Skip to content

Commit

Permalink
Merge branch 'release/v1.2.0' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
kahoona77 authored and cesmarvin committed Nov 29, 2024
2 parents 22ea887 + 28b8471 commit 74421e1
Show file tree
Hide file tree
Showing 37 changed files with 364 additions and 431 deletions.
3 changes: 1 addition & 2 deletions .env.template
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
#
# The file `.env` is ignored by git. Note: DO NOT COMMIT your personal data.

# It is necessary to set the stage to `development` when developing locally (optional)
#export STAGE=development
export STAGE=development
export LOG_LEVEL=debug
export NAMESPACE=$(shell kubectl config view --minify -o jsonpath='{..namespace}')
11 changes: 11 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [v1.2.0] - 2024-11-29
### Changed
- [#37] Refactor rbac permissions to be more clear and better match the use cases

### Removed
- [#37] Leader election and leader election rbac permissions
- [#37] Metrics rbac permissions

### Fixed
- Do not abort restore when maintenance mode cannot be activated

## [v1.1.1] - 2024-10-29
### Fixed
- [#35] Use correct helm dependency constraint for `backup-operator-crd`.
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ RUN make compile-generic
FROM gcr.io/distroless/static:nonroot
LABEL maintainer="[email protected]" \
NAME="k8s-backup-operator" \
VERSION="1.1.1"
VERSION="1.2.0"

WORKDIR /
COPY --from=builder /workspace/target/k8s-backup-operator .
Expand Down
5 changes: 2 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Set these to the desired values
ARTIFACT_ID=k8s-backup-operator
VERSION=1.1.1
VERSION=1.2.0
IMAGE=cloudogu/${ARTIFACT_ID}:${VERSION}
GOTAG?=1.23
LINT_VERSION=v1.61.0
Expand All @@ -26,9 +26,8 @@ CRD_BACKUP_SOURCE = ${HELM_CRD_SOURCE_DIR}/templates/k8s.cloudogu.com_backups.ya
CRD_RESTORE_SOURCE = ${HELM_CRD_SOURCE_DIR}/templates/k8s.cloudogu.com_restores.yaml
CRD_SCHEDULE_SOURCE = ${HELM_CRD_SOURCE_DIR}/templates/k8s.cloudogu.com_backupschedules.yaml
PRE_COMPILE=generate-deepcopy
HELM_PRE_APPLY_TARGETS=template-stage template-log-level template-image-pull-policy
HELM_PRE_GENERATE_TARGETS = helm-values-update-image-version
HELM_POST_GENERATE_TARGETS = helm-values-replace-image-repo
HELM_POST_GENERATE_TARGETS = helm-values-replace-image-repo template-stage template-log-level template-image-pull-policy
CRD_POST_MANIFEST_TARGETS = crd-add-labels crd-add-backup-labels
CHECK_VAR_TARGETS=check-all-vars
IMAGE_IMPORT_TARGET=image-import
Expand Down
2 changes: 2 additions & 0 deletions docs/development/installation_de.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ und einen Access Key `longhorn-test-key` mit dem Secret Key `longhorn-test-secre
Des Weiteren müssen [k8s-snapshot-controller][snapshot-ctrl-repo] und [k8s-velero][velero-repo] als Komponenten installiert werden.
Dazu die Repositories auschecken und darin folgende Befehle ausführen:
```shell
# nur in k8s-velero
cd k8s/helm/templates && helm dependency update
# nur im snapshot-controller:
make crd-component-apply
# für snapshot-controller und velero:
Expand Down
2 changes: 2 additions & 0 deletions docs/development/installation_en.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ and an access key `longhorn-test-key` with the secret key `longhorn-test-secret-
Furthermore, [k8s-snapshot-controller][snapshot-ctrl-repo] and [k8s-velero][velero-repo] have to be installed as components.
To do this, check out the repositories and execute the following commands inside:
```shell
# only in k8s-velero
cd k8s/helm/templates && helm dependency update
# only in the snapshot-controller:
make crd-component-apply
# for snapshot-controller and velero:
Expand Down
10 changes: 5 additions & 5 deletions docs/operations/scheduled_backups_en.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ This can be achieved with a `BackupSchedule` resource:

```yaml
apiVersion: k8s.cloudogu.com/v1
Type: BackupSchedule
Metadata:
name: backupschedule-sample
kind: BackupSchedule
metadata:
name: backupschedule-sample
spec:
schedule: "0 0 * *" # the cron pattern according to which the backups should be executed.
provider: "velero" # only velero and "" (velero by default) are supported.
schedule: "0 0 * *" # the cron pattern according to which the backups should be executed.
provider: "velero" # only velero and "" (velero by default) are supported.
```
`schedule` is a cron pattern as defined in [Kubernetes CronJob Syntax](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax).
89 changes: 89 additions & 0 deletions k8s-samples/k8s-backup-operator-dependencies.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
apiVersion: v1
data:
cloud: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPWxvbmdob3JuLXRlc3Qta2V5CmF3c19zZWNyZXRfYWNjZXNzX2tleT1sb25naG9ybi10ZXN0LXNlY3JldC1rZXkK
kind: Secret
metadata:
name: velero-backup-target
namespace: ecosystem
type: Opaque
---
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-velero
namespace: ecosystem
spec:
name: k8s-velero
namespace: k8s
version: 5.0.2-7
valuesYamlOverwrite: |
velero:
credentials:
useSecret: true
existingSecret: "velero-backup-target"
configuration:
backupStorageLocation:
- name: default
provider: aws
bucket: velero
accessMode: ReadWrite
config:
region: minio-default
s3ForcePathStyle: true
s3Url: http://192.168.56.1:9000
publicUrl: http://localhost:9000
---
apiVersion: v1
data:
AWS_ACCESS_KEY_ID: bG9uZ2hvcm4tdGVzdC1rZXk=
AWS_ENDPOINTS: aHR0cDovLzE5Mi4xNjguNTYuMTo5MDAw
AWS_SECRET_ACCESS_KEY: bG9uZ2hvcm4tdGVzdC1zZWNyZXQta2V5
kind: Secret
metadata:
name: longhorn-backup-target
namespace: longhorn-system
type: Opaque
---
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-longhorn
namespace: ecosystem
spec:
deployNamespace: longhorn-system
name: k8s-longhorn
namespace: k8s
version: 1.5.1-8
valuesYamlOverwrite: |
longhorn:
defaultSettings:
backupTarget: s3://longhorn@dummyregion/
backupTargetCredentialSecret: longhorn-backup-target
---
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-snapshot-controller-crd
namespace: ecosystem
spec:
name: k8s-snapshot-controller-crd
namespace: k8s
version: 5.0.1-7
---
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-snapshot-controller
namespace: ecosystem
spec:
name: k8s-snapshot-controller
namespace: k8s
version: 5.0.1-7
23 changes: 23 additions & 0 deletions k8s-samples/k8s-backup-operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-backup-operator-crd
namespace: ecosystem
spec:
name: k8s-backup-operator-crd
namespace: k8s
version: 1.1.1
---
apiVersion: k8s.cloudogu.com/v1
kind: Component
metadata:
labels:
app: ces
name: k8s-backup-operator
namespace: ecosystem
spec:
name: k8s-backup-operator
namespace: k8s
version: 1.1.1
7 changes: 7 additions & 0 deletions k8s-samples/test-scheduled-backup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: k8s.cloudogu.com/v1
kind: BackupSchedule
metadata:
name: backupschedule-sample
spec:
schedule: "20 11 * * *"
provider: "velero"
6 changes: 6 additions & 0 deletions k8s-samples/testbackup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: k8s.cloudogu.com/v1
kind: Backup
metadata:
name: backup-sample
spec:
provider: velero
7 changes: 7 additions & 0 deletions k8s-samples/testrestore.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: k8s.cloudogu.com/v1
kind: Restore
metadata:
name: restore-sample
spec:
provider: velero
backupName: backup-sample
2 changes: 1 addition & 1 deletion k8s/helm/component-patch-tpl.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
values:
images:
backupOperator: cloudogu/k8s-backup-operator:1.1.1
backupOperator: cloudogu/k8s-backup-operator:1.2.0
kubeRbacProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
patches:
values.yaml:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,39 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "k8s-backup-operator.name" . }}-backup-editor-role
labels:
app.kubernetes.io/component: rbac
{{- include "k8s-backup-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- k8s.cloudogu.com
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.cloudogu.com
resources:
- backups/finalizers
verbs:
- update
- apiGroups:
- k8s.cloudogu.com
resources:
- backups/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "k8s-backup-operator.name" . }}-backup-editor-role-binding
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# This role is necessary to create cloudogu backups
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "k8s-backup-operator.name" . }}-backup-viewer-role
name: {{ include "k8s-backup-operator.name" . }}-backup-editor-role
labels:
app.kubernetes.io/component: rbac
{{- include "k8s-backup-operator.labels" . | nindent 4 }}
Expand All @@ -11,12 +12,24 @@ rules:
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.cloudogu.com
resources:
- backups/finalizers
verbs:
- update
- apiGroups:
- k8s.cloudogu.com
resources:
- backups/status
verbs:
- get
- get
- patch
- update
15 changes: 15 additions & 0 deletions k8s/helm/templates/backupschedule-editor-role-binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "k8s-backup-operator.name" . }}-backupschedule-editor-role-binding
labels:
app.kubernetes.io/component: rbac
{{- include "k8s-backup-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: '{{ include "k8s-backup-operator.name" . }}-backupschedule-editor-role'
subjects:
- kind: ServiceAccount
name: '{{ include "k8s-backup-operator.name" . }}-controller-manager'
namespace: '{{ .Release.Namespace }}'
47 changes: 47 additions & 0 deletions k8s/helm/templates/backupschedule-editor-role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# This role is necessary to create scheduled cloudogu backups
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "k8s-backup-operator.name" . }}-backupschedule-editor-role
labels:
app.kubernetes.io/component: rbac
{{- include "k8s-backup-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- k8s.cloudogu.com
resources:
- backupschedules
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.cloudogu.com
resources:
- backupschedules/finalizers
verbs:
- update
- apiGroups:
- k8s.cloudogu.com
resources:
- backupschedules/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- cronjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
Loading

0 comments on commit 74421e1

Please sign in to comment.