From a0401cc9792c74c1c9bc9f0f1755dae79254d38f Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 20 Jan 2026 20:18:15 -0800 Subject: [PATCH] Switch from SMB CSI to hostPath for torrents volume SMB CSI driver doesn't work with minikube podman driver due to kernel-level mount restrictions. Use hostPath instead since the SMB share is already mounted on indri at /Volumes/torrents. - Remove SMB PV and secret template - Add hostPath PVs for torrent and kiwix namespaces - Both PVs point to same /Volumes/torrents directory Co-Authored-By: Claude Opus 4.5 --- argocd/manifests/kiwix/kustomization.yaml | 1 + argocd/manifests/kiwix/pv.yaml | 15 ++++++++++ argocd/manifests/kiwix/pvc.yaml | 2 +- argocd/manifests/torrent/kustomization.yaml | 3 +- argocd/manifests/torrent/pv-smb.yaml | 29 -------------------- argocd/manifests/torrent/pv.yaml | 15 ++++++++++ argocd/manifests/torrent/pvc.yaml | 2 +- argocd/manifests/torrent/secret-smb.yaml.tpl | 14 ---------- 8 files changed, 34 insertions(+), 47 deletions(-) create mode 100644 argocd/manifests/kiwix/pv.yaml delete mode 100644 argocd/manifests/torrent/pv-smb.yaml create mode 100644 argocd/manifests/torrent/pv.yaml delete mode 100644 argocd/manifests/torrent/secret-smb.yaml.tpl diff --git a/argocd/manifests/kiwix/kustomization.yaml b/argocd/manifests/kiwix/kustomization.yaml index 79446c8..a626bb6 100644 --- a/argocd/manifests/kiwix/kustomization.yaml +++ b/argocd/manifests/kiwix/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kiwix resources: + - pv.yaml - pvc.yaml - configmap-zim-torrents.yaml - configmap-sync-script.yaml diff --git a/argocd/manifests/kiwix/pv.yaml b/argocd/manifests/kiwix/pv.yaml new file mode 100644 index 0000000..be1f37d --- /dev/null +++ b/argocd/manifests/kiwix/pv.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: torrents-pv-kiwix +spec: + capacity: + storage: 1Ti + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + hostPath: + path: /Volumes/torrents + type: Directory diff --git a/argocd/manifests/kiwix/pvc.yaml b/argocd/manifests/kiwix/pvc.yaml index b19dda3..01a8ee7 100644 --- a/argocd/manifests/kiwix/pvc.yaml +++ b/argocd/manifests/kiwix/pvc.yaml @@ -8,7 +8,7 @@ spec: accessModes: - ReadWriteMany # Need write for the sync sidecar to work storageClassName: "" - volumeName: torrents-smb-pv + volumeName: torrents-pv-kiwix resources: requests: storage: 1Ti diff --git a/argocd/manifests/torrent/kustomization.yaml b/argocd/manifests/torrent/kustomization.yaml index f316d3a..bf1e21a 100644 --- a/argocd/manifests/torrent/kustomization.yaml +++ b/argocd/manifests/torrent/kustomization.yaml @@ -3,9 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: torrent resources: - - pv-smb.yaml + - pv.yaml - pvc.yaml - deployment.yaml - service.yaml - ingress-tailscale.yaml -# Note: secret-smb.yaml.tpl must be applied manually with credentials from 1Password diff --git a/argocd/manifests/torrent/pv-smb.yaml b/argocd/manifests/torrent/pv-smb.yaml deleted file mode 100644 index 39cf38b..0000000 --- a/argocd/manifests/torrent/pv-smb.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: torrents-smb-pv -spec: - capacity: - storage: 1Ti - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - storageClassName: "" - mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=1000 - - gid=1000 - - noperm - - mfsymlinks - - cache=strict - - noserverino # Required to prevent data corruption - csi: - driver: smb.csi.k8s.io - volumeHandle: torrents-smb-pv - volumeAttributes: - source: //sifaka/torrents - nodeStageSecretRef: - name: smbcreds - namespace: torrent diff --git a/argocd/manifests/torrent/pv.yaml b/argocd/manifests/torrent/pv.yaml new file mode 100644 index 0000000..fd7838d --- /dev/null +++ b/argocd/manifests/torrent/pv.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: torrents-pv +spec: + capacity: + storage: 1Ti + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: "" + hostPath: + path: /Volumes/torrents + type: Directory diff --git a/argocd/manifests/torrent/pvc.yaml b/argocd/manifests/torrent/pvc.yaml index 1fd1e33..6f91266 100644 --- a/argocd/manifests/torrent/pvc.yaml +++ b/argocd/manifests/torrent/pvc.yaml @@ -8,7 +8,7 @@ spec: accessModes: - ReadWriteMany storageClassName: "" - volumeName: torrents-smb-pv + volumeName: torrents-pv resources: requests: storage: 1Ti diff --git a/argocd/manifests/torrent/secret-smb.yaml.tpl b/argocd/manifests/torrent/secret-smb.yaml.tpl deleted file mode 100644 index 4b80022..0000000 --- a/argocd/manifests/torrent/secret-smb.yaml.tpl +++ /dev/null @@ -1,14 +0,0 @@ -# Template - apply manually with credentials from 1Password -# kubectl --context=minikube-indri create secret generic smbcreds \ -# --namespace torrent \ -# --from-literal=username=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/username") \ -# --from-literal=password=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/password") -apiVersion: v1 -kind: Secret -metadata: - name: smbcreds - namespace: torrent -type: Opaque -stringData: - username: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/username }}" - password: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/synology-smb-k8s/password }}"