add velero and minio examples

Signed-off-by: Manabu Mccloskey <[email protected]>
cnoe-io · Jan 18, 2024 · 14d0211 · 14d0211
1 parent 6f9f0a8
commit 14d0211
Show file tree

Hide file tree

Showing 11 changed files with 396 additions and 0 deletions.
diff --git a/examples/local-backup/README.md b/examples/local-backup/README.md
@@ -0,0 +1,115 @@
+# Local Backup with Velero and Minio
+
+This example creates a configuration that allows you to back up Kubernetes objects
+to your laptop (or wherever you are running idpbuilder from).
+
+In short, it:
+1. Creates a [MinIO](https://min.io/) installation that mounts a local directory.
+2. Creates a [Velero](https://velero.io/) installation that targets the in-cluster MinIO storage.
+
+## Installation
+
+First, we need to ensure the local cluster is configured to mount a local directory.
+This is done through the kind configuration file that you can supply to `idpbuilder`.
+
+Take a look at the [kind.yaml](./kind.yaml) file. The most relevant part is this bit:
+
+```yaml
+nodes:
+- role: control-plane
+  extraMounts:
+    - hostPath: /home/ubuntu/backup # replace with your own path
+      containerPath: /backup
+```
+
+This instructs Kind to make your machine's directory at `/home/ubuntu/backup`
+available at `/backup` for the Kubernetes node. 
+
+You **must** change this value for your own setup. This directory also must exist on your machine.
+For example, you may want to change it to `/Users/my-name/backup`.  
+
+Once you've made the change, run this command from the root of this repository.
+
+```bash
+# example: mkdir /Users/my-name/backup
+mkdir <path/to/directory> 
+
+idpbuilder create --kind-config examples/local-backup/kind.yaml --kind-config examples/local-backup/kind.yaml
+```
+
+This command:
+1. Creates a standard idpbuilder installation, a kind cluster and core packages (ArgoCD, Gitea, and Ingress-Nginx).
+2. Creates two custom packages: [MinIO](./minio.yaml) and [Velero](./velero.yaml).
+
+Once the command exits, you can check the status of installation by going to https://argocd.cnoe.localtest.me:8443/applications.
+
+Username is `admin`, and password is obtained with:
+```bash
+kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'
+```
+
+You can also check the status with the following command:
+
+```bash
+kubectl get application -n argocd
+```
+
+## Using it
+
+Once minio and velero ArgoCD applications are ready, you can start playing with it.
+
+MinIO console is accessible at [https://minio.cnoe.localtest.me:8443/login](https://minio.cnoe.localtest.me:8443/login)
+
+You can log in to the console by obtaining credentials:
+
+```bash
+kubectl -n minio get secret minio -o go-template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'
+# example output
+# rootPassword: aKKZzLnyry6OYZts17vMTf32H5ghFL4WYgu6bHujm
+# rootUser: ge8019yksArb7BICt3MLY9
+```
+
+Once you log in, you will notice a bucket is already created for you. Velero will use this bucket to back up kubernetes objects.
+
+![image](./images/bucket.png)
+
+Let's try creating a backup of an example application. 
+
+First, create an example nginx app straight from the velero repository.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/vmware-tanzu/velero/main/examples/nginx-app/base.yaml
+```
+
+Once they are created and running, create a backup.
+
+```bash
+kubectl apply -f examples/local-backup/demo/backup.yaml
+```
+
+This command is equivalent to this velero command:  `velero backup create nginx-backup --selector app=nginx`
+
+After you run the command, go back to the MinIO console. You will notice that file objects are created in your bucket.
+
+![img.png](./images/nginx-backup.png)
+
+You can also see these files on your local machine.
+
+```shell
+$ ls -lh /home/ubuntu/backup/idpbuilder-backups/backups/nginx-backup/
+total 44K
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-csi-volumesnapshotclasses.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-csi-volumesnapshotcontents.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-csi-volumesnapshots.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-itemoperations.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-logs.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-podvolumebackups.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-resource-list.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-results.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup-volumesnapshots.json.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 nginx-backup.tar.gz
+drwxr-xr-x 2 ubuntu ubuntu 4.0K Jan 18 01:25 velero-backup.json
+```
+
+
+
diff --git a/examples/local-backup/demo/backup.yaml b/examples/local-backup/demo/backup.yaml
@@ -0,0 +1,12 @@
+# velero backup create nginx-backup --selector app=nginx
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: nginx-backup
+  namespace: velero
+spec:
+  includedNamespaces:
+    - '*'
+  labelSelector:
+    matchLabels:
+      app: nginx
diff --git a/examples/local-backup/images/bucket.png b/examples/local-backup/images/bucket.png
diff --git a/examples/local-backup/images/nginx-backup.png b/examples/local-backup/images/nginx-backup.png
diff --git a/examples/local-backup/kind.yaml b/examples/local-backup/kind.yaml
@@ -0,0 +1,19 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: "kindest/node:v1.27.3"
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=4Gi
+        node-labels: "ingress-ready=true"
+  extraMounts:
+    - hostPath: /home/ubuntu/backup # replace with your own path
+      containerPath: /backup
+  extraPortMappings:
+  - containerPort: 443
+    hostPort: 8443
+    protocol: TCP
diff --git a/examples/local-backup/minio.yaml b/examples/local-backup/minio.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: minio
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+    - repoURL: 'https://charts.min.io'
+      targetRevision: 5.0.15
+      helm:
+        releaseName: minio
+        valueFiles:
+          - $values/helm/values.yaml
+      chart: minio
+    - repoURL: cnoe://minio
+      targetRevision: HEAD
+      ref: values
+    - repoURL: cnoe://minio
+      targetRevision: HEAD
+      path: "manifests"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: minio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
diff --git a/examples/local-backup/minio/helm/values.yaml b/examples/local-backup/minio/helm/values.yaml
@@ -0,0 +1,27 @@
+replicas: 1
+mode: standalone
+
+resources:
+  requests:
+    memory: 128Mi
+
+persistence:
+  enabled: true
+  storageClass: standard
+  size: 512Mi
+  volumeName: backup
+
+buckets:
+  - name: idpbuilder-backups
+
+consoleIngress:
+  enabled: true
+  ingressClassName: nginx
+  hosts:
+    - minio.cnoe.localtest.me
+
+users:
+  - accessKey: velero-access-key
+    existingSecret: secret-key
+    existingSecretKey: secret-key
+    policy: consoleAdmin
diff --git a/examples/local-backup/minio/manifests/minio-pv.yaml b/examples/local-backup/minio/manifests/minio-pv.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: backup
+spec:
+  storageClassName: standard
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 512Mi
+  hostPath:
+    path: /backup
diff --git a/examples/local-backup/minio/manifests/secret-sync.yaml b/examples/local-backup/minio/manifests/secret-sync.yaml
@@ -0,0 +1,124 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secret-sync
+  namespace: minio
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-sync
+  namespace: minio
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret-sync
+  namespace: minio
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+subjects:
+  - kind: ServiceAccount
+    name: secret-sync
+    namespace: minio
+roleRef:
+  kind: Role
+  name: secret-sync
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-sync
+  namespace: velero
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret-sync
+  namespace: velero
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+subjects:
+  - kind: ServiceAccount
+    name: secret-sync
+    namespace: minio
+roleRef:
+  kind: Role
+  name: secret-sync
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: secret-sync
+  namespace: minio
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-5"
+spec:
+  template:
+    metadata:
+      generateName: secret-sync
+    spec:
+      serviceAccountName: secret-sync
+      restartPolicy: Never
+      containers:
+        - name: kubectl
+          image: docker.io/bitnami/kubectl
+          command: ["/bin/bash", "-c"]
+          args:
+            - |
+              kubectl get secrets -n velero secret-key
+              if [ $? -eq 0 ]; then
+                exit 0
+              fi
+              
+              set -ex
+              
+              randString=$(openssl rand -base64 24)
+              
+              echo \
+              "apiVersion: v1
+              kind: Secret
+              metadata:
+                name: secret-key
+                namespace: minio
+              type: Opaque
+              stringData:
+                secret-key: ${randString}
+              " > /tmp/secret.yaml
+
+              kubectl apply -f /tmp/secret.yaml
+              
+              echo \
+              "apiVersion: v1
+              kind: Secret
+              metadata:
+                name: secret-key
+                namespace: velero
+              type: Opaque
+              stringData:
+                aws: |
+                  [default]
+                    aws_access_key_id=velero-access-key
+                    aws_secret_access_key=${randString}
+              " > /tmp/secret.yaml
+              
+              kubectl apply -f /tmp/secret.yaml
diff --git a/examples/local-backup/velero.yaml b/examples/local-backup/velero.yaml
@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: velero
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+    - repoURL: 'https://vmware-tanzu.github.io/helm-charts'
+      targetRevision: 5.2.2
+      helm:
+        releaseName: velero
+        valueFiles:
+          - $values/helm/values.yaml
+      chart: velero
+    - repoURL: cnoe://velero
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: velero
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true