Added Kubernetes etcd backup chart (#1151)

* added kubernetes etcd backup chart * (fix): kubernetes-etcd-backup adjusted docker repo * (fix): ran pre commit * (fix): Adjusted docs * (fix): fixed api version * (fix): adding default values for secret names * run pre commit * pre commit
adfinis · Dec 11, 2023 · a2c4eb6 · a2c4eb6
1 parent 9813011
commit a2c4eb6
Show file tree

Hide file tree

Showing 10 changed files with 344 additions and 0 deletions.
diff --git a/README.md b/README.md
diff --git a/charts/kubernetes-etcd-backup/Chart.yaml b/charts/kubernetes-etcd-backup/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+name: kubernetes-etcd-backup
+description: Chart for kubernetes-etcd-backup solution
+type: application
+version: 1.0.0
+appVersion: v1.0.1
+keywords:
+  - kubernetes-etcd-backup
+  - kubernetes
+  - backup
+  - etcd
+home: https://github.com/adfinis/kubernetes-etcd-backup
+sources:
+  - https://github.com/adfinis/kubernetes-etcd-backup
+maintainers:
+  - name: adfinis
+    email: [email protected]
+    url: https://adfinis.com
diff --git a/charts/kubernetes-etcd-backup/README.md b/charts/kubernetes-etcd-backup/README.md
diff --git a/charts/kubernetes-etcd-backup/templates/_helpers.tpl b/charts/kubernetes-etcd-backup/templates/_helpers.tpl
@@ -0,0 +1,55 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubernetes-etcd-backup.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubernetes-etcd-backup.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernetes-etcd-backup.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernetes-etcd-backup.labels" -}}
+helm.sh/chart: {{ include "kubernetes-etcd-backup.chart" . }}
+app.kubernetes.io/name: {{ include "kubernetes-etcd-backup.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubernetes-etcd-backup.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubernetes-etcd-backup.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/kubernetes-etcd-backup/templates/additionalPrometheusRules.yaml b/charts/kubernetes-etcd-backup/templates/additionalPrometheusRules.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.monitoring.enabled .Values.monitoring.additionalRules }}
+apiVersion: v1
+kind: List
+metadata:
+  name: {{ include "kubernetes-etcd-backup.fullname" $ }}-additional-prometheus-rules
+items:
+{{- if .Values.monitoring.additionalRules }}
+{{- range $prometheusRuleName, $prometheusRule := .Values.monitoring.additionalRules }}
+  - apiVersion: monitoring.coreos.com/v1
+    kind: PrometheusRule
+    metadata:
+      name: {{ include "kubernetes-etcd-backup.fullname" $ }}-{{ $prometheusRuleName }}
+      labels:
+        app: {{ include "kubernetes-etcd-backup.fullname" $ }}
+    spec:
+      groups:
+{{ toYaml $prometheusRule.groups | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kubernetes-etcd-backup/templates/configmap.yaml b/charts/kubernetes-etcd-backup/templates/configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kubernetes-etcd-backup.fullname" . }}
+  labels:
+    {{- include "kubernetes-etcd-backup.labels" . | nindent 4 }}
+data:
+  ETCD_BACKUP_SUBDIR: {{ .Values.backup.subdir | quote }}
+  ETCD_BACKUP_DIRNAME: {{ .Values.backup.dirname | quote }}
+  ETCD_BACKUP_EXPIRE_TYPE: {{ .Values.backup.expiretype | quote }}
+  ETCD_BACKUP_KEEP_DAYS: {{ .Values.backup.keepdays | quote }}
+  ETCD_BACKUP_KEEP_COUNT: {{ .Values.backup.keepcount | quote }}
+  ETCD_BACKUP_UMASK: {{ .Values.backup.umask | quote }}
+  ENDPOINT: {{ .Values.etcdConfiguration.endpoint | quote }}
diff --git a/charts/kubernetes-etcd-backup/templates/cronjob.yaml b/charts/kubernetes-etcd-backup/templates/cronjob.yaml
@@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "kubernetes-etcd-backup.fullname" . }}
+spec:
+  startingDeadlineSeconds: 600
+  schedule: {{ .Values.backup.schedule | quote }}
+  jobTemplate:
+    spec:
+      # Retrying this job is not considered safe, because of that we fail the
+      # job immediately if the first execution fails.
+      backoffLimit: 0
+      template:
+        spec:
+          securityContext:
+              runAsUser: 1000
+              fsGroup: 1000
+          containers:
+          - command:
+            - /bin/sh
+            - /usr/local/bin/backup.sh
+            image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+            imagePullPolicy: {{ .Values.image.pullPolicy }}
+            name: {{ .Chart.Name }}
+            envFrom:
+            - configMapRef:
+                name: {{ include "kubernetes-etcd-backup.fullname" . }}
+            resources:
+              {{- toYaml .Values.resources | nindent 14 }}
+            volumeMounts:
+            - name: etcd-peer-tls
+              mountPath: /etc/kubernetes/pki/etcd-peer
+            - name: etcd-server-ca
+              mountPath: /etc/kubernetes/pki/etcd-ca
+            {{- if or .Values.persistence.nfs.enabled .Values.persistence.provisioning.enabled }}
+            - name: volume-backup
+              mountPath: /backup
+            {{- end }}
+          restartPolicy: Never
+          volumes:
+          - name: etcd-peer-tls
+            secret:
+              secretName: {{ .Values.etcdCertification.etcdPeerTlsName }}
+          - name: etcd-server-ca
+            secret:
+              secretName: {{ .Values.etcdCertification.etcdServerCaName }}
+          - name: volume-backup
+            {{- if .Values.persistence.nfs.enabled }}
+            nfs:
+              server: {{ .Values.persistence.nfs.server | quote }}
+              path: {{ .Values.persistence.nfs.path | quote }}
+            {{- else if .Values.persistence.provisioning.enabled }}
+            persistentVolumeClaim:
+              claimName: {{ include "kubernetes-etcd-backup.fullname" . }}
+            {{- end }}
diff --git a/charts/kubernetes-etcd-backup/templates/prometheusrule.yaml b/charts/kubernetes-etcd-backup/templates/prometheusrule.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.monitoring.enabled .Values.monitoring.rules.cronjobMonitor (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "kubernetes-etcd-backup.fullname" . }}-cronjob-monitor
+spec:
+  groups:
+  - name: cronjob-monitor
+    rules:
+    - alert: EtcdBackupCronJobStatusFailed
+      expr: |
+        kube_job_status_succeeded{namespace="{{ .Release.Namespace }}"} == 0
+      labels:
+        severity: critical
+{{- end }}
diff --git a/charts/kubernetes-etcd-backup/templates/pvc.yaml b/charts/kubernetes-etcd-backup/templates/pvc.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.persistence.provisioning.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "kubernetes-etcd-backup.fullname" . }}
+  labels:
+    {{- include "kubernetes-etcd-backup.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.persistence.provisioning.storageClass }}
+  storageClassName: {{ .Values.persistence.provisioning.storageClass }}
+  {{- end}}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.capacity }}
+{{- end }}
diff --git a/charts/kubernetes-etcd-backup/values.yaml b/charts/kubernetes-etcd-backup/values.yaml
@@ -0,0 +1,87 @@
+# Default values for kubernetes-etcd-backup.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+backup:
+  # -- Sub directory path
+  subdir: "/"
+  # -- Directory name of single backup
+  dirname: "+etcd-backup-%FT%T%:z"
+  # -- expiretype could be days (keep backups newer than backup.keepdays,
+  # count (keep a number of backups with backup.keepcount),
+  # never (do not expire backups, keep all of them)
+  expiretype: "days"
+  # -- Retention period
+  keepdays: "30"
+  # -- Count retention if expiretype set to count
+  keepcount: "10"
+  # -- Backup schedule
+  schedule: "0 0 * * *"
+  # -- Set umask during the backup
+  umask: "0027"
+
+etcdConfiguration:
+  # -- Etcd endpoint ip or hostname without protocol or port
+  endpoint: "changeme"
+
+etcdCertification:
+  # -- etcd-peer-tls secret name
+  etcdPeerTlsName: "changeme"
+  # -- etcd-server-ca secret name
+  etcdServerCaName: "changeme"
+
+persistence:
+  # -- Set reclaim policy (Retain or Delete)
+  reclaimPolicy: Retain
+  # -- Define the storage size
+  capacity: 10Gi
+  nfs:
+    # -- Enable nfs backend storage
+    enabled: false
+    # -- NFS server name or IP
+    server: example.com
+    # -- NFS server path
+    path: "nfs/example/path"
+  provisioning:
+    # -- Enable provisioned backend storage with default or configured storageClass
+    enabled: false
+    storageClass: ""
+
+image:
+  # -- Repository image to use
+  repository: ghcr.io/adfinis/kubernetes-etcd-backup
+  # -- Image pull policy configuration
+  pullPolicy: Always
+  # -- Overrides the image tag whose default is the chart appVersion.
+  tag: "latest"
+
+nameOverride: ""
+fullnameOverride: ""
+
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+monitoring:
+# -- Deploy PrometheusRule to be alerted in case of backup fails as decribed [here](https://github.com/adfinis/openshift-etcd-backup/blob/main/etcd-backup-cronjob-monitor.PrometheusRule.yaml).
+# Be sure to to have monitoring for user defined projects enabled as [described in the upstream documentation](https://docs.openshift.com/container-platform/4.6/monitoring/enabling-monitoring-for-user-defined-projects.html).
+  enabled: false
+  rules:
+    # -- Deploy PrometheusRule to check for cronjob fails.
+    cronjobMonitor: true
+  # -- Provide custom recording or alerting rules to be deployed into the cluster.
+  additionalRules:
+  #  rule-name:
+  #    groups:
+  #    - name: my_group
+  #      rules:
+  #      - record: my_record
+  #        expr: 100 * my_record