install k8up
This commit is contained in:
parent
21dbda3557
commit
81b8797eba
|
@ -0,0 +1,21 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
destination:
|
||||
namespace: k8up
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
source:
|
||||
path: k8up
|
||||
repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
|
||||
targetRevision: HEAD
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: k8up
|
|
@ -0,0 +1,13 @@
|
|||
# K8up installation
|
||||
|
||||
## Edit credentials
|
||||
|
||||
```
|
||||
vim ../../gitops-tbrnt-private/k8up/global-backup-secret.yaml
|
||||
kubeseal --controller-namespace sealed-secrets -o yaml -n k8up < ../../gitops-tbrnt-private/k8up/global-backup-secret.yaml > global-backup-secret.yaml
|
||||
```
|
||||
|
||||
```
|
||||
vim ../../gitops-tbrnt-private/k8up/global-s3-credentials.yaml
|
||||
kubeseal --controller-namespace sealed-secrets -o yaml -n k8up < ../../gitops-tbrnt-private/k8up/global-s3-credentials.yaml > global-s3-credentials-secret.yaml
|
||||
```
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: global-backup-secret
|
||||
namespace: k8up
|
||||
spec:
|
||||
encryptedData:
|
||||
secret: AgCabeCFgQ27fELHeM6gKPmdWvLQd7fM6IzydKKsYCetfvkM6WVFW/SLVbHAyBi2G1Dz26LT2KuCASiB45hprkFlQX3ou1E30CXWZVXJPXQv0r8dqYXWJkMVBqg2Fy7HjoQlSBjRg14X7lMiI4D4VghBHQQJ5IY1FGe9LH8Uw0Z2ChCPsdNuIqkuMUaYpvbFznUjDnVaRmp3/C1Vl60wcsis3tCoOQUE6zACJR4OB+ZA1vCkzskDueO2eL+jm30Is8ht2ZJj8cw34lEjvHhSVDXYT3j09UATre4ckh42JHDH1J79JwxpVnKYQRzCAXKNWcJseRrWwzydWE9yKp3T9/PwulWfssGeLZ8lZ3MMFioQlQujCsmBkyzFk3ZlTKSzL0o5tHWW57ReV7G/q7611MjlJlpc45tdHokYBBDtXPPu7Nk8YA49H7c4EblF0ITskTWLVfAm9Gvw4ZC6IFp4k6hPIQXaOXi03mEza4xzZvYaia98fmfzyNzb9zqm+uuYYZKolVzme7wEvDooQIi4E1gpLqwUOUkzNsMa6GokXzcw0+eAmwW4JkkgMhphtEJCRiqa0javqc7wVc3XY4nVZ7E7BIfXS7fo7KX0jKqezywNJ7bNZMA50T0vsYIoVVE2xldyxnThz8FzwEXtrhChi9kkuJ4PdvOUEl9etxORzsSBwDMa7y15mUCRPqmyZeDIb1rnqqcwGg2wX0FaY2tCu2Jxfy3eIm1nNDG69TPYNnPdhXfGX3W29f3kXMgSZy0=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: global-backup-secret
|
||||
namespace: k8up
|
||||
type: Opaque
|
||||
status: {}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: global-s3-credentials
|
||||
namespace: k8up
|
||||
spec:
|
||||
encryptedData:
|
||||
access-key-id: AgAc6iUhEEjhnFw/b/Rg5k8WWrDp0213O8MqBR5Zr0qwnReh5L+cr4OMfe/wOCDfxutTa5QIAAHc2UkLT7j5yttvH2gGQr8bLylvWNkNL+IaQ9KUDTwKC+CukLpero0Qxvs2ghOglAdmDg/TVKUMLZtvMFVOZ7cRgDpPjPuV3wVbFxBLuuVL/fg1151XrqtjDF7Wwrk4zpHwPl1aJJNEW8Y4C5zcVXiq+770G0lAQs6Hnwn443hbktzyJdLZ76YmAA4eiMoqAPvjkaCdHnjTJDzy0HtY7eU2bwP5FU1IDfNqQC3NmdjoqMmAe5E7FxvNUq1ZKW9cl9W8105uqH/XyK3Uis/ikn+fYI/CdGJK7YVU5OIG7hACo90Ah2NwAFCcLrplVTKMwbcPSnLwMrPIEMliWP44AqJ+3ROUvLdEvkmI6ovKRlKqHBA0KRHrW91tVUXohlciBpBS3pAk9qlyg474bXoelqoxfvwpBMXETZ0eatBaZHoqClvTkeknKEzwub/3zi2/PxIJ+z38LPBlktyiRvK0RxgHK+4G0rcAR4h54vBzMCn2EW1iAK89p9GoJYToHe34HSNqeM6Ny2lBBhx/wXcsN2xld1dAPC7FjfySTHpZ6nb+2uQIQGZL2CMvOA1KPXC4tGctf3KeANsFJhuRuEjflEXCJfxpRLNQKGAZJOrOeMYeZWczGrA++qZmLSSSga7NAmpja/cNbqNw0uqnTrd8SA==
|
||||
access-key-secret: AgAoETPPcSXpB3pR/SWsJyAODN6j5nsClO6Hgj+v7hkbucAb0XxR/6DhUoVNemQN+4N1se3xIrnftJtVf/RG4wLFIUyva4yBFm/aMAQfuAVpWolTeRJmt+ybaFkfUhNa48hwqNy3WHwupZ00gRxXTw7iKe/pIUvNIDBSKTeZxli89theqQi1xmPHi/90jjPdXDwab1UJ+FhFKvEM78C3dUfgANnDfBrLihTdVvjRGWpBqe3MJXs3hscSiCA9kcrnkNDcnCcMNlaN/qskRysrtmRkWHao4QQtbXMWhjZbV0aoTdPY/b5/aTbCRSGYDT49Fl/yXy+HhhKdd4WHRMN7CWRqDCgDkRRoDfgpWvbNMJNkZ47E6tovTN9DwBb7+gBiSwMA6IeukYOPCt5elgUJCxvUQ5892KhZEOqsjPaXXva0V6PlHlkuzh9ijLzUtZoHdRMcZvzxcu6CtM3ZTPeuxQPRpzCDXO6RmjveBTL2ZOyaZeZ2F8DlNrfDl1IHCqXJMbD99pUiIcrTO7PBEauUUMeSI4hj6/dOHHnEwUVSYTCMzYm1kMVUz94XJqwFwSVDS4/d3lVnr6Te6OZWLYWoajW7gxK0+wb545jfw9gRqBUaC74OeMaXeVjLh1vjGvHxgXaJvLWrav1D3Y/79W4Psdo4Ku0vTg6qf8eUmeO/93RJFyZ+bL1LiR6aAfkX8Oh761/VMsAR080qIMBSB3XsFV9na8CUbdLgZ+LbJgWZaoplYOLEQw3DBzMZ
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: global-s3-credentials
|
||||
namespace: k8up
|
||||
type: Opaque
|
||||
status: {}
|
||||
|
|
@ -0,0 +1,197 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
rules:
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- create
|
||||
- edit
|
||||
- patch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
- persistentvolumeclaims
|
||||
- events
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: k8up-edit
|
||||
labels:
|
||||
app: k8up
|
||||
# Add these permissions to the "admin" and "edit" default roles.
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- "*"
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: k8up-view
|
||||
labels:
|
||||
app: k8up
|
||||
# Add these permissions to the "view" default role.
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
labels:
|
||||
app: k8up
|
||||
name: k8up
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: k8up
|
||||
kind: ClusterRole
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: k8up-metrics
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
spec:
|
||||
ports:
|
||||
- name: "8080"
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: k8up
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: k8up
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: k8up
|
||||
spec:
|
||||
containers:
|
||||
- name: k8up-operator
|
||||
image: docker.io/vshn/k8up:v0.1.7
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: BACKUP_IMAGE
|
||||
value: docker.io/vshn/wrestic:v0.1.8
|
||||
- name: BACKUP_GLOBALACCESSKEYID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-id
|
||||
- name: BACKUP_GLOBALSECRETACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-secret
|
||||
- name: BACKUP_GLOBALREPOPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-backup-secret
|
||||
key: secret
|
||||
- name: BACKUP_GLOBALS3ENDPOINT
|
||||
value: http://10.42.42.2:9000
|
||||
- name: BACKUP_GLOBALS3BUCKET
|
||||
value: knurrli-k8up
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 2Gi
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: 0.5Gi
|
||||
serviceAccountName: k8up
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
endpoints:
|
||||
- interval: 30s
|
||||
path: /metrics
|
||||
port: http
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- k8up
|
||||
selector:
|
||||
matchLabels:
|
||||
app: k8up
|
Reference in New Issue