backupStorageLocation

This commit is contained in:
Stavros kois
2023-11-25 22:51:59 +02:00
parent 6f907a2f64
commit 7cbd004aec
7 changed files with 141 additions and 139 deletions

View File

@@ -42,35 +42,33 @@ manifestManager:
# Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice.
# See https://velero.io/docs/v1.6/api-types/backupstoragelocation/
backupStorageLocation:
# name is the name of the backup storage location where backups should be stored. If a name is not provided,
# a backup storage location will be created with the name "default". Optional.
- name: test
enabled: true
# provider is the name for the backup storage location provider.
provider: aws
objectStorage:
# bucket is the name of the bucket to store backups in. Required.
bucket: test
credential:
# AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3)
aws:
id: fdgsdfghsdfgh
key: dfgdfhsdfgh
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config: {}
# region:
# s3ForcePathStyle:
# s3Url:
# kmsKeyId:
# resourceGroup:
# The ID of the subscription containing the storage account, if different from the clusters subscription. (Azure only)
# subscriptionId:
# storageAccount:
# publicUrl:
# Name of the GCP service account to use for this backup storage location. Specify the
# service account here if you want to use workload identity instead of providing the key file.(GCP only)
# serviceAccount:
# Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
# flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
# insecureSkipTLSVerify:
test:
enabled: true
# provider is the name for the backup storage location provider.
provider: aws
objectStorage:
# bucket is the name of the bucket to store backups in. Required.
bucket: test
credential:
# AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3)
aws:
id: fdgsdfghsdfgh
key: dfgdfhsdfgh
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config: {}
# region:
# s3ForcePathStyle:
# s3Url:
# kmsKeyId:
# resourceGroup:
# The ID of the subscription containing the storage account, if different from the clusters subscription. (Azure only)
# subscriptionId:
# storageAccount:
# publicUrl:
# Name of the GCP service account to use for this backup storage location. Specify the
# service account here if you want to use workload identity instead of providing the key file.(GCP only)
# serviceAccount:
# Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
# flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
# insecureSkipTLSVerify:

View File

@@ -21,8 +21,8 @@ tests:
g_annotation1: global_annotation1
g_annotation2: "{{ .Values.annotation2 }}"
backupStorageLocation:
- enabled: true
name: my-snap
my-snap:
enabled: true
labels:
label1: "{{ .Values.label1 }}"
label2: label2

View File

@@ -8,8 +8,9 @@ tests:
- it: should generate correct name
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
objectStorage:
bucket: my-bucket
provider: aws
@@ -17,8 +18,8 @@ tests:
aws:
id: my-id
key: my-key
- enabled: true
name: my-snap2
my-snap2:
enabled: true
objectStorage:
bucket: my-bucket
provider: aws

View File

@@ -8,8 +8,8 @@ tests:
- it: should generate correct spec with aws provider and credential
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
credential:
aws:
@@ -53,8 +53,8 @@ tests:
- it: should generate correct spec with s3 provider and credential
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: s3
credential:
s3:
@@ -98,8 +98,8 @@ tests:
- it: should generate correct spec with provided provider and credential
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: my-provider
credential:
name: my-credential
@@ -130,8 +130,8 @@ tests:
region: us-east-1
useS3PathStyle: true
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
objectStorage:
bucket: my-bucket
@@ -171,8 +171,8 @@ tests:
region: us-east-1
useS3PathStyle: true
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
accessMode: ReadOnly
objectStorage:
@@ -211,8 +211,8 @@ tests:
- it: should generate correct spec with provided objectStorage prefix and caCert
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
accessMode: ReadOnly
objectStorage:
@@ -247,8 +247,8 @@ tests:
- it: should generate correct spec with provided backupSyncPeriod
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
backupSyncPeriod: 1h
objectStorage:
@@ -280,8 +280,8 @@ tests:
- it: should generate correct spec with provided validationFrequency
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
validationFrequency: 1h
objectStorage:
@@ -311,24 +311,11 @@ tests:
bucket: my-bucket
# Failures
- it: should fail without name
set:
backupStorageLocation:
- enabled: true
provider: aws
credential:
aws:
id: my-id
key: my-key
asserts:
- failedTemplate:
errorMessage: Backup Storage Location - Expected non-empty [name]
- it: should fail without provider
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
credential:
aws:
id: my-id
@@ -340,8 +327,8 @@ tests:
- it: should fail without credential
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: my-provider
asserts:
- failedTemplate:
@@ -350,8 +337,8 @@ tests:
- it: should fail without credential.name
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: my-provider
credential:
key: my-key
@@ -362,8 +349,8 @@ tests:
- it: should fail without credential.key
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: my-provider
credential:
name: my-name
@@ -374,8 +361,8 @@ tests:
- it: should fail without credential.aws.id with provider aws
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
credential:
aws:
@@ -387,8 +374,8 @@ tests:
- it: should fail without credential.aws.key with provider aws
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
credential:
aws:
@@ -400,8 +387,8 @@ tests:
- it: should fail invalid accessMode
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
accessMode: invalid
credential:
@@ -415,8 +402,8 @@ tests:
- it: should fail without objectStorage
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
credential:
aws:
@@ -429,8 +416,8 @@ tests:
- it: should fail without objectStorage.bucket
set:
backupStorageLocation:
- enabled: true
name: my-snap1
my-snap1:
enabled: true
provider: aws
objectStorage:
prefix: my-prefix

View File

@@ -6,14 +6,14 @@
{{- define "tc.v1.common.spawner.velero.backupstoragelocation" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- range $backupStorageLoc := .Values.backupStorageLocation -}}
{{- range $name, $backupStorageLoc := .Values.backupStorageLocation -}}
{{- $enabled := false -}}
{{- if hasKey $backupStorageLoc "enabled" -}}
{{- if not (kindIs "invalid" $backupStorageLoc.enabled) -}}
{{- $enabled = $backupStorageLoc.enabled -}}
{{- else -}}
{{- fail (printf "Backup Storage Location - Expected the defined key [enabled] in [backupStorageLocation.%s] to not be empty" $backupStorageLoc.name) -}}
{{- fail (printf "Backup Storage Location - Expected the defined key [enabled] in [backupStorageLocation.%s] to not be empty" $name) -}}
{{- end -}}
{{- end -}}
@@ -33,14 +33,10 @@
{{/* Create a copy of the backupstoragelocation */}}
{{- $objectData := (mustDeepCopy $backupStorageLoc) -}}
{{- if not $backupStorageLoc.name -}}
{{- fail "Backup Storage Location - Expected non-empty [name]" -}}
{{- end -}}
{{- $objectName := (printf "%s-%s" $fullname $backupStorageLoc.name) -}}
{{- $objectName := (printf "%s-%s" $fullname $name) -}}
{{- if hasKey $objectData "expandObjectName" -}}
{{- if not $objectData.expandObjectName -}}
{{- $objectName = $backupStorageLoc.name -}}
{{- $objectName = $name -}}
{{- end -}}
{{- end -}}
@@ -55,7 +51,7 @@
{{/* Set the name of the backupstoragelocation */}}
{{- $_ := set $objectData "name" $objectName -}}
{{- $_ := set $objectData "shortName" $backupStorageLoc.name -}}
{{- $_ := set $objectData "shortName" $name -}}
{{/* Create secret with creds for provider, if the provider is not matched, it will skip creation */}}
{{- include "tc.v1.common.lib.velero.provider.secret" (dict "rootCtx" $ "objectData" $objectData "prefix" "bsl") -}}

View File

@@ -0,0 +1,18 @@
{{- define "tc.v1.common.values.backupStorageLocationList" -}}
{{- $rootCtx := . -}}
{{- range $idx, $bslValues := $rootCtx.Values.backupStorageLocationList -}}
{{- $name := (printf "bsl-list-%s" (toString $idx)) -}}
{{- with $bslValues.name -}}
{{- $name = . -}}
{{- end -}}
{{- if not (hasKey $rootCtx.Values "backupStorageLocation") -}}
{{- $_ := set $rootCtx.Values "backupStorageLocation" dict -}}
{{- end -}}
{{- $_ := set $rootCtx.Values.backupStorageLocation $name $bslValues -}}
{{- end -}}
{{- end -}}

View File

@@ -710,52 +710,54 @@ webhook:
# # Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice.
# # See https://velero.io/docs/v1.6/api-types/backupstoragelocation/
backupStorageLocation: []
backupStorageLocationList: []
# - name: name
# # name is the name of the backup storage location where backups should be stored. If a name is not provided,
# # a backup storage location will be created with the name "default". Optional.
backupStorageLocation: {}
# backupStorageLocation:
# # name is the name of the backup storage location where backups should be stored. If a name is not provided,
# # a backup storage location will be created with the name "default". Optional.
# - name:
# # provider is the name for the backup storage location provider.
# provider:
# objectStorage:
# # bucket is the name of the bucket to store backups in. Required.
# bucket:
# # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional.
# caCert:
# # prefix is the directory under which all Velero data should be stored within the bucket. Optional.
# prefix:
# # validationFrequency defines how frequently Velero should validate the object storage. Optional.
# validationFrequency:
# # accessMode determines if velero can write to this backup storage location. Optional.
# # default to ReadWrite, ReadOnly is used during migrations and restores.
# accessMode: ReadWrite
# credential:
# # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3)
# aws:
# id: fdgsdfghsdfgh
# key: dfgdfhsdfgh
# # name of the secret used by this backupStorageLocation.
# name:
# # name of key that contains the secret data to be used.
# key:
# # Additional provider-specific configuration. See link above
# # for details of required/optional fields for your provider.
# config: {}
# # region:
# # s3ForcePathStyle:
# # s3Url:
# # kmsKeyId:
# # resourceGroup:
# # The ID of the subscription containing the storage account, if different from the clusters subscription. (Azure only)
# # subscriptionId:
# # storageAccount:
# # publicUrl:
# # Name of the GCP service account to use for this backup storage location. Specify the
# # service account here if you want to use workload identity instead of providing the key file.(GCP only)
# # serviceAccount:
# # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
# # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
# # insecureSkipTLSVerify:
# name:
# # provider is the name for the backup storage location provider.
# provider:
# objectStorage:
# # bucket is the name of the bucket to store backups in. Required.
# bucket:
# # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional.
# caCert:
# # prefix is the directory under which all Velero data should be stored within the bucket. Optional.
# prefix:
# # validationFrequency defines how frequently Velero should validate the object storage. Optional.
# validationFrequency:
# # accessMode determines if velero can write to this backup storage location. Optional.
# # default to ReadWrite, ReadOnly is used during migrations and restores.
# accessMode: ReadWrite
# credential:
# # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3)
# aws:
# id: fdgsdfghsdfgh
# key: dfgdfhsdfgh
# # name of the secret used by this backupStorageLocation.
# name:
# # name of key that contains the secret data to be used.
# key:
# # Additional provider-specific configuration. See link above
# # for details of required/optional fields for your provider.
# config: {}
# # region:
# # s3ForcePathStyle:
# # s3Url:
# # kmsKeyId:
# # resourceGroup:
# # The ID of the subscription containing the storage account, if different from the clusters subscription. (Azure only)
# # subscriptionId:
# # storageAccount:
# # publicUrl:
# # Name of the GCP service account to use for this backup storage location. Specify the
# # service account here if you want to use workload identity instead of providing the key file.(GCP only)
# # serviceAccount:
# # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
# # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
# # insecureSkipTLSVerify:
#
# # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice.
# # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/