upgrade k8up
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
9ed8505ca9
commit
ab98ad2e70
|
@ -0,0 +1,10 @@
|
|||
build:
|
||||
helm template k8up --namespace=k8up appuio/k8up \
|
||||
-f k8up-config.yaml \
|
||||
> k8up.yaml
|
||||
.PHONY: build
|
||||
|
||||
update:
|
||||
helm repo update
|
||||
helm search repo k8up
|
||||
.PHONY: update
|
|
@ -0,0 +1,27 @@
|
|||
k8up:
|
||||
envVars:
|
||||
- name: BACKUP_GLOBALACCESSKEYID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-id
|
||||
- name: BACKUP_GLOBALSECRETACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-secret
|
||||
- name: BACKUP_GLOBALREPOPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-backup-secret
|
||||
key: secret
|
||||
- name: BACKUP_GLOBALS3ENDPOINT
|
||||
value: http://10.42.42.2:9000
|
||||
- name: BACKUP_GLOBALS3BUCKET
|
||||
value: knurrli-k8up
|
||||
- name: BACKUP_PROMURL
|
||||
value: prometheus-pushgateway.monitoring.svc:9091
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
File diff suppressed because it is too large
Load Diff
491
k8up/k8up.yaml
491
k8up/k8up.yaml
|
@ -1,166 +1,467 @@
|
|||
---
|
||||
# Source: k8up/templates/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
helm.sh/chart: k8up-1.0.6
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/version: "v1.0.5"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
---
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-k8up-edit
|
||||
rules:
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- create
|
||||
- edit
|
||||
- patch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
---
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-k8up-view
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
- persistentvolumeclaims
|
||||
- events
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-manager-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- archives
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- archives/finalizers
|
||||
- archives/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- backups
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- backups/finalizers
|
||||
- backups/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- checks
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- checks/finalizers
|
||||
- checks/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- effectiveschedules
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- effectiveschedules/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- prebackuppods
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- prebackuppods/finalizers
|
||||
- prebackuppods/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- prunes
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- prunes/finalizers
|
||||
- prunes/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- restores
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- restores/finalizers
|
||||
- restores/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- schedules
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- schedules/finalizers
|
||||
- schedules/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs/finalizers
|
||||
- jobs/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/exec
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- '*'
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
---
|
||||
kind: ClusterRole
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: k8up-edit
|
||||
labels:
|
||||
app: k8up
|
||||
# Add these permissions to the "admin" and "edit" default roles.
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-manager-rolebinding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: k8up-manager-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: k8up
|
||||
namespace: 'k8up'
|
||||
---
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-leader-election-role
|
||||
namespace: 'k8up'
|
||||
rules:
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
- ""
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- "*"
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: k8up-view
|
||||
labels:
|
||||
app: k8up
|
||||
# Add these permissions to the "view" default role.
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- backup.appuio.ch
|
||||
resources:
|
||||
- "*"
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
# Source: k8up/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: k8up
|
||||
name: k8up
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: k8up-leader-election-rolebinding
|
||||
namespace: 'k8up'
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: k8up-leader-election-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: k8up
|
||||
kind: ClusterRole
|
||||
namespace: 'k8up'
|
||||
---
|
||||
# Source: k8up/templates/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: k8up-metrics
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
helm.sh/chart: k8up-1.0.6
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/version: "v1.0.5"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
targetPort: http
|
||||
selector:
|
||||
app: k8up
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
---
|
||||
# Source: k8up/templates/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
labels:
|
||||
app: k8up
|
||||
helm.sh/chart: k8up-1.0.6
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/version: "v1.0.5"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: k8up
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: k8up
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
spec:
|
||||
securityContext:
|
||||
{}
|
||||
containers:
|
||||
- name: k8up-operator
|
||||
image: docker.io/vshn/k8up:v0.1.10
|
||||
imagePullPolicy: Always
|
||||
image: "quay.io/vshn/k8up:v1.0.5"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: BACKUP_IMAGE
|
||||
value: docker.io/vshn/wrestic:v0.1.9
|
||||
value: "quay.io/vshn/wrestic:v0.2.3"
|
||||
- name: BACKUP_ENABLE_LEADER_ELECTION
|
||||
value: "true"
|
||||
- name: BACKUP_OPERATOR_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: BACKUP_GLOBALACCESSKEYID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-id
|
||||
name: global-s3-credentials
|
||||
- name: BACKUP_GLOBALSECRETACCESSKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-s3-credentials
|
||||
key: access-key-secret
|
||||
name: global-s3-credentials
|
||||
- name: BACKUP_GLOBALREPOPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: global-backup-secret
|
||||
key: secret
|
||||
name: global-backup-secret
|
||||
- name: BACKUP_GLOBALS3ENDPOINT
|
||||
value: http://10.42.42.2:9000
|
||||
- name: BACKUP_GLOBALS3BUCKET
|
||||
|
@ -168,13 +469,41 @@ spec:
|
|||
- name: BACKUP_PROMURL
|
||||
value: prometheus-pushgateway.monitoring.svc:9091
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
securityContext:
|
||||
{}
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 2Gi
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: 0.5Gi
|
||||
cpu: 20m
|
||||
memory: 128Mi
|
||||
serviceAccountName: k8up
|
||||
---
|
||||
# Source: k8up/templates/prometheus/servicemonitor.yaml
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: k8up-monitor
|
||||
namespace: k8up
|
||||
labels:
|
||||
helm.sh/chart: k8up-1.0.6
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
app.kubernetes.io/version: "v1.0.5"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
endpoints:
|
||||
- port: http
|
||||
interval: 60s
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: k8up
|
||||
app.kubernetes.io/instance: k8up
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: k8up
|
||||
namespace: k8up
|
||||
spec:
|
||||
endpoints:
|
||||
- interval: 30s
|
||||
path: /metrics
|
||||
port: http
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- k8up
|
||||
selector:
|
||||
matchLabels:
|
||||
app: k8up
|
Reference in New Issue