feat: Migrate sys applications to helmfile
Move most of helmfiles into temp to test only velero. File structure: ```bash / ├── helmfile.d/ # Helmfiles, *.yaml.gotmpl ├── charts/ # Our own charts, e.g `Atlantis` ├── values # Values for helmfiles │ ├── <chart> │ │ ├── values.yaml.gotmpl # Values to be templated in `values/` │ │ ├── kustomize # Kustomizations per environment │ │ ├── manifests # Raw manifests │ │ │ ├── <chart>.yaml # Argo App for bootstrap │ │ │ ├── dashboards # Grafana dashboards │ │ │ │ └── <chart>-metrics.yaml │ │ │ └── policies # Cilium and Kyverno policies │ │ │ ├── CiliumNetworkPolicy-allow-api-server.yaml │ │ │ └── KyvernoPolicy-regred-secret.yaml │ │ └── values # Values for each environment │ │ ├── <chart>-staging.yaml.gotmpl # Values for staging environment │ │ ├── <chart>-prod.yaml.gotmpl # Values for prod environment │ │ └── <chart>.yaml.gotmpl # Standard values for all environments │ │ │ ├── values.yaml # Standard values for all cluster │ ├── values-oceanbox.yaml # Values overrides for oceanbox │ ├── values-ekman.yaml # Values overrides for ekman ```
This commit is contained in:
@@ -1,4 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- _manifest.yaml
|
||||
@@ -1,4 +0,0 @@
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
resources:
|
||||
- ../base
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,16 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-api-server
|
||||
namespace: velero
|
||||
spec:
|
||||
egress:
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "6443"
|
||||
protocol: TCP
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: velero
|
||||
@@ -0,0 +1,16 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-job-api-server
|
||||
namespace: velero
|
||||
spec:
|
||||
egress:
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "6443"
|
||||
protocol: TCP
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
batch.kubernetes.io/job-name: velero-upgrade-crds
|
||||
@@ -0,0 +1,17 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-prometheus-metrics
|
||||
namespace: velero
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: velero
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: prometheus
|
||||
- toPorts:
|
||||
- ports:
|
||||
- port: "8085"
|
||||
protocol: TCP
|
||||
@@ -0,0 +1,31 @@
|
||||
apiVersion: velero.io/v1
|
||||
kind: Schedule
|
||||
metadata:
|
||||
name: full-backup
|
||||
namespace: velero
|
||||
spec:
|
||||
paused: false
|
||||
schedule: '@every 24h'
|
||||
skipImmediately: false
|
||||
template:
|
||||
csiSnapshotTimeout: 10m0s
|
||||
defaultVolumesToRestic: true
|
||||
excludedNamespaces:
|
||||
- cilium-secrets
|
||||
- cilium-spire
|
||||
- grafana
|
||||
- jaeger
|
||||
- kube-system
|
||||
- loki
|
||||
- rabbitmq
|
||||
- prometheus
|
||||
- tempo
|
||||
- test
|
||||
- velero
|
||||
includedNamespaces:
|
||||
- '*'
|
||||
includedResources:
|
||||
- '*'
|
||||
storageLocation: default
|
||||
ttl: 336h0m0s
|
||||
useOwnerReferencesInBackup: false
|
||||
@@ -10,13 +10,16 @@ spec:
|
||||
server: 'https://kubernetes.default.svc'
|
||||
sources:
|
||||
- repoURL: {{ .Values.clusterConfig.manifests }}
|
||||
targetRevision: HEAD
|
||||
path: helmfiles/velero
|
||||
# targetRevision: HEAD
|
||||
targetRevision: mrtz/helmify
|
||||
path: helmfile.d
|
||||
plugin:
|
||||
name: helmfile
|
||||
name: helmfile-cmp
|
||||
env:
|
||||
- name: CLUSTER_NAME
|
||||
value: {{ .Values.clusterConfig.cluster }}
|
||||
- name: HELMFILE_ENVIRONMENT
|
||||
value: default
|
||||
project: sys
|
||||
syncPolicy:
|
||||
managedNamespaceMetadata:
|
||||
|
||||
@@ -2,16 +2,16 @@ velero:
|
||||
enabled: true
|
||||
autosync: true
|
||||
kubeletRootDir: "/var/lib/kubernetes/pods"
|
||||
bucket: velero-backup
|
||||
bucket: backup
|
||||
bsl: default
|
||||
# Opt-in or opt-out pvc backup
|
||||
# https://velero.io/docs/main/file-system-backup/#to-back-up
|
||||
backupAllVolumes: true
|
||||
credentials:
|
||||
secretName: "s3-credentials"
|
||||
secretName: "velero-s3"
|
||||
s3:
|
||||
region: us-east-1
|
||||
url: "https://nutanix-obj-s3.kube-system"
|
||||
url: "http://10.255.241.30:30080"
|
||||
insecureSkipTLSVerify: true
|
||||
resources:
|
||||
velero:
|
||||
|
||||
@@ -28,17 +28,17 @@ configuration:
|
||||
uploaderType: kopia
|
||||
# Backup all volumes by default
|
||||
defaultVolumesToFsBackup: {{ .Values.velero.backupAllVolumes }}
|
||||
## https://velero.io/docs/v1.6/api-types/backupstoragelocation/
|
||||
# https://velero.io/docs/v1.6/api-types/backupstoragelocation/
|
||||
backupStorageLocation:
|
||||
- name: {{ .Values.velero.bsl }}
|
||||
bucket: {{ .Values.velero.bucket }}
|
||||
provider: aws
|
||||
default: true
|
||||
## prefix is the directory under which all Velero data should be stored within the bucket. Optional.
|
||||
prefix: {{ .Values.cluster_config.cluster }}/velero
|
||||
prefix: {{ .Values.clusterConfig.cluster }}/velero
|
||||
accessMode: ReadWrite
|
||||
config:
|
||||
## ONLY us-east-1 region is supported by nutanix
|
||||
# ONLY us-east-1 region is supported by nutanix
|
||||
region: {{ .Values.velero.s3.region }}
|
||||
s3ForcePathStyle: "true"
|
||||
s3Url: {{ .Values.velero.s3.url }}
|
||||
|
||||
Reference in New Issue
Block a user