upgrade k8up
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Tobias Brunner 2021-05-01 15:36:07 +02:00
parent 9ed8505ca9
commit ab98ad2e70
5 changed files with 8026 additions and 136 deletions

10
k8up/Makefile Normal file
View File

@ -0,0 +1,10 @@
build:
helm template k8up --namespace=k8up appuio/k8up \
-f k8up-config.yaml \
> k8up.yaml
.PHONY: build
update:
helm repo update
helm search repo k8up
.PHONY: update

27
k8up/k8up-config.yaml Normal file
View File

@ -0,0 +1,27 @@
k8up:
envVars:
- name: BACKUP_GLOBALACCESSKEYID
valueFrom:
secretKeyRef:
name: global-s3-credentials
key: access-key-id
- name: BACKUP_GLOBALSECRETACCESSKEY
valueFrom:
secretKeyRef:
name: global-s3-credentials
key: access-key-secret
- name: BACKUP_GLOBALREPOPASSWORD
valueFrom:
secretKeyRef:
name: global-backup-secret
key: secret
- name: BACKUP_GLOBALS3ENDPOINT
value: http://10.42.42.2:9000
- name: BACKUP_GLOBALS3BUCKET
value: knurrli-k8up
- name: BACKUP_PROMURL
value: prometheus-pushgateway.monitoring.svc:9091
metrics:
serviceMonitor:
enabled: true

7541
k8up/k8up-crd-legacy.yaml Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,166 +1,467 @@
---
# Source: k8up/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8up
namespace: k8up
labels:
app: k8up
helm.sh/chart: k8up-1.0.6
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/version: "v1.0.5"
app.kubernetes.io/managed-by: Helm
---
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: k8up
labels:
app: k8up
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-k8up-edit
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- list
- create
- edit
- patch
- apiGroups:
- backup.appuio.ch
resources:
- '*'
verbs:
- '*'
- create
- delete
- get
- list
- patch
- update
- watch
---
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-k8up-view
rules:
- apiGroups:
- ''
- backup.appuio.ch
resources:
- pods
- pods/exec
- persistentvolumeclaims
- events
- serviceaccounts
verbs:
- '*'
verbs:
- get
- list
- watch
---
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-manager-role
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- archives
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- archives/finalizers
- archives/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- backups/finalizers
- backups/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- checks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- checks/finalizers
- checks/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- effectiveschedules
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- effectiveschedules/finalizers
verbs:
- update
- apiGroups:
- backup.appuio.ch
resources:
- prebackuppods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- prebackuppods/finalizers
- prebackuppods/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- prunes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- prunes/finalizers
- prunes/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- restores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- restores/finalizers
- restores/status
verbs:
- get
- patch
- update
- apiGroups:
- backup.appuio.ch
resources:
- schedules
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- backup.appuio.ch
resources:
- schedules/finalizers
- schedules/status
verbs:
- get
- patch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs/finalizers
- jobs/status
verbs:
- get
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- '*'
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- '*'
- create
- delete
- get
- list
---
kind: ClusterRole
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8up-edit
labels:
app: k8up
# Add these permissions to the "admin" and "edit" default roles.
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k8up-manager-role
subjects:
- kind: ServiceAccount
name: k8up
namespace: 'k8up'
---
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-leader-election-role
namespace: 'k8up'
rules:
- apiGroups:
- backup.appuio.ch
- ""
resources:
- "*"
verbs:
- "*"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8up-view
labels:
app: k8up
# Add these permissions to the "view" default role.
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- backup.appuio.ch
resources:
- "*"
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
# Source: k8up/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: k8up
name: k8up
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/managed-by: Helm
name: k8up-leader-election-rolebinding
namespace: 'k8up'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: k8up-leader-election-role
subjects:
- kind: ServiceAccount
name: k8up
namespace: k8up
roleRef:
apiGroup: rbac.authorization.k8s.io
name: k8up
kind: ClusterRole
namespace: 'k8up'
---
# Source: k8up/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: k8up-metrics
namespace: k8up
labels:
app: k8up
helm.sh/chart: k8up-1.0.6
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/version: "v1.0.5"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
targetPort: http
selector:
app: k8up
sessionAffinity: None
type: ClusterIP
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
---
# Source: k8up/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8up
namespace: k8up
labels:
app: k8up
helm.sh/chart: k8up-1.0.6
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/version: "v1.0.5"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app: k8up
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
template:
metadata:
labels:
app: k8up
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
spec:
securityContext:
{}
containers:
- name: k8up-operator
image: docker.io/vshn/k8up:v0.1.10
imagePullPolicy: Always
image: "quay.io/vshn/k8up:v1.0.5"
imagePullPolicy: IfNotPresent
env:
- name: BACKUP_IMAGE
value: docker.io/vshn/wrestic:v0.1.9
value: "quay.io/vshn/wrestic:v0.2.3"
- name: BACKUP_ENABLE_LEADER_ELECTION
value: "true"
- name: BACKUP_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BACKUP_GLOBALACCESSKEYID
valueFrom:
secretKeyRef:
name: global-s3-credentials
key: access-key-id
name: global-s3-credentials
- name: BACKUP_GLOBALSECRETACCESSKEY
valueFrom:
secretKeyRef:
name: global-s3-credentials
key: access-key-secret
name: global-s3-credentials
- name: BACKUP_GLOBALREPOPASSWORD
valueFrom:
secretKeyRef:
name: global-backup-secret
key: secret
name: global-backup-secret
- name: BACKUP_GLOBALS3ENDPOINT
value: http://10.42.42.2:9000
- name: BACKUP_GLOBALS3BUCKET
@ -168,13 +469,41 @@ spec:
- name: BACKUP_PROMURL
value: prometheus-pushgateway.monitoring.svc:9091
ports:
- containerPort: 8080
protocol: TCP
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /metrics
port: http
initialDelaySeconds: 30
periodSeconds: 10
securityContext:
{}
resources:
limits:
cpu: 1
memory: 2Gi
memory: 256Mi
requests:
cpu: 0.5
memory: 0.5Gi
cpu: 20m
memory: 128Mi
serviceAccountName: k8up
---
# Source: k8up/templates/prometheus/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: k8up-monitor
namespace: k8up
labels:
helm.sh/chart: k8up-1.0.6
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up
app.kubernetes.io/version: "v1.0.5"
app.kubernetes.io/managed-by: Helm
spec:
endpoints:
- port: http
interval: 60s
selector:
matchLabels:
app.kubernetes.io/name: k8up
app.kubernetes.io/instance: k8up

View File

@ -1,17 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: k8up
namespace: k8up
spec:
endpoints:
- interval: 30s
path: /metrics
port: http
namespaceSelector:
matchNames:
- k8up
selector:
matchLabels:
app: k8up