From e32ce47218f3b2f85d3a7ea9608d295f60701096 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Wed, 18 Dec 2019 16:18:04 +0100 Subject: [PATCH] migrate velero chart from helm/chart to new home Signed-off-by: Carlos Panato --- charts/velero/.helmignore | 21 ++ charts/velero/Chart.yaml | 21 ++ charts/velero/OWNERS | 10 + charts/velero/README.md | 92 ++++++++ charts/velero/ci/test-values.yaml | 10 + charts/velero/crds/backups.yaml | 16 ++ .../velero/crds/backupstoragelocations.yaml | 17 ++ charts/velero/crds/deletebackuprequests.yaml | 16 ++ charts/velero/crds/downloadrequests.yaml | 17 ++ charts/velero/crds/podvolumebackups.yaml | 16 ++ charts/velero/crds/podvolumerestores.yaml | 16 ++ charts/velero/crds/resticrepositories.yaml | 16 ++ charts/velero/crds/restores.yaml | 16 ++ charts/velero/crds/schedules.yaml | 16 ++ charts/velero/crds/serverstatusrequests.yaml | 16 ++ .../velero/crds/volumesnapshotlocations.yaml | 16 ++ charts/velero/templates/NOTES.txt | 13 ++ charts/velero/templates/_helpers.tpl | 76 +++++++ .../templates/backupstoragelocation.yaml | 46 ++++ charts/velero/templates/cleanup-crds.yaml | 39 ++++ charts/velero/templates/configmaps.yaml | 17 ++ charts/velero/templates/crds.yaml | 5 + charts/velero/templates/deployment.yaml | 143 ++++++++++++ charts/velero/templates/rbac.yaml | 20 ++ charts/velero/templates/restic-daemonset.yaml | 112 ++++++++++ charts/velero/templates/schedule.yaml | 18 ++ charts/velero/templates/secret.yaml | 16 ++ charts/velero/templates/service.yaml | 20 ++ .../templates/serviceaccount-server.yaml | 11 + charts/velero/templates/servicemonitor.yaml | 22 ++ .../templates/volumesnapshotlocation.yaml | 35 +++ charts/velero/values.yaml | 211 ++++++++++++++++++ 32 files changed, 1136 insertions(+) create mode 100644 charts/velero/.helmignore create mode 100644 charts/velero/Chart.yaml create mode 100644 charts/velero/OWNERS create mode 100644 charts/velero/README.md create mode 100644 charts/velero/ci/test-values.yaml create mode 100644 charts/velero/crds/backups.yaml create mode 100644 charts/velero/crds/backupstoragelocations.yaml create mode 100644 charts/velero/crds/deletebackuprequests.yaml create mode 100644 charts/velero/crds/downloadrequests.yaml create mode 100644 charts/velero/crds/podvolumebackups.yaml create mode 100644 charts/velero/crds/podvolumerestores.yaml create mode 100644 charts/velero/crds/resticrepositories.yaml create mode 100644 charts/velero/crds/restores.yaml create mode 100644 charts/velero/crds/schedules.yaml create mode 100644 charts/velero/crds/serverstatusrequests.yaml create mode 100644 charts/velero/crds/volumesnapshotlocations.yaml create mode 100644 charts/velero/templates/NOTES.txt create mode 100644 charts/velero/templates/_helpers.tpl create mode 100644 charts/velero/templates/backupstoragelocation.yaml create mode 100644 charts/velero/templates/cleanup-crds.yaml create mode 100644 charts/velero/templates/configmaps.yaml create mode 100644 charts/velero/templates/crds.yaml create mode 100644 charts/velero/templates/deployment.yaml create mode 100644 charts/velero/templates/rbac.yaml create mode 100644 charts/velero/templates/restic-daemonset.yaml create mode 100644 charts/velero/templates/schedule.yaml create mode 100644 charts/velero/templates/secret.yaml create mode 100644 charts/velero/templates/service.yaml create mode 100644 charts/velero/templates/serviceaccount-server.yaml create mode 100644 charts/velero/templates/servicemonitor.yaml create mode 100644 charts/velero/templates/volumesnapshotlocation.yaml create mode 100644 charts/velero/values.yaml diff --git a/charts/velero/.helmignore b/charts/velero/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/velero/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml new file mode 100644 index 00000000..3abfb567 --- /dev/null +++ b/charts/velero/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +appVersion: 1.2.0 +description: A Helm chart for velero +name: velero +version: 2.7.3 +home: https://github.com/vmware-tanzu/velero +icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png +sources: +- https://github.com/vmware-tanzu/velero +maintainers: + - name: domcar + email: d-caruso@hotmail.it + - name: hectorj2f + email: hfernandez@mesosphere.com + - name: nrb + email: brubakern@vmware.com + - name: carlisia + email: carlisiac@vmware.com + - name: ashish-amarnath + email: ashisham@vmware.com +tillerVersion: ">=2.10.0" diff --git a/charts/velero/OWNERS b/charts/velero/OWNERS new file mode 100644 index 00000000..0538bf73 --- /dev/null +++ b/charts/velero/OWNERS @@ -0,0 +1,10 @@ +approvers: +- hectorj2f +- nrb +- carlisia +- ashish-amarnath +reviewers: +- hectorj2f +- nrb +- carlisia +- ashish-amarnath diff --git a/charts/velero/README.md b/charts/velero/README.md new file mode 100644 index 00000000..cfa89a78 --- /dev/null +++ b/charts/velero/README.md @@ -0,0 +1,92 @@ +# Velero + +Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. + +Velero has two main components: a CLI, and a server-side Kubernetes deployment. + +## Installing the Velero CLI + +See the different options for installing the [Velero CLI](https://velero.io/docs/v1.2.0/install-overview/#install-the-cli). + +## Installing the Velero server + +This helm chart installs Velero version v1.2.0 https://github.com/vmware-tanzu/velero/tree/v1.2.0. See the [#Upgrading](#upgrading) section for information on how to upgrade from other versions. + +### Prerequisites + +#### Tiller cluster-admin permissions + +A service account and the role binding prerequisite must be added to Tiller when configuring Helm to install Velero: + +``` +kubectl create sa -n kube-system tiller +kubectl create clusterrolebinding tiller-cluster-admin --clusterrole cluster-admin --serviceaccount kube-system:tiller +helm init --service-account=tiller --wait --upgrade +``` + +#### Provider credentials + +When installing using the Helm chart, the provider's credential information will need to be appended into your values. The easiest way to do this is with the `--set-file` argument, available in Helm 2.10 and higher. See your cloud provider's documentation for the contents and creation of the `credentials-velero` file. + +### Installing + +The default configuration values for this chart are listed in values.yaml. + +See Velero's full [official documentation](https://velero.io/docs/v1.2.0/install-overview/). More specifically, find your provider in the Velero list of [supported providers](https://velero.io/docs/v1.2.0/supported-providers/) for specific configuration information and examples. + +#### Option 1) CLI commands + +Specify the necessary values using the --set key=value[,key=value] argument to helm install. For example, + +```bash +helm install --namespace \ +--set configuration.provider= \ +--set-file credentials.secretContents.cloud= \ +--set configuration.backupStorageLocation.name= \ +--set configuration.backupStorageLocation.bucket= \ +--set configuration.backupStorageLocation.config.region= \ +--set configuration.volumeSnapshotLocation.name= \ +--set configuration.volumeSnapshotLocation.config.region= \ +--set image.repository=velero/velero \ +--set image.tag=v1.2.0 \ +--set image.pullPolicy=IfNotPresent \ +--set initContainers[0].name=velero-plugin-for-aws \ +--set initContainers[0].image=velero/velero-plugin-for-aws:v1.0.0 \ +--set initContainers[0].volumeMounts[0].mountPath=/target \ +--set initContainers[0].volumeMounts[0].name=plugins \ +stable/velero +``` + +#### Option 2) YAML file + +Add/update the necessary values by changing the values.yaml from this repository, then running: + +```bash +helm install --namespace -f values.yaml stable/velero +``` + +#### Upgrade the configuration + +If a value needs to be added or changed, you may do so with the `upgrade` command. An example: + +```bash +helm upgrade --set initContainers.backupStorageLocation.name=aws,initContainers.volumeSnapshotLocation.name=aws stable/velero +``` + +## Upgrading + +### Upgrading to v1.2.0 + +The [instructions found here](https://velero.io/docs/v1.2.0/upgrade-to-1.2/) will assist you in upgrading from version v1.0.0 or v1.1.0 to v1.2.0. + +### Upgrading to v1.1.0 + +The [instructions found here](https://velero.io/docs/v1.1.0/upgrade-to-1.1/) will assist you in upgrading from version v1.0.0 to v1.1.0. + +## Uninstall Velero + +Note: when you uninstall the Velero server, all backups remain untouched. + +```bash +helm delete --purge +``` diff --git a/charts/velero/ci/test-values.yaml b/charts/velero/ci/test-values.yaml new file mode 100644 index 00000000..94743306 --- /dev/null +++ b/charts/velero/ci/test-values.yaml @@ -0,0 +1,10 @@ +# Set a service account so that the CRD clean up job has proper permissions to delete CRDs +serviceAccount: + server: + name: velero + +# Whether or not to clean up CustomResourceDefintions when deleting a release. +# Cleaning up CRDs will delete the BackupStorageLocation and VolumeSnapshotLocation instances, which would have to be reconfigured. +# Backup data in object storage will _not_ be deleted, however Backup instances in the Kubernetes API will. +# Always clean up CRDs in CI. +cleanUpCRDs: true diff --git a/charts/velero/crds/backups.yaml b/charts/velero/crds/backups.yaml new file mode 100644 index 00000000..b86af983 --- /dev/null +++ b/charts/velero/crds/backups.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.velero.io + labels: + app.kubernetes.io/name: velero + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: backups + kind: Backup diff --git a/charts/velero/crds/backupstoragelocations.yaml b/charts/velero/crds/backupstoragelocations.yaml new file mode 100644 index 00000000..ee98a0db --- /dev/null +++ b/charts/velero/crds/backupstoragelocations.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backupstoragelocations.velero.io + labels: + app.kubernetes.io/name: "velero" + + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: backupstoragelocations + kind: BackupStorageLocation diff --git a/charts/velero/crds/deletebackuprequests.yaml b/charts/velero/crds/deletebackuprequests.yaml new file mode 100644 index 00000000..228f7c13 --- /dev/null +++ b/charts/velero/crds/deletebackuprequests.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: deletebackuprequests.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: deletebackuprequests + kind: DeleteBackupRequest diff --git a/charts/velero/crds/downloadrequests.yaml b/charts/velero/crds/downloadrequests.yaml new file mode 100644 index 00000000..0b0f3b09 --- /dev/null +++ b/charts/velero/crds/downloadrequests.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: downloadrequests.velero.io + labels: + app.kubernetes.io/name: "velero" + + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: downloadrequests + kind: DownloadRequest diff --git a/charts/velero/crds/podvolumebackups.yaml b/charts/velero/crds/podvolumebackups.yaml new file mode 100644 index 00000000..fa2ee7e1 --- /dev/null +++ b/charts/velero/crds/podvolumebackups.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: podvolumebackups.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: podvolumebackups + kind: PodVolumeBackup diff --git a/charts/velero/crds/podvolumerestores.yaml b/charts/velero/crds/podvolumerestores.yaml new file mode 100644 index 00000000..33ae3ad9 --- /dev/null +++ b/charts/velero/crds/podvolumerestores.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: podvolumerestores.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: podvolumerestores + kind: PodVolumeRestore diff --git a/charts/velero/crds/resticrepositories.yaml b/charts/velero/crds/resticrepositories.yaml new file mode 100644 index 00000000..701ecb68 --- /dev/null +++ b/charts/velero/crds/resticrepositories.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resticrepositories.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: resticrepositories + kind: ResticRepository diff --git a/charts/velero/crds/restores.yaml b/charts/velero/crds/restores.yaml new file mode 100644 index 00000000..018f639c --- /dev/null +++ b/charts/velero/crds/restores.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.velero.io + labels: + app.kubernetes.io/name: velero + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: restores + kind: Restore diff --git a/charts/velero/crds/schedules.yaml b/charts/velero/crds/schedules.yaml new file mode 100644 index 00000000..fe5c0c70 --- /dev/null +++ b/charts/velero/crds/schedules.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: schedules.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: schedules + kind: Schedule diff --git a/charts/velero/crds/serverstatusrequests.yaml b/charts/velero/crds/serverstatusrequests.yaml new file mode 100644 index 00000000..923aab06 --- /dev/null +++ b/charts/velero/crds/serverstatusrequests.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: serverstatusrequests.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: serverstatusrequests + kind: ServerStatusRequest diff --git a/charts/velero/crds/volumesnapshotlocations.yaml b/charts/velero/crds/volumesnapshotlocations.yaml new file mode 100644 index 00000000..a9f42544 --- /dev/null +++ b/charts/velero/crds/volumesnapshotlocations.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotlocations.velero.io + labels: + app.kubernetes.io/name: "velero" + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: velero.io + version: v1 + scope: Namespaced + names: + plural: volumesnapshotlocations + kind: VolumeSnapshotLocation diff --git a/charts/velero/templates/NOTES.txt b/charts/velero/templates/NOTES.txt new file mode 100644 index 00000000..3a54516b --- /dev/null +++ b/charts/velero/templates/NOTES.txt @@ -0,0 +1,13 @@ +Check that the velero is up and running: + + kubectl get deployment/{{ include "velero.fullname" . }} -n {{ .Release.Namespace }} + +Check that the secret has been created: + + kubectl get secret/{{ include "velero.fullname" . }} -n {{ .Release.Namespace }} + +Once velero server is up and running you need the client before you can use it +1. wget https://github.com/vmware-tanzu/velero/releases/download/{{ .Values.image.tag }}/velero-{{ .Values.image.tag }}-darwin-amd64.tar.gz +2. tar -xvf velero-{{ .Values.image.tag }}-darwin-amd64.tar.gz -C velero-client + +More info on the official site: https://velero.io/docs diff --git a/charts/velero/templates/_helpers.tpl b/charts/velero/templates/_helpers.tpl new file mode 100644 index 00000000..6460a002 --- /dev/null +++ b/charts/velero/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "velero.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "velero.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "velero.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use for creating or deleting the velero server +*/}} +{{- define "velero.serverServiceAccount" -}} +{{- if .Values.serviceAccount.server.create -}} + {{ default (printf "%s-%s" (include "velero.fullname" .) "server") .Values.serviceAccount.server.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.server.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name for the credentials secret. +*/}} +{{- define "velero.secretName" -}} +{{- if .Values.credentials.existingSecret -}} + {{- .Values.credentials.existingSecret -}} +{{- else -}} + {{- include "velero.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create the Velero priority class name. +*/}} +{{- define "velero.priorityClassName" -}} +{{- if .Values.priorityClassName -}} + {{- .Values.priorityClassName -}} +{{- else -}} + {{- include "velero.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create the Restic priority class name. +*/}} +{{- define "velero.restic.priorityClassName" -}} +{{- if .Values.restic.priorityClassName -}} + {{- .Values.restic.priorityClassName -}} +{{- else -}} + {{- include "velero.fullname" . -}} +{{- end -}} +{{- end -}} diff --git a/charts/velero/templates/backupstoragelocation.yaml b/charts/velero/templates/backupstoragelocation.yaml new file mode 100644 index 00000000..7356730c --- /dev/null +++ b/charts/velero/templates/backupstoragelocation.yaml @@ -0,0 +1,46 @@ +apiVersion: velero.io/v1 +kind: BackupStorageLocation +metadata: + name: default + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: +{{- with .Values.configuration }} +{{- with .backupStorageLocation }} + provider: {{ .name }} + objectStorage: + bucket: {{ .bucket }} + {{- with .prefix }} + prefix: {{ . }} + {{- end }} +{{- with .config }} + config: + {{- with .region }} + region: {{ . }} + {{- end }} + {{- with .s3ForcePathStyle }} + s3ForcePathStyle: {{ . | quote }} + {{- end }} + {{- with .s3Url }} + s3Url: {{ . }} + {{- end }} + {{- with .kmsKeyId }} + kmsKeyId: {{ . }} + {{- end }} + {{- with .resourceGroup }} + resourceGroup: {{ . }} + {{- end }} + {{- with .storageAccount }} + storageAccount: {{ . }} + {{- end }} + {{- if .publicUrl }} + {{- with .publicUrl }} + publicUrl: {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/velero/templates/cleanup-crds.yaml b/charts/velero/templates/cleanup-crds.yaml new file mode 100644 index 00000000..df212f39 --- /dev/null +++ b/charts/velero/templates/cleanup-crds.yaml @@ -0,0 +1,39 @@ +# This job is meant primarily for cleaning up on CI systems. +# Using this on production systems, especially those that have multiple releases of Velero, will be destructive. +{{- if .Values.cleanUpCRDs }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "velero.fullname" . }}-cleanup + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": hook-succeeded + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: + template: + metadata: + name: velero-cleanup + spec: + serviceAccountName: {{ include "velero.serverServiceAccount" . }} + containers: + - name: kubectl + image: docker.io/bitnami/kubectl:1.14.1 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + kubectl delete restore --all; + kubectl delete backup --all; + kubectl delete backupstoragelocation --all; + kubectl delete volumesnapshotlocation --all; + kubectl delete podvolumerestore --all; + kubectl delete crd -l helm.sh/chart={{ include "velero.chart" . }} + restartPolicy: OnFailure +{{- end }} diff --git a/charts/velero/templates/configmaps.yaml b/charts/velero/templates/configmaps.yaml new file mode 100644 index 00000000..d090fb18 --- /dev/null +++ b/charts/velero/templates/configmaps.yaml @@ -0,0 +1,17 @@ +{{- range $configMapName, $configMap := .Values.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "velero.fullname" $ }}-{{ $configMapName }} + labels: + app.kubernetes.io/name: {{ include "velero.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + helm.sh/chart: {{ include "velero.chart" $ }} + {{- with $configMap.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- toYaml $configMap.data | nindent 2 }} +--- +{{- end }} diff --git a/charts/velero/templates/crds.yaml b/charts/velero/templates/crds.yaml new file mode 100644 index 00000000..24449d77 --- /dev/null +++ b/charts/velero/templates/crds.yaml @@ -0,0 +1,5 @@ +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} + diff --git a/charts/velero/templates/deployment.yaml b/charts/velero/templates/deployment.yaml new file mode 100644 index 00000000..2e56b28f --- /dev/null +++ b/charts/velero/templates/deployment.yaml @@ -0,0 +1,143 @@ +{{- if .Values.configuration.provider -}} +{{- $provider := .Values.configuration.provider -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "velero.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "velero.name" . }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + spec: + restartPolicy: Always + serviceAccountName: {{ include "velero.serverServiceAccount" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ include "velero.priorityClassName" . }} + {{- end }} + containers: + - name: velero + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.metrics.enabled }} + ports: + - name: monitoring + containerPort: 8085 + {{- end }} + command: + - /velero + args: + - server + {{- with .Values.configuration }} + {{- with .backupSyncPeriod }} + - --backup-sync-period={{ . }} + {{- end }} + {{- with .resticTimeout }} + - --restic-timeout={{ . }} + {{- end }} + {{- if .restoreOnlyMode }} + - --restore-only + {{- end }} + {{- with .restoreResourcePriorities }} + - --restore-resource-priorities={{ . }} + {{- end }} + {{- with .logLevel }} + - --log-level={{ . }} + {{- end }} + {{- with .logFormat }} + - --log-format={{ . }} + {{- end }} + {{- end }} + {{- if eq $provider "azure" }} + envFrom: + - secretRef: + name: {{ include "velero.secretName" . }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: plugins + mountPath: /plugins + {{- if .Values.credentials.useSecret }} + - name: cloud-credentials + mountPath: /credentials + - name: scratch + mountPath: /scratch + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (or (eq $provider "gcp") (eq $provider "azure"))) }} + {{- if eq $provider "aws" }} + - name: AWS_SHARED_CREDENTIALS_FILE + {{- else if eq $provider "gcp"}} + - name: GOOGLE_APPLICATION_CREDENTIALS + {{- else }} + - name: AZURE_CREDENTIALS_FILE + {{- end }} + value: /credentials/cloud + {{- end }} + {{- with .Values.configuration.extraEnvVars }} + {{- range $key, $value := . }} + - name: {{ default "none" $key }} + value: {{ default "none" $value }} + {{- end }} + {{- end }} +{{- if .Values.initContainers }} + initContainers: + {{- toYaml .Values.initContainers | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.credentials.useSecret }} + - name: cloud-credentials + secret: + secretName: {{ include "velero.secretName" . }} + {{- end }} + - name: plugins + emptyDir: {} + - name: scratch + emptyDir: {} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end -}} diff --git a/charts/velero/templates/rbac.yaml b/charts/velero/templates/rbac.yaml new file mode 100644 index 00000000..c2862577 --- /dev/null +++ b/charts/velero/templates/rbac.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "velero.fullname" . }}-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ include "velero.serverServiceAccount" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/velero/templates/restic-daemonset.yaml b/charts/velero/templates/restic-daemonset.yaml new file mode 100644 index 00000000..4ba41e57 --- /dev/null +++ b/charts/velero/templates/restic-daemonset.yaml @@ -0,0 +1,112 @@ +{{- if .Values.deployRestic }} +{{- $provider := .Values.configuration.provider -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: restic + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: + selector: + matchLabels: + name: restic + template: + metadata: + labels: + name: restic + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.serviceAccount.server.create }} + serviceAccountName: {{ include "velero.serverServiceAccount" . }} + {{- end }} + securityContext: + runAsUser: 0 + {{- if .Values.restic.priorityClassName }} + priorityClassName: {{ include "velero.restic.priorityClassName" . }} + {{- end }} + volumes: + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }} + - name: cloud-credentials + secret: + secretName: {{ include "velero.secretName" . }} + {{- end }} + - name: host-pods + hostPath: + path: {{ .Values.restic.podVolumePath }} + - name: scratch + emptyDir: {} + {{- if .Values.restic.extraVolumes }} + {{- toYaml .Values.restic.extraVolumes | nindent 8 }} + {{- end }} + containers: + - name: velero + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /velero + args: + - restic + - server + volumeMounts: + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }} + - name: cloud-credentials + mountPath: /credentials + {{- end }} + - name: host-pods + mountPath: /host_pods + mountPropagation: HostToContainer + - name: scratch + mountPath: /scratch + {{- if .Values.restic.extraVolumeMounts }} + {{- toYaml .Values.restic.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if and .Values.credentials.useSecret (eq $provider "azure") }} + envFrom: + - secretRef: + name: {{ include "velero.secretName" . }} + {{- end }} + env: + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VELERO_SCRATCH_DIR + value: /scratch + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }} + {{- if eq $provider "aws" }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + {{- else }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /credentials/cloud + {{- end }} + {{- end }} + {{- if eq $provider "minio" }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + {{- end }} + securityContext: + privileged: {{ .Values.restic.privileged }} + {{- with .Values.restic.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.restic.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/velero/templates/schedule.yaml b/charts/velero/templates/schedule.yaml new file mode 100644 index 00000000..fe784069 --- /dev/null +++ b/charts/velero/templates/schedule.yaml @@ -0,0 +1,18 @@ +{{- range $scheduleName, $schedule := .Values.schedules }} +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: {{ include "velero.fullname" $ }}-{{ $scheduleName }} + labels: + app.kubernetes.io/name: {{ include "velero.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + helm.sh/chart: {{ include "velero.chart" $ }} +spec: + schedule: {{ $schedule.schedule | quote }} +{{- with $schedule.template }} + template: + {{- toYaml . | nindent 4 }} +{{- end }} +--- +{{- end }} diff --git a/charts/velero/templates/secret.yaml b/charts/velero/templates/secret.yaml new file mode 100644 index 00000000..b03ef6bd --- /dev/null +++ b/charts/velero/templates/secret.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "velero.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +type: Opaque +data: +{{- range $key, $value := .Values.credentials.secretContents }} + {{ $key }}: {{ $value | b64enc | quote }} +{{- end }} +{{- end -}} diff --git a/charts/velero/templates/service.yaml b/charts/velero/templates/service.yaml new file mode 100644 index 00000000..6f38862d --- /dev/null +++ b/charts/velero/templates/service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "velero.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: + type: ClusterIP + ports: + - name: monitoring + port: 8085 + targetPort: monitoring + selector: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/velero/templates/serviceaccount-server.yaml b/charts/velero/templates/serviceaccount-server.yaml new file mode 100644 index 00000000..74c8632f --- /dev/null +++ b/charts/velero/templates/serviceaccount-server.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.server.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "velero.serverServiceAccount" . }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +{{- end }} diff --git a/charts/velero/templates/servicemonitor.yaml b/charts/velero/templates/servicemonitor.yaml new file mode 100644 index 00000000..8833088d --- /dev/null +++ b/charts/velero/templates/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "velero.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: monitoring + interval: {{ .Values.metrics.scrapeInterval }} +{{- end }} diff --git a/charts/velero/templates/volumesnapshotlocation.yaml b/charts/velero/templates/volumesnapshotlocation.yaml new file mode 100644 index 00000000..f10a2268 --- /dev/null +++ b/charts/velero/templates/volumesnapshotlocation.yaml @@ -0,0 +1,35 @@ +{{- if .Values.snapshotsEnabled }} +apiVersion: velero.io/v1 +kind: VolumeSnapshotLocation +metadata: + name: default + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +spec: +{{- with .Values.configuration }} +{{- with .volumeSnapshotLocation }} + provider: {{ .name }} +{{ with .config }} + config: + {{- with .region }} + region: {{ . }} + {{- end }} + {{- with .apitimeout }} + apiTimeout: {{ . }} + {{- end }} + {{- with .resourceGroup }} + resourceGroup: {{ . }} + {{- end }} + {{- with .snapshotLocation }} + snapshotLocation: {{ . }} + {{- end}} + {{- with .project }} + project: {{ . }} + {{- end}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml new file mode 100644 index 00000000..73456306 --- /dev/null +++ b/charts/velero/values.yaml @@ -0,0 +1,211 @@ +## +## Configuration settings that directly affect the Velero deployment YAML. +## + +# Details of the container image to use in the Velero deployment & daemonset (if +# enabling restic). Required. +image: + repository: velero/velero + tag: v1.2.0 + pullPolicy: IfNotPresent + +# Annotations to add to the Velero deployment's pod template. Optional. +# +# If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID +# and VELERO_ROLE_NAME filled in: +# iam.amazonaws.com/role: arn:aws:iam:::role/ +podAnnotations: {} + +# Resource requests/limits to specify for the Velero deployment. Optional. +resources: {} + +# Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required. +initContainers: [] + # - name: velero-plugin-for-aws + # image: velero/velero-plugin-for-aws:v1.0.0 + # imagePullPolicy: IfNotPresent + # volumeMounts: + # - mountPath: /target + # name: plugins + +# Tolerations to use for the Velero deployment. Optional. +tolerations: [] + +# Node selector to use for the Velero deployment. Optional. +nodeSelector: {} + +# Extra volumes for the Velero deployment. Optional. +extraVolumes: [] + +# Extra volumeMounts for the Velero deployment. Optional. +extraVolumeMounts: [] + +# Settings for Velero's prometheus metrics. Enabled by default. +metrics: + enabled: true + scrapeInterval: 30s + + # Pod annotations for Prometheus + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8085" + prometheus.io/path: "/metrics" + + serviceMonitor: + enabled: false + additionalLabels: {} + +## +## End of deployment-related settings. +## + + +## +## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation, +## and additional server settings. +## +configuration: + # Cloud provider being used (e.g. aws, azure, gcp). + provider: + + # Parameters for the `default` BackupStorageLocation. See + # https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/ + backupStorageLocation: + # Cloud provider where backups should be stored. Usually should + # match `configuration.provider`. Required. + name: + # Bucket to store backups in. Required. + bucket: + # Prefix within bucket under which to store backups. Optional. + prefix: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # s3ForcePathStyle: + # s3Url: + # kmsKeyId: + # resourceGroup: + # storageAccount: + # publicUrl: + + # Parameters for the `default` VolumeSnapshotLocation. See + # https://velero.io/docs/v1.0.0/api-types/volumesnapshotlocation/ + volumeSnapshotLocation: + # Cloud provider where volume snapshots are being taken. Usually + # should match `configuration.provider`. Required., + name: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # apitimeout: + # resourceGroup: + # snapshotLocation: + # project: + + # These are server-level settings passed as CLI flags to the `velero server` command. Velero + # uses default values if they're not passed in, so they only need to be explicitly specified + # here if using a non-default value. The `velero server` default values are shown in the + # comments below. + # -------------------- + # `velero server` default: 1m + backupSyncPeriod: + # `velero server` default: 1h + resticTimeout: + # `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods + restoreResourcePriorities: + # `velero server` default: false + restoreOnlyMode: + + # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" + extraEnvVars: {} + + # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic. + logLevel: + + # Set log-format for Velero pod. Default: text. Other option: json. + logFormat: + +## +## End of backup/snapshot location settings. +## + + +## +## Settings for additional Velero resources. +## + +# Whether to create the Velero cluster role binding. +rbac: + create: true + +# Information about the Kubernetes service account Velero uses. +serviceAccount: + server: + create: true + name: + +# Info about the secret to be used by the Velero deployment, which +# should contain credentials for the cloud provider IAM account you've +# set up for Velero. +credentials: + # Whether a secret should be used as the source of IAM account + # credentials. Set to false if, for example, using kube2iam or + # kiam to provide IAM credentials for the Velero pod. + useSecret: true + # Name of a pre-existing secret (if any) in the Velero namespace + # that should be used to get IAM account credentials. Optional. + existingSecret: + # Data to be stored in the Velero secret, if `useSecret` is + # true and `existingSecret` is empty. This should be the contents + # of your IAM credentials file. + secretContents: {} + +# Wheter to create volumesnapshotlocation crd, if false => disable snapshot feature +snapshotsEnabled: true + +# Whether to deploy the restic daemonset. +deployRestic: false + +restic: + podVolumePath: /var/lib/kubelet/pods + privileged: false + # Pod priority class name to use for the Restic daemonset. Optional. + priorityClassName: {} + # Resource requests/limits to specify for the Restic daemonset deployment. Optional. + resources: {} + # Tolerations to use for the Restic daemonset. Optional. + tolerations: [] + + # Extra volumes for the Restic daemonset. Optional. + extraVolumes: [] + + # Extra volumeMounts for the Restic daemonset. Optional. + extraVolumeMounts: [] + +# Backup schedules to create. +# Eg: +# schedules: +# mybackup: +# schedule: "0 0 * * *" +# template: +# ttl: "240h" +# includedNamespaces: +# - foo +schedules: {} + +# Velero ConfigMaps. +# Eg: +# configMaps: +# restic-restore-action-config: +# labels: +# velero.io/plugin-config: "" +# velero.io/restic: RestoreItemAction +# data: +# image: gcr.io/heptio-images/velero-restic-restore-help +configMaps: {} + +## +## End of additional Velero resource settings. +##