510 lines
9.0 KiB
YAML
510 lines
9.0 KiB
YAML
---
|
|
# Source: k8up/templates/serviceaccount.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: k8up
|
|
labels:
|
|
helm.sh/chart: k8up-1.0.6
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/version: "v1.0.5"
|
|
app.kubernetes.io/managed-by: Helm
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-k8up-edit
|
|
rules:
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-k8up-view
|
|
rules:
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-manager-role
|
|
rules:
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- deployments
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- archives
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- archives/finalizers
|
|
- archives/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- backups
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- backups/finalizers
|
|
- backups/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- checks
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- checks/finalizers
|
|
- checks/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- effectiveschedules
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- effectiveschedules/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- prebackuppods
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- prebackuppods/finalizers
|
|
- prebackuppods/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- prunes
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- prunes/finalizers
|
|
- prunes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- restores
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- restores/finalizers
|
|
- restores/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- schedules
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- backup.appuio.ch
|
|
resources:
|
|
- schedules/finalizers
|
|
- schedules/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs/finalizers
|
|
- jobs/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods/exec
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-manager-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: k8up-manager-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: k8up
|
|
namespace: 'k8up'
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-leader-election-role
|
|
namespace: 'k8up'
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
# Source: k8up/templates/rbac.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: k8up-leader-election-rolebinding
|
|
namespace: 'k8up'
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: k8up-leader-election-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: k8up
|
|
namespace: 'k8up'
|
|
---
|
|
# Source: k8up/templates/service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: k8up-metrics
|
|
labels:
|
|
helm.sh/chart: k8up-1.0.6
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/version: "v1.0.5"
|
|
app.kubernetes.io/managed-by: Helm
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: http
|
|
selector:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
---
|
|
# Source: k8up/templates/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: k8up
|
|
labels:
|
|
helm.sh/chart: k8up-1.0.6
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/version: "v1.0.5"
|
|
app.kubernetes.io/managed-by: Helm
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
spec:
|
|
securityContext:
|
|
{}
|
|
containers:
|
|
- name: k8up-operator
|
|
image: "quay.io/vshn/k8up:v1.0.5"
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: BACKUP_IMAGE
|
|
value: "quay.io/vshn/wrestic:v0.2.3"
|
|
- name: BACKUP_ENABLE_LEADER_ELECTION
|
|
value: "true"
|
|
- name: BACKUP_OPERATOR_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: BACKUP_GLOBALACCESSKEYID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: access-key-id
|
|
name: global-s3-credentials
|
|
- name: BACKUP_GLOBALSECRETACCESSKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: access-key-secret
|
|
name: global-s3-credentials
|
|
- name: BACKUP_GLOBALREPOPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: secret
|
|
name: global-backup-secret
|
|
- name: BACKUP_GLOBALS3ENDPOINT
|
|
value: http://10.42.42.2:9000
|
|
- name: BACKUP_GLOBALS3BUCKET
|
|
value: knurrli-k8up
|
|
- name: BACKUP_PROMURL
|
|
value: prometheus-pushgateway.monitoring.svc:9091
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
securityContext:
|
|
{}
|
|
resources:
|
|
limits:
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 20m
|
|
memory: 128Mi
|
|
serviceAccountName: k8up
|
|
---
|
|
# Source: k8up/templates/prometheus/servicemonitor.yaml
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: ServiceMonitor
|
|
metadata:
|
|
name: k8up-monitor
|
|
namespace: k8up
|
|
labels:
|
|
helm.sh/chart: k8up-1.0.6
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|
|
app.kubernetes.io/version: "v1.0.5"
|
|
app.kubernetes.io/managed-by: Helm
|
|
spec:
|
|
endpoints:
|
|
- port: http
|
|
interval: 60s
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: k8up
|
|
app.kubernetes.io/instance: k8up
|