From d7281ecee85d8401387dafcc3c968e713d0af10b Mon Sep 17 00:00:00 2001 From: gwg313 Date: Sun, 17 May 2026 22:24:56 -0400 Subject: [PATCH] nfs-subdir Signed-off-by: gwg313 --- management/platform-apps/kustomization.yaml | 1 + management/platform-apps/nfs-subdir.yaml | 23 ++++++++++++++++ platform/nfs-subdir/Chart.yaml | 11 ++++++++ .../templates/extra-storage-classes.yaml | 26 ++++++++++++++++++ platform/nfs-subdir/values.yaml | 27 +++++++++++++++++++ 5 files changed, 88 insertions(+) create mode 100644 management/platform-apps/nfs-subdir.yaml create mode 100644 platform/nfs-subdir/Chart.yaml create mode 100644 platform/nfs-subdir/templates/extra-storage-classes.yaml create mode 100644 platform/nfs-subdir/values.yaml diff --git a/management/platform-apps/kustomization.yaml b/management/platform-apps/kustomization.yaml index 2701b2d..af31fc0 100644 --- a/management/platform-apps/kustomization.yaml +++ b/management/platform-apps/kustomization.yaml @@ -8,5 +8,6 @@ resources: - tetragon-policies.yaml - sealed-secrets.yaml - cert-manager.yaml + - nfs-subdir.yaml - forgejo.yaml - navidrome.yaml diff --git a/management/platform-apps/nfs-subdir.yaml b/management/platform-apps/nfs-subdir.yaml new file mode 100644 index 0000000..7f47a68 --- /dev/null +++ b/management/platform-apps/nfs-subdir.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nfs-provisioner + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + path: platform/nfs-subdir + repoURL: 'https://github.com/gwg313/homelab-gitops.git' + targetRevision: main + destination: + server: 'https://kubernetes.default.svc' + namespace: nfs-subdir-external-provisioner + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/platform/nfs-subdir/Chart.yaml b/platform/nfs-subdir/Chart.yaml new file mode 100644 index 0000000..3a9ecdb --- /dev/null +++ b/platform/nfs-subdir/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: nfs-subdir +description: NFS Subdir External Provisioner +type: application +version: 1.0.0 +appVersion: 1.0.0 + +dependencies: + - name: nfs-subdir-external-provisioner + version: 4.0.18 + repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ diff --git a/platform/nfs-subdir/templates/extra-storage-classes.yaml b/platform/nfs-subdir/templates/extra-storage-classes.yaml new file mode 100644 index 0000000..ef0b8c3 --- /dev/null +++ b/platform/nfs-subdir/templates/extra-storage-classes.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: nfs-ephemeral + annotations: + argocd.argoproj.io/sync-wave: "1" +provisioner: cluster.local/nfs-subdir-external-provisioner +parameters: + archiveOnDelete: "false" + pathPattern: "ephemeral/${.PVC.namespace}/${.PVC.name}" +reclaimPolicy: Delete +volumeBindingMode: Immediate +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: nfs-retain + annotations: + argocd.argoproj.io/sync-wave: "1" +provisioner: cluster.local/nfs-subdir-external-provisioner +parameters: + archiveOnDelete: "false" + pathPattern: "retained/${.PVC.namespace}/${.PVC.name}" +reclaimPolicy: Retain +volumeBindingMode: Immediate diff --git a/platform/nfs-subdir/values.yaml b/platform/nfs-subdir/values.yaml new file mode 100644 index 0000000..39bb310 --- /dev/null +++ b/platform/nfs-subdir/values.yaml @@ -0,0 +1,27 @@ +nfs-subdir-external-provisioner: + nfs: + server: truenas.local.gwg313.xyz + path: /mnt/tank/k8s/nfs-subdir + mountOptions: + - hard + - noatime + + storageClass: + create: true + name: nfs-client + defaultClass: true + accessModes: ReadWriteMany + reclaimPolicy: Delete + archiveOnDelete: "true" + pathPattern: "${.PVC.namespace}/${.PVC.name}" + + podSecurityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL