53 lines
1.6 KiB
YAML
53 lines
1.6 KiB
YAML
{{- if and (.Values.kyverno.enabled) (.Values.postgres_operator.enabled) (.Values.velero.enabled) }}
|
|
apiVersion : kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: cnpg-add-backup-section
|
|
annotations:
|
|
policies.kyverno.io/title: add backup section to cnpg cluster spec
|
|
policies.kyverno.io/category: Other
|
|
policies.kyverno.io/severity: medium
|
|
kyverno.io/kyverno-version: 1.6.0
|
|
policies.kyverno.io/minversion: 1.6.0
|
|
kyverno.io/kubernetes-version: "1.23"
|
|
policies.kyverno.io/subject: Cluster
|
|
policies.kyverno.io/description: >-
|
|
When a CNPG cluster is created, a backup section should be added.
|
|
The user can then create their own backup or backup schedule.
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- name: cnpg-add-backup-section
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Cluster
|
|
exclude:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Cluster
|
|
names:
|
|
- "review-*"
|
|
mutate:
|
|
patchStrategicMerge:
|
|
spec:
|
|
backup:
|
|
barmanObjectStore:
|
|
destinationPath: s3://{{ .Values.velero.bucket }}/{{ .Values.cluster_config.cluster }}/cnpg-backup
|
|
serverName: {{` "{{ request.object.metadata.name }}"`}}
|
|
endpointURL: https://s3.production.itpartner.no
|
|
s3Credentials:
|
|
accessKeyId:
|
|
key: access_key
|
|
name: s3-credentials
|
|
inheritFromIAMRole: false
|
|
secretAccessKey:
|
|
key: access_secret
|
|
name: s3-credentials
|
|
wal:
|
|
compression: snappy
|
|
{{- end }}
|
|
|