From 089484d068d6b69530d2f9801a7999e9e7e4bc71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 Apr 2023 01:50:59 +0200 Subject: [PATCH] feat: add etcd snapshot cronjob (#85) --- charts/vcluster/Chart.yaml | 2 +- charts/vcluster/README.md | 102 +++++++++++- charts/vcluster/README.md.gotmpl | 74 ++++++++- .../components/gitops/manifests.yaml | 2 - .../kubernetes/etcd/backup-job.yaml | 155 ++++++++++++++++++ .../kubernetes/etcd/backup-pvc.yaml | 35 ++++ .../components/kubernetes/etcd/certs.yaml | 6 + .../components/kubernetes/etcd/service.yaml | 1 + .../kubernetes/etcd/statefulset.yaml | 35 ++-- .../vcluster/templates/lifecycle/setup.yaml | 4 +- charts/vcluster/values.yaml | 120 ++++++++++++-- 11 files changed, 504 insertions(+), 32 deletions(-) create mode 100644 charts/vcluster/templates/components/kubernetes/etcd/backup-job.yaml create mode 100644 charts/vcluster/templates/components/kubernetes/etcd/backup-pvc.yaml diff --git a/charts/vcluster/Chart.yaml b/charts/vcluster/Chart.yaml index 681ba2dd..f182be63 100644 --- a/charts/vcluster/Chart.yaml +++ b/charts/vcluster/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: vcluster description: Virtual Kubernetes Cluster type: application -version: 0.2.2 +version: 0.3.0 appVersion: 0.1.0 keywords: - vcluster diff --git a/charts/vcluster/README.md b/charts/vcluster/README.md index c4f0503a..8845cc14 100644 --- a/charts/vcluster/README.md +++ b/charts/vcluster/README.md @@ -2,7 +2,7 @@ __This Chart is under active development! We try to improve documentation and values consistency over time__ -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Virtual Kubernetes Cluster @@ -102,6 +102,8 @@ Access the ArgoCD UI by opening [http://localhost:9191]( http://localhost:9191) ## Globals +--- + Global Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -139,6 +141,8 @@ Global Values | global.storageClassName | string | `""` | StorageClassName for all persistent volumes | ## Utilities Values + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | cluster.name | string | The cluster name is derived from the `.Release.Name` | Define the cluster name | @@ -146,6 +150,8 @@ Global Values ## Lifecycle +--- + We use a lifecycle Job/Cronjob to manage certain configurations within the vcluster and the hosting cluster. | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -180,6 +186,7 @@ We use a lifecycle Job/Cronjob to manage certain configurations within the vclus | lifecycle.setup.labels | object | `{}` | Job Labels | | lifecycle.setup.schedule | string | `"0 0 1 */6 *"` | Cronjob Schedule | | lifecycle.setup.successfulJobsHistoryLimit | int | `3` | Cronjob successful jobs history limit | +| lifecycle.setup.ttlSecondsAfterFinished | int | `120` | ttlSecondsAfterFinished for setup | | lifecycle.vcluster.cleanupScript | string | `nil` | Additional configuration script for the vcluster during cleanup (supports templating) | | lifecycle.vcluster.extraManifests | object | See values.yaml | These manifests will be applied inside the vcluster (supports templating) | | lifecycle.vcluster.extraManifestsOnInstall | object | See values.yaml | These manifests will be applied inside the vcluster, but only on $.Release.Install and wont be touched again (supports templating) | @@ -187,6 +194,8 @@ We use a lifecycle Job/Cronjob to manage certain configurations within the vclus ## Machine Values +--- + Available Values for the [Machine Controller Component](#machine-controller). The component consists of a single deployment with a `controller` and `admission` container. Pod settings are therefor made for both subcomponents. | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -236,6 +245,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th | machine.volumes | list | `[]` | Volumes | ### Controller + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | machine.controller.args | object | `{"join-cluster-timeout":"25m","node-csr-approver":true,"worker-count":10}` | Controller Command Arguments ([See Available](https://github.com/kubermatic/machine-controller/blob/main/cmd/machine-controller/main.go)) | @@ -253,6 +264,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th | machine.controller.volumeMounts | list | `[]` | Volume Mounts | ### Admission + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | machine.admission.args | object | `{"v":4}` | Webhook Command Arguments ([See Available](https://github.com/kubermatic/machine-controller/blob/main/cmd/webhook/main.go)) | @@ -286,6 +299,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th ## OSM Values +--- + __This Component is not stable yet!__ Available Values for the [Operating System Manager](). The component consists of a single deployment with a `controller` and `admission` container. Pod settings are therefor made for both subcomponents. @@ -333,6 +348,8 @@ Available Values for the [Operating System Manager](). The component consists of | osm.volumes | list | `[]` | Volumes | ### Controller + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | osm.controller.args | object | `{"worker-count":10}` | Controller Command Arguments ([See Available](https://github.com/kubermatic/operating-system-manager/blob/main/cmd/osm-controller/main.go)) | @@ -350,6 +367,8 @@ Available Values for the [Operating System Manager](). The component consists of | osm.controller.volumeMounts | list | `[]` | Pod VolumeMounts | ### Admission + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | osm.admission.args | object | `{"v":4}` | Webhook Command Arguments ([See Available](https://github.com/kubermatic/operating-system-manager/blob/main/cmd/webhook/main.go)) | @@ -383,6 +402,8 @@ Available Values for the [Operating System Manager](). The component consists of ## Kubernetes Values +--- + Available Values for the [Kubernetes component](#kubernetes). | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -393,6 +414,10 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.kubeProxy.enabled | bool | `true` | Install kube-proxy via KubeADM. If disabled, the cilium kube-proxy replacement will be used | ### API-Server + +--- + +Deploys [Kubernetes API Server](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/). | Key | Type | Default | Description | |-----|------|---------|-------------| | kubernetes.apiServer.affinity | object | `{}` | Affinity | @@ -434,6 +459,10 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.apiServer.volumes | list | `[]` | Additional volumes | ### Controller Manager + +--- + +Deploys [Kubernetes Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/). | Key | Type | Default | Description | |-----|------|---------|-------------| | kubernetes.controllerManager.affinity | object | `{}` | Affinity | @@ -477,6 +506,10 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.controllerManager.volumes | list | `[]` | Additional Volumes | ### Scheduler + +--- + +Deploys [Kubernetes Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/). | Key | Type | Default | Description | |-----|------|---------|-------------| | kubernetes.scheduler.affinity | object | `{}` | Affinity | @@ -534,6 +567,10 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.scheduler.volumes | list | `[]` | Additional Volumes | ### ETCD + +--- + +Deploys [ETCD](https://etcd.io/). | Key | Type | Default | Description | |-----|------|---------|-------------| | kubernetes.etcd.affinity | object | `{}` | Affinity | @@ -564,6 +601,12 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.etcd.metrics.serviceMonitor.targetLabels | list | `[]` | Set targetLabels for the serviceMonitor | | kubernetes.etcd.minReadySeconds | int | `10` | Minimum ready seconds | | kubernetes.etcd.nodeSelector | object | `{}` | Node Selector | +| kubernetes.etcd.persistence.accessModes | list | `["ReadWriteOnce"]` | Access Modes for ETCD | +| kubernetes.etcd.persistence.annotations | object | `{"helm.sh/resource-policy":"keep"}` | Annotations for ETCD | +| kubernetes.etcd.persistence.enabled | bool | `true` | Enable Persistence for ETCD | +| kubernetes.etcd.persistence.finalizers | list | `["kubernetes.io/pvc-protection"]` | Finalizers for ETCD | +| kubernetes.etcd.persistence.size | string | `"1Gi"` | Size for ETCD | +| kubernetes.etcd.persistence.storageClassName | string | `""` | Storage Class for ETCD | | kubernetes.etcd.podAnnotations | object | `{}` | Pod Annotations | | kubernetes.etcd.podDisruptionBudget | object | `{}` | Configure PodDisruptionBudget | | kubernetes.etcd.podLabels | object | `{}` | Pod Labels | @@ -582,8 +625,47 @@ Available Values for the [Kubernetes component](#kubernetes). | kubernetes.etcd.volumeMounts | list | `[]` | Additional volumemounts | | kubernetes.etcd.volumes | list | `[]` | Additional volumes | +#### ETCD Backup + +--- + +Scheduled snapshots of ETCD via Cronjob. +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| kubernetes.etcd.backup.affinity | object | `{}` | Affinity | +| kubernetes.etcd.backup.args | object | `{}` | Extra arguments for ETCD Backup | +| kubernetes.etcd.backup.enabled | bool | `false` | Enable ETCD Backup | +| kubernetes.etcd.backup.envs | object | `{}` | Extra environment variables (`key: value` style, allows templating) | +| kubernetes.etcd.backup.envsFrom | list | `[]` | Extra environment variables from | +| kubernetes.etcd.backup.failedJobsHistoryLimit | int | `3` | Failed Jobs History Limit for ETCD Backup | +| kubernetes.etcd.backup.nodeSelector | object | `{}` | Node Selector | +| kubernetes.etcd.backup.persistence.accessModes | list | `["ReadWriteOnce"]` | Access Modes for ETCD Backup | +| kubernetes.etcd.backup.persistence.annotations | object | `{"helm.sh/resource-policy":"keep"}` | Annotations for ETCD Backup | +| kubernetes.etcd.backup.persistence.existingClaim | string | `""` | Use existing claim for ETCD Backup | +| kubernetes.etcd.backup.persistence.finalizers | list | `["kubernetes.io/pvc-protection"]` | Finalizers for ETCD Backup | +| kubernetes.etcd.backup.persistence.mountOnETCD | bool | `false` | Mounts backup volume on etcd pods (Recommended if accessModes is ReadWriteMany) | +| kubernetes.etcd.backup.persistence.size | string | `"1Gi"` | Size for ETCD Backup | +| kubernetes.etcd.backup.persistence.storageClassName | string | `""` | Storage Class for ETCD Backup | +| kubernetes.etcd.backup.persistence.subPath | string | `""` | Subpath for ETCD Backup | +| kubernetes.etcd.backup.podAnnotations | object | `{}` | Pod Annotations | +| kubernetes.etcd.backup.podLabels | object | `{}` | Pod Labels | +| kubernetes.etcd.backup.podSecurityContext | object | `{"enabled":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Pod Security Context | +| kubernetes.etcd.backup.priorityClassName | string | `""` | Pod PriorityClassName | +| kubernetes.etcd.backup.resources | object | `{}` | Pod Requests and limits | +| kubernetes.etcd.backup.restartPolicy | string | `"OnFailure"` | Restart Policy for ETCD Backup | +| kubernetes.etcd.backup.schedule | string | `"0 */12 * * *"` | Schedule for ETCD Backup | +| kubernetes.etcd.backup.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"enabled":true,"readOnlyRootFilesystem":true}` | Container Security Context | +| kubernetes.etcd.backup.successfulJobsHistoryLimit | int | `3` | Successful Jobs History Limit for ETCD Backup | +| kubernetes.etcd.backup.tolerations | list | `[]` | Tolerations | +| kubernetes.etcd.backup.topologySpreadConstraints | list | `[]` | TopologySpreadConstraints for all workloads | +| kubernetes.etcd.backup.ttlSecondsAfterFinished | int | `120` | ttlSecondsAfterFinished for ETCD Backup | +| kubernetes.etcd.backup.volumeMounts | list | `[]` | Additional volumemounts | +| kubernetes.etcd.backup.volumes | list | `[]` | Additional volumes | + ### Konnektivity +--- + Konnectivity is required to establish a connection to the API Server from the cluster network. [Read More about it](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/). The following values are available for both Konnectivity Components: | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -592,6 +674,8 @@ Konnectivity is required to establish a connection to the API Server from the cl #### Server +--- + The Konnectivity-Server is deployed alongside with the API-Server. It must be reachable for the Konnectivity-Agent. | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -627,6 +711,8 @@ The Konnectivity-Server is deployed alongside with the API-Server. It must be re #### Agent (In-Cluster) +--- + The konnectivity-Agent is deployed inside the vcluster and should establish a connection to the Konnectivity-Server. We recommend running the Konnectivity-Agent as Daemonset. | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -661,6 +747,8 @@ The konnectivity-Agent is deployed inside the vcluster and should establish a co ### Admin +--- + Deploys an administration pod which has the admin kubeconfig mounted and allows for easy access to the cluster. | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -693,6 +781,8 @@ Deploys an administration pod which has the admin kubeconfig mounted and allows | kubernetes.admin.volumes | list | `[]` | Additional Volumes | ### CoreDNS (In-Cluster) + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | kubernetes.coredns.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["kube-dns"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity | @@ -724,6 +814,8 @@ Deploys an administration pod which has the admin kubeconfig mounted and allows Available Values for the [Autsocaler component](#autoscaler). ### Settings + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | autoscaler.enabled | bool | `true` | Enable autsocaler component | @@ -731,6 +823,8 @@ Available Values for the [Autsocaler component](#autoscaler). | autoscaler.priorityConfigMapAnnotations | object | `{}` | Annotations to add to `cluster-autoscaler-priority-expander` ConfigMap. | ### Workload + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | autoscaler.affinity | object | `{}` | Affinity | @@ -766,6 +860,8 @@ Available Values for the [Autsocaler component](#autoscaler). | autoscaler.volumes | list | `[]` | Volumes | #### Autoscaling + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | autoscaler.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler | @@ -775,6 +871,8 @@ Available Values for the [Autsocaler component](#autoscaler). | autoscaler.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Benchmark Memory Usage | #### Metrics + +--- | Key | Type | Default | Description | |-----|------|---------|-------------| | autoscaler.metrics.serviceMonitor.annotations | object | `{}` | Assign additional Annotations | @@ -790,5 +888,7 @@ Available Values for the [Autsocaler component](#autoscaler). ## GitOps Values +--- + Available Values for the [Gitops component](#gitops). diff --git a/charts/vcluster/README.md.gotmpl b/charts/vcluster/README.md.gotmpl index 012fd509..71f142dc 100644 --- a/charts/vcluster/README.md.gotmpl +++ b/charts/vcluster/README.md.gotmpl @@ -127,6 +127,8 @@ Access the ArgoCD UI by opening [http://localhost:9191]( http://localhost:9191) ## Globals +--- + Global Values {{- template "table.heading" $ }} @@ -138,6 +140,8 @@ Global Values ## Utilities Values +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if or (hasPrefix "utilities." .Key) (hasPrefix "providers." .Key) (hasPrefix "cluster." .Key) }} @@ -148,6 +152,8 @@ Global Values ## Lifecycle +--- + We use a lifecycle Job/Cronjob to manage certain configurations within the vcluster and the hosting cluster. {{- template "table.heading" $ }} @@ -160,6 +166,8 @@ We use a lifecycle Job/Cronjob to manage certain configurations within the vclus ## Machine Values +--- + Available Values for the [Machine Controller Component](#machine-controller). The component consists of a single deployment with a `controller` and `admission` container. Pod settings are therefor made for both subcomponents. {{- template "table.heading" $ }} @@ -171,6 +179,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th ### Controller +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "machine." .Key) (contains "controller" .Key) }} @@ -180,6 +190,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th ### Admission +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "machine." .Key) (contains "admission" .Key) }} @@ -190,6 +202,8 @@ Available Values for the [Machine Controller Component](#machine-controller). Th ## OSM Values +--- + __This Component is not stable yet!__ Available Values for the [Operating System Manager](). The component consists of a single deployment with a `controller` and `admission` container. Pod settings are therefor made for both subcomponents. @@ -203,6 +217,8 @@ Available Values for the [Operating System Manager](). The component consists of ### Controller +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "osm." .Key) (contains "controller" .Key) }} @@ -213,6 +229,8 @@ Available Values for the [Operating System Manager](). The component consists of ### Admission +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "osm." .Key) (contains "admission" .Key) }} @@ -223,6 +241,8 @@ Available Values for the [Operating System Manager](). The component consists of ## Kubernetes Values +--- + Available Values for the [Kubernetes component](#kubernetes). {{- template "table.heading" $ }} @@ -233,9 +253,12 @@ Available Values for the [Kubernetes component](#kubernetes). {{- end }} - ### API-Server +--- + +Deploys [Kubernetes API Server](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/). + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "kubernetes." .Key) (contains "apiServer." .Key) }} @@ -246,6 +269,10 @@ Available Values for the [Kubernetes component](#kubernetes). ### Controller Manager +--- + +Deploys [Kubernetes Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/). + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "kubernetes." .Key) (contains "controllerManager." .Key) }} @@ -255,6 +282,10 @@ Available Values for the [Kubernetes component](#kubernetes). ### Scheduler +--- + +Deploys [Kubernetes Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/). + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "kubernetes." .Key) (contains "scheduler." .Key) }} @@ -264,15 +295,36 @@ Available Values for the [Kubernetes component](#kubernetes). ### ETCD +--- + +Deploys [ETCD](https://etcd.io/). + +{{- template "table.heading" $ }} +{{- range .Values }} + {{- if and (hasPrefix "kubernetes." .Key) (contains "etcd." .Key) (not (contains "backup." .Key)) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + + +#### ETCD Backup + +--- + +Scheduled snapshots of ETCD via Cronjob. + {{- template "table.heading" $ }} {{- range .Values }} - {{- if and (hasPrefix "kubernetes." .Key) (contains "etcd." .Key) }} + {{- if and (hasPrefix "kubernetes." .Key) (contains "etcd." .Key) (contains "backup." .Key) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} + ### Konnektivity +--- + Konnectivity is required to establish a connection to the API Server from the cluster network. [Read More about it](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/). The following values are available for both Konnectivity Components: {{- template "table.heading" $ }} @@ -285,6 +337,8 @@ Konnectivity is required to establish a connection to the API Server from the cl #### Server +--- + The Konnectivity-Server is deployed alongside with the API-Server. It must be reachable for the Konnectivity-Agent. {{- template "table.heading" $ }} @@ -296,6 +350,8 @@ The Konnectivity-Server is deployed alongside with the API-Server. It must be re #### Agent (In-Cluster) +--- + The konnectivity-Agent is deployed inside the vcluster and should establish a connection to the Konnectivity-Server. We recommend running the Konnectivity-Agent as Daemonset. {{- template "table.heading" $ }} @@ -308,6 +364,8 @@ The konnectivity-Agent is deployed inside the vcluster and should establish a co ### Admin +--- + Deploys an administration pod which has the admin kubeconfig mounted and allows for easy access to the cluster. {{- template "table.heading" $ }} @@ -319,6 +377,8 @@ Deploys an administration pod which has the admin kubeconfig mounted and allows ### CoreDNS (In-Cluster) +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "kubernetes." .Key) (contains "coredns." .Key) }} @@ -333,6 +393,8 @@ Available Values for the [Autsocaler component](#autoscaler). ### Settings +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "autoscaler." .Key) (or (contains "autoscaler.enabled" .Key) (contains "expanderPriorities" .Key) (contains "priorityConfigMapAnnotations" .Key)) }} @@ -342,6 +404,8 @@ Available Values for the [Autsocaler component](#autoscaler). ### Workload +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "autoscaler." .Key) (not (contains "autoscaling" .Key)) (not (contains "metrics" .Key)) }} @@ -351,6 +415,8 @@ Available Values for the [Autsocaler component](#autoscaler). #### Autoscaling +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "autoscaler." .Key) (contains "autoscaling" .Key) }} @@ -361,6 +427,8 @@ Available Values for the [Autsocaler component](#autoscaler). #### Metrics +--- + {{- template "table.heading" $ }} {{- range .Values }} {{- if and (hasPrefix "autoscaler." .Key) (contains "metrics" .Key) }} @@ -370,5 +438,7 @@ Available Values for the [Autsocaler component](#autoscaler). ## GitOps Values +--- + Available Values for the [Gitops component](#gitops). diff --git a/charts/vcluster/templates/components/gitops/manifests.yaml b/charts/vcluster/templates/components/gitops/manifests.yaml index 61d8c35a..b090432f 100644 --- a/charts/vcluster/templates/components/gitops/manifests.yaml +++ b/charts/vcluster/templates/components/gitops/manifests.yaml @@ -2,7 +2,6 @@ Always Create Manifests Secret. This way the in cluster resources can be removed if a component is disabled */}} -{{- if (include "gitops.enabled" $) -}} --- apiVersion: v1 kind: Secret @@ -20,4 +19,3 @@ stringData: {{- end }} {{- end -}} {{- end }} -{{- end -}} diff --git a/charts/vcluster/templates/components/kubernetes/etcd/backup-job.yaml b/charts/vcluster/templates/components/kubernetes/etcd/backup-job.yaml new file mode 100644 index 00000000..d234992e --- /dev/null +++ b/charts/vcluster/templates/components/kubernetes/etcd/backup-job.yaml @@ -0,0 +1,155 @@ +{{- if (include "kubernetes.enabled" $) -}} + {{- $kubernetes := $.Values.kubernetes -}} + {{- if and $kubernetes.etcd.enabled $kubernetes.etcd.backup.enabled -}} + {{- $fullName := include "kubernetes.fullname" . -}} + {{- $component_name := "etcd" -}} +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ $fullName }}-etcd-backup + labels: {{- include "kubernetes.labels" $ | nindent 4 }} + {{ include "pkg.common.labels.component" $ }}: {{ $component_name }} + {{- with (include "pkg.components.labels" (dict "labels" $kubernetes.etcd.backup.labels "ctx" $)) }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "pkg.components.annotations" (dict "annotations" $kubernetes.etcd.backup.annotations "ctx" $)) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ $.Release.Namespace }} +spec: + schedule: "{{ $kubernetes.etcd.backup.schedule }}" + successfulJobsHistoryLimit: {{ $kubernetes.etcd.backup.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ $kubernetes.etcd.backup.failedJobsHistoryLimit }} + jobTemplate: + metadata: + labels: + {{ include "pkg.common.labels.component" $ }}: {{ $component_name }} + {{- with (include "pkg.components.labels" (dict "labels" $kubernetes.etcd.backup.labels "ctx" $)) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (include "pkg.components.annotations" (dict "annotations" $kubernetes.etcd.backup.annotations "ctx" $)) }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $kubernetes.etcd.backup.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + template: + metadata: + labels: {{- include "kubernetes.labels" $ | nindent 12 }} + {{- include "pkg.components.pod_labels" (dict "labels" $kubernetes.etcd.backup.podLabels "ctx" $) | nindent 12 }} + {{ include "pkg.common.labels.component" $ }}: {{ $component_name }} + annotations: + {{- include "pkg.components.pod_annotations" (dict "annotations" $kubernetes.etcd.backup.podAnnotations "ctx" $) | nindent 12 }} + spec: + {{- with (include "pkg.components.nodeselector" (dict "nodeselector" $kubernetes.etcd.backup.nodeSelector "ctx" $)) }} + nodeSelector: {{- . | nindent 10 }} + {{- end }} + {{- with (include "pkg.components.tolerations" (dict "tolerations" $kubernetes.etcd.backup.tolerations "ctx" $)) }} + tolerations: {{- . | nindent 10 }} + {{- end }} + {{- with (include "pkg.components.priorityClass" (dict "pc" $kubernetes.etcd.backup.priorityClassName "ctx" $)) }} + priorityClassName: {{ . }} + {{- end }} + {{- with (include "pkg.components.topologySpreadConstraints" (dict "tsc" $kubernetes.etcd.backup.topologySpreadConstraints "ctx" $)) }} + topologySpreadConstraints: {{ . | nindent 10 }} + {{- end }} + affinity: + {{- with (include "pkg.components.affinity" (dict "affinity" $kubernetes.etcd.backup.affinity "ctx" $)) }} + {{- . | nindent 10 }} + {{- end }} + {{- if eq $kubernetes.etcd.backup.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "{{ $kubernetes.etcd.backup.podAntiAffinityTopologyKey }}" + labelSelector: + matchLabels: + app: {{ $fullName }}-etcd + {{- else if eq $kubernetes.etcd.backup.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ $kubernetes.etcd.backup.podAntiAffinityTopologyKey }}" + labelSelector: + matchLabels: + app: {{ $fullName }}-etcd + {{- end }} + imagePullSecrets: {{- include "pkg.images.registry.pullsecrets" $ | nindent 10 }} + {{- with $kubernetes.etcd.backup.imagePullSecrets }} + {{- toYaml . | nindent 10 }} + {{- end }} + automountServiceAccountToken: false + restartPolicy: {{ $kubernetes.etcd.backup.restartPolicy }} + containers: + - command: + - /bin/sh + - -xc + - | + rtc() { while read k s v; do test "$k" = "rtc_$1" && echo "$v" && break; done