diff --git a/README.md b/README.md index 928e0cbc..3fd8b763 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,15 @@ You can then run `helm search repo vmware-tanzu` to see the charts. TBD +### Running Tests + +To run unit tests in this repository please install helm-unittest + +```sh +helm plugin install https://github.com/quintush/helm-unittest +helm unittest charts/velero +``` + ## License [Apache 2.0 License](./LICENSE). diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 6ca48324..a2a8f3ec 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.5.2 description: A Helm chart for velero name: velero -version: 2.13.6 +version: 2.14.0 home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/charts/velero/README.md b/charts/velero/README.md index 44560705..a2ac25fa 100644 --- a/charts/velero/README.md +++ b/charts/velero/README.md @@ -24,7 +24,6 @@ The default configuration values for this chart are listed in values.yaml. See Velero's full [official documentation](https://velero.io/docs/v1.5/basic-install/). More specifically, find your provider in the Velero list of [supported providers](https://velero.io/docs/v1.5/supported-providers/) for specific configuration information and examples. - #### Using Helm 3 First, create the namespace: `kubectl create namespace ` @@ -38,19 +37,15 @@ Specify the necessary values using the --set key=value[,key=value] argument to h ```bash helm install vmware-tanzu/velero --namespace \ --set-file credentials.secretContents.cloud= \ ---set configuration.provider= \ ---set configuration.backupStorageLocation.name= \ ---set configuration.backupStorageLocation.bucket= \ ---set configuration.backupStorageLocation.config.region= \ ---set configuration.volumeSnapshotLocation.name= \ ---set configuration.volumeSnapshotLocation.config.region= \ +--set provider= \ +--set backupStorageLocation.name= \ +--set backupStorageLocation.bucket= \ +--set backupStorageLocation.config.region= \ +--set volumeSnapshotLocation.name= \ +--set volumeSnapshotLocation.config.region= \ --set image.repository=velero/velero \ --set image.tag=v1.5.1 \ --set image.pullPolicy=IfNotPresent \ ---set initContainers[0].name=velero-plugin-for-aws \ ---set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \ ---set initContainers[0].volumeMounts[0].mountPath=/target \ ---set initContainers[0].volumeMounts[0].name=plugins \ --generate-name ``` @@ -66,7 +61,7 @@ helm install vmware-tanzu/velero --namespace -f values.yaml --g If a value needs to be added or changed, you may do so with the `upgrade` command. An example: ```bash -helm upgrade vmware-tanzu/velero --namespace --reuse-values --set configuration.provider= +helm upgrade vmware-tanzu/velero --namespace --reuse-values --set provider= ``` #### Using Helm 2 @@ -90,19 +85,15 @@ Specify the necessary values using the --set key=value[,key=value] argument to h ```bash helm install vmware-tanzu/velero --namespace \ --set-file credentials.secretContents.cloud= \ ---set configuration.provider=aws \ ---set configuration.backupStorageLocation.name= \ ---set configuration.backupStorageLocation.bucket= \ ---set configuration.backupStorageLocation.config.region= \ ---set configuration.volumeSnapshotLocation.name= \ ---set configuration.volumeSnapshotLocation.config.region= \ +--set provider=aws \ +--set backupStorageLocation.name= \ +--set backupStorageLocation.bucket= \ +--set backupStorageLocation.config.region= \ +--set volumeSnapshotLocation.name= \ +--set volumeSnapshotLocation.config.region= \ --set image.repository=velero/velero \ --set image.tag=v1.5.1 \ ---set image.pullPolicy=IfNotPresent \ ---set initContainers[0].name=velero-plugin-for-aws \ ---set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \ ---set initContainers[0].volumeMounts[0].mountPath=/target \ ---set initContainers[0].volumeMounts[0].name=plugins +--set image.pullPolicy=IfNotPresent ``` ##### Option 2) YAML file @@ -118,7 +109,7 @@ helm install vmware-tanzu/velero --namespace -f values.yaml If a value needs to be added or changed, you may do so with the `upgrade` command. An example: ```bash -helm upgrade vmware-tanzu/velero --reuse-values --set configuration.provider= +helm upgrade vmware-tanzu/velero --reuse-values --set provider= ``` ## Upgrading diff --git a/charts/velero/ci/test-values-back-compat.yaml b/charts/velero/ci/test-values-back-compat.yaml new file mode 100644 index 00000000..6abe09f5 --- /dev/null +++ b/charts/velero/ci/test-values-back-compat.yaml @@ -0,0 +1,36 @@ +installCRDs: true + +# Set provider name and backup storage location bucket name +configuration: + provider: aws + backupStorageLocation: + bucket: velero + config: + region: us-west-1 + profile: test + volumeSnapshotLocation: + provider: aws + config: + bucket: velero + region: us-west-1 + +# Set a service account so that the CRD clean up job has proper permissions to delete CRDs +serviceAccount: + server: + name: velero + +schedules: + mybackup: + labels: + myenv: foo + schedule: "0 0 * * *" + template: + ttl: "240h" + includedNamespaces: + - foo + +# Whether or not to clean up CustomResourceDefintions when deleting a release. +# Cleaning up CRDs will delete the BackupStorageLocation and VolumeSnapshotLocation instances, which would have to be reconfigured. +# Backup data in object storage will _not_ be deleted, however Backup instances in the Kubernetes API will. +# Always clean up CRDs in CI. +cleanUpCRDs: true diff --git a/charts/velero/ci/test-values.yaml b/charts/velero/ci/test-values.yaml index 0ff45f35..fec39364 100644 --- a/charts/velero/ci/test-values.yaml +++ b/charts/velero/ci/test-values.yaml @@ -1,33 +1,32 @@ installCRDs: true # Set provider name and backup storage location bucket name -configuration: +provider: aws +backupStorageLocation: + bucket: velero + config: + region: us-west-1 + profile: test +volumeSnapshotLocation: provider: aws - backupStorageLocation: + config: bucket: velero - config: - region: us-west-1 - profile: test - volumeSnapshotLocation: - provider: aws - config: - bucket: velero - region: us-west-1 + region: us-west-1 + +# Set a service account so that the CRD clean up job has proper permissions to delete CRDs +serviceAccount: + server: + name: velero schedules: - mybackup: + - name: mybackup labels: myenv: foo schedule: "0 0 * * *" template: ttl: "240h" includedNamespaces: - - foo - -# Set a service account so that the CRD clean up job has proper permissions to delete CRDs -serviceAccount: - server: - name: velero + - foo # Whether or not to clean up CustomResourceDefintions when deleting a release. # Cleaning up CRDs will delete the BackupStorageLocation and VolumeSnapshotLocation instances, which would have to be reconfigured. diff --git a/charts/velero/templates/_helpers.tpl b/charts/velero/templates/_helpers.tpl index 3ac184e6..fd43cbcc 100644 --- a/charts/velero/templates/_helpers.tpl +++ b/charts/velero/templates/_helpers.tpl @@ -79,34 +79,53 @@ Create the Restic priority class name. Create the backup storage location name */}} {{- define "velero.backupStorageLocation.name" -}} -{{- with .Values.configuration.backupStorageLocation -}} -{{ default "default" .name }} -{{- end -}} +{{ coalesce .Values.configuration.backupStorageLocation.name .Values.backupStorageLocation.name "default" }} {{- end -}} {{/* Create the backup storage location provider */}} {{- define "velero.backupStorageLocation.provider" -}} -{{- with .Values.configuration -}} -{{ default .provider .backupStorageLocation.provider }} -{{- end -}} +{{ coalesce .Values.configuration.backupStorageLocation.provider .Values.backupStorageLocation.provider .Values.configuration.provider .Values.provider }} {{- end -}} {{/* Create the volume snapshot location name */}} {{- define "velero.volumeSnapshotLocation.name" -}} -{{- with .Values.configuration.volumeSnapshotLocation -}} -{{ default "default" .name }} -{{- end -}} +{{ coalesce .Values.configuration.volumeSnapshotLocation.name .Values.volumeSnapshotLocation.name "default" }} {{- end -}} {{/* Create the volume snapshot location provider */}} {{- define "velero.volumeSnapshotLocation.provider" -}} -{{- with .Values.configuration -}} -{{ default .provider .volumeSnapshotLocation.provider }} +{{ coalesce .Values.configuration.volumeSnapshotLocation.provider .Values.volumeSnapshotLocation.provider .Values.configuration.provider .Values.provider}} {{- end -}} + +{{- define "velero.image-from-values" -}} + {{- if kindIs "string" . -}} + {{- . }} + {{- else -}} + {{- if .digest -}} + {{- .repository }}@{{ .digest }} + {{- else -}} + {{- .repository }}:{{ .tag }} + {{- end -}} + {{- end -}} +{{- end -}} +{{- define "velero.pull-policy-from-values" -}} + {{- if kindIs "string" . -}} + {{ "IfNotPresent" -}} + {{- else -}} + {{ .pullPolicy -}} + {{- end -}} +{{- end -}} + +{{- define "velero.name-from-values" -}} + {{- if kindIs "string" . -}} + {{ splitList "@" . | first | splitList ":" | first | splitList "/" | last -}} + {{- else -}} + {{ splitList "/" .repository | last -}} + {{- end -}} {{- end -}} diff --git a/charts/velero/templates/backupstoragelocation.yaml b/charts/velero/templates/backupstoragelocation.yaml index 789168b9..9d968486 100644 --- a/charts/velero/templates/backupstoragelocation.yaml +++ b/charts/velero/templates/backupstoragelocation.yaml @@ -13,7 +13,7 @@ metadata: helm.sh/chart: {{ include "velero.chart" . }} spec: provider: {{ include "velero.backupStorageLocation.provider" . }} -{{- with .Values.configuration.backupStorageLocation }} +{{- with coalesce .Values.configuration.backupStorageLocation .Values.backupStorageLocation }} objectStorage: bucket: {{ .bucket }} {{- with .prefix }} diff --git a/charts/velero/templates/deployment.yaml b/charts/velero/templates/deployment.yaml index edb21be9..011bc90a 100644 --- a/charts/velero/templates/deployment.yaml +++ b/charts/velero/templates/deployment.yaml @@ -1,5 +1,7 @@ -{{- if .Values.configuration.provider -}} -{{- $provider := .Values.configuration.provider -}} +{{- if or .Values.provider .Values.configuration.provider -}} +{{- $providers := list .Values.provider .Values.backupStorageLocation.provider .Values.volumeSnapshotLocation.provider .Values.configuration.backupStorageLocation.provider .Values.configuration.volumeSnapshotLocation.provider | compact | uniq -}} +{{- $provider := first $providers -}} +{{- $useSecret := or .Values.credentials.existingSecret (or .Values.credentials.secretContents .Values.credentials.extraEnvVars) -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -49,12 +51,8 @@ spec: {{- end }} containers: - name: velero - {{- if .Values.image.digest }} - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{include "velero.image-from-values" .Values.image }} + imagePullPolicy: {{ include "velero.pull-policy-from-values" .Values.image }} {{- if .Values.metrics.enabled }} ports: - name: monitoring @@ -64,26 +62,26 @@ spec: - /velero args: - server - {{- with .Values.configuration }} - {{- with .backupSyncPeriod }} + {{- with .Values }} + {{- with coalesce .configuration.backupSyncPeriod .backupSyncPeriod }} - --backup-sync-period={{ . }} {{- end }} - {{- with .resticTimeout }} + {{- with coalesce .configuration.resticTimeout .resticTimeout}} - --restic-timeout={{ . }} {{- end }} - {{- if .restoreOnlyMode }} + {{- if coalesce .configuration.restoreOnlyMode .restoreOnlyMode}} - --restore-only {{- end }} - {{- with .restoreResourcePriorities }} + {{- with coalesce .configuration.restoreResourcePriorities .restoreResourcePriorities }} - --restore-resource-priorities={{ . }} {{- end }} - {{- with .features }} + {{- with coalesce .configuration.features .features }} - --features={{ . }} {{- end }} - {{- with .logLevel }} + {{- with coalesce .configuration.logLevel .logLevel }} - --log-level={{ . }} {{- end }} - {{- with .logFormat }} + {{- with coalesce .configuration.logFormat .logFormat }} - --log-format={{ . }} {{- end }} {{- if .defaultVolumesToRestic }} @@ -97,7 +95,7 @@ spec: volumeMounts: - name: plugins mountPath: /plugins - {{- if .Values.credentials.useSecret }} + {{- if or .Values.credentials.secretContents .Values.credentials.extraEnvVars }} - name: cloud-credentials mountPath: /credentials - name: scratch @@ -116,7 +114,7 @@ spec: fieldPath: metadata.namespace - name: LD_LIBRARY_PATH value: /plugins - {{- if .Values.credentials.useSecret }} + {{- if $useSecret }} {{- if eq $provider "aws" }} - name: AWS_SHARED_CREDENTIALS_FILE value: /credentials/cloud @@ -131,7 +129,7 @@ spec: value: /credentials/cloud {{- end }} {{- end }} - {{- with .Values.configuration.extraEnvVars }} + {{- with coalesce .Values.configuration.extraEnvVars .Values.extraEnvVars }} {{- range $key, $value := . }} - name: {{ default "none" $key }} value: {{ default "none" $value }} @@ -146,15 +144,37 @@ spec: key: {{ default "none" $key }} {{- end }} {{- end }} -{{- if .Values.initContainers }} initContainers: + {{- $plugins := list -}} + {{- if kindIs "string" .Values.plugins -}} + {{- $plugins = splitList "," .Values.plugins -}} + {{- else -}} + {{- $plugins = .Values.plugins -}} + {{- end -}} + {{- range $providers -}} + {{- $plugins = append $plugins (pluck . $.Values.pluginImages | first) }} + {{- end }} + {{- range $pluginImage := $plugins }} + - name: {{ include "velero.name-from-values" $pluginImage }} + image: {{ include "velero.image-from-values" $pluginImage }} + imagePullPolicy: {{ include "velero.pull-policy-from-values" $pluginImage }} + volumeMounts: + - mountPath: /target + name: plugins + {{- end }} + {{- if .Values.initContainers }} {{- toYaml .Values.initContainers | nindent 8 }} -{{- end }} + {{- end }} + + volumes: - {{- if .Values.credentials.useSecret }} + {{- if $useSecret }} - name: cloud-credentials secret: secretName: {{ include "velero.secretName" . }} + items: + - key: {{ .Values.credentials.existingSecretKey }} + path: cloud {{- end }} - name: plugins emptyDir: {} diff --git a/charts/velero/templates/restic-daemonset.yaml b/charts/velero/templates/restic-daemonset.yaml index 93743d34..6d5c5fdc 100644 --- a/charts/velero/templates/restic-daemonset.yaml +++ b/charts/velero/templates/restic-daemonset.yaml @@ -1,5 +1,6 @@ -{{- if .Values.deployRestic }} -{{- $provider := .Values.configuration.provider -}} +{{- if or .Values.deployRestic .Values.restic.enabled }} +{{- $provider := .Values.provider -}} +{{- $useSecret := or .Values.credentials.existingSecret (or .Values.credentials.secretContents .Values.credentials.extraEnvVars) -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -42,7 +43,7 @@ spec: priorityClassName: {{ include "velero.restic.priorityClassName" . }} {{- end }} volumes: - {{- if .Values.credentials.useSecret }} + {{- if $useSecret }} - name: cloud-credentials secret: secretName: {{ include "velero.secretName" . }} @@ -68,19 +69,19 @@ spec: args: - restic - server - {{- with .Values.configuration }} - {{- with .features }} + {{- with .Values }} + {{- with coalesce .configuration.features .features }} - --features={{ . }} {{- end }} - {{- with .logLevel }} + {{- with coalesce .configuration.logLevel .logLevel }} - --log-level={{ . }} {{- end }} - {{- with .logFormat }} + {{- with coalesce .configuration.logFormat .logFormat }} - --log-format={{ . }} {{- end }} {{- end }} volumeMounts: - {{- if .Values.credentials.useSecret }} + {{- if $useSecret }} - name: cloud-credentials mountPath: /credentials {{- end }} @@ -103,7 +104,7 @@ spec: fieldPath: spec.nodeName - name: VELERO_SCRATCH_DIR value: /scratch - {{- if .Values.credentials.useSecret }} + {{- if $useSecret }} {{- if eq $provider "aws" }} - name: AWS_SHARED_CREDENTIALS_FILE value: /credentials/cloud @@ -118,7 +119,7 @@ spec: value: /credentials/cloud {{- end }} {{- end }} - {{- with .Values.configuration.extraEnvVars }} + {{- with coalesce .Values.configuration.extraEnvVars .Values.extraEnvVars }} {{- range $key, $value := . }} - name: {{ default "none" $key }} value: {{ default "none" $value }} diff --git a/charts/velero/templates/schedule.yaml b/charts/velero/templates/schedule.yaml index 406c4e88..039adf1b 100644 --- a/charts/velero/templates/schedule.yaml +++ b/charts/velero/templates/schedule.yaml @@ -1,3 +1,29 @@ +{{- if kindIs "slice" .Values.schedules -}} +{{- range .Values.schedules }} +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: {{ include "velero.fullname" $ }}-{{ .name }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": "before-hook-creation" + labels: + app.kubernetes.io/name: {{ include "velero.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + helm.sh/chart: {{ include "velero.chart" $ }} + {{- if .labels }} + {{- toYaml .labels | nindent 4 }} + {{- end }} +spec: + schedule: {{ .schedule | quote }} +{{- with .template }} + template: + {{- toYaml . | nindent 4 }} +{{- end }} +--- +{{- end -}} +{{- else -}} {{- range $scheduleName, $schedule := .Values.schedules }} apiVersion: velero.io/v1 kind: Schedule @@ -22,3 +48,4 @@ spec: {{- end }} --- {{- end }} +{{- end -}} diff --git a/charts/velero/templates/secret.yaml b/charts/velero/templates/secret.yaml index 650228a0..6358ddce 100644 --- a/charts/velero/templates/secret.yaml +++ b/charts/velero/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) -}} +{{- if and (not .Values.credentials.existingSecret) (or .Values.credentials.secretContents .Values.credentials.extraEnvVars ) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/velero/templates/volumesnapshotlocation.yaml b/charts/velero/templates/volumesnapshotlocation.yaml index 96fdd7fc..489603bb 100644 --- a/charts/velero/templates/volumesnapshotlocation.yaml +++ b/charts/velero/templates/volumesnapshotlocation.yaml @@ -13,7 +13,7 @@ metadata: helm.sh/chart: {{ include "velero.chart" . }} spec: provider: {{ include "velero.volumeSnapshotLocation.provider" . }} -{{- with .Values.configuration.volumeSnapshotLocation.config }} +{{- with coalesce .Values.configuration.volumeSnapshotLocation.config .Values.volumeSnapshotLocation.config }} config: {{ toYaml . | indent 4 }} {{- end -}} diff --git a/charts/velero/tests/__snapshot__/back-compat-snapshot_test.yaml.snap b/charts/velero/tests/__snapshot__/back-compat-snapshot_test.yaml.snap new file mode 100644 index 00000000..fc379823 --- /dev/null +++ b/charts/velero/tests/__snapshot__/back-compat-snapshot_test.yaml.snap @@ -0,0 +1,186 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: RELEASE-NAME-velero + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: velero + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8085" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: velero + spec: + containers: + - args: + - server + command: + - /velero + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LD_LIBRARY_PATH + value: /plugins + image: velero/velero:v1.5.2 + imagePullPolicy: IfNotPresent + name: velero + ports: + - containerPort: 8085 + name: monitoring + volumeMounts: + - mountPath: /plugins + name: plugins + initContainers: + - image: velero/velero-plugin-for-aws:v1.1.0 + imagePullPolicy: IfNotPresent + name: velero-plugin-for-aws + volumeMounts: + - mountPath: /target + name: plugins + restartPolicy: Always + serviceAccountName: velero + volumes: + - emptyDir: {} + name: plugins + - emptyDir: {} + name: scratch + 2: | + apiVersion: velero.io/v1 + kind: BackupStorageLocation + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: default + spec: + config: + profile: test + region: us-west-1 + objectStorage: + bucket: velero + provider: aws + 3: | + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: restic + spec: + selector: + matchLabels: + name: restic + template: + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: restic + spec: + containers: + - args: + - restic + - server + command: + - /velero + env: + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VELERO_SCRATCH_DIR + value: /scratch + image: velero/velero:v1.5.2 + imagePullPolicy: IfNotPresent + name: restic + securityContext: + privileged: false + volumeMounts: + - mountPath: /host_pods + mountPropagation: HostToContainer + name: host-pods + - mountPath: /scratch + name: scratch + securityContext: + runAsUser: 0 + serviceAccountName: velero + volumes: + - hostPath: + path: /var/lib/kubelet/pods + name: host-pods + - emptyDir: {} + name: scratch + 4: | + apiVersion: velero.io/v1 + kind: VolumeSnapshotLocation + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: default + spec: + config: + bucket: velero + region: us-west-1 + provider: aws + 5: | + apiVersion: velero.io/v1 + kind: Schedule + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + myenv: foo + name: RELEASE-NAME-velero-mybackup + spec: + schedule: 0 0 * * * + template: + includedNamespaces: + - foo + ttl: 240h diff --git a/charts/velero/tests/__snapshot__/snapshot__test.yaml.snap b/charts/velero/tests/__snapshot__/snapshot__test.yaml.snap new file mode 100644 index 00000000..fc379823 --- /dev/null +++ b/charts/velero/tests/__snapshot__/snapshot__test.yaml.snap @@ -0,0 +1,186 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: RELEASE-NAME-velero + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: velero + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8085" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: velero + spec: + containers: + - args: + - server + command: + - /velero + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LD_LIBRARY_PATH + value: /plugins + image: velero/velero:v1.5.2 + imagePullPolicy: IfNotPresent + name: velero + ports: + - containerPort: 8085 + name: monitoring + volumeMounts: + - mountPath: /plugins + name: plugins + initContainers: + - image: velero/velero-plugin-for-aws:v1.1.0 + imagePullPolicy: IfNotPresent + name: velero-plugin-for-aws + volumeMounts: + - mountPath: /target + name: plugins + restartPolicy: Always + serviceAccountName: velero + volumes: + - emptyDir: {} + name: plugins + - emptyDir: {} + name: scratch + 2: | + apiVersion: velero.io/v1 + kind: BackupStorageLocation + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: default + spec: + config: + profile: test + region: us-west-1 + objectStorage: + bucket: velero + provider: aws + 3: | + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: restic + spec: + selector: + matchLabels: + name: restic + template: + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: restic + spec: + containers: + - args: + - restic + - server + command: + - /velero + env: + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VELERO_SCRATCH_DIR + value: /scratch + image: velero/velero:v1.5.2 + imagePullPolicy: IfNotPresent + name: restic + securityContext: + privileged: false + volumeMounts: + - mountPath: /host_pods + mountPropagation: HostToContainer + name: host-pods + - mountPath: /scratch + name: scratch + securityContext: + runAsUser: 0 + serviceAccountName: velero + volumes: + - hostPath: + path: /var/lib/kubelet/pods + name: host-pods + - emptyDir: {} + name: scratch + 4: | + apiVersion: velero.io/v1 + kind: VolumeSnapshotLocation + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + name: default + spec: + config: + bucket: velero + region: us-west-1 + provider: aws + 5: | + apiVersion: velero.io/v1 + kind: Schedule + metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: velero + helm.sh/chart: velero-2.14.0 + myenv: foo + name: RELEASE-NAME-velero-mybackup + spec: + schedule: 0 0 * * * + template: + includedNamespaces: + - foo + ttl: 240h diff --git a/charts/velero/tests/back-compat-snapshot_test.yaml b/charts/velero/tests/back-compat-snapshot_test.yaml new file mode 100644 index 00000000..a8ed8f6f --- /dev/null +++ b/charts/velero/tests/back-compat-snapshot_test.yaml @@ -0,0 +1,14 @@ +templates: + - deployment.yaml + - backupstoragelocation.yaml + - restic-daemonset.yaml + - volumesnapshotlocation.yaml + - schedule.yaml +tests: + - it: manifest should match snapshot + values: + - ../ci/test-values-back-compat.yaml + set: + restic.enabled: true + asserts: + - matchSnapshot: {} diff --git a/charts/velero/tests/base-values.yaml b/charts/velero/tests/base-values.yaml new file mode 100644 index 00000000..ab820498 --- /dev/null +++ b/charts/velero/tests/base-values.yaml @@ -0,0 +1,8 @@ +provider: gcp +schedules: + - name: mybackup + schedule: "0 0 * * *" + template: + ttl: "240h" + includedNamespaces: + - foo diff --git a/charts/velero/tests/credentials_test.yaml b/charts/velero/tests/credentials_test.yaml new file mode 100644 index 00000000..83fb53b1 --- /dev/null +++ b/charts/velero/tests/credentials_test.yaml @@ -0,0 +1,55 @@ +suite: Credentials +templates: + - deployment.yaml + - secret.yaml +tests: + - it: doesn't create secrets or use them if there is no data or existing secret + values: + - base-values.yaml + asserts: + - template: secret.yaml + hasDocuments: + count: 0 + - template: deployment.yaml + notContains: + any: true + path: spec.template.spec.volumes + content: + name: cloud-credentials + - it: doesn't create secrets if an existingSecret is provided but does use them + values: + - base-values.yaml + set: + credentials: + existingSecret: foo-secret + asserts: + - template: secret.yaml + hasDocuments: + count: 0 + - template: deployment.yaml + contains: + any: true + path: spec.template.spec.volumes + content: + name: cloud-credentials + - it: creates secrets and uses them if secretContent is provided + values: + - base-values.yaml + set: + credentials: + existingSecretKey: credentials + secretContents: + credentials: | + [default] + aws_access_key_id=AKIAIOSFODNN7EXAMPLE + aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + asserts: + - template: secret.yaml + hasDocuments: + count: 1 + - template: deployment.yaml + contains: + any: true + path: spec.template.spec.volumes + content: + name: cloud-credentials diff --git a/charts/velero/tests/deployment_initContainers_test.yaml b/charts/velero/tests/deployment_initContainers_test.yaml new file mode 100644 index 00000000..78948602 --- /dev/null +++ b/charts/velero/tests/deployment_initContainers_test.yaml @@ -0,0 +1,113 @@ +templates: + - deployment.yaml +tests: + - it: installs initContainers for initContainers array + set: + initContainers: + - image: test/an-init-container + imagePullPolicy: Always + name: the-init-container + volumeMounts: + - mountPath: /test + name: test + values: + - base-values.yaml + asserts: + - contains: + path: spec.template.spec.initContainers + content: + image: test/an-init-container + imagePullPolicy: Always + name: the-init-container + volumeMounts: + - mountPath: /test + name: test + - it: installs plugins initContainers for the various provider values + set: + provider: aws + backupStorageLocation: + provider: azure + volumeSnapshotLocation: + provider: alibabacloud + values: + - base-values.yaml + asserts: + - contains: + path: spec.template.spec.initContainers + content: + image: velero/velero-plugin-for-aws:v1.1.0 + imagePullPolicy: IfNotPresent + name: velero-plugin-for-aws + volumeMounts: + - mountPath: /target + name: plugins + - contains: + path: spec.template.spec.initContainers + content: + image: velero/velero-plugin-for-microsoft-azure:v1.1.0 + imagePullPolicy: IfNotPresent + name: velero-plugin-for-microsoft-azure + volumeMounts: + - mountPath: /target + name: plugins + - contains: + path: spec.template.spec.initContainers + content: + image: registry.cn-hangzhou.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.1.0 + imagePullPolicy: IfNotPresent + name: velero-plugin-alibabacloud + volumeMounts: + - mountPath: /target + name: plugins + - it: installs plugins initContainers for plugins as a array of image tags/objects + set: + plugins: + - velero/velero-plugin-for-test1:first + - repository: velero/velero-plugin-for-test2 + digest: sha256:second + pullPolicy: Always + values: + - base-values.yaml + asserts: + - contains: + path: spec.template.spec.initContainers + content: + image: velero/velero-plugin-for-test1:first + imagePullPolicy: IfNotPresent + name: velero-plugin-for-test1 + volumeMounts: + - mountPath: /target + name: plugins + - contains: + path: spec.template.spec.initContainers + content: + name: velero-plugin-for-test2 + image: velero/velero-plugin-for-test2@sha256:second + imagePullPolicy: Always + volumeMounts: + - mountPath: /target + name: plugins + - it: allows plugins as a string of plugin images + set: + plugins: velero/velero-plugin-for-test1:first,velero/velero-plugin-for-test2@sha256:second + values: + - base-values.yaml + asserts: + - contains: + path: spec.template.spec.initContainers + content: + name: velero-plugin-for-test1 + image: velero/velero-plugin-for-test1:first + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + - contains: + path: spec.template.spec.initContainers + content: + name: velero-plugin-for-test2 + image: velero/velero-plugin-for-test2@sha256:second + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins diff --git a/charts/velero/tests/restic-daemonset_test.yaml b/charts/velero/tests/restic-daemonset_test.yaml new file mode 100644 index 00000000..01ab8ece --- /dev/null +++ b/charts/velero/tests/restic-daemonset_test.yaml @@ -0,0 +1,26 @@ +suite: Restic DaemonSet +templates: + - restic-daemonset.yaml +tests: + - it: is not created by default + values: + - base-values.yaml + asserts: + - hasDocuments: + count: 0 + - it: is created when enabled + set: + restic.enabled: true + values: + - base-values.yaml + asserts: + - isKind: + of: DaemonSet + - it: is created when enabled (legacy) + set: + deployRestic: true + values: + - base-values.yaml + asserts: + - isKind: + of: DaemonSet diff --git a/charts/velero/tests/snapshot__test.yaml b/charts/velero/tests/snapshot__test.yaml new file mode 100644 index 00000000..b62f4683 --- /dev/null +++ b/charts/velero/tests/snapshot__test.yaml @@ -0,0 +1,14 @@ +templates: + - deployment.yaml + - backupstoragelocation.yaml + - restic-daemonset.yaml + - volumesnapshotlocation.yaml + - schedule.yaml +tests: + - it: manifest should match snapshot + values: + - ../ci/test-values.yaml + set: + restic.enabled: true + asserts: + - matchSnapshot: {} diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 88fd9146..65f23fb6 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -15,6 +15,42 @@ image: imagePullSecrets: [] # - registrySecretName +# default plugin images to enabled when used by providers +pluginImages: + alibabacloud: + repository: registry.cn-hangzhou.aliyuncs.com/acs/velero-plugin-alibabacloud + tag: v1.1.0 + pullPolicy: IfNotPresent + aws: + repository: velero/velero-plugin-for-aws + tag: v1.1.0 + pullPolicy: IfNotPresent + azure: + repository: velero/velero-plugin-for-microsoft-azure + tag: v1.1.0 + pullPolicy: IfNotPresent + csi: + repository: velero/velero-plugin-for-csi + tag: v0.1.1 + pullPolicy: IfNotPresent + gcp: + repository: velero/velero-plugin-for-gcp + tag: v1.1.0 + pullPolicy: IfNotPresent + +# Additional plugin images to install +# Supports a comma seperated string +# plugins: 'velero/velero-plugin-for-aws:v1.1.0,velero/velero-plugin-for-csi:v0.1.1' +# +# Or an array of images as strings and/or objects +# plugins: +# - velero/velero-plugin-for-aws:v1.1.0 +# - repository: velero/velero-plugin-for-csi +# digest: sha256:60d47fd25216f13073525823a067eab223d12e695d4b41e480aa3ff13a58c916 +# pullPolicy: Always +plugins: [] + + # Annotations to add to the Velero deployment's pod template. Optional. # # If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID @@ -29,14 +65,9 @@ podLabels: {} # Resource requests/limits to specify for the Velero deployment. Optional. resources: {} -# Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required. +# Init containers to add to the Velero deployment's pod spec. initContainers: [] - # - name: velero-plugin-for-aws - # image: velero/velero-plugin-for-aws:v1.1.0 - # imagePullPolicy: IfNotPresent - # volumeMounts: - # - mountPath: /target - # name: plugins + # SecurityContext to use for the Velero deployment. Optional. # Set fsGroup for `AWS IAM Roles for Service Accounts` @@ -84,88 +115,87 @@ installCRDs: true ## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation, ## and additional server settings. ## -configuration: - # Cloud provider being used (e.g. aws, azure, gcp). +# Cloud provider being used (e.g. aws, azure, gcp). +provider: + +# Parameters for the `default` BackupStorageLocation. See +# https://velero.io/docs/v1.4/api-types/backupstoragelocation/ +backupStorageLocation: + # name is the name of the backup storage location where backups should be stored. If a name is not provided, + # a backup storage location will be created with the name "default". Optional. + name: + # provider is the name for the backup storage location provider. If omitted + # `provider` will be used instead. provider: - - # Parameters for the `default` BackupStorageLocation. See - # https://velero.io/docs/v1.5/api-types/backupstoragelocation/ - backupStorageLocation: - # name is the name of the backup storage location where backups should be stored. If a name is not provided, - # a backup storage location will be created with the name "default". Optional. - name: - # provider is the name for the backup storage location provider. If omitted - # `configuration.provider` will be used instead. - provider: - # bucket is the name of the bucket to store backups in. Required. - bucket: - # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. - caCert: - # prefix is the directory under which all Velero data should be stored within the bucket. Optional. - prefix: - # Additional provider-specific configuration. See link above - # for details of required/optional fields for your provider. - config: {} - # region: - # s3ForcePathStyle: - # s3Url: - # kmsKeyId: - # resourceGroup: - # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) - # subscriptionId: - # storageAccount: - # publicUrl: - # Name of the GCP service account to use for this backup storage location. Specify the - # service account here if you want to use workload identity instead of providing the key file.(GCP only) - # serviceAccount: - - # Parameters for the `default` VolumeSnapshotLocation. See - # https://velero.io/docs/v1.5/api-types/volumesnapshotlocation/ - volumeSnapshotLocation: - # name is the name of the volume snapshot location where snapshots are being taken. Required. - name: - # provider is the name for the volume snapshot provider. If omitted - # `configuration.provider` will be used instead. - provider: - # Additional provider-specific configuration. See link above - # for details of required/optional fields for your provider. - config: {} - # region: - # apitimeout: - # resourceGroup: - # The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) - # subscriptionId: - # snapshotLocation: - # project: - - # These are server-level settings passed as CLI flags to the `velero server` command. Velero - # uses default values if they're not passed in, so they only need to be explicitly specified - # here if using a non-default value. The `velero server` default values are shown in the - # comments below. - # -------------------- - # `velero server` default: 1m - backupSyncPeriod: - # `velero server` default: 1h - resticTimeout: - # `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods - restoreResourcePriorities: - # `velero server` default: false - restoreOnlyMode: - - # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" - extraEnvVars: {} - - # Comma separated list of velero feature flags. default: empty - features: - - # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic. - logLevel: - - # Set log-format for Velero pod. Default: text. Other option: json. - logFormat: - - # Set true for backup all pod volumes without having to apply annotation on the pod when used restic Default: false. Other option: false. - defaultVolumesToRestic: + # bucket is the name of the bucket to store backups in. Required. + bucket: + # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. + caCert: + # prefix is the directory under which all Velero data should be stored within the bucket. Optional. + prefix: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # s3ForcePathStyle: + # s3Url: + # kmsKeyId: + # resourceGroup: + # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) + # subscriptionId: + # storageAccount: + # publicUrl: + # Name of the GCP service account to use for this backup storage location. Specify the + # service account here if you want to use workload identity instead of providing the key file.(GCP only) + # serviceAccount: + +# Parameters for the `default` VolumeSnapshotLocation. See +# https://velero.io/docs/v1.4/api-types/volumesnapshotlocation/ +volumeSnapshotLocation: + # name is the name of the volume snapshot location where snapshots are being taken. Required. + name: + # provider is the name for the volume snapshot provider. If omitted + # `configuration.provider` will be used instead. + provider: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} +# region: +# apitimeout: +# resourceGroup: +# The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) +# subscriptionId: +# snapshotLocation: +# project: + +# These are server-level settings passed as CLI flags to the `velero server` command. Velero +# uses default values if they're not passed in, so they only need to be explicitly specified +# here if using a non-default value. The `velero server` default values are shown in the +# comments below. +# -------------------- +# `velero server` default: 1m +backupSyncPeriod: +# `velero server` default: 1h +resticTimeout: +# `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods +restoreResourcePriorities: +# `velero server` default: false +restoreOnlyMode: + +# additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" +extraEnvVars: {} + +# Comma separated list of velero feature flags. default: empty +features: + +# Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic. +logLevel: + +# Set log-format for Velero pod. Default: text. Other option: json. +logFormat: + +# Set true for backup all pod volumes without having to apply annotation on the pod when used restic Default: false. Other option: false. +defaultVolumesToRestic: ## ## End of backup/snapshot location settings. @@ -193,17 +223,19 @@ serviceAccount: # should contain credentials for the cloud provider IAM account you've # set up for Velero. credentials: - # Whether a secret should be used as the source of IAM account - # credentials. Set to false if, for example, using kube2iam or - # kiam to provide IAM credentials for the Velero pod. - useSecret: true # Name of a pre-existing secret (if any) in the Velero namespace # that should be used to get IAM account credentials. Optional. - existingSecret: + # existingSecret: + + # Key within a pre-existing secret (if any) in the Velero namespace + # that should be used to get IAM account credentials. Optional. + existingSecretKey: cloud + # Data to be stored in the Velero secret, if `useSecret` is # true and `existingSecret` is empty. This should be the contents # of your IAM credentials file. secretContents: {} + # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: ". Values will be stored in the secret. extraEnvVars: {} @@ -212,10 +244,9 @@ backupsEnabled: true # Whether to create volumesnapshotlocation crd, if false => disable snapshot feature snapshotsEnabled: true -# Whether to deploy the restic daemonset. -deployRestic: false - restic: + # Whether to deploy the restic daemonset. + enabled: false podVolumePath: /var/lib/kubelet/pods privileged: false # Pod priority class name to use for the Restic daemonset. Optional. @@ -240,15 +271,14 @@ restic: # Backup schedules to create. # Eg: # schedules: -# mybackup: +# - name: mybackup # labels: # myenv: foo # schedule: "0 0 * * *" # template: # ttl: "240h" # includedNamespaces: -# - foo -schedules: {} +# - foo # Velero ConfigMaps. # Eg: @@ -264,3 +294,8 @@ configMaps: {} ## ## End of additional Velero resource settings. ## + +# Deprecated +configuration: + backupStorageLocation: {} + volumeSnapshotLocation: {}