mirror of
https://forge.liiib.re/indiehost/libre.sh/libre.sh.git
synced 2025-01-03 17:13:08 +00:00
Merge branch 'feat/backups' into 'main'
Feat/backups See merge request indiehost/libre.sh/libre.sh!39
This commit is contained in:
commit
3079f86b07
13 changed files with 198 additions and 1 deletions
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- schedule-daily.yaml
|
11
cluster/components/backups/automations/schedule-daily.yaml
Normal file
11
cluster/components/backups/automations/schedule-daily.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
apiVersion: velero.io/v1
|
||||||
|
kind: Schedule
|
||||||
|
metadata:
|
||||||
|
name: daily
|
||||||
|
namespace: libresh-system
|
||||||
|
spec:
|
||||||
|
schedule: "0 2 * * *"
|
||||||
|
template:
|
||||||
|
includedNamespaces:
|
||||||
|
- "*"
|
9
cluster/components/backups/velero/bucket.yaml
Normal file
9
cluster/components/backups/velero/bucket.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
apiVersion: core.libre.sh/v1alpha1
|
||||||
|
kind: Bucket
|
||||||
|
metadata:
|
||||||
|
name: velero
|
||||||
|
spec:
|
||||||
|
policy:
|
||||||
|
preset: private
|
||||||
|
provider: data
|
28
cluster/components/backups/velero/gen-policy.yaml
Normal file
28
cluster/components/backups/velero/gen-policy.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
apiVersion: kyverno.io/v1
|
||||||
|
kind: Policy
|
||||||
|
metadata:
|
||||||
|
name: velero-local-minio-creds
|
||||||
|
spec:
|
||||||
|
generateExisting: true
|
||||||
|
rules:
|
||||||
|
- name: velero-local-minio-creds
|
||||||
|
match:
|
||||||
|
any:
|
||||||
|
- resources:
|
||||||
|
kinds:
|
||||||
|
- Secret
|
||||||
|
names:
|
||||||
|
- velero.bucket.libre.sh
|
||||||
|
generate:
|
||||||
|
synchronize: true
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: velero-local-minio-creds
|
||||||
|
namespace: libresh-system
|
||||||
|
data:
|
||||||
|
stringData:
|
||||||
|
credential.toml: |-
|
||||||
|
[default]
|
||||||
|
aws_access_key_id={{ request.object.data.accessKey | base64_decode(@) }}
|
||||||
|
aws_secret_access_key={{ request.object.data.secretKey | base64_decode(@) }}
|
36
cluster/components/backups/velero/hr.yaml
Normal file
36
cluster/components/backups/velero/hr.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: velero
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: velero
|
||||||
|
version: 4.1.3
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: vmware-tanzu
|
||||||
|
namespace: libresh-system
|
||||||
|
interval: 15m
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 5
|
||||||
|
upgrade:
|
||||||
|
remediation:
|
||||||
|
retries: 5
|
||||||
|
valuesFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: velero-values
|
||||||
|
- kind: Secret
|
||||||
|
name: velero.bucket.libre.sh
|
||||||
|
valuesKey: bucket
|
||||||
|
targetPath: configuration.backupStorageLocation[0].bucket
|
||||||
|
- kind: Secret
|
||||||
|
name: velero.bucket.libre.sh
|
||||||
|
valuesKey: url
|
||||||
|
targetPath: configuration.backupStorageLocation[0].config.s3Url
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: velero-custom-values
|
||||||
|
optional: true
|
14
cluster/components/backups/velero/kustomization.yaml
Normal file
14
cluster/components/backups/velero/kustomization.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- bucket.yaml
|
||||||
|
- gen-policy.yaml
|
||||||
|
- values.yaml
|
||||||
|
- hr.yaml
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
configMapGenerator:
|
||||||
|
- name: velero-values
|
||||||
|
files:
|
||||||
|
- values.yaml
|
22
cluster/components/backups/velero/values.yaml
Normal file
22
cluster/components/backups/velero/values.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
initContainers:
|
||||||
|
- name: velero-plugin-for-aws
|
||||||
|
image: velero/velero-plugin-for-aws:v1.7.0
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /target
|
||||||
|
name: plugins
|
||||||
|
credentials:
|
||||||
|
useSecret: false
|
||||||
|
configuration:
|
||||||
|
backupStorageLocation:
|
||||||
|
- name: local-minio
|
||||||
|
provider: aws
|
||||||
|
default: true
|
||||||
|
accessMode: ReadWrite
|
||||||
|
credential:
|
||||||
|
name: velero-local-minio-creds
|
||||||
|
key: credential.toml
|
||||||
|
config:
|
||||||
|
region: eu
|
||||||
|
s3ForcePathStyle: true
|
||||||
|
volumeSnapshotLocation: []
|
29
cluster/components/kyverno/hr.yaml
Normal file
29
cluster/components/kyverno/hr.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: kyverno
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: kyverno
|
||||||
|
version: 3.0.2
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: kyverno
|
||||||
|
namespace: libresh-system
|
||||||
|
interval: 15m
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 5
|
||||||
|
upgrade:
|
||||||
|
remediation:
|
||||||
|
retries: 5
|
||||||
|
valuesFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: kyverno-values
|
||||||
|
optional: false
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: kyverno-custom-values
|
||||||
|
optional: true
|
11
cluster/components/kyverno/kustomization.yaml
Normal file
11
cluster/components/kyverno/kustomization.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- hr.yaml
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
configMapGenerator:
|
||||||
|
- name: kyverno-values
|
||||||
|
files:
|
||||||
|
- values.yaml
|
10
cluster/components/kyverno/values.yaml
Normal file
10
cluster/components/kyverno/values.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
admissionController:
|
||||||
|
replicas: 3
|
||||||
|
backgroundController:
|
||||||
|
replicas: 2
|
||||||
|
cleanupController:
|
||||||
|
replicas: 2
|
||||||
|
reportsController:
|
||||||
|
replicas: 2
|
||||||
|
config:
|
||||||
|
excludeKyvernoNamespace: false
|
|
@ -10,4 +10,6 @@ resources:
|
||||||
- ./minio.yaml
|
- ./minio.yaml
|
||||||
- ./openebs.yaml
|
- ./openebs.yaml
|
||||||
- ./postgres-zalando.yaml
|
- ./postgres-zalando.yaml
|
||||||
- ./prometheus-community.yaml
|
- ./prometheus-community.yaml
|
||||||
|
- kyverno.yaml
|
||||||
|
- vmware-tanzu.yaml
|
||||||
|
|
10
cluster/repositories/kyverno.yaml
Normal file
10
cluster/repositories/kyverno.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: kyverno
|
||||||
|
namespace: libresh-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://kyverno.github.io/kyverno/
|
||||||
|
timeout: 3m
|
10
cluster/repositories/vmware-tanzu.yaml
Normal file
10
cluster/repositories/vmware-tanzu.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: vmware-tanzu
|
||||||
|
namespace: libresh-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://vmware-tanzu.github.io/helm-charts/
|
||||||
|
timeout: 3m
|
Loading…
Reference in a new issue