From 761919ab44643e5e5c6da5ae5eb19e9133c72619 Mon Sep 17 00:00:00 2001 From: Jean-Francois Roy Date: Sat, 9 Nov 2024 19:46:19 -0800 Subject: [PATCH] feat(storage): make one samba ss for kantai3 node Since a samba server uses a host port, there can only be one per node. This patch reworks storage to have a single samba server on kantai3 (nee kaidame), and adds the homeassistant-backup share to it, in addition to the existing and initial media1 share. --- .../app}/configs/config.yaml | 17 ++++++ .../kantai3-samba/app/externalsecret.yaml | 37 +++++++++++ .../app}/helmrelease.yaml | 18 +++--- .../app}/kustomization.yaml | 5 +- .../app}/networkpolicy.yaml | 4 +- .../apps/storage/kantai3-samba/app/pvc.yaml | 28 +++++++++ kubernetes/apps/storage/kantai3-samba/ks.yaml | 23 +++++++ kubernetes/apps/storage/kustomization.yaml | 2 +- kubernetes/apps/storage/zfs-media1/ks.yaml | 61 ------------------- .../zfs-media1/smb/externalsecret.yaml | 26 -------- .../storage/zfs-media1/snapshot/cronjob.yaml | 35 ----------- .../zfs-media1/snapshot/kustomization.yaml | 6 -- .../zfs-media1/volume/kustomization.yaml | 6 -- .../apps/storage/zfs-media1/volume/pvc.yaml | 14 ----- 14 files changed, 120 insertions(+), 162 deletions(-) rename kubernetes/apps/storage/{zfs-media1/smb => kantai3-samba/app}/configs/config.yaml (73%) create mode 100644 kubernetes/apps/storage/kantai3-samba/app/externalsecret.yaml rename kubernetes/apps/storage/{zfs-media1/smb => kantai3-samba/app}/helmrelease.yaml (89%) rename kubernetes/apps/storage/{zfs-media1/smb => kantai3-samba/app}/kustomization.yaml (89%) rename kubernetes/apps/storage/{zfs-media1/smb => kantai3-samba/app}/networkpolicy.yaml (90%) create mode 100644 kubernetes/apps/storage/kantai3-samba/app/pvc.yaml create mode 100644 kubernetes/apps/storage/kantai3-samba/ks.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/ks.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/smb/externalsecret.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/snapshot/cronjob.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/snapshot/kustomization.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/volume/kustomization.yaml delete mode 100644 kubernetes/apps/storage/zfs-media1/volume/pvc.yaml diff --git a/kubernetes/apps/storage/zfs-media1/smb/configs/config.yaml b/kubernetes/apps/storage/kantai3-samba/app/configs/config.yaml similarity index 73% rename from kubernetes/apps/storage/zfs-media1/smb/configs/config.yaml rename to kubernetes/apps/storage/kantai3-samba/app/configs/config.yaml index 4a80e13ed..039fe3c44 100644 --- a/kubernetes/apps/storage/zfs-media1/smb/configs/config.yaml +++ b/kubernetes/apps/storage/kantai3-samba/app/configs/config.yaml @@ -55,3 +55,20 @@ shares: smbd max xattr size: "2097152" # NOTE: acl_xattr is not loaded because it uses security.NTACL which requires SYS_ADMIN. vfs objects: streams_xattr + homeassistant-backup: + options: + access based share enum: "false" + available: "true" + browseable: "true" + comment: "" + create mask: "0660" + directory mask: "0770" + guest ok: "false" + kernel oplocks: "false" + mangled names: "false" + path: /homeassistant-backup + posix locking: "false" + read only: "false" + smbd max xattr size: "2097152" + # NOTE: acl_xattr is not loaded because it uses security.NTACL which requires SYS_ADMIN. + vfs objects: streams_xattr diff --git a/kubernetes/apps/storage/kantai3-samba/app/externalsecret.yaml b/kubernetes/apps/storage/kantai3-samba/app/externalsecret.yaml new file mode 100644 index 000000000..8bbf6a435 --- /dev/null +++ b/kubernetes/apps/storage/kantai3-samba/app/externalsecret.yaml @@ -0,0 +1,37 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: kantai3-samba +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword + target: + name: kantai3-samba + template: + data: + users.json: |- + { + "samba-container-config": "v0", + "users": { + {{- $users := list }} + {{- $users = append $users (dict "name" .a.username "password" .a.password "uid" (.a.uid | atoi) "gid" (.a.gid | atoi)) }} + {{- $users = append $users (dict "name" .b.username "password" .b.password "uid" (.b.uid | atoi) "gid" (.b.gid | atoi)) }} + "all_entries": {{ $users | toJson }} + } + } + dataFrom: + - extract: + key: smb:media-owner + rewrite: + - regexp: + source: "(.*)" + target: "a.$1" + - extract: + key: smb:homeassistant + rewrite: + - regexp: + source: "(.*)" + target: "b.$1" diff --git a/kubernetes/apps/storage/zfs-media1/smb/helmrelease.yaml b/kubernetes/apps/storage/kantai3-samba/app/helmrelease.yaml similarity index 89% rename from kubernetes/apps/storage/zfs-media1/smb/helmrelease.yaml rename to kubernetes/apps/storage/kantai3-samba/app/helmrelease.yaml index de354a8b3..36fb64d03 100644 --- a/kubernetes/apps/storage/zfs-media1/smb/helmrelease.yaml +++ b/kubernetes/apps/storage/kantai3-samba/app/helmrelease.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: zfs-media1-smb + name: kantai3-samba spec: interval: 30m chart: @@ -30,7 +30,7 @@ spec: operator: Exists effect: NoSchedule controllers: - zfs-media1-smb: + kantai3-samba: type: statefulset annotations: reloader.stakater.com/auto: "true" @@ -68,13 +68,10 @@ spec: # https://github.com/containerd/containerd/pull/9320 seccompProfile: { type: Unconfined } service: - zfs-media1-smb: - controller: zfs-media1-smb + kantai3-samba: + controller: kantai3-samba clusterIP: None ipFamilyPolicy: PreferDualStack - annotations: - external-dns.alpha.kubernetes.io/endpoints-type: HostIP - external-dns.alpha.kubernetes.io/hostname: smb.media1.internal. ports: smb: port: 445 @@ -86,18 +83,21 @@ spec: projected: sources: - configMap: - name: zfs-media1-smb + name: kantai3-samba items: - key: config.yaml path: config.yaml - secret: - name: zfs-media1-smb + name: kantai3-samba items: - key: users.json path: users.json globalMounts: - path: /config readOnly: true + homeassistant-backup: + type: persistentVolumeClaim + existingClaim: homeassistant-backup media: type: persistentVolumeClaim existingClaim: zfs-media1 diff --git a/kubernetes/apps/storage/zfs-media1/smb/kustomization.yaml b/kubernetes/apps/storage/kantai3-samba/app/kustomization.yaml similarity index 89% rename from kubernetes/apps/storage/zfs-media1/smb/kustomization.yaml rename to kubernetes/apps/storage/kantai3-samba/app/kustomization.yaml index 67a1c858d..a7fe2b8c1 100644 --- a/kubernetes/apps/storage/zfs-media1/smb/kustomization.yaml +++ b/kubernetes/apps/storage/kantai3-samba/app/kustomization.yaml @@ -4,10 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./externalsecret.yaml - - ./networkpolicy.yaml - ./helmrelease.yaml + - ./networkpolicy.yaml + - ./pvc.yaml configMapGenerator: - - name: zfs-media1-smb + - name: kantai3-samba files: - ./configs/config.yaml generatorOptions: diff --git a/kubernetes/apps/storage/zfs-media1/smb/networkpolicy.yaml b/kubernetes/apps/storage/kantai3-samba/app/networkpolicy.yaml similarity index 90% rename from kubernetes/apps/storage/zfs-media1/smb/networkpolicy.yaml rename to kubernetes/apps/storage/kantai3-samba/app/networkpolicy.yaml index 00493c15c..d2658f7ec 100644 --- a/kubernetes/apps/storage/zfs-media1/smb/networkpolicy.yaml +++ b/kubernetes/apps/storage/kantai3-samba/app/networkpolicy.yaml @@ -2,11 +2,11 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: - name: zfs-media1-smb + name: kantai3-samba spec: endpointSelector: matchLabels: - app.kubernetes.io/name: zfs-media1-smb + app.kubernetes.io/name: kantai3-samba egress: - toCIDR: - 192.168.1.0/24 diff --git a/kubernetes/apps/storage/kantai3-samba/app/pvc.yaml b/kubernetes/apps/storage/kantai3-samba/app/pvc.yaml new file mode 100644 index 000000000..8806a765f --- /dev/null +++ b/kubernetes/apps/storage/kantai3-samba/app/pvc.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: zfs-media1 +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 50Ti + storageClassName: "" + volumeMode: Filesystem + volumeName: storage-zfs-media1 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homeassistant-backup +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 108Gi + storageClassName: "" + volumeMode: Filesystem + volumeName: homeassistant-backup diff --git a/kubernetes/apps/storage/kantai3-samba/ks.yaml b/kubernetes/apps/storage/kantai3-samba/ks.yaml new file mode 100644 index 000000000..8322ea12f --- /dev/null +++ b/kubernetes/apps/storage/kantai3-samba/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kantai3-samba + namespace: flux-system +spec: + targetNamespace: storage + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + - name: openebs-zfs-volumes + path: ./kubernetes/apps/storage/kantai3-samba/app + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + retryInterval: 1m diff --git a/kubernetes/apps/storage/kustomization.yaml b/kubernetes/apps/storage/kustomization.yaml index d559c287e..fdfc5e269 100644 --- a/kubernetes/apps/storage/kustomization.yaml +++ b/kubernetes/apps/storage/kustomization.yaml @@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml + - ./kantai3-samba/ks.yaml - ./maintenance/ks.yaml - ./media-kantai1/ks.yaml - - ./zfs-media1/ks.yaml diff --git a/kubernetes/apps/storage/zfs-media1/ks.yaml b/kubernetes/apps/storage/zfs-media1/ks.yaml deleted file mode 100644 index 130d6181b..000000000 --- a/kubernetes/apps/storage/zfs-media1/ks.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: storage-zfs-media1-volume - namespace: flux-system -spec: - targetNamespace: storage - dependsOn: - - name: openebs-zfs-volumes - path: ./kubernetes/apps/storage/zfs-media1/volume - prune: false # don't prune media volume for safety - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - retryInterval: 1m ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app storage-zfs-media1-smb - namespace: flux-system -spec: - targetNamespace: storage - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: external-secrets-stores - - name: storage-zfs-media1-volume - path: ./kubernetes/apps/storage/zfs-media1/smb - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - retryInterval: 1m ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: storage-zfs-media1-snapshot - namespace: flux-system -spec: - targetNamespace: storage - dependsOn: - - name: storage-zfs-media1-volume - path: ./kubernetes/apps/storage/zfs-media1/snapshot - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - retryInterval: 1m diff --git a/kubernetes/apps/storage/zfs-media1/smb/externalsecret.yaml b/kubernetes/apps/storage/zfs-media1/smb/externalsecret.yaml deleted file mode 100644 index 75c71a5b0..000000000 --- a/kubernetes/apps/storage/zfs-media1/smb/externalsecret.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: zfs-media1-smb -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword - target: - name: zfs-media1-smb - template: - data: - users.json: |- - { - "samba-container-config": "v0", - "users": { - {{- $users := list }} - {{- $users = append $users (dict "name" .username "password" .password "uid" (.uid | atoi) "gid" (.gid | atoi)) }} - "all_entries": {{ $users | toJson }} - } - } - dataFrom: - - extract: - key: media-owner diff --git a/kubernetes/apps/storage/zfs-media1/snapshot/cronjob.yaml b/kubernetes/apps/storage/zfs-media1/snapshot/cronjob.yaml deleted file mode 100644 index 49f130ec5..000000000 --- a/kubernetes/apps/storage/zfs-media1/snapshot/cronjob.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: zfs-media1-snapshot - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled -spec: - schedule: "0 8 * * MON" # weekly on Monday at 8:00 - jobTemplate: - spec: - template: - spec: - containers: - - name: snapshot - image: alpine:3.20.3 - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - TS=$(date +%FT%T%Z) && chroot /host /usr/local/sbin/zfs snapshot citerne/media1@${TS} - securityContext: - privileged: true - runAsUser: 0 - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - kubernetes.io/hostname: kantai3 - restartPolicy: OnFailure - volumes: - - hostPath: - path: / - type: Directory - name: host diff --git a/kubernetes/apps/storage/zfs-media1/snapshot/kustomization.yaml b/kubernetes/apps/storage/zfs-media1/snapshot/kustomization.yaml deleted file mode 100644 index 28d703898..000000000 --- a/kubernetes/apps/storage/zfs-media1/snapshot/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./cronjob.yaml diff --git a/kubernetes/apps/storage/zfs-media1/volume/kustomization.yaml b/kubernetes/apps/storage/zfs-media1/volume/kustomization.yaml deleted file mode 100644 index 7a275d3c4..000000000 --- a/kubernetes/apps/storage/zfs-media1/volume/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./pvc.yaml diff --git a/kubernetes/apps/storage/zfs-media1/volume/pvc.yaml b/kubernetes/apps/storage/zfs-media1/volume/pvc.yaml deleted file mode 100644 index b168c71d3..000000000 --- a/kubernetes/apps/storage/zfs-media1/volume/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: zfs-media1 -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 50Ti - storageClassName: "" - volumeMode: Filesystem - volumeName: storage-zfs-media1