181 lines
3.4 KiB
YAML
181 lines
3.4 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: k8up
|
|
namespace: k8up
|
|
labels:
|
|
app: k8up
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: k8up
|
|
labels:
|
|
app: k8up
|
|
rules:
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- get
|
|
- watch
|
|
- list
|
|
- create
|
|
- edit
|
|
- patch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- ''
|
|
resources:
|
|
- pods
|
|
- pods/exec
|
|
- persistentvolumeclaims
|
|
- events
|
|
- serviceaccounts
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- '*'
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: k8up-edit
|
|
labels:
|
|
app: k8up
|
|
# Add these permissions to the "admin" and "edit" default roles.
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
|
rules:
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- "*"
|
|
verbs:
|
|
- "*"
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: k8up-view
|
|
labels:
|
|
app: k8up
|
|
# Add these permissions to the "view" default role.
|
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
|
rules:
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- "*"
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
labels:
|
|
app: k8up
|
|
name: k8up
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: k8up
|
|
namespace: k8up
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
name: k8up
|
|
kind: ClusterRole
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: k8up-metrics
|
|
namespace: k8up
|
|
labels:
|
|
app: k8up
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
selector:
|
|
app: k8up
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: k8up
|
|
namespace: k8up
|
|
labels:
|
|
app: k8up
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: k8up
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: k8up
|
|
spec:
|
|
containers:
|
|
- name: k8up-operator
|
|
image: docker.io/vshn/k8up:v0.1.10
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: BACKUP_IMAGE
|
|
value: docker.io/vshn/wrestic:v0.1.9
|
|
- name: BACKUP_GLOBALACCESSKEYID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: global-s3-credentials
|
|
key: access-key-id
|
|
- name: BACKUP_GLOBALSECRETACCESSKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: global-s3-credentials
|
|
key: access-key-secret
|
|
- name: BACKUP_GLOBALREPOPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: global-backup-secret
|
|
key: secret
|
|
- name: BACKUP_GLOBALS3ENDPOINT
|
|
value: http://10.42.42.2:9000
|
|
- name: BACKUP_GLOBALS3BUCKET
|
|
value: knurrli-k8up
|
|
- name: BACKUP_PROMURL
|
|
value: prometheus-pushgateway.monitoring.svc:9091
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 2Gi
|
|
requests:
|
|
cpu: 0.5
|
|
memory: 0.5Gi
|
|
serviceAccountName: k8up
|