podsync): add Podsync stack (deployment scaled to 0 for data migration)

Browse Source
This commit is contained in:
Oleksandr Berezovskyi
2026-02-28 22:40:22 +02:00
parent 59aa229d19
commit 10fe26e993
9 changed files with 170 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
kubernetes/app/podsync/configmap.sops.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: podsync-config
namespace: podsync
data:
config.toml: ENC[AES256_GCM,data:ud/lwdZMMjk7VOwOkw/FHB5rEXgt3yJiOtpVjm/jriWWmWjCruNE/hei/sgF/ea2G49XacHQHnDOJFX95mq9ZuBgdj4KBx9nW91pNODF5PKVDE24jShFhepN7MCPvfHgRaRZbe23YQkjIceGcswfYpwAr4Mr21jeiMgK0cJVUyeR/mO9pk3kRm4kFqIcDnl+gpmLnlj1gKm/GkIymt+tQqaw0LVuSZj1eGGk2ZReBPO7Thkj4OlGc/vf1vAoZcLuEqBF1flvibOHn9PqbO+QDxcJvAUx6MfbFJ8fW/p45jFrfxsUnVaJPD7kp6R2IMvbvH6r1jObr49/IEY6MrCApoujbP5mi3nPo13yRcT4fNr8kWmIBY2nBDahRHpbwg8R13XWIvhEYZW/8I7srNYOj3sfR13jLulyjiO67M8cA6a7CMER0sH4mt6JtBCXK6/pRTOD5PzElw5ga3h0HRkcu5+VneGiNTiPipaxNe0HoD/OGkjcao7ztEFC9eYmpRK25QPNHBdRtAvrkX2GBGCNLGn9MTEXHCeLJtuI8MebHRgT+cR9puFd6ezB0kUuDLt39crm5DtuhN7yPbii/s/1MJ6yhSxsrQMZm4OYNO2/5VcjDEVfSxgsJsV1K82vzk1YjpAgPsqpSg/3AodlM2cEjuKy/BjX7fvog9rauEEkmrCGbI6FN7dJFwyJ9rT2TQ65kvr+O00gdAeQHi0rfFAaKZ/eFkzgEnBaJHEJHm9B+khZlopPWtvESK91qVMvScNXD4yu6uhdYihR28/MUfLdPRYIrEVwlk1LC+uc+h9sGBMPk6hs73mjy6ll7GzhOrZ7/PGrW68ZWzAUTfsVj8b3ota0K/uzqTkktAyqQ3FrZe6f70sSdjXrcbd2r2CQwbMj9zz/vqj6gGJQQpsAOAPJPUGw2WV1741rwq1jz2/1aXJwFFBmm89u/N6ALKxAc82ZQ9punlotSpW9kFKEmvJkLu1nXPp5UNFOmlhEE6lTeQ2cOwfFJn8AEgV/LIvmIN1odli7ZZgiMBDB+b+i7ygxRxTTgm+Yaxzy4s0MEKoWBdfKgsGCKVlazcC+vzjrxs2HHhMaVacWGwROFnlSLs3KpLa1jaTWAcs5t444wrAM5yUeqZL76NLP85XPU2M3A9nFYeG0P/jEJj5ng5oKZKjZo7sesG+SfywNDb5ZnDrfqF2IFodTHlQZl2RIh+EkINLgC70c+DlHdj5bWBjlVgwxR+3iv1QMf4froxyA6hg/0Rjzh/gGS8pOLUnNrh6EFfNdWJXfhly5Iklb0q3ynh8bEnUTJxmCE1fOCLOHFjW0a1Pzwd1Fp6P64C1I89lWYM/000JbxsOzVrBA3t9VWeoBEsc2RBxzEgV8k0GCgHaSVLwG6dxSO+dKAPmKvgdpaz2a70KC,iv:SWzY/BbV0vStgEuMg6zKRwHzA1XgJd9Wbb3OZrWx7wA=,tag:54E7l/Vb9R2RBzGZLueRVA==,type:str]
sops:
age:
- recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTBUbnNBcGFhYjNiNGRG
T3JqdFY0dTIzWDA3OGNVUkoreVhONXVDeFVVCkR0amlYMThyejlPaWlPSkdGL0xy
YUN3VEhGajJoQjNiRVV5ckw0cE1JaTAKLS0tIDFSWnpWWVFxQ0VVY2U4bUFtTWVk
bkg3K01kWFl4ZWZuK21KRTIxUEhDUEEKPGWzrJlyZGNOsvrVhWKw56y8iAwrqDQK
OWJYIq0gt9NWfNBao8UpiuKJXU4SX01hW4fa1OEfGSDJAjNNxGpFVA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-28T20:36:14Z"
mac: ENC[AES256_GCM,data:nLST3PCcdNQ0zOsqUMHZVP9Zp2WmqVFzGcJkZRPgfI0Acb7xP+KZHeMEGscEgwvBKDa72pH4zSoQ60bFJcoVv9dH/MkCyz1BHIDfkO4DNo6nvHgZ83Gqwl5MU/LPYBQY267504QEDCr6VZFzXY8SRVIvD1e0y8qxpbgS4MPW2Tg=,iv:NiLrvTKQZJdHHFXqvfZ0qQ8Lx1E6GLiAdtAneYWc4m0=,tag:3zheqtMglkwg5w66mljW3Q==,type:str]
encrypted_regex: ^(data|stringData|email)$
version: 3.12.1

38
kubernetes/app/podsync/deployment.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: podsync
namespace: podsync
spec:
replicas: 0
selector:
matchLabels:
app: podsync
template:
metadata:
labels:
app: podsync
spec:
containers:
- name: podsync
image: ghcr.io/mxpv/podsync
ports:
- containerPort: 8080
volumeMounts:
- name: data
mountPath: /app/data
- name: database
mountPath: /app/db
- name: config
mountPath: /app/config.toml
subPath: config.toml
volumes:
- name: data
persistentVolumeClaim:
claimName: podsync-data
- name: database
persistentVolumeClaim:
claimName: podsync-database
- name: config
configMap:
name: podsync-config

24
kubernetes/app/podsync/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: podsync
namespace: podsync
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/router.middlewares: authelia-chain-authelia-authelia-auth@kubernetescrd
spec:
tls:
- hosts:
- ${PODSYNC_HOST}
secretName: podsync-tls
rules:
- host: ${PODSYNC_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: podsync
port:
number: 8080

4
kubernetes/app/podsync/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: podsync

24
kubernetes/app/podsync/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: podsync
spec:
podSelector: {}
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-traefik-ingress
namespace: podsync
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik

17
kubernetes/app/podsync/pv.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: podsync-data-nfs
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
storageClassName: ""
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nointr
nfs:
server: synology.storage.lviv
path: ${PODSYNC_NFS_PATH}

26
kubernetes/app/podsync/pvc.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: podsync-data
namespace: podsync
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
volumeName: podsync-data-nfs
resources:
requests:
storage: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: podsync-database
namespace: podsync
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs-synology-ssd
resources:
requests:
storage: 1Gi

11
kubernetes/app/podsync/service.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: podsync
namespace: podsync
spec:
selector:
app: podsync
ports:
- port: 8080
targetPort: 8080

6
kubernetes/config/cluster-vars.sops.yaml
View File

@@ -17,6 +17,8 @@ stringData:
ARCHMIRROR_HOST: ENC[AES256_GCM,data:lCi7iVRn7yITYLi63kWdZXw7mCGXoe4=,iv:vuk/YuwfiBZhLS2+k1+WkNq96XrWA6BWtGjjWkKqTXc=,tag:Z0HJzMAmFSJvPkVPpIdFzg==,type:str]
ARCHMIRROR_NFS_PATH: ENC[AES256_GCM,data:RHNbu/Jobo8Q5DzKjF4RojvrYQ==,iv:khpEqK0KzdZeZm8qKZ3MJQDk2P799FBCNPOJGx4Tdhk=,tag:CKHeuRZttLRwN6noSaehDQ==,type:str]
ARCHMIRROR_MIRROR_URL: ENC[AES256_GCM,data:cIORJWshvr4fL/OqyvplXllcrMdh3UMrt11cBqwgS12O3wGBgyULJNDcP7c2,iv:8Efs43us8xlUvkafWf15K5wqBoJnYLmC50j094taoFs=,tag:6hV2emMunQ1jOteRCANRsA==,type:str]
PODSYNC_HOST: ENC[AES256_GCM,data:MK+WWo8R2uS45U8suBDusOp922YqngM=,iv:7QfuVU6ICEmpNwtgpnXa2phwP0+0pcmv8w3CJSLwvrA=,tag:z6qizhm8fzzDZq/726kKsQ==,type:str]
PODSYNC_NFS_PATH: ENC[AES256_GCM,data:O1ZHSOsmwe57nY0T42pHOHcc/aB9,iv:FS4Yb9F4mzrvKni0hg6HD22R83v3YoGlDAeEPBc4RzE=,tag:f+Wi8BOPIVod/8upGZmw5A==,type:str]
sops:
age:
- recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc
@@ -28,7 +30,7 @@ sops:
LzhUN3Z4cExIL1IyS3ZCNWh5aWpLbDgKQ7c3MmLykA00NaLoctKVDfJvPqTqh3Ia
cDZJUc6jYJXOJYM6YYyZOYcCL2z8V2RpIfA9sPg8PB2eiipZxjk+Cg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-27T20:24:05Z"
mac: ENC[AES256_GCM,data:fYYaSZF2TGw4IQZCssW11j5Aj0STRaGOPN8C6nFUGRm2XhLof8n5i4Lnev7sVauOlG3PByWZJgye04vP2wQjX27MKeNXoaSUEIbMj2X242WH95GQXyHbaaN2D9bUXihLD8jaqJnIuKq9Kskkd4Rpf41mdlr7P8sOudY9tSHrVIM=,iv:72KkRWBoVJqSsBgniwgSuu6Nx5BSF0QcyHIgndRiuvA=,tag:zCiapUCAHcpShy5jBaaJ/Q==,type:str]
lastmodified: "2026-02-28T20:47:12Z"
mac: ENC[AES256_GCM,data:c8pE3AixjxpDSGwnTYrhHRDDXFAAhHs4zaveies6/4feWUY1o+26Z0aWQssWQaQCR9V5mo831B400jMg4tudbJflRHE6VV0ah5eFh5+N7M5vnbxrWHCwGW3Y5bAUXAuaMFDgOO5fCi+iryCC8WZe6FxqZTMawWAcjMq93X55jbY=,iv:RWU3PTXd1XOdmGbr87LSqUud1Aak8VzXzjLLorh2UHc=,tag:rNWOmU/W0NfIupMV9mMfig==,type:str]
encrypted_regex: ^(data|stringData|email)$
version: 3.12.1