diff --git a/cluster/components/backups/automations/kustomization.yaml b/cluster/components/backups/automations/kustomization.yaml new file mode 100644 index 0000000..00c2570 --- /dev/null +++ b/cluster/components/backups/automations/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - schedule-daily.yaml diff --git a/cluster/components/backups/automations/schedule-daily.yaml b/cluster/components/backups/automations/schedule-daily.yaml new file mode 100644 index 0000000..e35442c --- /dev/null +++ b/cluster/components/backups/automations/schedule-daily.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: daily + namespace: libresh-system +spec: + schedule: "0 2 * * *" + template: + includedNamespaces: + - "*" diff --git a/cluster/components/backups/velero/bucket.yaml b/cluster/components/backups/velero/bucket.yaml new file mode 100644 index 0000000..af57709 --- /dev/null +++ b/cluster/components/backups/velero/bucket.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: core.libre.sh/v1alpha1 +kind: Bucket +metadata: + name: velero +spec: + policy: + preset: private + provider: data diff --git a/cluster/components/backups/velero/gen-policy.yaml b/cluster/components/backups/velero/gen-policy.yaml new file mode 100644 index 0000000..0b864e7 --- /dev/null +++ b/cluster/components/backups/velero/gen-policy.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: velero-local-minio-creds +spec: + generateExisting: true + rules: + - name: velero-local-minio-creds + match: + any: + - resources: + kinds: + - Secret + names: + - velero.bucket.libre.sh + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: velero-local-minio-creds + namespace: libresh-system + data: + stringData: + credential.toml: |- + [default] + aws_access_key_id={{ request.object.data.accessKey | base64_decode(@) }} + aws_secret_access_key={{ request.object.data.secretKey | base64_decode(@) }} diff --git a/cluster/components/backups/velero/hr.yaml b/cluster/components/backups/velero/hr.yaml new file mode 100644 index 0000000..bb1adb4 --- /dev/null +++ b/cluster/components/backups/velero/hr.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: velero +spec: + interval: 15m + chart: + spec: + chart: velero + version: 4.1.3 + sourceRef: + kind: HelmRepository + name: vmware-tanzu + namespace: libresh-system + interval: 15m + install: + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + valuesFrom: + - kind: ConfigMap + name: velero-values + - kind: Secret + name: velero.bucket.libre.sh + valuesKey: bucket + targetPath: configuration.backupStorageLocation[0].bucket + - kind: Secret + name: velero.bucket.libre.sh + valuesKey: url + targetPath: configuration.backupStorageLocation[0].config.s3Url + - kind: ConfigMap + name: velero-custom-values + optional: true diff --git a/cluster/components/backups/velero/kustomization.yaml b/cluster/components/backups/velero/kustomization.yaml new file mode 100644 index 0000000..6067e37 --- /dev/null +++ b/cluster/components/backups/velero/kustomization.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bucket.yaml + - gen-policy.yaml + - values.yaml + - hr.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: velero-values + files: + - values.yaml \ No newline at end of file diff --git a/cluster/components/backups/velero/values.yaml b/cluster/components/backups/velero/values.yaml new file mode 100644 index 0000000..6b92cd6 --- /dev/null +++ b/cluster/components/backups/velero/values.yaml @@ -0,0 +1,22 @@ +initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.7.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins +credentials: + useSecret: false +configuration: + backupStorageLocation: + - name: local-minio + provider: aws + default: true + accessMode: ReadWrite + credential: + name: velero-local-minio-creds + key: credential.toml + config: + region: eu + s3ForcePathStyle: true + volumeSnapshotLocation: [] \ No newline at end of file diff --git a/cluster/components/kyverno/hr.yaml b/cluster/components/kyverno/hr.yaml new file mode 100644 index 0000000..0e0a2a4 --- /dev/null +++ b/cluster/components/kyverno/hr.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kyverno +spec: + interval: 15m + chart: + spec: + chart: kyverno + version: 3.0.2 + sourceRef: + kind: HelmRepository + name: kyverno + namespace: libresh-system + interval: 15m + install: + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + valuesFrom: + - kind: ConfigMap + name: kyverno-values + optional: false + - kind: ConfigMap + name: kyverno-custom-values + optional: true \ No newline at end of file diff --git a/cluster/components/kyverno/kustomization.yaml b/cluster/components/kyverno/kustomization.yaml new file mode 100644 index 0000000..4b8eaf1 --- /dev/null +++ b/cluster/components/kyverno/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - hr.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: kyverno-values + files: + - values.yaml \ No newline at end of file diff --git a/cluster/components/kyverno/values.yaml b/cluster/components/kyverno/values.yaml new file mode 100644 index 0000000..6a29c3f --- /dev/null +++ b/cluster/components/kyverno/values.yaml @@ -0,0 +1,10 @@ +admissionController: + replicas: 3 +backgroundController: + replicas: 2 +cleanupController: + replicas: 2 +reportsController: + replicas: 2 +config: + excludeKyvernoNamespace: false \ No newline at end of file diff --git a/cluster/repositories/kustomization.yaml b/cluster/repositories/kustomization.yaml index 95489da..c4f370d 100644 --- a/cluster/repositories/kustomization.yaml +++ b/cluster/repositories/kustomization.yaml @@ -10,4 +10,6 @@ resources: - ./minio.yaml - ./openebs.yaml - ./postgres-zalando.yaml - - ./prometheus-community.yaml \ No newline at end of file + - ./prometheus-community.yaml + - kyverno.yaml + - vmware-tanzu.yaml diff --git a/cluster/repositories/kyverno.yaml b/cluster/repositories/kyverno.yaml new file mode 100644 index 0000000..1d70e8e --- /dev/null +++ b/cluster/repositories/kyverno.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: kyverno + namespace: libresh-system +spec: + interval: 10m + url: https://kyverno.github.io/kyverno/ + timeout: 3m diff --git a/cluster/repositories/vmware-tanzu.yaml b/cluster/repositories/vmware-tanzu.yaml new file mode 100644 index 0000000..71db966 --- /dev/null +++ b/cluster/repositories/vmware-tanzu.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: vmware-tanzu + namespace: libresh-system +spec: + interval: 10m + url: https://vmware-tanzu.github.io/helm-charts/ + timeout: 3m