-
Notifications
You must be signed in to change notification settings - Fork 5
/
10-kube-backup.yaml
132 lines (132 loc) · 3.39 KB
/
10-kube-backup.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-backup-reader
rules:
- apiGroups: ["*"]
resources: [
"configmaps",
"cronjobs",
"deployments",
"daemonsets",
"ingresses",
"namespaces",
"networkpolicies",
"replicationcontrollers",
"services",
"secrets",
"statefulsets",
"storageclasses",
"customresourcedefinitions"
]
verbs: ["get", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-backup
namespace: default
subjects:
- kind: ServiceAccount
name: kube-backup
namespace: kube-system
roleRef:
kind: ClusterRole
name: kube-backup-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-backup
namespace: kube-system
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: kube-state-backup
namespace: kube-system
labels:
app: kube-backup
spec:
schedule: "*/10 * * * *"
concurrencyPolicy: Replace
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
metadata:
labels:
app: kube-backup
name: kube-backup
spec:
containers:
- image: ptlange/kube-backup:1.9.3-2
imagePullPolicy: Always
name: backup
resources: {}
env:
- name: RESOURCETYPES
value: "ingress deployment configmap secret svc rc ds thirdpartyresource networkpolicy statefulset storageclass cronjob"
- name: GIT_REPO
value: "git@github.com:strix-kr/k8s-backup.git"
- name: GIT_USERNAME
value: "kube-backup"
- name: GIT_EMAIL
value: "kube-backup@k8s.strix.kr"
- name: GITCRYPT_ENABLE
value: "true"
- name: GITCRYPT_SYMMETRIC_KEY
value: "/secrets/symmetric.key"
volumeMounts:
- name: gitcryptkey
mountPath: /secrets
- name: sshkey
mountPath: /backup/.ssh
- name: cache
mountPath: /backup/
dnsPolicy: ClusterFirst
terminationGracePeriodSeconds: 30
serviceAccountName: kube-backup
volumes:
- name: gitcryptkey
secret:
defaultMode: 420
secretName: kube-backup-gitcryptkey
- name: sshkey
secret:
defaultMode: 420
secretName: kube-backup-sshkey
- name: cache
emptyDir: {}
restartPolicy: OnFailure
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: kube-state-backup-cleaner
namespace: kube-system
labels:
app: kube-backup-cleaner
spec:
schedule: "1 6 * * *"
concurrencyPolicy: Replace
jobTemplate:
spec:
template:
metadata:
name: job-cleanup
labels:
app: kube-backup-cleaner
spec:
restartPolicy: OnFailure
containers:
- name: kubectl
image: quay.io/coreos/hyperkube:v1.5.4_coreos.0
command: [ '/bin/bash', '-c', '/hyperkube kubectl get jobs -l app=kube-backup -o name --sort-by=metadata.creationTimestamp | head -n -2 | xargs /hyperkube kubectl delete; exit 0' ]
resources:
requests:
cpu: 0.1
memory: 256Mi
---