feat: migrate reposync to ArgoCD
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Migrate repository sync cronjobs from Terragrunt to ArgoCD/Kustomize.
Adds four daily CronJobs (almalinux9-baseos, almalinux9-appstream, epel9,
openvox7) with associated PVCs and ConfigMaps in the reposync namespace.

💘 Generated with Crush

Assisted-by: Claude Sonnet 4.6 via Crush <crush@charm.land>
This commit is contained in:
2026-03-27 16:18:38 +11:00
parent 95c9302aa8
commit bc036bf24a
12 changed files with 436 additions and 9 deletions
@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: reposync
app.kubernetes.io/name: reposync
name: dnf-conf
namespace: reposync
data:
dnf.conf: |
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
max_parallel_downloads=6
@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: reposync-openvox7
app.kubernetes.io/name: reposync
name: openvox7-openvox-repo
namespace: reposync
data:
openvox.repo: |
[openvox]
name=openvox repository
baseurl=https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/openvox/openvox7/el/9/x86_64/
gpgkey=https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/openvox/GPG-KEY-openvox.pub
enabled=1
gpgcheck=1
@@ -0,0 +1,72 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: reposync-almalinux9-appstream
app.kubernetes.io/name: reposync
name: reposync-almalinux9-appstream
namespace: reposync
spec:
schedule: "10 2 * * *"
timeZone: "Australia/Sydney"
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 10
failedJobsHistoryLimit: 5
jobTemplate:
spec:
completions: 1
parallelism: 1
backoffLimit: 3
ttlSecondsAfterFinished: 3600
template:
spec:
restartPolicy: Never
containers:
- name: reposync
image: git.unkin.net/unkin/almalinux9-base:latest
imagePullPolicy: Always
command: ["/bin/bash", "-c"]
args:
- |
set -euo pipefail
echo "Starting AlmaLinux $REPO_TYPE repository sync..."
# Install reposync
dnf install -y dnf-plugins-core
# Sync repository
dnf reposync \
--repoid=$REPO_TYPE \
--destdir=/data \
--download-metadata \
--newest-only \
--delete
echo "AlmaLinux $REPO_TYPE repository sync completed successfully"
env:
- name: REPO_TYPE
value: "appstream"
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 4Gi
volumeMounts:
- name: repodata
mountPath: /data
readOnly: false
- name: dnf-conf
mountPath: /etc/dnf/dnf.conf
subPath: dnf.conf
readOnly: true
volumes:
- name: repodata
persistentVolumeClaim:
claimName: reposync-almalinux9-appstream-repodata
- name: dnf-conf
configMap:
name: dnf-conf
@@ -0,0 +1,75 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: reposync-almalinux9-baseos
app.kubernetes.io/name: reposync
name: reposync-almalinux9-baseos
namespace: reposync
spec:
schedule: "0 2 * * *"
timeZone: "Australia/Sydney"
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 10
failedJobsHistoryLimit: 5
jobTemplate:
spec:
completions: 1
parallelism: 1
backoffLimit: 3
ttlSecondsAfterFinished: 3600
template:
spec:
restartPolicy: Never
containers:
- name: reposync
image: git.unkin.net/unkin/almalinux9-base:latest
imagePullPolicy: Always
command: ["/bin/bash", "-c"]
args:
- |
set -euo pipefail
echo "Starting AlmaLinux $REPO_TYPE repository sync..."
# Install reposync
dnf install -y dnf-plugins-core
# Create repo directory
mkdir -p /data/almalinux/$REPO_TYPE
# Sync repository
dnf reposync \
--repoid=$REPO_TYPE \
--destdir=/data/almalinux/$REPO_TYPE \
--download-metadata \
--newest-only \
--delete
echo "AlmaLinux $REPO_TYPE repository sync completed successfully"
env:
- name: REPO_TYPE
value: "baseos"
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 4Gi
volumeMounts:
- name: repodata
mountPath: /data
readOnly: false
- name: dnf-conf
mountPath: /etc/dnf/dnf.conf
subPath: dnf.conf
readOnly: true
volumes:
- name: repodata
persistentVolumeClaim:
claimName: reposync-almalinux9-baseos-repodata
- name: dnf-conf
configMap:
name: dnf-conf
@@ -0,0 +1,72 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: reposync-epel9
app.kubernetes.io/name: reposync
name: reposync-epel9
namespace: reposync
spec:
schedule: "20 2 * * *"
timeZone: "Australia/Sydney"
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 10
failedJobsHistoryLimit: 5
jobTemplate:
spec:
completions: 1
parallelism: 1
backoffLimit: 3
ttlSecondsAfterFinished: 3600
template:
spec:
restartPolicy: Never
containers:
- name: reposync
image: git.unkin.net/unkin/almalinux9-base:latest
imagePullPolicy: Always
command: ["/bin/bash", "-c"]
args:
- |
set -euo pipefail
echo "Starting AlmaLinux $REPO_TYPE repository sync..."
# Install reposync
dnf install -y dnf-plugins-core
# Sync repository
dnf reposync \
--repoid=$REPO_TYPE \
--destdir=/data \
--download-metadata \
--newest-only \
--delete
echo "AlmaLinux $REPO_TYPE repository sync completed successfully"
env:
- name: REPO_TYPE
value: "epel"
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 4Gi
volumeMounts:
- name: repodata
mountPath: /data
readOnly: false
- name: dnf-conf
mountPath: /etc/dnf/dnf.conf
subPath: dnf.conf
readOnly: true
volumes:
- name: repodata
persistentVolumeClaim:
claimName: reposync-epel9-repodata
- name: dnf-conf
configMap:
name: dnf-conf
@@ -0,0 +1,78 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: reposync-openvox7
app.kubernetes.io/name: reposync
name: reposync-openvox7
namespace: reposync
spec:
schedule: "30 2 * * *"
timeZone: "Australia/Sydney"
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 10
failedJobsHistoryLimit: 5
jobTemplate:
spec:
completions: 1
parallelism: 1
backoffLimit: 3
ttlSecondsAfterFinished: 3600
template:
spec:
restartPolicy: Never
containers:
- name: reposync
image: git.unkin.net/unkin/almalinux9-base:latest
imagePullPolicy: Always
command: ["/bin/bash", "-c"]
args:
- |
set -euo pipefail
echo "Starting AlmaLinux $REPO_TYPE repository sync..."
# Install reposync
dnf install -y dnf-plugins-core
# Sync repository
dnf reposync \
--repoid=$REPO_TYPE \
--destdir=/data \
--download-metadata \
--delete
echo "AlmaLinux $REPO_TYPE repository sync completed successfully"
env:
- name: REPO_TYPE
value: "openvox"
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 4Gi
volumeMounts:
- name: repodata
mountPath: /data
readOnly: false
- name: dnf-conf
mountPath: /etc/dnf/dnf.conf
subPath: dnf.conf
readOnly: true
- name: openvox-repo
mountPath: /etc/yum.repos.d/openvox.repo
subPath: openvox.repo
readOnly: true
volumes:
- name: repodata
persistentVolumeClaim:
claimName: reposync-openvox7-repodata
- name: dnf-conf
configMap:
name: dnf-conf
- name: openvox-repo
configMap:
name: openvox7-openvox-repo
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- configmap_dnf-conf.yaml
- configmap_openvox-repo.yaml
- persistentvolumeclaims.yaml
- cronjob_reposync-almalinux9-baseos.yaml
- cronjob_reposync-almalinux9-appstream.yaml
- cronjob_reposync-epel9.yaml
- cronjob_reposync-openvox7.yaml
+7
View File
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/name: reposync
name: reposync
@@ -0,0 +1,64 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: reposync-almalinux9-baseos
app.kubernetes.io/name: reposync
name: reposync-almalinux9-baseos-repodata
namespace: reposync
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: cephrbd-fast-delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: reposync-almalinux9-appstream
app.kubernetes.io/name: reposync
name: reposync-almalinux9-appstream-repodata
namespace: reposync
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: cephrbd-fast-delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: reposync-epel9
app.kubernetes.io/name: reposync
name: reposync-epel9-repodata
namespace: reposync
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 30Gi
storageClassName: cephrbd-fast-delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: reposync-openvox7
app.kubernetes.io/name: reposync
name: reposync-openvox7-repodata
namespace: reposync
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: cephrbd-fast-delete
@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: reposync
resources:
- ../../../base/reposync
+4 -3
View File
@@ -12,16 +12,17 @@ spec:
directories:
- path: apps/overlays/*/artifactapi
- path: apps/overlays/*/cattle-system
- path: apps/overlays/*/certificates
- path: apps/overlays/*/cert-manager
- path: apps/overlays/*/certificates
- path: apps/overlays/*/cnpg-system
- path: apps/overlays/*/externaldns
- path: apps/overlays/*/inteldeviceplugins-system
- path: apps/overlays/*/jfrog
- path: apps/overlays/*/node-feature-discovery
- path: apps/overlays/*/puppet
- path: apps/overlays/*/reflector-system
- path: apps/overlays/*/reloader-system
- path: apps/overlays/*/jfrog
- path: apps/overlays/*/puppet
- path: apps/overlays/*/reposync
- path: apps/overlays/*/woodpecker
template:
metadata:
+8 -6
View File
@@ -8,14 +8,14 @@ spec:
description: Platform infrastructure and core services
sourceRepos:
- https://git.unkin.net/unkin/argocd-apps
- https://charts.jetstack.io
- https://cloudnative-pg.github.io/charts
- https://intel.github.io/helm-charts/
- https://kubernetes-sigs.github.io/external-dns/
- https://releases.rancher.com/server-charts/stable
- oci://gcr.io/k8s-staging-nfd/charts
- oci://ghcr.io/emberstack/helm-charts
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
- https://releases.rancher.com/server-charts/stable
- https://charts.jetstack.io
- https://kubernetes-sigs.github.io/external-dns/
- https://cloudnative-pg.github.io/charts
- oci://gcr.io/k8s-staging-nfd/charts
- https://intel.github.io/helm-charts/
destinations:
- namespace: '*-system'
server: https://kubernetes.default.svc
@@ -33,6 +33,8 @@ spec:
server: https://kubernetes.default.svc
- namespace: 'puppet'
server: https://kubernetes.default.svc
- namespace: 'reposync'
server: https://kubernetes.default.svc
- namespace: 'woodpecker'
server: https://kubernetes.default.svc
clusterResourceWhitelist: