mirror of https://git.rancher.io/charts
Merge pull request #1626 from jiaqiluo/bump-rancher-backup-26
commit
ad8321e289
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,11 @@
|
||||||
|
annotations:
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/hidden: "true"
|
||||||
|
catalog.cattle.io/namespace: cattle-resources-system
|
||||||
|
catalog.cattle.io/release-name: rancher-backup-crd
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.1.0-rc1
|
||||||
|
description: Installs the CRDs for rancher-backup.
|
||||||
|
name: rancher-backup-crd
|
||||||
|
type: application
|
||||||
|
version: 2.1.0+up2.1.0-rc1
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Rancher Backup CRD
|
||||||
|
|
||||||
|
A Rancher chart that installs the CRDs used by `rancher-backup`.
|
|
@ -0,0 +1,141 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: backups.resources.cattle.io
|
||||||
|
spec:
|
||||||
|
group: resources.cattle.io
|
||||||
|
names:
|
||||||
|
kind: Backup
|
||||||
|
plural: backups
|
||||||
|
singular: backup
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.storageLocation
|
||||||
|
name: Location
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.backupType
|
||||||
|
name: Type
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.filename
|
||||||
|
name: Latest-Backup
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.resourceSetName
|
||||||
|
name: ResourceSet
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
name: v1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
properties:
|
||||||
|
encryptionConfigSecretName:
|
||||||
|
description: Name of the Secret containing the encryption config
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
resourceSetName:
|
||||||
|
description: Name of the ResourceSet CR to use for backup
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
retentionCount:
|
||||||
|
minimum: 1
|
||||||
|
type: integer
|
||||||
|
schedule:
|
||||||
|
description: Cron schedule for recurring backups
|
||||||
|
example:
|
||||||
|
Descriptors: '@midnight'
|
||||||
|
Standard crontab specs: 0 0 * * *
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
storageLocation:
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
s3:
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
bucketName:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
credentialSecretName:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
credentialSecretNamespace:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
endpoint:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
endpointCA:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
folder:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
insecureTLSSkipVerify:
|
||||||
|
type: boolean
|
||||||
|
region:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- resourceSetName
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
properties:
|
||||||
|
backupType:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
conditions:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
filename:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
lastSnapshotTs:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nextSnapshotAt:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
observedGeneration:
|
||||||
|
type: integer
|
||||||
|
storageLocation:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
summary:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
|
@ -0,0 +1,115 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: resourcesets.resources.cattle.io
|
||||||
|
spec:
|
||||||
|
group: resources.cattle.io
|
||||||
|
names:
|
||||||
|
kind: ResourceSet
|
||||||
|
plural: resourcesets
|
||||||
|
singular: resourceset
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
controllerReferences:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
replicas:
|
||||||
|
type: integer
|
||||||
|
resource:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
resourceSelectors:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
excludeKinds:
|
||||||
|
items:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
kinds:
|
||||||
|
items:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
kindsRegexp:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
labelSelectors:
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
items:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
namespaceRegexp:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
namespaces:
|
||||||
|
items:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
resourceNameRegexp:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
resourceNames:
|
||||||
|
items:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
nullable: true
|
||||||
|
required:
|
||||||
|
- apiVersion
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- resourceSelectors
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
|
@ -0,0 +1,122 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: restores.resources.cattle.io
|
||||||
|
spec:
|
||||||
|
group: resources.cattle.io
|
||||||
|
names:
|
||||||
|
kind: Restore
|
||||||
|
plural: restores
|
||||||
|
singular: restore
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.backupSource
|
||||||
|
name: Backup-Source
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.backupFilename
|
||||||
|
name: Backup-File
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
name: v1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
properties:
|
||||||
|
backupFilename:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
deleteTimeoutSeconds:
|
||||||
|
maximum: 10
|
||||||
|
type: integer
|
||||||
|
encryptionConfigSecretName:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
ignoreErrors:
|
||||||
|
type: boolean
|
||||||
|
prune:
|
||||||
|
nullable: true
|
||||||
|
type: boolean
|
||||||
|
storageLocation:
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
s3:
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
bucketName:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
credentialSecretName:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
credentialSecretNamespace:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
endpoint:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
endpointCA:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
folder:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
insecureTLSSkipVerify:
|
||||||
|
type: boolean
|
||||||
|
region:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- backupFilename
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
properties:
|
||||||
|
backupSource:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
conditions:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
observedGeneration:
|
||||||
|
type: integer
|
||||||
|
restoreCompletionTs:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
summary:
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
|
@ -0,0 +1,22 @@
|
||||||
|
annotations:
|
||||||
|
catalog.cattle.io/auto-install: rancher-backup-crd=match
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/display-name: Rancher Backups
|
||||||
|
catalog.cattle.io/namespace: cattle-resources-system
|
||||||
|
catalog.cattle.io/os: linux
|
||||||
|
catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
|
||||||
|
catalog.cattle.io/rancher-version: '>=2.6.0-0'
|
||||||
|
catalog.cattle.io/release-name: rancher-backup
|
||||||
|
catalog.cattle.io/scope: management
|
||||||
|
catalog.cattle.io/type: cluster-tool
|
||||||
|
catalog.cattle.io/ui-component: rancher-backup
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.1.0-rc1
|
||||||
|
description: Provides ability to back up and restore the Rancher application running
|
||||||
|
on any Kubernetes cluster
|
||||||
|
icon: https://charts.rancher.io/assets/logos/backup-restore.svg
|
||||||
|
keywords:
|
||||||
|
- applications
|
||||||
|
- infrastructure
|
||||||
|
name: rancher-backup
|
||||||
|
version: 2.1.0+up2.1.0-rc1
|
|
@ -0,0 +1,70 @@
|
||||||
|
# Rancher Backup
|
||||||
|
|
||||||
|
This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster.
|
||||||
|
|
||||||
|
Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details.
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
### Get Repo Info
|
||||||
|
```bash
|
||||||
|
helm repo add rancher-chart https://charts.rancher.io
|
||||||
|
helm repo update
|
||||||
|
```
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
### Install Chart
|
||||||
|
```bash
|
||||||
|
helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace
|
||||||
|
helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system
|
||||||
|
```
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
### Configuration
|
||||||
|
The following table lists the configurable parameters of the rancher-backup chart and their default values:
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
|----------|---------------|-------|
|
||||||
|
| image.repository | Container image repository | rancher/backup-restore-operator |
|
||||||
|
| image.tag | Container image tag | v0.1.0-rc1 |
|
||||||
|
| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false |
|
||||||
|
| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" |
|
||||||
|
| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" |
|
||||||
|
| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" |
|
||||||
|
| s3.bucketName | Name of the Bucket | "" |
|
||||||
|
| s3.folder | Base folder within the Bucket (optional) | "" |
|
||||||
|
| s3.endpoint | Endpoint for the S3 storage provider | "" |
|
||||||
|
| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" |
|
||||||
|
| s3.insecureTLSSkipVerify | Skip SSL verification | false |
|
||||||
|
| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false |
|
||||||
|
| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" |
|
||||||
|
| persistence.volumeName | Persistent Volume to use for storing backups | "" |
|
||||||
|
| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" |
|
||||||
|
| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} |
|
||||||
|
| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] |
|
||||||
|
| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} |
|
||||||
|
| serviceAccount.annotations | Annotations to apply to created service account | {} |
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
### CRDs
|
||||||
|
|
||||||
|
Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs.
|
||||||
|
|
||||||
|
-----
|
||||||
|
### Upgrading Chart
|
||||||
|
```bash
|
||||||
|
helm upgrade rancher-backup-crd -n cattle-resources-system
|
||||||
|
helm upgrade rancher-backup -n cattle-resources-system
|
||||||
|
```
|
||||||
|
|
||||||
|
-----
|
||||||
|
### Uninstall Chart
|
||||||
|
|
||||||
|
```bash
|
||||||
|
helm uninstall rancher-backup -n cattle-resources-system
|
||||||
|
helm uninstall rancher-backup-crd -n cattle-resources-system
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Rancher Backup
|
||||||
|
|
||||||
|
This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster.
|
||||||
|
|
||||||
|
For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/).
|
||||||
|
|
||||||
|
This chart installs the following components:
|
||||||
|
|
||||||
|
- [backup-restore-operator](https://github.com/rancher/backup-restore-operator)
|
||||||
|
- The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location.
|
||||||
|
- The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store.
|
||||||
|
- It preserves the ownerReferences on all resources, hence maintaining dependencies between objects.
|
||||||
|
- This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
|
||||||
|
- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals.
|
||||||
|
- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to.
|
|
@ -0,0 +1,25 @@
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "aks.cattle.io$"
|
||||||
|
- apiVersion: "aks.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^deployments$"
|
||||||
|
namespaces:
|
||||||
|
- "cattle-system"
|
||||||
|
resourceNames:
|
||||||
|
- "aks-config-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNames:
|
||||||
|
- "aks-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNames:
|
||||||
|
- "aks-operator"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^serviceaccounts$"
|
||||||
|
namespaces:
|
||||||
|
- "cattle-system"
|
||||||
|
resourceNames:
|
||||||
|
- "aks-operator"
|
|
@ -0,0 +1,17 @@
|
||||||
|
- apiVersion: "eks.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^deployments$"
|
||||||
|
resourceNames:
|
||||||
|
- "eks-config-operator"
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "eks.cattle.io$"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNames:
|
||||||
|
- "eks-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNames:
|
||||||
|
- "eks-operator"
|
|
@ -0,0 +1,49 @@
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^namespaces$"
|
||||||
|
resourceNameRegexp: "^fleet-|^cluster-fleet-"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^secrets$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
labelSelectors:
|
||||||
|
matchExpressions:
|
||||||
|
- key: "owner"
|
||||||
|
operator: "NotIn"
|
||||||
|
values: ["helm"]
|
||||||
|
- key: "fleet.cattle.io/managed"
|
||||||
|
operator: "In"
|
||||||
|
values: ["true"]
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^serviceaccounts$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^configmaps$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^roles$|^rolebindings$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNameRegexp: "^fleet-|^gitjob-"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNameRegexp: "^fleet-"
|
||||||
|
resourceNames:
|
||||||
|
- "gitjob"
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$"
|
||||||
|
- apiVersion: "fleet.cattle.io/v1alpha1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "gitjob.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^deployments$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
resourceNameRegexp: "^fleet-"
|
||||||
|
resourceNames:
|
||||||
|
- "gitjob"
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^services$"
|
||||||
|
namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
|
||||||
|
resourceNames:
|
||||||
|
- "gitjob"
|
|
@ -0,0 +1,17 @@
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "gke.cattle.io$"
|
||||||
|
- apiVersion: "gke.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^deployments$"
|
||||||
|
resourceNames:
|
||||||
|
- "gke-config-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNames:
|
||||||
|
- "gke-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNames:
|
||||||
|
- "gke-operator"
|
|
@ -0,0 +1,18 @@
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "provisioning.cattle.io$|rke-machine-config.cattle.io$|rke-machine.cattle.io$|rke.cattle.io$|cluster.x-k8s.io$"
|
||||||
|
- apiVersion: "provisioning.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "rke-machine-config.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "rke-machine.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "rke.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "cluster.x-k8s.io/v1alpha4"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^secrets$"
|
||||||
|
resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$"
|
||||||
|
namespaces:
|
||||||
|
- "fleet-default"
|
|
@ -0,0 +1,27 @@
|
||||||
|
- apiVersion: "rancher.cattle.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
kindsRegexp: "^deployments$"
|
||||||
|
resourceNames:
|
||||||
|
- "rancher-operator"
|
||||||
|
namespaces:
|
||||||
|
- "rancher-operator-system"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^serviceaccounts$"
|
||||||
|
namespaces:
|
||||||
|
- "rancher-operator-system"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNames:
|
||||||
|
- "rancher-operator"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNames:
|
||||||
|
- "rancher-operator"
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "rancher.cattle.io$"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^namespaces$"
|
||||||
|
resourceNames:
|
||||||
|
- "rancher-operator-system"
|
|
@ -0,0 +1,49 @@
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^namespaces$"
|
||||||
|
resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-"
|
||||||
|
resourceNames:
|
||||||
|
- "local"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^secrets$"
|
||||||
|
namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
|
||||||
|
labelSelectors:
|
||||||
|
matchExpressions:
|
||||||
|
- key: "owner"
|
||||||
|
operator: "NotIn"
|
||||||
|
values: ["helm"]
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^serviceaccounts$"
|
||||||
|
namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
|
||||||
|
- apiVersion: "v1"
|
||||||
|
kindsRegexp: "^configmaps$"
|
||||||
|
namespaces:
|
||||||
|
- "cattle-system"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^roles$|^rolebindings$"
|
||||||
|
namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterrolebindings$"
|
||||||
|
resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-|^crb-"
|
||||||
|
- apiVersion: "rbac.authorization.k8s.io/v1"
|
||||||
|
kindsRegexp: "^clusterroles$"
|
||||||
|
resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$"
|
||||||
|
- apiVersion: "apiextensions.k8s.io/v1"
|
||||||
|
kindsRegexp: "."
|
||||||
|
resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$"
|
||||||
|
- apiVersion: "management.cattle.io/v3"
|
||||||
|
kindsRegexp: "."
|
||||||
|
excludeKinds:
|
||||||
|
- "tokens"
|
||||||
|
- apiVersion: "management.cattle.io/v3"
|
||||||
|
kindsRegexp: "^tokens$"
|
||||||
|
labelSelectors:
|
||||||
|
matchExpressions:
|
||||||
|
- key: "authn.management.cattle.io/kind"
|
||||||
|
operator: "NotIn"
|
||||||
|
values: [ "provisioning" ]
|
||||||
|
- apiVersion: "project.cattle.io/v3"
|
||||||
|
kindsRegexp: "."
|
||||||
|
- apiVersion: "catalog.cattle.io/v1"
|
||||||
|
kindsRegexp: "^clusterrepos$"
|
||||||
|
- apiVersion: "resources.cattle.io/v1"
|
||||||
|
kindsRegexp: "^ResourceSet$"
|
|
@ -0,0 +1,83 @@
|
||||||
|
{{- define "system_default_registry" -}}
|
||||||
|
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||||
|
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- "" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Windows cluster will add default taint for linux nodes,
|
||||||
|
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||||
|
*/}}
|
||||||
|
{{- define "linux-node-tolerations" -}}
|
||||||
|
- key: "cattle.io/os"
|
||||||
|
value: "linux"
|
||||||
|
effect: "NoSchedule"
|
||||||
|
operator: "Equal"
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "linux-node-selector" -}}
|
||||||
|
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
|
{{- else -}}
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.fullname" -}}
|
||||||
|
{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "backupRestore.chart" . }}
|
||||||
|
{{ include "backupRestore.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "backupRestore.fullname" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
resources.cattle.io/operator: backup-restore
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.serviceAccountName" -}}
|
||||||
|
{{ include "backupRestore.fullname" . }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{- define "backupRestore.s3SecretName" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create PVC name using release and revision number.
|
||||||
|
*/}}
|
||||||
|
{{- define "backupRestore.pvcName" -}}
|
||||||
|
{{- printf "%s-%d" .Release.Name .Release.Revision }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "backupRestore.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: cluster-admin
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,62 @@
|
||||||
|
{{- if and .Values.s3.enabled .Values.persistence.enabled }}
|
||||||
|
{{- fail "\n\nCannot configure both s3 and PV for storing backups" }}
|
||||||
|
{{- end }}
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "backupRestore.selectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.selectorLabels" . | nindent 8 }}
|
||||||
|
annotations:
|
||||||
|
checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }}
|
||||||
|
checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ include "backupRestore.serviceAccountName" . }}
|
||||||
|
{{- if .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ .Values.priorityClassName }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: CHART_NAMESPACE
|
||||||
|
value: {{ .Release.Namespace }}
|
||||||
|
{{- if .Values.s3.enabled }}
|
||||||
|
- name: DEFAULT_S3_BACKUP_STORAGE_LOCATION
|
||||||
|
value: {{ include "backupRestore.s3SecretName" . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
- name: DEFAULT_PERSISTENCE_ENABLED
|
||||||
|
value: "persistence-enabled"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: "/var/lib/backups"
|
||||||
|
name: pv-storage
|
||||||
|
volumes:
|
||||||
|
- name: pv-storage
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ include "backupRestore.pvcName" . }}
|
||||||
|
{{- end }}
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
tolerations:
|
||||||
|
{{- include "linux-node-tolerations" . | nindent 8}}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,114 @@
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install, post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||||
|
spec:
|
||||||
|
backoffLimit: 1
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
restartPolicy: Never
|
||||||
|
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||||
|
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
image: {{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install, post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install, post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["serviceaccounts"]
|
||||||
|
verbs: ["get", "patch"]
|
||||||
|
- apiGroups: ["policy"]
|
||||||
|
resources: ["podsecuritypolicies"]
|
||||||
|
verbs: ["use"]
|
||||||
|
resourceNames:
|
||||||
|
- {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install, post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
---
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-patch-sa
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install, post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
hostNetwork: false
|
||||||
|
hostIPC: false
|
||||||
|
hostPID: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'MustRunAsNonRoot'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
volumes:
|
||||||
|
- 'secret'
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-default-allow-all
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
podSelector: {}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
|
@ -0,0 +1,29 @@
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.fullname" . }}-psp
|
||||||
|
labels: {{ include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
hostNetwork: false
|
||||||
|
hostIPC: false
|
||||||
|
hostPID: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'MustRunAsNonRoot'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
volumes:
|
||||||
|
- 'persistentVolumeClaim'
|
||||||
|
- 'secret'
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{- if and .Values.persistence.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.pvcName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
{{- with .Values.persistence }}
|
||||||
|
requests:
|
||||||
|
storage: {{ .size | quote }}
|
||||||
|
{{- if .storageClass }}
|
||||||
|
{{- if (eq "-" .storageClass) }}
|
||||||
|
storageClassName: ""
|
||||||
|
{{- else }}
|
||||||
|
storageClassName: {{ .storageClass | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .volumeName }}
|
||||||
|
volumeName: {{ .volumeName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: resources.cattle.io/v1
|
||||||
|
kind: ResourceSet
|
||||||
|
metadata:
|
||||||
|
name: rancher-resource-set
|
||||||
|
controllerReferences:
|
||||||
|
- apiVersion: "apps/v1"
|
||||||
|
resource: "deployments"
|
||||||
|
name: "rancher"
|
||||||
|
namespace: "cattle-system"
|
||||||
|
resourceSelectors:
|
||||||
|
{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}}
|
||||||
|
{{- $.Files.Get $path | nindent 2 -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{{- if .Values.s3.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.s3SecretName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
{{- with .Values.s3 }}
|
||||||
|
{{- if .credentialSecretName }}
|
||||||
|
credentialSecretName: {{ .credentialSecretName }}
|
||||||
|
credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .region }}
|
||||||
|
region: {{ .region | quote }}
|
||||||
|
{{- end }}
|
||||||
|
bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName | quote }}
|
||||||
|
{{- if .folder }}
|
||||||
|
folder: {{ .folder | quote }}
|
||||||
|
{{- end }}
|
||||||
|
endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint | quote }}
|
||||||
|
{{- if .endpointCA }}
|
||||||
|
endpointCA: {{ .endpointCA }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .insecureTLSSkipVerify }}
|
||||||
|
insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "backupRestore.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "backupRestore.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
|
||||||
|
# {{- $found := dict -}}
|
||||||
|
# {{- set $found "resources.cattle.io/v1/Backup" false -}}
|
||||||
|
# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}}
|
||||||
|
# {{- set $found "resources.cattle.io/v1/Restore" false -}}
|
||||||
|
# {{- range .Capabilities.APIVersions -}}
|
||||||
|
# {{- if hasKey $found (toString .) -}}
|
||||||
|
# {{- set $found (toString .) true -}}
|
||||||
|
# {{- end -}}
|
||||||
|
# {{- end -}}
|
||||||
|
# {{- range $_, $exists := $found -}}
|
||||||
|
# {{- if (eq $exists false) -}}
|
||||||
|
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
|
||||||
|
# {{- end -}}
|
||||||
|
# {{- end -}}
|
||||||
|
#{{- end -}}
|
|
@ -0,0 +1,57 @@
|
||||||
|
image:
|
||||||
|
repository: rancher/backup-restore-operator
|
||||||
|
tag: v2.1.0-rc1
|
||||||
|
|
||||||
|
## Default s3 bucket for storing all backup files created by the backup-restore-operator
|
||||||
|
s3:
|
||||||
|
enabled: false
|
||||||
|
## credentialSecretName if set, should be the name of the Secret containing AWS credentials.
|
||||||
|
## To use IAM Role, don't set this field
|
||||||
|
credentialSecretName: ""
|
||||||
|
credentialSecretNamespace: ""
|
||||||
|
region: ""
|
||||||
|
bucketName: ""
|
||||||
|
folder: ""
|
||||||
|
endpoint: ""
|
||||||
|
endpointCA: ""
|
||||||
|
insecureTLSSkipVerify: false
|
||||||
|
|
||||||
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||||
|
## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups
|
||||||
|
persistence:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## If defined, storageClassName: <storageClass>
|
||||||
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||||
|
## If undefined (the default) or set to null, no storageClassName spec is
|
||||||
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||||
|
## GKE, AWS & OpenStack).
|
||||||
|
## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
|
||||||
|
##
|
||||||
|
storageClass: "-"
|
||||||
|
|
||||||
|
## If you want to disable dynamic provisioning by setting storageClass to "-" above,
|
||||||
|
## and want to target a particular PV, provide name of the target volume
|
||||||
|
volumeName: ""
|
||||||
|
|
||||||
|
## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/
|
||||||
|
size: 2Gi
|
||||||
|
|
||||||
|
|
||||||
|
global:
|
||||||
|
cattle:
|
||||||
|
systemDefaultRegistry: ""
|
||||||
|
kubectl:
|
||||||
|
repository: rancher/kubectl
|
||||||
|
tag: v1.20.2
|
||||||
|
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
priorityClassName: ""
|
41
index.yaml
41
index.yaml
|
@ -1167,6 +1167,32 @@ entries:
|
||||||
- assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz
|
- assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz
|
||||||
version: 1.0.100
|
version: 1.0.100
|
||||||
rancher-backup:
|
rancher-backup:
|
||||||
|
- annotations:
|
||||||
|
catalog.cattle.io/auto-install: rancher-backup-crd=match
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/display-name: Rancher Backups
|
||||||
|
catalog.cattle.io/namespace: cattle-resources-system
|
||||||
|
catalog.cattle.io/os: linux
|
||||||
|
catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
|
||||||
|
catalog.cattle.io/rancher-version: '>=2.6.0-0'
|
||||||
|
catalog.cattle.io/release-name: rancher-backup
|
||||||
|
catalog.cattle.io/scope: management
|
||||||
|
catalog.cattle.io/type: cluster-tool
|
||||||
|
catalog.cattle.io/ui-component: rancher-backup
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.1.0-rc1
|
||||||
|
created: "2021-11-18T18:03:05.581129-07:00"
|
||||||
|
description: Provides ability to back up and restore the Rancher application running
|
||||||
|
on any Kubernetes cluster
|
||||||
|
digest: f04d19274a137d394feda669d2dc5a9ac25c758680032dca2ded50602adc664b
|
||||||
|
icon: https://charts.rancher.io/assets/logos/backup-restore.svg
|
||||||
|
keywords:
|
||||||
|
- applications
|
||||||
|
- infrastructure
|
||||||
|
name: rancher-backup
|
||||||
|
urls:
|
||||||
|
- assets/rancher-backup/rancher-backup-2.1.0+up2.1.0-rc1.tgz
|
||||||
|
version: 2.1.0+up2.1.0-rc1
|
||||||
- annotations:
|
- annotations:
|
||||||
catalog.cattle.io/auto-install: rancher-backup-crd=match
|
catalog.cattle.io/auto-install: rancher-backup-crd=match
|
||||||
catalog.cattle.io/certified: rancher
|
catalog.cattle.io/certified: rancher
|
||||||
|
@ -1369,6 +1395,21 @@ entries:
|
||||||
- assets/rancher-backup/rancher-backup-1.0.200.tgz
|
- assets/rancher-backup/rancher-backup-1.0.200.tgz
|
||||||
version: 1.0.200
|
version: 1.0.200
|
||||||
rancher-backup-crd:
|
rancher-backup-crd:
|
||||||
|
- annotations:
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/hidden: "true"
|
||||||
|
catalog.cattle.io/namespace: cattle-resources-system
|
||||||
|
catalog.cattle.io/release-name: rancher-backup-crd
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.1.0-rc1
|
||||||
|
created: "2021-11-18T18:04:28.338741-07:00"
|
||||||
|
description: Installs the CRDs for rancher-backup.
|
||||||
|
digest: 22de9874fe5022d20fdc06b9de9651ddd4acfd686aecfe18913697c8e0f923e3
|
||||||
|
name: rancher-backup-crd
|
||||||
|
type: application
|
||||||
|
urls:
|
||||||
|
- assets/rancher-backup-crd/rancher-backup-crd-2.1.0+up2.1.0-rc1.tgz
|
||||||
|
version: 2.1.0+up2.1.0-rc1
|
||||||
- annotations:
|
- annotations:
|
||||||
catalog.cattle.io/certified: rancher
|
catalog.cattle.io/certified: rancher
|
||||||
catalog.cattle.io/hidden: "true"
|
catalog.cattle.io/hidden: "true"
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
url: https://github.com/rancher/backup-restore-operator/releases/download/v2.0.1/rancher-backup-crd-2.0.1.tgz
|
url: https://github.com/rancher/backup-restore-operator/releases/download/v2.1.0-rc1/rancher-backup-crd-2.1.0-rc1.tgz
|
||||||
version: 2.0.1
|
version: 2.1.0
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
url: https://github.com/rancher/backup-restore-operator/releases/download/v2.0.1/rancher-backup-2.0.1.tgz
|
url: https://github.com/rancher/backup-restore-operator/releases/download/v2.1.0-rc1/rancher-backup-2.1.0-rc1.tgz
|
||||||
version: 2.0.1
|
version: 2.1.0
|
||||||
|
|
Loading…
Reference in New Issue