feat: install Velero

2024-12-22 16:14:32 +07:00 · 2024-01-22 09:17:56 +07:00 · 2024-01-22 09:17:56 +07:00 · 365912f76a
commit 365912f76a
parent 41211ff638
9 changed files with 96 additions and 0 deletions
--- a/external/Makefile
+++ b/external/Makefile
@ -21,3 +21,6 @@ plan: .terraform.lock.hcl

 apply: .terraform.lock.hcl namespaces
 	terraform apply -auto-approve
+
+format:
+	terraform fmt -recursive .
--- a/external/main.tf
+++ b/external/main.tf
@ -17,3 +17,8 @@ module "ntfy" {
  source = "./modules/ntfy"
  auth   = var.ntfy
 }
+
+module "backup" {
+  source        = "./modules/backup"
+  backup_bucket = var.backup_bucket
+}
--- a/external/modules/backup/main.tf
+++ b/external/modules/backup/main.tf
@ -0,0 +1,16 @@
+resource "kubernetes_secret" "velero_credentials" {
+  metadata {
+    name      = "velero-credentials"
+    namespace = "velero"
+  }
+
+  data = {
+    cloud = <<EOF
+      %{for bucket in var.backup_buckets~}
+      [${bucket.name}]
+      aws_access_key_id=${bucket.access_key_id}
+      aws_secret_access_key=${bucket.secret_access_key}
+      %{endfor~}
+    EOF
+  }
+}
--- a/external/modules/backup/variables.tf
+++ b/external/modules/backup/variables.tf
@ -0,0 +1,10 @@
+variable "backup_buckets" {
+  type = list(object({
+    name              = string
+    url               = string
+    bucket            = string
+    region            = string
+    access_key_id     = string
+    secret_access_key = string
+  }))
+}
--- a/external/modules/backup/versions.tf
+++ b/external/modules/backup/versions.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.9.0"
+    }
+  }
+}
--- a/external/namespaces.yml
+++ b/external/namespaces.yml
@ -12,4 +12,5 @@
        - external-dns
        - global-secrets
        - k8up-operator
+        - velero
        - zerotier
--- a/external/variables.tf
+++ b/external/variables.tf
@ -24,3 +24,14 @@ variable "ntfy" {

  sensitive = true
 }
+
+variable "backup_bucket" {
+  type = object({
+    name              = string
+    url               = string
+    bucket            = string
+    region            = string
+    access_key_id     = string
+    secret_access_key = string
+  })
+}
--- a/system/velero/Chart.yaml
+++ b/system/velero/Chart.yaml
@ -0,0 +1,7 @@
+apiVersion: v2
+name: velero
+version: 0.0.0
+dependencies:
+  - name: velero
+    version: 2.31.8
+    repository: https://vmware-tanzu.github.io/helm-charts
--- a/system/velero/values.yaml
+++ b/system/velero/values.yaml
@ -0,0 +1,35 @@
+velero:
+  initContainers:
+    - name: velero-plugin-for-aws
+      image: velero/velero-plugin-for-aws:v1.5.1
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+        - mountPath: /target
+          name: plugins
+  configuration:
+    provider: aws
+    # TODO support multiple locations
+    backupStorageLocation:
+      bucket: homelab-backup
+      config:
+        region: minio
+        s3ForcePathStyle: 'true'
+        s3Url: http://192.168.1.24:9000
+        profile: onsite
+    defaultVolumesToRestic: true
+  credentials:
+    useSecret: true
+    existingSecret: velero-credentials
+  schedules:
+    onsite:
+      schedule: "*/2 * * * *"
+      storageLocation: default
+      template:
+        ttl: "240h"
+    # TODO support multiple locations
+    # offsite:
+    #   schedule: "*/2 * * * *"
+    #   storageLocation: offsite
+    #   template:
+    #     ttl: "240h"
+  deployRestic: true