feat(z2m): CephFS, Litestream, ks components

2026-03-21 14:39:46 +00:00 · 2025-01-23 03:32:55 +08:00
parent bbca818128
commit 26fd95dfce
5 changed files with 79 additions and 28 deletions
--- a/kube/deploy/apps/zigbee2mqtt/app/hr.yaml
+++ b/kube/deploy/apps/zigbee2mqtt/app/hr.yaml
@@ -65,11 +65,11 @@ spec:
              capabilities:
                drop: ["ALL"]
                add: ["NET_BIND_SERVICE"]
-            resources:
-              requests:
-                cpu: "10m"
-              limits:
-                memory: "256Mi"
+            # resources:
+            #   requests:
+            #     cpu: "10m"
+            #   limits:
+            #     memory: "256Mi"
            probes:
              liveness:
                enabled: true
@@ -81,6 +81,34 @@ spec:
                  failureThreshold: 300
                  periodSeconds: 1
                  initialDelaySeconds: 10
+          litestream: &ls
+            image:
+              repository: "docker.io/litestream/litestream"
+              tag: "0.3.13@sha256:027eda2a89a86015b9797d2129d4dd447e8953097b4190e1d5a30b73e76d8d58"
+            args: ["replicate"]
+            envFrom:
+              - secretRef:
+                  name: litestream-secrets
+            env: &lsenv
+              DB_PATH: "/config/database.db"
+              REMOTE_PATH: "zigbee2mqtt/database"
+              VALIDATION_INTERVAL: "24h"
+              AGE_PUBKEY:
+                valueFrom:
+                  secretKeyRef:
+                    name: "litestream-agekey"
+                    key: "AGE_PUBKEY"
+              AGE_SECRET:
+                valueFrom:
+                  secretKeyRef:
+                    name: "litestream-agekey"
+                    key: "AGE_SECRET"
+            securityContext: *sc
+        initContainers:
+          01-litestream-restore:
+            <<: *ls
+            args: ["restore", "-if-db-not-exists", "-if-replica-exists", "/config/database.db"]
+            env: *lsenv
    service:
      zigbee2mqtt:
        controller: zigbee2mqtt
@@ -117,6 +145,16 @@ spec:
        globalMounts:
          - subPath: configlog
            path: /config/log
+      litestream:
+        type: secret
+        name: "litestream-secrets"
+        advancedMounts:
+          home-assistant:
+            litestream: &lsmnt
+              - subPath: "litestream.yml"
+                path: "/etc/litestream.yml"
+                readOnly: true
+            01-litestream-restore: *lsmnt
    defaultPodOptions:
      automountServiceAccountToken: false
      enableServiceLinks: false
@@ -146,3 +184,19 @@ spec:
              - matchExpressions:
                  - key: fuckoff.home.arpa/zigbee2mqtt
                    operator: DoesNotExist
+  postRenderers:
+    - kustomize:
+        patches:
+          - target:
+              kind: Deployment
+              name: zigbee2mqtt
+            patch: |
+              spec:
+                template:
+                  spec:
+                    resources:
+                      requests:
+                        cpu: 30m
+                      limits:
+                        cpu: 1
+                        memory: 256Mi
--- a/kube/deploy/apps/zigbee2mqtt/ks.yaml
+++ b/kube/deploy/apps/zigbee2mqtt/ks.yaml
@@ -9,24 +9,11 @@ metadata:
 spec:
  commonMetadata:
    labels: *l
+  targetNamespace: "zigbee2mqtt"
  path: ./kube/deploy/apps/zigbee2mqtt/app
-  targetNamespace: "zigbee2mqtt"
-  dependsOn:
-    - name: zigbee2mqtt-pvc
---
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: zigbee2mqtt-pvc
-  namespace: flux-system
-  labels: &l
-    app.kubernetes.io/name: "zigbee2mqtt"
-    pvc.home.arpa/volsync: "true"
-spec:
-  commonMetadata:
-    labels: *l
-  path: ./kube/deploy/core/storage/volsync/template
-  targetNamespace: "zigbee2mqtt"
+  components:
+    - ../../../core/db/litestream/template/
+    - ../../../core/storage/volsync/template/
  dependsOn:
    - name: 1-core-storage-volsync-app
    - name: 1-core-storage-snapscheduler-app
@@ -35,10 +22,11 @@ spec:
    substitute:
      PVC: "zigbee2mqtt-data"
      SIZE: "1Gi"
-      SC: &sc "block"
+      SC: &sc "file"
      SNAP: *sc
-      ACCESSMODE: &am "ReadWriteOnce"
-      SNAP_ACCESSMODE: *am
+      ACCESSMODE: "ReadWriteMany"
+      SNAP_ACCESSMODE: "ReadOnlyMany"
      RUID: &uid "1000"
      RGID: *uid
      RFSG: *uid
+      LS_AGE_ES: "zigbee2mqtt"
--- a/kube/deploy/core/db/litestream/template/externalsecret.yaml
+++ b/kube/deploy/core/db/litestream/template/externalsecret.yaml
@@ -49,7 +49,7 @@ spec:
    name: 1p
  dataFrom:
    - extract:
-        key: "Litestream - ${CLUSTER_NAME}"
+        key: "${LS_AGE_ES:=Litestream} - ${CLUSTER_NAME}"
  target:
    creationPolicy: Owner
    deletionPolicy: Retain
--- a/kube/deploy/core/db/litestream/template/kustomization.yaml
+++ b/kube/deploy/core/db/litestream/template/kustomization.yaml
@@ -1,5 +1,6 @@
 ---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
 resources:
  - ./externalsecret.yaml
--- a/kube/deploy/core/storage/volsync/template/kustomization.yaml
+++ b/kube/deploy/core/storage/volsync/template/kustomization.yaml
@@ -9,3 +9,11 @@ resources:
  - rdst.yaml
  - rsrc-r2.yaml
  # - rsrc-rgw.yaml
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
+  - externalsecret-r2.yaml
+  - rdst.yaml
+  - rsrc-r2.yaml