From 4b3e4d32a3aaa9f4daf29cfbd70b1d34d74a6e5b Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Fri, 31 Jan 2025 23:30:24 +0100 Subject: [PATCH] Setup linstor for velero volume snapshots --- infrastructure/configs/piraeus/cluster.yaml | 3 +- .../configs/piraeus/kustomization.yaml | 10 ++-- .../configs/piraeus/linstor-passphrase.yaml | 59 +++++++++++++++++++ .../piraeus/volume_snapshot_class.yaml | 19 ++++++ .../controllers/velero/minio-credentials.yaml | 6 +- 5 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 infrastructure/configs/piraeus/linstor-passphrase.yaml create mode 100644 infrastructure/configs/piraeus/volume_snapshot_class.yaml diff --git a/infrastructure/configs/piraeus/cluster.yaml b/infrastructure/configs/piraeus/cluster.yaml index 43513ff..edabff4 100644 --- a/infrastructure/configs/piraeus/cluster.yaml +++ b/infrastructure/configs/piraeus/cluster.yaml @@ -2,4 +2,5 @@ apiVersion: piraeus.io/v1 kind: LinstorCluster metadata: name: linstorcluster -spec: {} +spec: + linstorPassphraseSecret: linstor-passphrase diff --git a/infrastructure/configs/piraeus/kustomization.yaml b/infrastructure/configs/piraeus/kustomization.yaml index 318ed07..cd86ce3 100644 --- a/infrastructure/configs/piraeus/kustomization.yaml +++ b/infrastructure/configs/piraeus/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - cluster.yaml - - pool.yaml - - storage.yaml - - storage-replicated.yaml + - ./linstor-passphrase.yaml + - ./cluster.yaml + - ./pool.yaml + - ./storage.yaml + - ./storage-replicated.yaml + - ./volume_snapshot_class.yaml diff --git a/infrastructure/configs/piraeus/linstor-passphrase.yaml b/infrastructure/configs/piraeus/linstor-passphrase.yaml new file mode 100644 index 0000000..bd6a6c5 --- /dev/null +++ b/infrastructure/configs/piraeus/linstor-passphrase.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Secret +metadata: + name: linstor-passphrase + namespace: piraeus-datastore +data: + MASTER_PASSPHRASE: ENC[AES256_GCM,data:AC0tYZn9Zt3f5LHELnmzRQqKp563uJBNEAOQrJxUzYHs9c9Z1P4n/tXSNy83PCikZg05/OD9W4luE7c2,iv:VzSWt/+txIR45Gt5Mqe1MZ9aT7eEkARJ4K2hZ0eeNTM=,tag:FV4pI+JBeisZsa1o7AweDQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-01-31T22:32:23Z" + mac: ENC[AES256_GCM,data:EB6aKYEf0B1X+l+Vnae9Y0OELicC82+emluIRRCXbsK7uO56kjBiS8od7YMj/D05QL1T4lMp0kYy7HsECS67p3QqbU/AeMqqWSbthHEOpdYuFtSNt+r0nrAQhXfdy6RfTtWQbNliv9iS1ZP1t4mgYRCXczlQaStwOmMFDVPWVxU=,iv:fy5/XV7wSJofj8Aqw3SAqtcvt1r+trhPOTBSbfkKCuQ=,tag:zqZX2itnCa0W71HQ4aMaAw==,type:str] + pgp: + - created_at: "2025-01-31T22:28:33Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7pKPTYH5bqOAQ/9HfSbk5A5GYW45GfRt/pS4ExOtRt+vlIb5oqQ2l4Hg4Pv + I0CIBnTiZvMxfFVARUITutkMM2UshZL8d5Nbux107PP0YFXGAPfkCOk6p7VEBLXR + O44qCsz3FNuE3B8whsr+JQfjK5a9V/VmLkBTtsTX9X4Dlla9ijKQW8XRho+XeC5V + noeefFkvYmzvEGMn0kVoytCQvhmcfQbkzgwzpHjQ1snybx7u+47FVNBfOmagvJki + lktxBKmpjQtrL4bztIFh+qL9o7GJh2Z4vW7igWjIxUsvp+mBlz5KiF01Oq/6bAzf + /+fLrAYFWRkPQ741LyzVx+kCBrSmVwuLL8O00C6A2Vhr/lE7D2oNxpzeSFKv4hNc + moMGVCFPJTejRPvgI4ZuuNPNIt68HZGEuQDDpNx6XErnA6xvKYdaYChWPkh0Qo9q + fzL5mcibWYTBjN2MAO6bBm+VlxK+0PuCFJzBOtGze30iAztBfJPjstRPM6Q7e6XE + 8d+mrr55NhQ6dWPjBZv+rCPT9YcBnHcVGJXedEmnAwKfxEBNOTCoGPgkFjHLuUHK + ayZh7LkpPqrEQtDIo4U36BrO3CvL341sKDsYhUEu5rVJZgq7LYiaIqhGUataPOEs + eJtlTPHNIOfIEOg4OBcr8KnlAQNhwwiZjiUgLA5Jw7lRB+ZJfLcR+NNi0xuAIU3U + aAEJAhBEyYzeJqVaaRHYrQd+mQ/c/HCNk6M/p4R49AQu9sUZA69By1pwGP8aTK8M + u+gZ1vPxXZAzOM5afVg2mGDtjgeKqopC/PEnWayxjiJIrjMdHDP0Oyn4WJ2eWWrn + emKxkc8H0hcT + =569C + -----END PGP MESSAGE----- + fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E + - created_at: "2025-01-31T22:28:33Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoAQ//SW2mG6kPoZov4up0Wz3JpqMFEvKJzqNrsMxard5D8DeX + UDwPkEW7sNFnBDwV6CJgLIZbap53ldpTjQU238/YZn+IhyNQYV1nFZB8zkrlhVy+ + DYQeNkiA+HQZWo2bxDJKnhmghojPHC70WYvDp4MJslJLg0ash3yFFkUzhCiPAFsW + 4CPxLj4++JOo44aU7KboQas9cKcBqs+/KFWduSssHEwGpetwNNitHbCcKqMI+qkQ + hCHiPpj5OyrHw/sbobINKFCo4a9hznlwiVm+pRMHJ9+cziiSuVt1JuwENXGTx99+ + l7P+D573JiqLNyNT3XNw4FtLrnlfp43eWfR9trmInBj6/8yy1ZMxNH4hpk5zn9dx + o4QDL8oCaYrHvnBhPwWpHo46LI7sdR+E2quOjEjHqg/Pv1hqqoSCg9MXyE+qlTpI + Wgc1VdabOrxrQ8Q3fQ1k8A+L/vNVyEWE5fZGp6aawUygZ7hmCTJTNZfq5UrvHr4a + q/oIK5ulJ33tBuP/5EOAei/IelsdZNN/EK0VpDviMeG3ARaXoAbW+jxYTCBfEj5q + aDXoKiS0Gax0Ij+ZWjSuJq5//JE5co6zn1Vt6JhCh1ZSt6hvWqJUcD/Vul/TlASB + bHdA/4C+ofbC6fdATBpDjErA+ZcwGFYQTXn/yp/0RKCuUGTymcc/AJamHg04gDTS + XgETU9QvfvomT1GTImL+hSM94jEcouqq/LFVwv4wM7ekEkmYigGFyehHXE0dLSni + FLMvI2cz2+R8vwGXJ8OMddvzjoUkbUEuiCd+l096SACN9/E3WJv52+vzvTwXwFg= + =Ibfn + -----END PGP MESSAGE----- + fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/infrastructure/configs/piraeus/volume_snapshot_class.yaml b/infrastructure/configs/piraeus/volume_snapshot_class.yaml new file mode 100644 index 0000000..6e61852 --- /dev/null +++ b/infrastructure/configs/piraeus/volume_snapshot_class.yaml @@ -0,0 +1,19 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: linstor-csi-snapshot-class-s3 + labels: + velero.io/csi-volumesnapshot-class: "true" +driver: linstor.csi.linbit.com +deletionPolicy: Retain +parameters: + snap.linstor.csi.linbit.com/type: S3 + snap.linstor.csi.linbit.com/remote-name: titan-testing-backup + snap.linstor.csi.linbit.com/allow-incremental: "true" + snap.linstor.csi.linbit.com/s3-bucket: titan-testing-backup + snap.linstor.csi.linbit.com/s3-endpoint: minio.huizinga.dev + snap.linstor.csi.linbit.com/s3-signing-region: minio + snap.linstor.csi.linbit.com/s3-use-path-style: "true" + # Refer here to the secret that holds access and secret key for the S3 endpoint. + csi.storage.k8s.io/snapshotter-secret-name: minio-credentials + csi.storage.k8s.io/snapshotter-secret-namespace: velero diff --git a/infrastructure/controllers/velero/minio-credentials.yaml b/infrastructure/controllers/velero/minio-credentials.yaml index ce91a55..02fea45 100644 --- a/infrastructure/controllers/velero/minio-credentials.yaml +++ b/infrastructure/controllers/velero/minio-credentials.yaml @@ -5,14 +5,16 @@ metadata: type: Opaque stringData: cloud: ENC[AES256_GCM,data:IzMq0prcgddDBEncz3Pzfi9QMPbC1ycK0FLdc5eVWJa2zv1ro/DmoEJ1BGWxoKgkpQ7ApM9lcO2x8CeU2oAvmpkZg6feKWsFuonzEoBbhZ4sOhIkb2KZMu/p5+Tznk+dD7bxqQ==,iv:5WPjhx+53/sDJz11aFqoBQtyhBBQuljzZtqb/8rX8Fc=,tag:n9ZMjsW7QY1XkK8TwpndtA==,type:str] + access-key: ENC[AES256_GCM,data:feVBfF5CCLKSFBawSqS7HA==,iv:iHsSEeLcqLhmjIjOLWWxU+DXRaRhzIjuzsBGleUgKrA=,tag:aPFmtOml6suaK9MA2O81hQ==,type:str] + secret-key: ENC[AES256_GCM,data:wdQTHMygsn2UVd2rcAhIE/7EBnTSwGvsTkqeIjyQ0x0=,iv:iPWbQmX3ipXwzwc4QEilCGEPw75872A6CGg6L6kKwkE=,tag:i9csCUYKAVaxOflK2ob0Jw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2025-01-31T22:07:06Z" - mac: ENC[AES256_GCM,data:34QXny0VIWueqX564KqrWzsidZuiu5L7hIdRcYzLcHl1kErggCrtHZBLm/twOzDq37vRvVIW+NN2KehARDM8V2oxOYvP8yQ5zyUYDNaDIU/y5ncH2/OEcdz5hszZ5ja0YhDMq5eLGjX5HOe0ZdNSCxfLKwYaHZguL0x0mOHu2ME=,iv:W/ee9mhUS+uvJ7t5Vmy3FiibjcB0d0/RJjTX6/4kv/U=,tag:tj4DAw5r+q+/P2FqABlTvg==,type:str] + lastmodified: "2025-01-31T22:21:08Z" + mac: ENC[AES256_GCM,data:/4u0wwUmLsDnqYyToK6wOW65cQ/wfG9t3cGoLab6FjRGFsTtsCY0Rfl+qWk3cXWxBoboBlfrvZJSqyzlyAy7kBvCkmBFDmihfP8CG2fftOxWGPJsy0mAnr8WDP0ETKm9qdWQiawZO7NdRC+AAIYg8B4/CCM6/L5IgrAorlk4Tgo=,iv:a4XB6C6BhpqjX7Iqdo8FQCXDdbUnbP53ew8ktPxBI9A=,tag:SUzwB64RKAkuW8ZkiuWlpw==,type:str] pgp: - created_at: "2025-01-31T22:07:06Z" enc: |-