Adds support for setting Tolerations and Affinity + setting PVC class…

…es for all PVCs for the Nextcloud app + update deps (#304)

* update all deps and add new option to set storage classes for each nextcloud pvc instead of always using the global storage class

* use podConfigRef for restores instead of setting podSecurityContext so we can also use tolerations and affinity if needed

* allow for tolerations and affinity during restores, and use podconfig for most restore functionality

* fix podConfigRef

docs/k8s_apps/nextcloud.md

@@ -195,7 +195,17 @@ apps:
       secret_keys:
         # the FQDN that you want to host nextcloud on
         hostname: "cloud.cooldogs.net"
+        # you can delete these if you're not using tolerations/affinity
+        toleration_key: ""
+        toleration_operator: ""
+        toleration_value: ""
+        toleration_effect: ""
+        # these are for node affinity, delete if not in use
+        affinity_key: ""
+        affinity_value: ""
+        hostname: ""
         # the default phone region for users that don't have one set
+        # nextcloud needs this for new users or it throws a warning in the admin panel
         default_phone_region: NL
         # the default domain to send emails to user with
         mail_domain: "domain.com"
@@ -206,11 +216,15 @@ apps:
         # size of files pvc storage
         files_storage: 100Gi
         files_access_mode: ReadWriteOnce
+        # you can also comment this out and we'll use the global storage class
+        files_storage_class: "local-path"
         # enable persistent volume claim for nextcloud config storage
         config_pvc_enabled: 'false'
         # size of config pvc storage
         config_storage: 20Gi
         config_access_mode: ReadWriteOnce
+        # you can also comment this out and we'll use the global storage class
+        config_storage_class: "local-path"
         # choose S3 as the local primary object store from either: seaweedfs, or minio
         # SeaweedFS - deploy SeaweedFS filer/s3 gateway
         # MinIO     - deploy MinIO vanilla helm chart
@@ -219,6 +233,8 @@ apps:
         s3_endpoint: cloud-s3.cooldogs.net
         # how large the backing pvc's capacity should be for minio or seaweedfs
         s3_pvc_capacity: 10Gi
+        # you can also comment this out and we'll use the global storage class
+        s3_pvc_storage_class: local-path
         s3_region: eu-west-1
         # cronjob schedule to turn on nextcloud maintenance mode for backups
         maintenance_mode_on_schedule: 30 23 * * *
@@ -227,6 +243,8 @@ apps:
       # git repo to install the Argo CD app from
       repo: "https://github.com/small-hack/argocd-apps"
       # path in the argo repo to point to. Trailing slash very important!
+      # you can also use nextcloud/app_of_apps_with_tolerations/ if you have a
+      # special nextcloud node you want to apply affinity and tolerations for
       path: "nextcloud/app_of_apps/"
       # either the branch or tag to point at in the argo repo above
       revision: "main"

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name          = "smol_k8s_lab"
-version       = "5.13.3"
+version       = "5.14.0"
 description   = "CLI and TUI to quickly install slimmer Kubernetes distros and then manage apps declaratively using Argo CD"
 authors       = ["Jesse Hitch <[email protected]>",
                  "Max Roby <[email protected]>"]
@@ -30,20 +30,20 @@ include       = ["smol_k8s_lab/config/kind/kind_cluster_config.yaml",
 "Bug Tracker" = "http://github.com/small-hack/smol-k8s-lab/issues"
 
 [tool.poetry.dependencies]
-bcrypt             = "^4.1"
+bcrypt             = "^4.2"
 click              = "^8.1"
 cryptography       = "^43.0"
 kubernetes         = "^30"
 minio              = "^7.2"
 pyfiglet           = "^1.0"
-pyjwt              = "^2.8"
+pyjwt              = "^2.9"
 python             = ">=3.11,<3.13"
 pyyaml             = "^6.0"
 requests           = "^2.32"
 rich               = "^13.0"
 ruamel-yaml        = "^0.18"
 ruamel-yaml-string = "^0.1"
-textual            = "^0.73"
+textual            = "^0.76"
 xdg-base-dirs      = "^6.0"
 pygame             = "^2.5"
 python-ulid        = "^2.6"
@@ -59,9 +59,9 @@ mkdocs-video    = "^1.5"
 optional = true
 
 [tool.poetry.group.dev.dependencies]
-deptry                  = "^0.17.0"
+deptry                  = "^0.19"
 textual-dev             = "^1.1"
-pytest-textual-snapshot = "^0.4"
+pytest-textual-snapshot = "^1.0"
 poethepoet              = "^0.27"
 # for creating app images: https://pypi.org/project/poetry-plugin-appimage/
 # poetry-plugin-appimage  = "^0.0.4"

smol_k8s_lab/config/default_config.yaml

@@ -1259,7 +1259,16 @@ apps:
     argo:
       # secrets keys to make available to Argo CD ApplicationSets
       secret_keys:
+        # you can delete these if you're not using tolerations/affinity
+        toleration_key: ""
+        toleration_operator: ""
+        toleration_value: ""
+        toleration_effect: ""
+        # these are for node affinity, delete if not in use
+        affinity_key: ""
+        affinity_value: ""
         hostname: ""
+        # nextcloud needs this for new users or it throws a warning in the admin panel
         default_phone_region: NL
         # the default domain to send emails to user with
         mail_domain: "domain.com"
@@ -1270,19 +1279,25 @@ apps:
         # size of the pvc for nextcloud files
         files_storage: "20Gi"
         files_access_mode: "ReadWriteOnce"
+        # you can also comment this out and we'll use the global storage class
+        files_storage_class: "local-path"
         # create a pvc for nextcloud config
         config_pvc_enabled: "true"
         # size of the pvc for nextcloud config
         config_storage: "2Gi"
         config_access_mode: "ReadWriteOnce"
+        # you can also comment this out and we'll use the global storage class
+        config_storage_class: "local-path"
         # choose S3 as the local primary object store from either: seaweedfs, or minio
         # SeaweedFS - deploy SeaweedFS filer/s3 gateway
         # MinIO     - deploy MinIO vanilla helm chart
         s3_provider: seaweedfs
         # the endpoint you'd like to use for your minio or SeaweedFS instance
         s3_endpoint: ""
         # how large the backing pvc's capacity should be for minio or seaweedfs
-        s3_pvc_capacity: 100Gi
+        s3_pvc_capacity: 10Gi
+        # you can also comment this out and we'll use the global storage class
+        s3_pvc_storage_class: local-path
         s3_region: eu-west-1
         # cronjob schedule to turn on nextcloud maintenance mode for backups
         maintenance_mode_on_schedule: "0 1 * * *"
@@ -1291,6 +1306,8 @@ apps:
       # git repo to install the Argo CD app from
       repo: https://github.com/small-hack/argocd-apps
       # path in the argo repo to point to. Trailing slash very important!
+      # you can also use nextcloud/app_of_apps_with_tolerations/ if you have a
+      # special nextcloud node you want to apply affinity and tolerations for
       path: nextcloud/app_of_apps/
       # either the branch or tag to point at in the argo repo above
       revision: main

smol_k8s_lab/k8s_apps/identity_provider/zitadel.py

@@ -527,15 +527,18 @@ def restore_zitadel(argocd: ArgoCD,
     restic_repo_password = backup_dict['restic_repo_pass']
     cnpg_backup_schedule = backup_dict['postgres_schedule']
 
+    # get where the current argo cd app is located in git
+    revision = argo_dict["revision"]
+    argo_path = argo_dict["path"]
+
     # first we grab existing bitwarden items if they exist
     if bitwarden:
         refresh_bitwarden(argocd, zitadel_hostname, bitwarden)
 
         # apply the external secrets so we can immediately use them for restores
-        ref = "main"
         external_secrets_yaml = (
                 "https://raw.githubusercontent.com/small-hack/argocd-apps/"
-                f"{ref}/zitadel/app_of_apps/external_secrets_argocd_appset.yaml"
+                f"{revision}/{argo_path}/external_secrets_argocd_appset.yaml"
                 )
         argocd.k8s.apply_manifests(external_secrets_yaml, argocd.namespace)
 
@@ -556,6 +559,8 @@ def restore_zitadel(argocd: ArgoCD,
             argocd,
             'zitadel',
             zitadel_namespace,
+            revision,
+            argo_path,
             s3_backup_endpoint,
             s3_backup_bucket,
             access_key_id,

smol_k8s_lab/k8s_apps/social/mastodon.py

@@ -460,18 +460,20 @@ def restore_mastodon(argocd: ArgoCD,
     restic_repo_password = backup_dict['restic_repo_pass']
     cnpg_backup_schedule = backup_dict['postgres_schedule']
 
+
+    # apply the external secrets so we can immediately use them for restores
+    # ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
+    # WARNING: change this back to main when done testing
+    # ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
+    revision = argo_dict.get("revision", "add-pvc-helm-chart-for-mastodon")
+    argo_path = argo_dict["path"]
+
     # first we grab existing bitwarden items if they exist
     if bitwarden:
         refresh_bweso(argocd, mastodon_hostname, bitwarden)
-
-        # apply the external secrets so we can immediately use them for restores
-        # ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
-        # WARNING: change this back to main when done testing
-        # ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
-        ref = "add-pvc-helm-chart-for-mastodon"
         external_secrets_yaml = (
                 "https://raw.githubusercontent.com/small-hack/argocd-apps/"
-                f"{ref}/mastodon/app_of_apps/external_secrets_argocd_appset.yaml"
+                f"{revision}/{argo_path}/external_secrets_argocd_appset.yaml"
                 )
         argocd.k8s.apply_manifests(external_secrets_yaml, argocd.namespace)
 
@@ -492,7 +494,8 @@ def restore_mastodon(argocd: ArgoCD,
             argocd.k8s,
             'mastodon',
             mastodon_namespace,
-            argocd.namespace,
+            revision,
+            argo_path,
             s3_backup_endpoint,
             s3_backup_bucket,
             access_key_id,

smol_k8s_lab/k8s_apps/social/matrix.py

@@ -645,14 +645,18 @@ def restore_matrix(argocd: ArgoCD,
     restic_repo_password = backup_dict['restic_repo_pass']
     cnpg_backup_schedule = backup_dict['postgres_schedule']
 
+    # get argocd git repo info
+    revision = argo_dict['revision']
+    argo_path = argo_dict['path']
+
     # first we grab existing bitwarden items if they exist
     if bitwarden:
         refresh_bweso(argocd, matrix_hostname, bitwarden)
 
         # apply the external secrets so we can immediately use them for restores
         external_secrets_yaml = (
                 "https://raw.githubusercontent.com/small-hack/argocd-apps"
-                "/main/matrix/app_of_apps/external_secrets_argocd_appset.yaml"
+                f"/{revision}/{argo_path}/external_secrets_argocd_appset.yaml"
                 )
         argocd.k8s.apply_manifests(external_secrets_yaml, argocd.namespace)
 
@@ -673,6 +677,8 @@ def restore_matrix(argocd: ArgoCD,
             argocd,
             'matrix',
             matrix_namespace,
+            revision,
+            argo_path,
             s3_backup_endpoint,
             s3_backup_bucket,
             access_key_id,

smol_k8s_lab/k8s_apps/social/nextcloud.py

@@ -43,6 +43,18 @@ def configure_nextcloud(argocd: ArgoCD,
     if secrets:
         nextcloud_hostname = secrets['hostname']
 
+        # make sure the pvc secrets are set correctly
+        storage_class_secrets = {}
+
+        # verify each configurable PVC has an associated secret
+        for pvc in ['files', 'config', 's3_pvc']:
+            storage_class = secrets.get(f"{pvc}_storage_class", None)
+            if not storage_class:
+                storage_class_secrets[f"nextcloud_{pvc}_storage_class"] = pvc_storage_class
+
+        if storage_class_secrets:
+            argocd.update_appset_secret(storage_class_secrets)
+
     # verify if initialization is enabled
     init = cfg.get('init', {'enabled': True, 'restore': {'enabled': False}})
     init_enabled = init.get('enabled', True)
@@ -204,7 +216,7 @@ def restore_nextcloud(argocd: ArgoCD,
                       secrets: dict,
                       restore_dict: dict,
                       backup_dict: dict,
-                      pvc_storage_class: str,
+                      global_pvc_storage_class: str,
                       pgsql_cluster_name: str,
                       bitwarden: BwCLI) -> None:
     """
@@ -219,14 +231,18 @@ def restore_nextcloud(argocd: ArgoCD,
     restic_repo_password = backup_dict['restic_repo_pass']
     cnpg_backup_schedule = backup_dict['postgres_schedule']
 
+    # get argo git repo info
+    revision = argo_dict['revision']
+    argo_path = argo_dict['path']
+
     # first we grab existing bitwarden items if they exist
     if bitwarden:
         refresh_bweso(argocd, nextcloud_hostname, bitwarden)
 
         # apply the external secrets so we can immediately use them for restores
         external_secrets_yaml = (
-                "https://raw.githubusercontent.com/small-hack/argocd-apps/main/"
-                "nextcloud/app_of_apps/external_secrets_argocd_appset.yaml"
+                f"https://raw.githubusercontent.com/small-hack/argocd-apps/{revision}/"
+                f"{argo_path}/external_secrets_argocd_appset.yaml"
                 )
         argocd.k8s.apply_manifests(external_secrets_yaml, argocd.namespace)
 
@@ -243,21 +259,24 @@ def restore_nextcloud(argocd: ArgoCD,
 
     # then we create all the seaweedfs pvcs we lost and restore them
     snapshot_ids = restore_dict['restic_snapshot_ids']
+    s3_pvc_storage_class = secrets.get("s3_pvc_storage_class", global_pvc_storage_class)
+
     restore_seaweedfs(
             argocd,
             'nextcloud',
             nextcloud_namespace,
+            revision,
+            argo_path,
             s3_backup_endpoint,
             s3_backup_bucket,
             access_key_id,
             secret_access_key,
             restic_repo_password,
             s3_pvc_capacity,
-            pvc_storage_class,
+            s3_pvc_storage_class,
             "ReadWriteOnce",
             snapshot_ids['seaweedfs_volume'],
-            snapshot_ids['seaweedfs_filer']
-            )
+            snapshot_ids['seaweedfs_filer'])
 
     # then we finally can restore the postgres database :D
     if restore_dict.get("cnpg_restore", False):
@@ -278,13 +297,14 @@ def restore_nextcloud(argocd: ArgoCD,
     for pvc in ['files', 'config']:
         pvc_enabled = secrets.get(f'{pvc}_pvc_enabled', 'false')
         if pvc_enabled and pvc_enabled.lower() != 'false':
+            storage_class = secrets.get(f"{pvc}_storage_class", global_pvc_storage_class)
             # creates the nexcloud pvc
             recreate_pvc(argocd.k8s,
                          'nextcloud',
                          f'nextcloud-{pvc}',
                          nextcloud_namespace,
                          secrets[f'{pvc}_storage'],
-                         pvc_storage_class,
+                         storage_class,
                          secrets[f'{pvc}_access_mode'],
                          "nextcloud-pvc"
                          )