diff --git a/system/volsync/1.0.8/.helmignore b/system/volsync/1.0.8/.helmignore
new file mode 100644
index 00000000000..feb7464da6f
--- /dev/null
+++ b/system/volsync/1.0.8/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# docs folder
+/docs
+# icon
+icon.png
+icon.webp
+icon-small.webp
diff --git a/system/volsync/1.0.8/CHANGELOG.md b/system/volsync/1.0.8/CHANGELOG.md
new file mode 100644
index 00000000000..941abb8a218
--- /dev/null
+++ b/system/volsync/1.0.8/CHANGELOG.md
@@ -0,0 +1,3 @@
+*for the complete changelog, please refer to the website*
+
+**Important:**
\ No newline at end of file
diff --git a/system/volsync/1.0.8/Chart.yaml b/system/volsync/1.0.8/Chart.yaml
new file mode 100644
index 00000000000..7d0d5bf74bb
--- /dev/null
+++ b/system/volsync/1.0.8/Chart.yaml
@@ -0,0 +1,40 @@
+annotations:
+ max_scale_version: 24.04.1
+ min_scale_version: 24.04.0
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/category: network
+ truecharts.org/max_helm_version: "3.14"
+ truecharts.org/min_helm_version: "3.11"
+ truecharts.org/train: incubator
+apiVersion: v2
+appVersion: 0.9.1
+dependencies:
+ - name: common
+ version: 23.0.0
+ repository: oci://tccr.io/truecharts
+ condition: ""
+ alias: ""
+ tags: []
+ import-values: []
+deprecated: false
+description: volsync is a storage backup and synchronisation tool.
+home: https://truecharts.org/charts/incubator/volsync
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/volsync.webp
+keywords:
+ - volsync
+ - ingress
+kubeVersion: ">=1.24.0-0"
+maintainers:
+ - name: TrueCharts
+ email: info@truecharts.org
+ url: https://truecharts.org
+name: volsync
+sources:
+ - https://github.com/volsync/volsync
+ - https://github.com/volsync/volsync-helm-chart
+ - https://volsync.readthedocs.io/
+ - https://github.com/truecharts/charts/tree/master/charts/incubator/volsync
+ - https://quay.io/brancz/kube-rbac-proxy
+ - https://quay.io/backube/volsync
+type: application
+version: 1.0.8
diff --git a/system/volsync/1.0.8/README.md b/system/volsync/1.0.8/README.md
new file mode 100644
index 00000000000..e0de25845e4
--- /dev/null
+++ b/system/volsync/1.0.8/README.md
@@ -0,0 +1,56 @@
+---
+title: README
+---
+
+## General Info
+
+TrueCharts can be installed as both _normal_ Helm Charts or as TrueNAS SCALE Apps.
+Both solutions are fully supported, but we heavily advice the use of normal Helm Charts where possible
+
+For more information about this Chart, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/volsync)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+## Installation
+
+### Helm-Chart installation
+
+To install TrueCharts Helm charts using Helm, you can use our OCI Repository.
+
+`helm install mychart oci://tccr.io/truecharts/CHARTNAME`
+
+For more information on how to install TrueCharts Helm charts, checkout the instructions on the website: https://truecharts.org/helm/
+
+
+### TrueNAS SCALE Apps
+
+For more information on how to use TrueCharts as TrueNAS SCALE Apps, please checkout the [quick-start guides for TrueNAS SCALE](https://truecharts.org/scale/guides/scale-intro).
+
+## Configuration Options
+
+To view the chart specific options, please view Values.yaml included in the chart.
+
+All our Charts use a shared "common" library chart that contains most of the templating and options.
+For the complete overview of all available options, please checkout the documentation for them on the website: https://truecharts.org/common/
+
+## Chart Specific Guides and information
+
+All our charts have dedicated documentation pages.
+The documentation for this chart can be found here:
+https://truecharts.org/charts/incubator/volsync
+
+## Support
+
+
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/general/sponsor) or contributing back to the project any way you can!
+
+_All Rights Reserved - The TrueCharts Project_
diff --git a/system/volsync/1.0.8/app-changelog.md b/system/volsync/1.0.8/app-changelog.md
new file mode 100644
index 00000000000..5555b32b674
--- /dev/null
+++ b/system/volsync/1.0.8/app-changelog.md
@@ -0,0 +1,9 @@
+
+
+## [volsync-1.0.8]volsync-1.0.8 (2024-05-19)
+
+### Chore
+
+
+
+- move to system train ([#22245](https://github.com/truecharts/charts/issues/22245))
\ No newline at end of file
diff --git a/system/volsync/1.0.8/app-readme.md b/system/volsync/1.0.8/app-readme.md
new file mode 100644
index 00000000000..6d1e0661a2c
--- /dev/null
+++ b/system/volsync/1.0.8/app-readme.md
@@ -0,0 +1,8 @@
+volsync is a storage backup and synchronisation tool.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/system/volsync](https://truecharts.org/charts/system/volsync)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/system/volsync/1.0.8/charts/common-23.0.0.tgz b/system/volsync/1.0.8/charts/common-23.0.0.tgz
new file mode 100644
index 00000000000..0622a806d94
Binary files /dev/null and b/system/volsync/1.0.8/charts/common-23.0.0.tgz differ
diff --git a/system/volsync/1.0.8/icon.webp b/system/volsync/1.0.8/icon.webp
new file mode 100644
index 00000000000..bfe282a01a5
Binary files /dev/null and b/system/volsync/1.0.8/icon.webp differ
diff --git a/system/volsync/1.0.8/ix_values.yaml b/system/volsync/1.0.8/ix_values.yaml
new file mode 100644
index 00000000000..439eb97bacf
--- /dev/null
+++ b/system/volsync/1.0.8/ix_values.yaml
@@ -0,0 +1,456 @@
+image:
+ repository: quay.io/backube/volsync
+ pullPolicy: IfNotPresent
+ tag: 0.9.1
+proxyImage:
+ repository: quay.io/brancz/kube-rbac-proxy
+ pullPolicy: IfNotPresent
+ tag: v0.14.4@sha256:40d0d5d0032f9bd689bb6ee7d1960048c295e019b7110d5fadea5aff9599baa5
+
+manageCRDs: true
+manageVSCCRD: true
+
+workload:
+ main:
+ replicas: 1
+ strategy: RollingUpdate
+ podSpec:
+ containers:
+ main:
+ args:
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ - --rclone-container-image={{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
+ - --restic-container-image={{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
+ - --rsync-container-image={{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
+ - --rsync-tls-container-image={{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
+ - --syncthing-container-image={{ printf "%s:%s" .Values.image.repository .Values.image.tag }}
+ - --scc-name=volsync-privileged-mover
+ command:
+ - /manager
+ probes:
+ liveness:
+ path: "/healthz"
+ readiness:
+ path: "/readyz"
+ startup:
+ path: "/readyz"
+ kube-rbac-proxy:
+ enabled: true
+ imageSelector: proxyImage
+ args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - "--tls-min-version=VersionTLS12"
+ - --v=0
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ probes:
+ liveness:
+ type: tcp
+ port: 8443
+ readiness:
+ type: tcp
+ port: 8443
+ startup:
+ type: tcp
+ port: 8443
+
+# -- Options for all pods
+# Can be overruled per pod
+podOptions:
+ automountServiceAccountToken: true
+
+metrics:
+ main:
+ enabled: true
+ type: servicemonitor
+ endpoints:
+ - port: metrics
+ path: /metrics
+ targetSelector: metrics
+
+# -- Options for the main traefik service, where the entrypoints traffic comes from
+# from.
+service:
+ main:
+ ports:
+ main:
+ port: 8081
+ targetPort: 8081
+ protocol: http
+ metrics:
+ enabled: true
+ type: ClusterIP
+ ports:
+ metrics:
+ enabled: true
+ port: 8443
+ targetPort: 8443
+ protocol: https
+
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+ main:
+ enabled: true
+ primary: true
+
+portal:
+ open:
+ enabled: false
+
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+ main:
+ enabled: true
+ primary: true
+ clusterWide: false
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+
+ cluster:
+ enabled: true
+ primary: false
+ clusterWide: true
+ allServiceAccounts: true
+ rules:
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims/finalizers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ verbs:
+ - get
+ - list
+ - patch
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - pods/log
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - events.k8s.io
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+ - apiGroups:
+ - populator.storage.k8s.io
+ resources:
+ - volumepopulators
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - rolebindings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - roles
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - volsync-privileged-mover
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - use
+ - apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationdestinations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationdestinations/finalizers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationdestinations/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationsources
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationsources/finalizers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - volsync.backube
+ resources:
+ - replicationsources/status
+ verbs:
+ - get
+ - patch
+ - update
diff --git a/system/volsync/1.0.8/questions.yaml b/system/volsync/1.0.8/questions.yaml
new file mode 100755
index 00000000000..6a2f07c8860
--- /dev/null
+++ b/system/volsync/1.0.8/questions.yaml
@@ -0,0 +1,1853 @@
+groups:
+ - name: Image
+ description: |
+ Configured the images to be used for the Chart.
+ It's wise to use "digest pinned" tags and to avoid using "latest".
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/#images
+
+
+ - name: General
+ description: |
+ For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/global/
+ - https://truecharts.org/common/#tz
+ - https://truecharts.org/common/podoptions/
+ - Image Pull Secrets
+
+
+ - name: Workload
+ description: |
+ These settings configure how the actual Pods and containers are running.
+ Generally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/workload/
+ - https://truecharts.org/common/container/
+
+
+ - name: App Configuration
+ description: |
+ Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.
+ Most options should have a Tooltip (Circled Question Mark) to further describe said option.
+
+ To find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/
+
+ - name: Services
+ description: |
+ Service and Networking options for any applications are contained here.
+ Some applications may have complicated networking setups with multiple options or some may have no options here at all.
+
+ Options here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/service/
+
+ - name: Networking
+ description: |
+ Contains advanced networking options that are not actively supported by the TrueCharts team.
+ Currently only contains scaleExternalInterfaces.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/scaleexternalinterface/
+
+ - name: Persistence
+ description: |
+ Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.
+ This storage is called Persistence since it is not deleted upon restart or upgrade of an application.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/persistence/
+ - https://truecharts.org/scale/guides/nfs-share/
+ - https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath
+
+
+ - name: Ingress
+ description: |
+ Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).
+ If you choose to enable this you must have a "Ingress Provider" aka "Reverse Proxy" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)
+ It also requiresa DNS service to actually resolve the DNS name of the FQDN specified.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/ingress/
+
+
+ - name: SecurityContext
+ description: |
+ The security settings for each application and/or permissions that each application may have for the files/directories created.
+ Each application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.
+
+ Unless necessary users are advised to keep this section mostly to defaults.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/securitycontext/
+
+
+ - name: Resources
+ description: |
+ Resources limits that have been defined by each application are in this section.
+ Most will have a specific default that some users may want to change based on their specific hardware or needs.
+
+ This also contains the options to mount GPUs or, more precisely, "request" GPU's to be mounted.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/resources/
+
+ - name: Devices
+ description: |
+ These are special "mountpoints" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.
+ For clearity we've decided to seperate this from persistence on SCALE.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/persistence/device/
+ - https://truecharts.org/scale/guides/pci-passthrough/
+
+ - name: Middlewares
+ description: Traefik Middlewares
+
+ - name: StorageClass
+ description: |
+ StorageClasses define where to storage Storage.
+
+ Checkout the following documentation for more information:
+
+ - name: Metrics
+ description: |
+ Contains options to configure Prometheus metrics for the application.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/metrics/
+
+
+ - name: Addons
+ description: |
+ Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the application’s defaults.
+ Things included here are VPN addons, Codeserver for editing files inside the application’s container, Netshoot for network troubelshooting, etc.
+
+ Generally not required for use but may be necessary or usefull at times for specific applications.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/addons/
+ - https://truecharts.org/scale/guides/vpn-setup/
+
+
+ - name: Experimental
+ description: |
+ Experimental Configuration Options
+ Often these are not fully flushed-out, could randomly break or might not work at-all.
+
+ - name: Postgresql
+ description: |
+ For Postgresql we use "CloudNative-PG" as a backend, which has to be installed first.
+
+ Checkout the following documentation for more information:
+ - https://truecharts.org/common/cnpg/
+ - https://truecharts.org/scale/guides/sql-export/
+ - https://truecharts.org/scale/guides/recover-cnpg/
+
+ - name: Dependencies
+ description: |
+ contains dependency setting for which we, currently, do not have seperate catagories (yet)
+
+
+ - name: Documentation
+ description: |
+ We added this section to make everyone aware that OpenSource isn't always easy.
+ It doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.
+
+ Before installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/
+ We would also advice going over our https://truecharts.org/scale/guides/scale-intro/
+ and many of the other documentation pages...
+
+portals: {}
+questions:
+ - variable: global
+ group: General
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+
+ - variable: workload
+ group: "Workload"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+
+ - variable: TZ
+ label: Timezone
+ group: "General"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+
+ - variable: podOptions
+ group: "General"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+
+ - variable: imagePullSecretList
+ group: "General"
+ label: "Image Pull Secrets"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pullsecretentry
+ label: "Pull Secret"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: true
+ - variable: data
+ label: Data
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: registry
+ label: "Registry"
+ schema:
+ type: string
+ required: true
+ default: "https://index.docker.io/v1/"
+ - variable: username
+ label: "Username"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: "Password"
+ schema:
+ type: string
+ required: true
+ private: true
+ default: ""
+ - variable: email
+ label: "Email"
+ schema:
+ type: string
+ required: true
+ default: ""
+
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: overrideService
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: integrations
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: traefik
+ label: Traefik
+ description: Connect ingress with Traefik
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ default: false
+ show_if: [["enabled", "=", true]]
+ - variable: entrypoints
+ label: Entrypoints
+ schema:
+ type: list
+ default: ["websecure"]
+ show_if: [["enabled", "=", true]]
+ items:
+ - variable: entrypoint
+ label: Entrypoint
+ schema:
+ type: string
+ - variable: middlewares
+ label: Middlewares
+ schema:
+ type: list
+ default: []
+ show_if: [["enabled", "=", true]]
+ items:
+ - variable: middleware
+ label: Middleware
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: namespace
+ label: namespace
+ schema:
+ type: string
+ default: ""
+ - variable: certManager
+ label: certManager
+ description: Connect ingress with certManager
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: true
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+
+ - variable: securityContext
+ group: SecurityContext
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: 'gpu.intel.com/i915'
+ label: Add Intel i915 GPUs
+ schema:
+ type: int
+ default: 0
+ - variable: 'nvidia.com/gpu'
+ label: Add NVIDIA GPUs (Experimental)
+ schema:
+ type: int
+ default: 0
+ - variable: 'amd.com/gpu'
+ label: Add AMD GPUs
+ schema:
+ type: int
+ default: 0
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+
+# - variable: horizontalPodAutoscaler
+# group: Experimental
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Experimental
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: ingress
+ label: "Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: integrations
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: traefik
+ label: Traefik
+ description: Connect ingress with Traefik
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: true
+ - variable: allowCors
+ label: 'Allow Cross Origin Requests (advanced)'
+ schema:
+ type: boolean
+ default: false
+ show_if: [["enabled", "=", true]]
+ - variable: entrypoints
+ label: Entrypoints
+ schema:
+ type: list
+ default: ["websecure"]
+ show_if: [["enabled", "=", true]]
+ items:
+ - variable: entrypoint
+ label: Entrypoint
+ schema:
+ type: string
+ - variable: middlewares
+ label: Middlewares
+ schema:
+ type: list
+ default: []
+ show_if: [["enabled", "=", true]]
+ items:
+ - variable: middleware
+ label: Middleware
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: namespace
+ label: 'namespace (optional)'
+ schema:
+ type: string
+ default: ""
+ - variable: certManager
+ label: certManager
+ description: Connect ingress with certManager
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+
diff --git a/system/volsync/1.0.8/templates/NOTES.txt b/system/volsync/1.0.8/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/system/volsync/1.0.8/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/system/volsync/1.0.8/templates/common.yaml b/system/volsync/1.0.8/templates/common.yaml
new file mode 100644
index 00000000000..63bd6ffa80e
--- /dev/null
+++ b/system/volsync/1.0.8/templates/common.yaml
@@ -0,0 +1,9 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{- if or .Values.credentials .Values.credentialsList }}
+{{- fail "Don't try to add credenatials to VolSync, add them to the individual charts using VolSync" }}
+{{- end }}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}
diff --git a/system/volsync/1.0.8/templates/volsync.backube_replicationdestinations.yaml b/system/volsync/1.0.8/templates/volsync.backube_replicationdestinations.yaml
new file mode 100644
index 00000000000..3f433add6c7
--- /dev/null
+++ b/system/volsync/1.0.8/templates/volsync.backube_replicationdestinations.yaml
@@ -0,0 +1,881 @@
+{{- if .Values.manageCRDs }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.13.0
+ helm.sh/resource-policy: keep
+ name: replicationdestinations.volsync.backube
+spec:
+ group: volsync.backube
+ names:
+ kind: ReplicationDestination
+ listKind: ReplicationDestinationList
+ plural: replicationdestinations
+ singular: replicationdestination
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - format: date-time
+ jsonPath: .status.lastSyncTime
+ name: Last sync
+ type: string
+ - jsonPath: .status.lastSyncDuration
+ name: Duration
+ type: string
+ - format: date-time
+ jsonPath: .status.nextSyncTime
+ name: Next sync
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ReplicationDestination defines the destination for a replicated volume
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the desired state of the ReplicationDestination, including the replication method to use and its configuration.
+ properties:
+ external:
+ description: external defines the configuration when using an external replication provider.
+ properties:
+ parameters:
+ additionalProperties:
+ type: string
+ description: parameters are provider-specific key/value configuration parameters. For more information, please see the documentation of the specific replication provider being used.
+ type: object
+ provider:
+ description: 'provider is the name of the external replication provider. The name should be of the form: domain.com/provider.'
+ type: string
+ type: object
+ paused:
+ description: paused can be used to temporarily stop replication. Defaults to "false".
+ type: boolean
+ rclone:
+ description: rclone defines the configuration when using Rclone-based replication.
+ properties:
+ accessModes:
+ description: accessModes specifies the access modes for the destination volume.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity is the size of the destination volume to create.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the destination volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ customCA:
+ description: customCA is a custom CA that will be used to verify the remote
+ properties:
+ configMapName:
+ description: The name of a ConfigMap that contains the custom CA certificate If ConfigMapName is used then SecretName should not be set
+ type: string
+ key:
+ description: The key within the Secret or ConfigMap containing the CA certificate
+ type: string
+ secretName:
+ description: The name of a Secret that contains the custom CA certificate If SecretName is used then ConfigMapName should not be set
+ type: string
+ type: object
+ destinationPVC:
+ description: destinationPVC is a PVC to use as the transfer destination instead of automatically provisioning one. Either this field or both capacity and accessModes must be specified.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ rcloneConfig:
+ description: RcloneConfig is the rclone secret name
+ type: string
+ rcloneConfigSection:
+ description: RcloneConfigSection is the section in rclone_config file to use for the current job.
+ type: string
+ rcloneDestPath:
+ description: RcloneDestPath is the remote path to sync to.
+ type: string
+ storageClassName:
+ description: storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ restic:
+ description: restic defines the configuration when using Restic-based replication.
+ properties:
+ accessModes:
+ description: accessModes specifies the access modes for the destination volume.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ cacheAccessModes:
+ description: accessModes can be used to set the accessModes of restic metadata cache volume
+ items:
+ type: string
+ type: array
+ cacheCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: cacheCapacity can be used to set the size of the restic metadata cache volume
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ cacheStorageClassName:
+ description: cacheStorageClassName can be used to set the StorageClass of the restic metadata cache volume
+ type: string
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity is the size of the destination volume to create.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the destination volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ customCA:
+ description: customCA is a custom CA that will be used to verify the remote
+ properties:
+ configMapName:
+ description: The name of a ConfigMap that contains the custom CA certificate If ConfigMapName is used then SecretName should not be set
+ type: string
+ key:
+ description: The key within the Secret or ConfigMap containing the CA certificate
+ type: string
+ secretName:
+ description: The name of a Secret that contains the custom CA certificate If SecretName is used then ConfigMapName should not be set
+ type: string
+ type: object
+ destinationPVC:
+ description: destinationPVC is a PVC to use as the transfer destination instead of automatically provisioning one. Either this field or both capacity and accessModes must be specified.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ previous:
+ description: Previous specifies the number of image to skip before selecting one to restore from
+ format: int32
+ type: integer
+ repository:
+ description: Repository is the secret name containing repository info
+ type: string
+ restoreAsOf:
+ description: RestoreAsOf refers to the backup that is most recent as of that time.
+ format: date-time
+ type: string
+ storageClassName:
+ description: storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ rsync:
+ description: rsync defines the configuration when using Rsync-based replication.
+ properties:
+ accessModes:
+ description: accessModes specifies the access modes for the destination volume.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ address:
+ description: address is the remote address to connect to for replication.
+ type: string
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity is the size of the destination volume to create.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the destination volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ destinationPVC:
+ description: destinationPVC is a PVC to use as the transfer destination instead of automatically provisioning one. Either this field or both capacity and accessModes must be specified.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as the ReplicationDestination.
+ type: string
+ path:
+ description: path is the remote path to rsync from. Defaults to "/"
+ type: string
+ port:
+ description: port is the SSH port to connect to for replication. Defaults to 22.
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
+ serviceAnnotations:
+ additionalProperties:
+ type: string
+ description: serviceAnnotations defines annotations that will be added to the service created for incoming SSH connections. If set, these annotations will be used instead of any VolSync default values.
+ type: object
+ serviceType:
+ description: serviceType determines the Service type that will be created for incoming SSH connections.
+ type: string
+ sshKeys:
+ description: sshKeys is the name of a Secret that contains the SSH keys to be used for authentication. If not provided, the keys will be generated.
+ type: string
+ sshUser:
+ description: sshUser is the username for outgoing SSH connections. Defaults to "root".
+ type: string
+ storageClassName:
+ description: storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ rsyncTLS:
+ description: rsyncTLS defines the configuration when using Rsync-based replication over TLS.
+ properties:
+ accessModes:
+ description: accessModes specifies the access modes for the destination volume.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity is the size of the destination volume to create.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the destination volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ destinationPVC:
+ description: destinationPVC is a PVC to use as the transfer destination instead of automatically provisioning one. Either this field or both capacity and accessModes must be specified.
+ type: string
+ keySecret:
+ description: keySecret is the name of a Secret that contains the TLS pre-shared key to be used for authentication. If not provided, the key will be generated.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ serviceAnnotations:
+ additionalProperties:
+ type: string
+ description: serviceAnnotations defines annotations that will be added to the service created for incoming SSH connections. If set, these annotations will be used instead of any VolSync default values.
+ type: object
+ serviceType:
+ description: serviceType determines the Service type that will be created for incoming TLS connections.
+ type: string
+ storageClassName:
+ description: storageClassName can be used to specify the StorageClass of the destination volume. If not set, the default StorageClass will be used.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ trigger:
+ description: trigger determines if/when the destination should attempt to synchronize data with the source.
+ properties:
+ manual:
+ description: manual is a string value that schedules a manual trigger. Once a sync completes then status.lastManualSync is set to the same string value. A consumer of a manual trigger should set spec.trigger.manual to a known value and then wait for lastManualSync to be updated by the operator to the same value, which means that the manual trigger will then pause and wait for further updates to the trigger.
+ type: string
+ schedule:
+ description: schedule is a cronspec (https://en.wikipedia.org/wiki/Cron#Overview) that can be used to schedule replication to occur at regular, time-based intervals. nolint:lll
+ pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|((((\d+,)*\d+|(\d+(\/|-)\d+)|\*(\/\d+)?)\s?){5})$
+ type: string
+ type: object
+ type: object
+ status:
+ description: status is the observed state of the ReplicationDestination as determined by the controller.
+ properties:
+ conditions:
+ description: conditions represent the latest available observations of the destination's state.
+ items:
+ description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ external:
+ additionalProperties:
+ type: string
+ description: external contains provider-specific status information. For more details, please see the documentation of the specific replication provider being used.
+ type: object
+ lastManualSync:
+ description: lastManualSync is set to the last spec.trigger.manual when the manual sync is done.
+ type: string
+ lastSyncDuration:
+ description: lastSyncDuration is the amount of time required to send the most recent update.
+ type: string
+ lastSyncStartTime:
+ description: lastSyncStartTime is the time the most recent synchronization started.
+ format: date-time
+ type: string
+ lastSyncTime:
+ description: lastSyncTime is the time of the most recent successful synchronization.
+ format: date-time
+ type: string
+ latestImage:
+ description: latestImage in the object holding the most recent consistent replicated image.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ latestMoverStatus:
+ description: Logs/Summary from latest mover job
+ properties:
+ logs:
+ type: string
+ result:
+ type: string
+ type: object
+ nextSyncTime:
+ description: nextSyncTime is the time when the next volume synchronization is scheduled to start (for schedule-based synchronization).
+ format: date-time
+ type: string
+ rsync:
+ description: rsync contains status information for Rsync-based replication.
+ properties:
+ address:
+ description: address is the address to connect to for incoming SSH replication connections.
+ type: string
+ port:
+ description: port is the SSH port to connect to for incoming SSH replication connections.
+ format: int32
+ type: integer
+ sshKeys:
+ description: sshKeys is the name of a Secret that contains the SSH keys to be used for authentication. If not provided in .spec.rsync.sshKeys, SSH keys will be generated and the appropriate keys for the remote side will be placed here.
+ type: string
+ type: object
+ rsyncTLS:
+ description: rsyncTLS contains status information for Rsync-based replication over TLS.
+ properties:
+ address:
+ description: address is the address to connect to for incoming TLS connections.
+ type: string
+ keySecret:
+ description: keySecret is the name of a Secret that contains the TLS pre-shared key to be used for authentication. If not provided in .spec.rsyncTLS.keySecret, the key Secret will be generated and named here.
+ type: string
+ port:
+ description: port is the port to connect to for incoming replication connections.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- end }}
diff --git a/system/volsync/1.0.8/templates/volsync.backube_replicationsources.yaml b/system/volsync/1.0.8/templates/volsync.backube_replicationsources.yaml
new file mode 100644
index 00000000000..3cf24890b88
--- /dev/null
+++ b/system/volsync/1.0.8/templates/volsync.backube_replicationsources.yaml
@@ -0,0 +1,1098 @@
+{{- if .Values.manageCRDs }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.13.0
+ helm.sh/resource-policy: keep
+ name: replicationsources.volsync.backube
+spec:
+ group: volsync.backube
+ names:
+ kind: ReplicationSource
+ listKind: ReplicationSourceList
+ plural: replicationsources
+ singular: replicationsource
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.sourcePVC
+ name: Source
+ type: string
+ - format: date-time
+ jsonPath: .status.lastSyncTime
+ name: Last sync
+ type: string
+ - jsonPath: .status.lastSyncDuration
+ name: Duration
+ type: string
+ - format: date-time
+ jsonPath: .status.nextSyncTime
+ name: Next sync
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ReplicationSource defines the source for a replicated volume
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the desired state of the ReplicationSource, including the replication method to use and its configuration.
+ properties:
+ external:
+ description: external defines the configuration when using an external replication provider.
+ properties:
+ parameters:
+ additionalProperties:
+ type: string
+ description: parameters are provider-specific key/value configuration parameters. For more information, please see the documentation of the specific replication provider being used.
+ type: object
+ provider:
+ description: 'provider is the name of the external replication provider. The name should be of the form: domain.com/provider.'
+ type: string
+ type: object
+ paused:
+ description: paused can be used to temporarily stop replication. Defaults to "false".
+ type: boolean
+ rclone:
+ description: rclone defines the configuration when using Rclone-based replication.
+ properties:
+ accessModes:
+ description: accessModes can be used to override the accessModes of the PiT image.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity can be used to override the capacity of the PiT image.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the source volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ customCA:
+ description: customCA is a custom CA that will be used to verify the remote
+ properties:
+ configMapName:
+ description: The name of a ConfigMap that contains the custom CA certificate If ConfigMapName is used then SecretName should not be set
+ type: string
+ key:
+ description: The key within the Secret or ConfigMap containing the CA certificate
+ type: string
+ secretName:
+ description: The name of a Secret that contains the custom CA certificate If SecretName is used then ConfigMapName should not be set
+ type: string
+ type: object
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ rcloneConfig:
+ description: RcloneConfig is the rclone secret name
+ type: string
+ rcloneConfigSection:
+ description: RcloneConfigSection is the section in rclone_config file to use for the current job.
+ type: string
+ rcloneDestPath:
+ description: RcloneDestPath is the remote path to sync to.
+ type: string
+ storageClassName:
+ description: storageClassName can be used to override the StorageClass of the PiT image.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ restic:
+ description: restic defines the configuration when using Restic-based replication.
+ properties:
+ accessModes:
+ description: accessModes can be used to override the accessModes of the PiT image.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ cacheAccessModes:
+ description: CacheAccessModes can be used to set the accessModes of restic metadata cache volume
+ items:
+ type: string
+ type: array
+ cacheCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: cacheCapacity can be used to set the size of the restic metadata cache volume
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ cacheStorageClassName:
+ description: cacheStorageClassName can be used to set the StorageClass of the restic metadata cache volume
+ type: string
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity can be used to override the capacity of the PiT image.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the source volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ customCA:
+ description: customCA is a custom CA that will be used to verify the remote
+ properties:
+ configMapName:
+ description: The name of a ConfigMap that contains the custom CA certificate If ConfigMapName is used then SecretName should not be set
+ type: string
+ key:
+ description: The key within the Secret or ConfigMap containing the CA certificate
+ type: string
+ secretName:
+ description: The name of a Secret that contains the custom CA certificate If SecretName is used then ConfigMapName should not be set
+ type: string
+ type: object
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ pruneIntervalDays:
+ description: PruneIntervalDays define how often to prune the repository
+ format: int32
+ type: integer
+ repository:
+ description: Repository is the secret name containing repository info
+ type: string
+ retain:
+ description: ResticRetainPolicy define the retain policy
+ properties:
+ daily:
+ description: Daily defines the number of snapshots to be kept daily
+ format: int32
+ type: integer
+ hourly:
+ description: Hourly defines the number of snapshots to be kept hourly
+ format: int32
+ type: integer
+ last:
+ description: Last defines the number of snapshots to be kept
+ type: string
+ monthly:
+ description: Monthly defines the number of snapshots to be kept monthly
+ format: int32
+ type: integer
+ weekly:
+ description: Weekly defines the number of snapshots to be kept weekly
+ format: int32
+ type: integer
+ within:
+ description: Within defines the number of snapshots to be kept Within the given time period
+ type: string
+ yearly:
+ description: Yearly defines the number of snapshots to be kept yearly
+ format: int32
+ type: integer
+ type: object
+ storageClassName:
+ description: storageClassName can be used to override the StorageClass of the PiT image.
+ type: string
+ unlock:
+ description: unlock is a string value that schedules an unlock on the restic repository during the next sync operation. Once a sync completes then status.restic.lastUnlocked is set to the same string value. To unlock a repository, set spec.restic.unlock to a known value and then wait for lastUnlocked to be updated by the operator to the same value, which means that the sync unlocked the repository by running a restic unlock command and then ran a backup. Unlock will not be run again unless spec.restic.unlock is set to a different value.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ rsync:
+ description: rsync defines the configuration when using Rsync-based replication.
+ properties:
+ accessModes:
+ description: accessModes can be used to override the accessModes of the PiT image.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ address:
+ description: address is the remote address to connect to for replication.
+ type: string
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity can be used to override the capacity of the PiT image.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the source volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as the ReplicationSource.
+ type: string
+ path:
+ description: path is the remote path to rsync to. Defaults to "/"
+ type: string
+ port:
+ description: port is the SSH port to connect to for replication. Defaults to 22.
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
+ serviceType:
+ description: serviceType determines the Service type that will be created for incoming SSH connections.
+ type: string
+ sshKeys:
+ description: sshKeys is the name of a Secret that contains the SSH keys to be used for authentication. If not provided, the keys will be generated.
+ type: string
+ sshUser:
+ description: sshUser is the username for outgoing SSH connections. Defaults to "root".
+ type: string
+ storageClassName:
+ description: storageClassName can be used to override the StorageClass of the PiT image.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ rsyncTLS:
+ description: rsyncTLS defines the configuration when using Rsync-based replication over TLS.
+ properties:
+ accessModes:
+ description: accessModes can be used to override the accessModes of the PiT image.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ address:
+ description: address is the remote address to connect to for replication.
+ type: string
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: capacity can be used to override the capacity of the PiT image.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ copyMethod:
+ description: copyMethod describes how a point-in-time (PiT) image of the source volume should be created.
+ enum:
+ - Direct
+ - None
+ - Clone
+ - Snapshot
+ type: string
+ keySecret:
+ description: keySecret is the name of a Secret that contains the TLS pre-shared key to be used for authentication. If not provided, the key will be generated.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ port:
+ description: port is the port to connect to for replication. Defaults to 8000.
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
+ storageClassName:
+ description: storageClassName can be used to override the StorageClass of the PiT image.
+ type: string
+ volumeSnapshotClassName:
+ description: volumeSnapshotClassName can be used to specify the VSC to be used if copyMethod is Snapshot. If not set, the default VSC is used.
+ type: string
+ type: object
+ sourcePVC:
+ description: sourcePVC is the name of the PersistentVolumeClaim (PVC) to replicate.
+ type: string
+ syncthing:
+ description: syncthing defines the configuration when using Syncthing-based replication.
+ properties:
+ configAccessModes:
+ description: Used to set the accessModes of Syncthing config volume.
+ items:
+ type: string
+ type: array
+ configCapacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Used to set the size of the Syncthing config volume.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ configStorageClassName:
+ description: Used to set the StorageClass of the Syncthing config volume.
+ type: string
+ moverPodLabels:
+ additionalProperties:
+ type: string
+ description: Labels that should be added to data mover pods These will be in addition to any labels that VolSync may add
+ type: object
+ moverResources:
+ description: 'Resources represents compute resources required by the data mover container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ This should only be used by advanced users as this can result in a mover pod being unschedulable or crashing due to limited resources.'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ moverSecurityContext:
+ description: MoverSecurityContext allows specifying the PodSecurityContext that will be used by the data mover
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ moverServiceAccount:
+ description: MoverServiceAccount allows specifying the name of the service account that will be used by the data mover. This should only be used by advanced users who want to override the service account normally used by the mover. The service account needs to exist in the same namespace as this CR.
+ type: string
+ peers:
+ description: List of Syncthing peers to be connected for syncing
+ items:
+ description: SyncthingPeer Defines the necessary information needed by VolSync to configure a given peer with the running Syncthing instance.
+ properties:
+ ID:
+ description: The peer's Syncthing ID.
+ type: string
+ address:
+ description: The peer's address that our Syncthing node will connect to.
+ type: string
+ introducer:
+ description: A flag that determines whether this peer should introduce us to other peers sharing this volume. It is HIGHLY recommended that two Syncthing peers do NOT set each other as introducers as you will have a difficult time disconnecting the two.
+ type: boolean
+ required:
+ - ID
+ - address
+ - introducer
+ type: object
+ type: array
+ serviceType:
+ description: Type of service to be used when exposing the Syncthing peer
+ type: string
+ type: object
+ trigger:
+ description: trigger determines when the latest state of the volume will be captured (and potentially replicated to the destination).
+ properties:
+ manual:
+ description: manual is a string value that schedules a manual trigger. Once a sync completes then status.lastManualSync is set to the same string value. A consumer of a manual trigger should set spec.trigger.manual to a known value and then wait for lastManualSync to be updated by the operator to the same value, which means that the manual trigger will then pause and wait for further updates to the trigger.
+ type: string
+ schedule:
+ description: schedule is a cronspec (https://en.wikipedia.org/wiki/Cron#Overview) that can be used to schedule replication to occur at regular, time-based intervals. nolint:lll
+ pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|((((\d+,)*\d+|(\d+(\/|-)\d+)|\*(\/\d+)?)\s?){5})$
+ type: string
+ type: object
+ type: object
+ status:
+ description: status is the observed state of the ReplicationSource as determined by the controller.
+ properties:
+ conditions:
+ description: conditions represent the latest available observations of the source's state.
+ items:
+ description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ external:
+ additionalProperties:
+ type: string
+ description: external contains provider-specific status information. For more details, please see the documentation of the specific replication provider being used.
+ type: object
+ lastManualSync:
+ description: lastManualSync is set to the last spec.trigger.manual when the manual sync is done.
+ type: string
+ lastSyncDuration:
+ description: lastSyncDuration is the amount of time required to send the most recent update.
+ type: string
+ lastSyncStartTime:
+ description: lastSyncStartTime is the time the most recent synchronization started.
+ format: date-time
+ type: string
+ lastSyncTime:
+ description: lastSyncTime is the time of the most recent successful synchronization.
+ format: date-time
+ type: string
+ latestMoverStatus:
+ description: Logs/Summary from latest mover job
+ properties:
+ logs:
+ type: string
+ result:
+ type: string
+ type: object
+ nextSyncTime:
+ description: nextSyncTime is the time when the next volume synchronization is scheduled to start (for schedule-based synchronization).
+ format: date-time
+ type: string
+ restic:
+ description: restic contains status information for Restic-based replication.
+ properties:
+ lastPruned:
+ description: lastPruned in the object holding the time of last pruned
+ format: date-time
+ type: string
+ lastUnlocked:
+ description: lastUnlocked is set to the last spec.restic.unlock when a sync is done that unlocks the restic repository.
+ type: string
+ type: object
+ rsync:
+ description: rsync contains status information for Rsync-based replication.
+ properties:
+ address:
+ description: address is the address to connect to for incoming SSH replication connections.
+ type: string
+ port:
+ description: port is the SSH port to connect to for incoming SSH replication connections.
+ format: int32
+ type: integer
+ sshKeys:
+ description: sshKeys is the name of a Secret that contains the SSH keys to be used for authentication. If not provided in .spec.rsync.sshKeys, SSH keys will be generated and the appropriate keys for the remote side will be placed here.
+ type: string
+ type: object
+ rsyncTLS:
+ description: rsyncTLS contains status information for Rsync-based replication over TLS.
+ properties:
+ keySecret:
+ description: keySecret is the name of a Secret that contains the TLS pre-shared key to be used for authentication. If not provided in .spec.rsyncTLS.keySecret, the key Secret will be generated and named here.
+ type: string
+ type: object
+ syncthing:
+ description: contains status information when Syncthing-based replication is used.
+ properties:
+ ID:
+ description: Device ID of the current syncthing device
+ type: string
+ address:
+ description: Service address where Syncthing is exposed to the rest of the world
+ type: string
+ peers:
+ description: List of the Syncthing nodes we are currently connected to.
+ items:
+ description: SyncthingPeerStatus Is a struct that contains information pertaining to the status of a given Syncthing peer.
+ properties:
+ ID:
+ description: ID Is the peer's Syncthing ID.
+ type: string
+ address:
+ description: The address of the Syncthing peer.
+ type: string
+ connected:
+ description: Flag indicating whether peer is currently connected.
+ type: boolean
+ introducedBy:
+ description: The ID of the Syncthing peer that this one was introduced by.
+ type: string
+ name:
+ description: A friendly name to associate the given device.
+ type: string
+ required:
+ - ID
+ - address
+ - connected
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- end }}
diff --git a/system/volsync/1.0.8/values.yaml b/system/volsync/1.0.8/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/system/volsync/item.yaml b/system/volsync/item.yaml
new file mode 100644
index 00000000000..2729919c8ff
--- /dev/null
+++ b/system/volsync/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/volsync.webp
+categories:
+ - network
+screenshots: []