Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add velero package #210

Merged
merged 32 commits into from
Mar 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
9e86a29
initial velero commit... still need to work through minio config
Feb 27, 2024
b2e9495
chart version was super wrong?
Feb 28, 2024
5f148c5
naming
Feb 28, 2024
628b5c9
setting image values, adding defaults to match k3d-dev env
Feb 28, 2024
76f8831
bumping uds-k3d version
Feb 28, 2024
879ccae
2 other places for uds-k3d verison :see-no-evil:
Feb 28, 2024
b7ada11
updated README
Feb 29, 2024
baa4496
adding kubectl config to common values
Feb 29, 2024
97bfa9d
populating oscal doc based on BB
Feb 29, 2024
95b641e
swapping kubectl images :upside_down_face:
Feb 29, 2024
d5545d2
tags
Feb 29, 2024
3a7c98d
shaking out the lint
Feb 29, 2024
2eef9c8
Merge branch 'main' into feature/add-velero
jeff-mccoy Mar 1, 2024
0c230ed
Merge branch 'main' into feature/add-velero
blancharda Mar 4, 2024
d9dfcc0
adjusting uds-k3d version in example bundles
Mar 4, 2024
524b766
trying uds-k3d 0.4
Mar 4, 2024
0737cbf
removing unnececary velero kubectl config
Mar 4, 2024
50b25aa
removing flux from default backup configuration exclusions
Mar 4, 2024
7ad3b3a
Update src/velero/chart/templates/uds-package.yaml
blancharda Mar 4, 2024
2bbafa0
consolodating task defs
Mar 4, 2024
a3c6414
Merge branch 'feature/add-velero' of https://github.com/defenseunicor…
Mar 4, 2024
bc447b3
back to uds-k3d 0.5.0
Mar 4, 2024
9d8a930
Merge branch 'main' into feature/add-velero
blancharda Mar 4, 2024
2afe619
Merge branch 'main' into feature/add-velero
mjnagel Mar 11, 2024
0b2c1ce
Merge branch 'main' into feature/add-velero
Mar 11, 2024
ab75699
removing unused plugin images
Mar 11, 2024
4877e40
moving velero out of the 'future' list in the README
Mar 12, 2024
a82ebb4
Merge branch 'main' into feature/add-velero
Mar 12, 2024
aaa7d1e
Merge branch 'main' into feature/add-velero
mjnagel Mar 13, 2024
d8f5fa4
Update src/velero/chart/templates/uds-package.yaml
blancharda Mar 13, 2024
7114f69
Merge branch 'main' into feature/add-velero
blancharda Mar 14, 2024
6b4a701
docs, values, profit
mjnagel Mar 14, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ UDS Core establishes a secure baseline for cloud-native systems and ships with c
- [Pepr](https://pepr.dev) - UDS policy engine & operator
- [Prometheus Stack](https://github.com/prometheus-operator/kube-prometheus) - Monitoring
- [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) - Log Aggregation
- [Velero](https://velero.io/) - Backup & Restore

#### Future Applications

- [Kiali](https://kiali.io/) - Service Mesh Observability
- [Tempo](https://grafana.com/docs/tempo/latest/getting-started/) - Tracing
- [Velero](https://velero.io/) - Backup & Restore

---

Expand Down
6 changes: 6 additions & 0 deletions packages/standard/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,9 @@ components:
required: true
import:
path: ../../src/authservice

# Velero
- name: velero
required: true
import:
path: ../../src/velero
98 changes: 98 additions & 0 deletions src/velero/README.md
Original file line number Diff line number Diff line change
@@ -1 +1,99 @@
## Velero

https://velero.io/

## Deployment Prerequisites

### Resources

- k3d installed on machine

#### Object Storage

S3 compatible object storage must be available in order to use this package. Bucket information and access credentials can be provided via configuration values / env vars:

- Bucket ID: `ZARF_VAR_VELERO_BUCKET`
- Bucket Region: `ZARF_VAR_VELERO_BUCKET_REGION`
- Bucket Provider URL: `ZARF_VAR_VELERO_BUCKET_PROVIDER_URL`
- Access Key: `ZARF_VAR_VELERO_BUCKET_KEY`
- Access Key Secret: `ZARF_VAR_VELERO_BUCKET_KEY_SECRET`

As an alternative to providing the access key and secret via variable, you can reference a secret with the following format
```
apiVersion: v1
kind: Secret
metadata:
name: ###ZARF_VAR_VELERO_BUCKET_CREDENTIALS_SECRET###
namespace: velero
type: kubernetes.io/opaque
stringData:
cloud: |-
[default]
aws_access_key_id=###ZARF_VAR_ACCESS_KEY###
aws_secret_access_key=###ZARF_VAR_SECRET_KEY###
```

By overriding the velero values in the bundle as follows:
```
- name: core
overrides:
velero:
velero:
values:
- path: "credentials.existingSecret"
value: "velero-bucket-credentials"
```

## Plugin Compatability
This package currently assumes the availability of S3 API compatible object storage. As such, only the AWS specific plugin image is included. More information about all available plugins [can be found in the upstream docs](https://velero.io/plugins/). Ironbank includes images for Azure and the generic CSI driver, but those are currently excluded from this package. We may revisit package defaults at some point in the future depending on usage and user requests.

## Deploy

### Build and Deploy Everything locally via UDS tasks

```bash
# build the bundle for testing
UDS_PKG=velero uds run create-single-package

# setup a k3d test env
uds run setup-test-cluster

# deploy the bundle
UDS_PKG=velero uds run deploy-single-package
```

### Test the package via UDS tasks
Running the following will check that the velero deployment exists in the cluster and attempt to execute a backup:
```bash
uds run -f src/velero/tasks.yaml validate
```
> Alternatively, you can combine package creation, cluster setup, package deploy and the test command with a simple `UDS_PKG=velero uds run test-single-package`

## Manually trigger the default backup for testing purposes
```
velero backup create --from-schedule velero-udsbackup -n velero
```
> NOTE: requires [the velero CLI](https://velero.io/docs/v1.3.0/velero-install/)

Alternatively, manually create a `backup` object with `kubectl`:
```bash
uds zarf tools kubectl apply -f - <<-EOF
apiVersion: velero.io/v1
kind: Backup
metadata:
name: test-backup
namespace: velero
spec:
csiSnapshotTimeout: 0s
excludedNamespaces:
- kube-system
- flux
- velero
hooks: {}
includeClusterResources: true
itemOperationTimeout: 0s
metadata: {}
snapshotVolumes: false
ttl: 240h0m0s
EOF
```
23 changes: 23 additions & 0 deletions src/velero/chart/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
18 changes: 18 additions & 0 deletions src/velero/chart/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v2
name: uds-velero-config
description: Velero configuration for UDS

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
62 changes: 62 additions & 0 deletions src/velero/chart/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "uds-velero-config.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "uds-velero-config.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "uds-velero-config.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "uds-velero-config.labels" -}}
helm.sh/chart: {{ include "uds-velero-config.chart" . }}
{{ include "uds-velero-config.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "uds-velero-config.selectorLabels" -}}
app.kubernetes.io/name: {{ include "uds-velero-config.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "uds-velero-config.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "uds-velero-config.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
27 changes: 27 additions & 0 deletions src/velero/chart/templates/uds-package.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: uds.dev/v1alpha1
kind: Package
metadata:
name: velero
namespace: {{ .Release.Namespace }}
spec:
network:
allow:
# Todo: wide open for now for pushing to s3
- direction: Egress
podLabels:
app.kubernetes.io/name: velero
remoteGenerated: Anywhere

- direction: Egress
podLabels:
batch.kubernetes.io/job-name: "velero-upgrade-crds"
remoteGenerated: KubeAPI

- direction: Ingress
remoteNamespace: monitoring
remoteSelector:
app: prometheus
selector:
app.kubernetes.io/name: velero
port: 8068
description: "Prometheus Metrics"
Empty file added src/velero/chart/values.yaml
Empty file.
40 changes: 40 additions & 0 deletions src/velero/common/zarf.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
kind: ZarfPackageConfig
metadata:
name: uds-core-velero-common
description: "UDS Core Velero Common"
url: https://velero.io/

variables:
- name: VELERO_BUCKET_PROVIDER_URL
description: "S3 compatible object storage service for use with Velero"
default: "http://minio.uds-dev-stack.svc.cluster.local:9000"
- name: VELERO_BUCKET
description: "S3 compatible object storage bucket for use with Velero"
default: "uds"
- name: VELERO_BUCKET_REGION
description: "Region of the bucket for use with Velero"
default: "uds-dev-stack"
- name: VELERO_BUCKET_KEY
description: "Key to use when connecting to the Velero bucket"
default: "uds"
- name: VELERO_BUCKET_KEY_SECRET
sensitive: true
description: "Key secret to use when connecting to the Velero bucket"
default: "uds-secret"

components:
- name: velero
required: true
charts:
- name: uds-velero-config
namespace: velero
version: 0.1.0
localPath: ../chart
- name: velero
namespace: velero
url: https://vmware-tanzu.github.io/helm-charts
version: 5.4.1
repoName: velero
releaseName: velero
valuesFiles:
- ../values/values.yaml
Loading