From e761a101359acc33cd85283a0b067afa0f90739e Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Tue, 4 Feb 2025 02:19:50 +0100 Subject: [PATCH] Let velero upload the content of volume snapshots --- infrastructure/configs/piraeus/cluster.yaml | 3 +- .../configs/piraeus/kustomization.yaml | 1 - .../configs/piraeus/linstor-passphrase.yaml | 59 ------------------- .../piraeus/volume_snapshot_class.yaml | 15 +---- .../controllers/velero/helm_release.yaml | 8 +-- .../controllers/velero/kustomization.yaml | 1 + .../controllers/velero/repo-credentials.yaml | 59 +++++++++++++++++++ 7 files changed, 66 insertions(+), 80 deletions(-) delete mode 100644 infrastructure/configs/piraeus/linstor-passphrase.yaml create mode 100644 infrastructure/controllers/velero/repo-credentials.yaml diff --git a/infrastructure/configs/piraeus/cluster.yaml b/infrastructure/configs/piraeus/cluster.yaml index edabff4..43513ff 100644 --- a/infrastructure/configs/piraeus/cluster.yaml +++ b/infrastructure/configs/piraeus/cluster.yaml @@ -2,5 +2,4 @@ apiVersion: piraeus.io/v1 kind: LinstorCluster metadata: name: linstorcluster -spec: - linstorPassphraseSecret: linstor-passphrase +spec: {} diff --git a/infrastructure/configs/piraeus/kustomization.yaml b/infrastructure/configs/piraeus/kustomization.yaml index cd86ce3..faaa39d 100644 --- a/infrastructure/configs/piraeus/kustomization.yaml +++ b/infrastructure/configs/piraeus/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./linstor-passphrase.yaml - ./cluster.yaml - ./pool.yaml - ./storage.yaml diff --git a/infrastructure/configs/piraeus/linstor-passphrase.yaml b/infrastructure/configs/piraeus/linstor-passphrase.yaml deleted file mode 100644 index bd6a6c5..0000000 --- a/infrastructure/configs/piraeus/linstor-passphrase.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: linstor-passphrase - namespace: piraeus-datastore -data: - MASTER_PASSPHRASE: ENC[AES256_GCM,data:AC0tYZn9Zt3f5LHELnmzRQqKp563uJBNEAOQrJxUzYHs9c9Z1P4n/tXSNy83PCikZg05/OD9W4luE7c2,iv:VzSWt/+txIR45Gt5Mqe1MZ9aT7eEkARJ4K2hZ0eeNTM=,tag:FV4pI+JBeisZsa1o7AweDQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2025-01-31T22:32:23Z" - mac: ENC[AES256_GCM,data:EB6aKYEf0B1X+l+Vnae9Y0OELicC82+emluIRRCXbsK7uO56kjBiS8od7YMj/D05QL1T4lMp0kYy7HsECS67p3QqbU/AeMqqWSbthHEOpdYuFtSNt+r0nrAQhXfdy6RfTtWQbNliv9iS1ZP1t4mgYRCXczlQaStwOmMFDVPWVxU=,iv:fy5/XV7wSJofj8Aqw3SAqtcvt1r+trhPOTBSbfkKCuQ=,tag:zqZX2itnCa0W71HQ4aMaAw==,type:str] - pgp: - - created_at: "2025-01-31T22:28:33Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA7pKPTYH5bqOAQ/9HfSbk5A5GYW45GfRt/pS4ExOtRt+vlIb5oqQ2l4Hg4Pv - I0CIBnTiZvMxfFVARUITutkMM2UshZL8d5Nbux107PP0YFXGAPfkCOk6p7VEBLXR - O44qCsz3FNuE3B8whsr+JQfjK5a9V/VmLkBTtsTX9X4Dlla9ijKQW8XRho+XeC5V - noeefFkvYmzvEGMn0kVoytCQvhmcfQbkzgwzpHjQ1snybx7u+47FVNBfOmagvJki - lktxBKmpjQtrL4bztIFh+qL9o7GJh2Z4vW7igWjIxUsvp+mBlz5KiF01Oq/6bAzf - /+fLrAYFWRkPQ741LyzVx+kCBrSmVwuLL8O00C6A2Vhr/lE7D2oNxpzeSFKv4hNc - moMGVCFPJTejRPvgI4ZuuNPNIt68HZGEuQDDpNx6XErnA6xvKYdaYChWPkh0Qo9q - fzL5mcibWYTBjN2MAO6bBm+VlxK+0PuCFJzBOtGze30iAztBfJPjstRPM6Q7e6XE - 8d+mrr55NhQ6dWPjBZv+rCPT9YcBnHcVGJXedEmnAwKfxEBNOTCoGPgkFjHLuUHK - ayZh7LkpPqrEQtDIo4U36BrO3CvL341sKDsYhUEu5rVJZgq7LYiaIqhGUataPOEs - eJtlTPHNIOfIEOg4OBcr8KnlAQNhwwiZjiUgLA5Jw7lRB+ZJfLcR+NNi0xuAIU3U - aAEJAhBEyYzeJqVaaRHYrQd+mQ/c/HCNk6M/p4R49AQu9sUZA69By1pwGP8aTK8M - u+gZ1vPxXZAzOM5afVg2mGDtjgeKqopC/PEnWayxjiJIrjMdHDP0Oyn4WJ2eWWrn - emKxkc8H0hcT - =569C - -----END PGP MESSAGE----- - fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E - - created_at: "2025-01-31T22:28:33Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA51kG++kLewoAQ//SW2mG6kPoZov4up0Wz3JpqMFEvKJzqNrsMxard5D8DeX - UDwPkEW7sNFnBDwV6CJgLIZbap53ldpTjQU238/YZn+IhyNQYV1nFZB8zkrlhVy+ - DYQeNkiA+HQZWo2bxDJKnhmghojPHC70WYvDp4MJslJLg0ash3yFFkUzhCiPAFsW - 4CPxLj4++JOo44aU7KboQas9cKcBqs+/KFWduSssHEwGpetwNNitHbCcKqMI+qkQ - hCHiPpj5OyrHw/sbobINKFCo4a9hznlwiVm+pRMHJ9+cziiSuVt1JuwENXGTx99+ - l7P+D573JiqLNyNT3XNw4FtLrnlfp43eWfR9trmInBj6/8yy1ZMxNH4hpk5zn9dx - o4QDL8oCaYrHvnBhPwWpHo46LI7sdR+E2quOjEjHqg/Pv1hqqoSCg9MXyE+qlTpI - Wgc1VdabOrxrQ8Q3fQ1k8A+L/vNVyEWE5fZGp6aawUygZ7hmCTJTNZfq5UrvHr4a - q/oIK5ulJ33tBuP/5EOAei/IelsdZNN/EK0VpDviMeG3ARaXoAbW+jxYTCBfEj5q - aDXoKiS0Gax0Ij+ZWjSuJq5//JE5co6zn1Vt6JhCh1ZSt6hvWqJUcD/Vul/TlASB - bHdA/4C+ofbC6fdATBpDjErA+ZcwGFYQTXn/yp/0RKCuUGTymcc/AJamHg04gDTS - XgETU9QvfvomT1GTImL+hSM94jEcouqq/LFVwv4wM7ekEkmYigGFyehHXE0dLSni - FLMvI2cz2+R8vwGXJ8OMddvzjoUkbUEuiCd+l096SACN9/E3WJv52+vzvTwXwFg= - =Ibfn - -----END PGP MESSAGE----- - fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 - encrypted_regex: ^(data|stringData)$ - version: 3.9.1 diff --git a/infrastructure/configs/piraeus/volume_snapshot_class.yaml b/infrastructure/configs/piraeus/volume_snapshot_class.yaml index 362a8ff..5fb2b86 100644 --- a/infrastructure/configs/piraeus/volume_snapshot_class.yaml +++ b/infrastructure/configs/piraeus/volume_snapshot_class.yaml @@ -1,19 +1,6 @@ apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: - name: linstor-csi-snapshot-class-s3 - labels: - velero.io/csi-volumesnapshot-class: "true" + name: piraeus-snapshots driver: linstor.csi.linbit.com deletionPolicy: Delete -parameters: - snap.linstor.csi.linbit.com/type: S3 - snap.linstor.csi.linbit.com/remote-name: titan-testing-backup - snap.linstor.csi.linbit.com/allow-incremental: "true" - snap.linstor.csi.linbit.com/s3-bucket: titan-testing-backup - snap.linstor.csi.linbit.com/s3-endpoint: minio.huizinga.dev - snap.linstor.csi.linbit.com/s3-signing-region: minio - snap.linstor.csi.linbit.com/s3-use-path-style: "true" - # Refer here to the secret that holds access and secret key for the S3 endpoint. - csi.storage.k8s.io/snapshotter-secret-name: minio-credentials - csi.storage.k8s.io/snapshotter-secret-namespace: velero diff --git a/infrastructure/controllers/velero/helm_release.yaml b/infrastructure/controllers/velero/helm_release.yaml index 4df4b42..6cef56d 100644 --- a/infrastructure/controllers/velero/helm_release.yaml +++ b/infrastructure/controllers/velero/helm_release.yaml @@ -17,6 +17,7 @@ spec: existingSecret: minio-credentials configuration: features: EnableCSI + defaultSnapshotMoveData: true backupStorageLocation: - name: minio provider: aws @@ -27,10 +28,9 @@ spec: s3ForcePathStyle: true s3Url: https://minio.huizinga.dev checksumAlgorithm: "" - volumeSnapshotLocation: - - name: csi - provider: csi - default: true + snapshotsEnabled: false + volumeSnapshotLocation: [] + deployNodeAgent: true initContainers: - name: velero-plugin-for-aws image: velero/velero-plugin-for-aws:v1.11.1 diff --git a/infrastructure/controllers/velero/kustomization.yaml b/infrastructure/controllers/velero/kustomization.yaml index 492485d..75c24b4 100644 --- a/infrastructure/controllers/velero/kustomization.yaml +++ b/infrastructure/controllers/velero/kustomization.yaml @@ -5,4 +5,5 @@ resources: - ./namespace.yaml - ./helm_repository.yaml - ./minio-credentials.yaml + - ./repo-credentials.yaml - ./helm_release.yaml diff --git a/infrastructure/controllers/velero/repo-credentials.yaml b/infrastructure/controllers/velero/repo-credentials.yaml new file mode 100644 index 0000000..c2fea02 --- /dev/null +++ b/infrastructure/controllers/velero/repo-credentials.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Secret +metadata: + name: velero-repo-credentials +type: Opaque +data: + repository-password: ENC[AES256_GCM,data:Fmbz0SxShWFRA1wVMrcW8Mw8G8IQRoTLFrXk6y+tpAWa1vas2aLwznauO/8LavOXJWjala5FoqQg3yGv,iv:umsaV26M6PitE4SvBtxLyFmwWcFUv3TdnbV4PiQc2Co=,tag:ElpY6dXdgRqJ2endG+rkMw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-02-05T00:25:06Z" + mac: ENC[AES256_GCM,data:iU7MrvJfJouWY5zYBzcWjgbWJYvzhDLtOA5f4D+JnwoyvZ72v1RFC1JBu4+nWUJyMI+MULIdgJRKSv2byY/618KdRQAJ5vX4fWRYwrJ9pSzSvZpX0S6Tf/xOkXtnZ9NCye6JkTZvaHmO+Tz4Yy4roRMUIZ0ZMmQMJQHPCAZQ7dw=,iv:QUJWbjDfIJADc9dcJ2Rxg/yUusjaztsPhgQCxE8jLic=,tag:X0zYqMdI23c/MIRNgHsvBA==,type:str] + pgp: + - created_at: "2025-02-05T00:25:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7pKPTYH5bqOAQ/+OVWMhpalySLtxSLY6C+ebJMMMuic4IiFZvk4a9THUr/e + AwrO30CYAOBRy0a5X3jqjGQn7+ufQmoK/9hYOjsQQsWGd8z5BtuyGveu5qPSGYNK + kr5pGCn+BtmTl2Jxv9//A/rvfnYn01iNOvfE+B+gJIexz9FmXN6nlRAHOxYxbYsC + 7Mhq+LOc2HHWA0R2mEW1yZr0OoImEeCs+WxRjEJ5Lf+i9D/6h8Zb9aAIjUFhzGmx + +Pyi17XfHWsMEK/mPm+eNcbhNbmiL2otzMIONHN1wHhXOEfmcnk25j1BS0MNBukH + eRcqAfj7qTg/twP2xmFtaEVRkDp8cN6Kg3RmZShBxsfJycTYAJBlgpRs3MD7l5cE + s3U6CBsmzgzqdrqHTKyYDMoPNup/mv1KKajOE7/iUeT663PLlSe6nORkwL+q50/8 + 5EFJ7BCpP9hD3nj+mO+CwP+vzd7+FMwU9c395tbD6iWPyYHKLjuvdc8bOxRm0Tch + R/Msch5qVyk3KceWyP6aqV0I5yKX7PKIEm9PfKsprkTbL7kDYLw4360Je5ZIrb+e + yxJQAZ0rpOR0xNQabtDfapQjMvdh1UdzljYC3lwSjsCaqz7BJ2Tw5tR7K4OGXi4X + egUzEXiz83uA/Yy47MRLSZpllbs0gmcvznN3EzbvULRLXfMqNAon6Mbfw/SQrQzU + ZgEJAhDJVLb1a8/tv3OXliQe1EePQWKUuXtvDUvLjoPBLYeRknvp84728bXMuayS + WKKHXOBEVCabAT7uIieGJ75ZdllPguoHRK8bRpBvDxRSIFMkLqEKlfn3VDwc+ZbO + VO66QFvOeg== + =CAbH + -----END PGP MESSAGE----- + fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E + - created_at: "2025-02-05T00:25:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoAQ//Z13qu7FZOQbPyOG46OFBWwyPPrjgHgjEkwqeYkw2hLf8 + q8Nbj3A3w/ATERUnOVY9qY9/hMmXp/6TvEhYGGxWxDuIeWNCpbjb0x1yOrdK6T24 + 0LjjqP3TcPlHJb6/XyfP3J9CDMh47Jh1WoX91V3Az3QRSjixJS8Qb5g9Z6HCr/HB + K4pn1MX1wikYZhc1D/RR03OGrMnj4sUcNSFpnJVuKVXvS6cSEnchgBz1hW34FJ3G + BW+kDdPP+U5CsbmnbVS8lEge/FxUtF4tczlFcRxujiLGmrkrvORn96NPjqobHfTk + B4LLmbgiTwpUUq9n+kXZHPaVYoFXlChS0JdIMO0nf3jZefEWrDB6/chVoP8ks8Nf + txgn/KNkNTo5kGrzj3buqliEh1dtsm3bqnXems7Fa+tHyPnZHcTPgSpXjjDi3J3f + /LJDaNqPfS4FyFPF0EilD8rdmutOXWw1wZrruDTmWuvYHG8fJoSDaZKKA7fTjh1c + xE8LAKfaZwg0GsvusnnlaUQCtk2QnDZmfAF7q2Z/9TTeav+jBH5j+D1VqFFyE7wm + Y5grYBSs6poEaS+/NVeVtwtMAw0PYL+arMPNDg4hMSsBnlClcZlIAFCkeVb6oIRM + 2+1r04U8bRujCJj4DwhvPuXDsYe8w786zcqgxgvcAjKrXR+/oSDiLp9EKeQkMl3S + XAHr61Q8fcwKL4XXceSAjq47Wf/13XH59/X4D/6rcLbMN9rZTJdaKkDNnbDA0Uep + KRu7lgtAUlzwZa3XdFiz7hUkN9a9glCel/lspm0Ypo3oQLHxZiwKAh1W4eqA + =ZYZj + -----END PGP MESSAGE----- + fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 + encrypted_regex: ^(data|stringData)$ + version: 3.9.1