--- # Source: k8up/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: k8up labels: helm.sh/chart: k8up-1.0.6 app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/version: "v1.0.5" app.kubernetes.io/managed-by: Helm --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-k8up-edit rules: - apiGroups: - backup.appuio.ch resources: - '*' verbs: - create - delete - get - list - patch - update - watch --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-k8up-view rules: - apiGroups: - backup.appuio.ch resources: - '*' verbs: - get - list - watch --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null labels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-manager-role rules: - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - archives verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - archives/finalizers - archives/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - backups verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - backups/finalizers - backups/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - checks verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - checks/finalizers - checks/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - effectiveschedules verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - effectiveschedules/finalizers verbs: - update - apiGroups: - backup.appuio.ch resources: - prebackuppods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - prebackuppods/finalizers - prebackuppods/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - prunes verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - prunes/finalizers - prunes/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - restores verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - restores/finalizers - restores/status verbs: - get - patch - update - apiGroups: - backup.appuio.ch resources: - schedules verbs: - create - delete - get - list - patch - update - watch - apiGroups: - backup.appuio.ch resources: - schedules/finalizers - schedules/status verbs: - get - patch - update - apiGroups: - batch resources: - jobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - batch resources: - jobs/finalizers - jobs/status verbs: - get - patch - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - list - update - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - "" resources: - pods verbs: - '*' - apiGroups: - "" resources: - pods/exec verbs: - '*' - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - delete - get - list --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: k8up-manager-role subjects: - kind: ServiceAccount name: k8up namespace: 'k8up' --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-leader-election-role namespace: 'k8up' rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/finalizers verbs: - update - apiGroups: - "" resources: - events verbs: - create - patch --- # Source: k8up/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/managed-by: Helm name: k8up-leader-election-rolebinding namespace: 'k8up' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: k8up-leader-election-role subjects: - kind: ServiceAccount name: k8up namespace: 'k8up' --- # Source: k8up/templates/service.yaml apiVersion: v1 kind: Service metadata: name: k8up-metrics labels: helm.sh/chart: k8up-1.0.6 app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/version: "v1.0.5" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: - name: http port: 8080 targetPort: http selector: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up --- # Source: k8up/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: k8up labels: helm.sh/chart: k8up-1.0.6 app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/version: "v1.0.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up template: metadata: labels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up spec: securityContext: {} containers: - name: k8up-operator image: "quay.io/vshn/k8up:v1.0.5" imagePullPolicy: IfNotPresent env: - name: BACKUP_IMAGE value: "quay.io/vshn/wrestic:v0.2.3" - name: BACKUP_ENABLE_LEADER_ELECTION value: "true" - name: BACKUP_OPERATOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: BACKUP_GLOBALACCESSKEYID valueFrom: secretKeyRef: key: access-key-id name: global-s3-credentials - name: BACKUP_GLOBALSECRETACCESSKEY valueFrom: secretKeyRef: key: access-key-secret name: global-s3-credentials - name: BACKUP_GLOBALREPOPASSWORD valueFrom: secretKeyRef: key: secret name: global-backup-secret - name: BACKUP_GLOBALS3ENDPOINT value: http://10.42.42.2:9000 - name: BACKUP_GLOBALS3BUCKET value: knurrli-k8up - name: BACKUP_PROMURL value: prometheus-pushgateway.monitoring.svc:9091 ports: - name: http containerPort: 8080 livenessProbe: httpGet: path: /metrics port: http initialDelaySeconds: 30 periodSeconds: 10 securityContext: {} resources: limits: memory: 256Mi requests: cpu: 20m memory: 128Mi serviceAccountName: k8up --- # Source: k8up/templates/prometheus/servicemonitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: k8up-monitor namespace: k8up labels: helm.sh/chart: k8up-1.0.6 app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up app.kubernetes.io/version: "v1.0.5" app.kubernetes.io/managed-by: Helm spec: endpoints: - port: http interval: 60s selector: matchLabels: app.kubernetes.io/name: k8up app.kubernetes.io/instance: k8up