-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
237 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
image velero velero/velero:v1.6.2 | ||
image restic-restore velero/velero-restic-restore-helper:v1.6.2 | ||
image velero-aws velero/velero-plugin-for-aws:v1.2.0 | ||
image velero-gcp velero/velero-plugin-for-gcp:v1.2.0 | ||
image velero-azure velero/velero-plugin-for-microsoft-azure:v1.2.0 | ||
|
||
asset velero.tar.gz https://github.com/vmware-tanzu/velero/releases/download/v1.6.2/velero-v1.6.2-linux-amd64.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
|
||
function velero_pre_init() { | ||
if [ -z "$VELERO_NAMESPACE" ]; then | ||
VELERO_NAMESPACE=velero | ||
fi | ||
if [ -z "$VELERO_LOCAL_BUCKET" ]; then | ||
VELERO_LOCAL_BUCKET=velero | ||
fi | ||
} | ||
|
||
function velero() { | ||
local src="$DIR/addons/velero/$VELERO_VERSION" | ||
local dst="$DIR/kustomize/velero" | ||
|
||
cp "$src/kustomization.yaml" "$dst/" | ||
|
||
velero_binary | ||
|
||
velero_install "$src" "$dst" | ||
|
||
velero_patch_restic_privilege "$src" "$dst" | ||
|
||
velero_kotsadm_restore_config "$src" "$dst" | ||
|
||
velero_patch_http_proxy "$src" "$dst" | ||
|
||
velero_change_storageclass "$src" "$dst" | ||
|
||
kubectl apply -k "$dst" | ||
|
||
kubectl label -n default --overwrite service/kubernetes velero.io/exclude-from-backup=true | ||
} | ||
|
||
function velero_join() { | ||
velero_binary | ||
} | ||
|
||
function velero_install() { | ||
local src="$1" | ||
local dst="$2" | ||
|
||
# Pre-apply CRDs since kustomize reorders resources. Grep to strip out sailboat emoji. | ||
$src/assets/velero-v${VELERO_VERSION}-linux-amd64/velero install --crds-only | grep -v 'Velero is installed' | ||
|
||
local resticArg="--use-restic" | ||
if [ "$VELERO_DISABLE_RESTIC" = "1" ]; then | ||
resticArg="" | ||
fi | ||
|
||
local bslArgs="--no-default-backup-location" | ||
if ! kubernetes_resource_exists "$VELERO_NAMESPACE" backupstoragelocation default; then | ||
bslArgs="--provider aws --bucket $VELERO_LOCAL_BUCKET --backup-location-config region=us-east-1,s3Url=${OBJECT_STORE_CLUSTER_HOST},publicUrl=http://${OBJECT_STORE_CLUSTER_IP},s3ForcePathStyle=true" | ||
fi | ||
|
||
velero_credentials | ||
|
||
$src/assets/velero-v${VELERO_VERSION}-linux-amd64/velero install \ | ||
$resticArg \ | ||
$bslArgs \ | ||
--plugins velero/velero-plugin-for-aws:v1.2.0,velero/velero-plugin-for-gcp:v1.2.0,velero/velero-plugin-for-microsoft-azure:v1.2.0,$KURL_UTIL_IMAGE \ | ||
--secret-file velero-credentials \ | ||
--use-volume-snapshots=false \ | ||
--namespace $VELERO_NAMESPACE \ | ||
--dry-run -o yaml > "$dst/velero.yaml" | ||
|
||
rm velero-credentials | ||
} | ||
|
||
# The --secret-file flag must always be used so that the generated velero deployment uses the | ||
# cloud-credentials secret. Use the contents of that secret if it exists to avoid overwriting | ||
# any changes. Else if a local object store (Ceph/Minio) is configured, use its credentials. | ||
function velero_credentials() { | ||
if kubernetes_resource_exists "$VELERO_NAMESPACE" secret cloud-credentials; then | ||
kubectl -n velero get secret cloud-credentials -ojsonpath='{ .data.cloud }' | base64 -d > velero-credentials | ||
return 0 | ||
fi | ||
|
||
if [ -n "$OBJECT_STORE_CLUSTER_IP" ]; then | ||
try_1m object_store_create_bucket "$VELERO_LOCAL_BUCKET" | ||
fi | ||
|
||
cat >velero-credentials <<EOF | ||
[default] | ||
aws_access_key_id=$OBJECT_STORE_ACCESS_KEY | ||
aws_secret_access_key=$OBJECT_STORE_SECRET_KEY | ||
EOF | ||
} | ||
|
||
function velero_patch_restic_privilege() { | ||
local src="$1" | ||
local dst="$2" | ||
|
||
if [ "${VELERO_DISABLE_RESTIC}" = "1" ]; then | ||
return 0 | ||
fi | ||
|
||
if [ "${K8S_DISTRO}" = "rke2" ] || [ "${VELERO_RESTIC_REQUIRES_PRIVILEGED}" = "1" ]; then | ||
render_yaml_file "$src/restic-daemonset-privileged.yaml" > "$dst/restic-daemonset-privileged.yaml" | ||
insert_patches_strategic_merge "$dst/kustomization.yaml" restic-daemonset-privileged.yaml | ||
fi | ||
} | ||
|
||
function velero_binary() { | ||
local src="$DIR/addons/velero/$VELERO_VERSION" | ||
|
||
if ! kubernetes_is_master; then | ||
return 0 | ||
fi | ||
|
||
if [ ! -f "$src/assets/velero.tar.gz" ] && [ "$AIRGAP" != "1" ]; then | ||
mkdir -p "$src/assets" | ||
curl -L "https://github.com/vmware-tanzu/velero/releases/download/v${VELERO_VERSION}/velero-v${VELERO_VERSION}-linux-amd64.tar.gz" > "$src/assets/velero.tar.gz" | ||
fi | ||
|
||
pushd "$src/assets" | ||
tar xf "velero.tar.gz" | ||
if [ "$VELERO_DISABLE_CLI" != "1" ]; then | ||
cp velero-v${VELERO_VERSION}-linux-amd64/velero /usr/local/bin/velero | ||
fi | ||
popd | ||
} | ||
|
||
function velero_kotsadm_restore_config() { | ||
local src="$1" | ||
local dst="$2" | ||
|
||
render_yaml_file "$src/tmpl-kotsadm-restore-config.yaml" > "$dst/kotsadm-restore-config.yaml" | ||
insert_resources "$dst/kustomization.yaml" kotsadm-restore-config.yaml | ||
} | ||
|
||
function velero_patch_http_proxy() { | ||
local src="$1" | ||
local dst="$2" | ||
|
||
if [ -n "$PROXY_ADDRESS" ]; then | ||
render_yaml_file "$src/tmpl-velero-deployment-proxy.yaml" > "$dst/velero-deployment-proxy.yaml" | ||
insert_patches_strategic_merge "$dst/kustomization.yaml" velero-deployment-proxy.yaml | ||
fi | ||
|
||
if [ -n "$PROXY_ADDRESS" ] && [ "$VELERO_DISABLE_RESTIC" != "1" ]; then | ||
render_yaml_file "$src/tmpl-restic-daemonset-proxy.yaml" > "$dst/restic-daemonset-proxy.yaml" | ||
insert_patches_strategic_merge "$dst/kustomization.yaml" restic-daemonset-proxy.yaml | ||
fi | ||
} | ||
|
||
# If this cluster is used to restore a snapshot taken on a cluster where Rook or OpenEBS was the | ||
# default storage provisioner, the storageClassName on PVCs will need to be changed from "default" | ||
# to "longhorn" by velero | ||
# https://velero.io/docs/v1.6/restore-reference/#changing-pvpvc-storage-classes | ||
function velero_change_storageclass() { | ||
local src="$1" | ||
local dst="$2" | ||
|
||
if kubectl get sc longhorn &> /dev/null && \ | ||
[ "$(kubectl get sc longhorn -o jsonpath='{.metadata.annotations.storageclass\.kubernetes\.io/is-default-class}')" = "true" ]; then | ||
render_yaml_file "$src/tmpl-change-storageclass.yaml" > "$dst/change-storageclass.yaml" | ||
insert_resources "$dst/kustomization.yaml" change-storageclass.yaml | ||
fi | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
resources: | ||
- velero.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: restic | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: restic | ||
securityContext: | ||
privileged: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: change-storage-class-config | ||
namespace: ${VELERO_NAMESPACE} | ||
labels: | ||
velero.io/plugin-config: \"\" | ||
velero.io/change-storage-class: RestoreItemAction | ||
data: | ||
default: longhorn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: kotsadm-restore-config | ||
namespace: ${VELERO_NAMESPACE} | ||
labels: | ||
velero.io/plugin-config: \"\" | ||
kurl.sh/restore-kotsadm-plugin: RestoreItemAction | ||
data: | ||
HTTP_PROXY: ${PROXY_ADDRESS:-'""'} | ||
HTTPS_PROXY: ${PROXY_ADDRESS:-'""'} | ||
NO_PROXY: ${NO_PROXY_ADDRESSES:-'""'} | ||
hostCAPath: ${KOTSADM_TRUSTED_CERT_MOUNT:-'""'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: restic | ||
namespace: ${VELERO_NAMESPACE} | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: restic | ||
env: | ||
- name: HTTP_PROXY | ||
value: ${PROXY_ADDRESS} | ||
- name: HTTPS_PROXY | ||
value: ${PROXY_ADDRESS} | ||
- name: NO_PROXY | ||
value: ${NO_PROXY_ADDRESSES} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: velero | ||
namespace: ${VELERO_NAMESPACE} | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: velero | ||
env: | ||
- name: HTTP_PROXY | ||
value: ${PROXY_ADDRESS} | ||
- name: HTTPS_PROXY | ||
value: ${PROXY_ADDRESS} | ||
- name: NO_PROXY | ||
value: ${NO_PROXY_ADDRESSES} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters