release chart: rancher-backup - version: 105.0.0+up6.0.0

rancher · Nov 8, 2024 · a361d3d · a361d3d
1 parent a30f890
commit a361d3d
Show file tree

Hide file tree

Showing 29 changed files with 1,438 additions and 0 deletions.
diff --git a/assets/rancher-backup/rancher-backup-105.0.0+up6.0.0.tgz b/assets/rancher-backup/rancher-backup-105.0.0+up6.0.0.tgz
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/Chart.yaml b/charts/rancher-backup/105.0.0+up6.0.0/Chart.yaml
@@ -0,0 +1,26 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-backup-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher Backups
+  catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0'
+  catalog.cattle.io/namespace: cattle-resources-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
+  catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0'
+  catalog.cattle.io/release-name: rancher-backup
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-backup
+  catalog.cattle.io/upstream-version: 6.0.0
+apiVersion: v2
+appVersion: 6.0.0
+description: Provides ability to back up and restore the Rancher application running
+  on any Kubernetes cluster
+icon: https://charts.rancher.io/assets/logos/backup-restore.svg
+keywords:
+- applications
+- infrastructure
+kubeVersion: '>= 1.28.0-0'
+name: rancher-backup
+version: 105.0.0+up6.0.0
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/README.md b/charts/rancher-backup/105.0.0+up6.0.0/README.md
@@ -0,0 +1,79 @@
+# Rancher Backup
+
+This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster.
+
+Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details.
+
+-----
+
+### Get Repo Info
+```bash
+helm repo add rancher-chart https://charts.rancher.io
+helm repo update
+```
+
+-----
+
+### Install Chart
+```bash
+helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace
+helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system
+```
+
+-----
+
+### Configuration
+The following table lists the configurable parameters of the rancher-backup chart and their default values:
+
+| Parameter   |      Description      |  Default |
+|----------|---------------|-------|
+| image.repository |  Container image repository | rancher/backup-restore-operator |
+| image.tag |    Container image tag  |   v0.1.0-rc1 |
+| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO |    false |
+| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` |    "" |
+| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. |    "" |
+| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) |    "" |
+| s3.bucketName | Name of the Bucket |    "" |
+| s3.folder | Base folder within the Bucket (optional) |    "" |
+| s3.endpoint | Endpoint for the S3 storage provider |   "" |
+| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" |
+| s3.insecureTLSSkipVerify |  Skip SSL verification | false |
+| persistence.enabled |  Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false |
+| persistence.storageClass |  StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" |
+| persistence.volumeName |  Persistent Volume to use for storing backups | "" |
+| persistence.size |  Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" |
+| debug | Set debug flag for backup-restore deployment | false |
+| trace | Set trace flag for backup-restore deployment | false |
+| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} |
+| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] |
+| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} |
+| serviceAccount.annotations | Annotations to apply to created service account | {} |
+| global.cattle.psp.enabled | Enable or disable PSPs in the chart | false |
+
+-----
+
+### PSPs
+
+We have added a configuration to the chart `values.yaml` which allows you to enable or disable PSPs to align with the PSP deprecation in Kubernetes `v1.25` and above.
+
+-----
+
+### CRDs
+
+Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs.
+
+-----
+### Upgrading Chart
+```bash
+helm upgrade rancher-backup-crd -n cattle-resources-system
+helm upgrade rancher-backup -n cattle-resources-system
+```
+
+-----
+### Uninstall Chart
+
+```bash
+helm uninstall rancher-backup -n cattle-resources-system
+helm uninstall rancher-backup-crd -n cattle-resources-system
+```
+
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/app-readme.md b/charts/rancher-backup/105.0.0+up6.0.0/app-readme.md
@@ -0,0 +1,33 @@
+# Rancher Backup
+
+This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster.
+
+For more information on how to use the feature, refer to our [docs](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery).
+
+This chart installs the following components:
+
+- [backup-restore-operator](https://github.com/rancher/backup-restore-operator)
+  - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location.
+  - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store.
+  - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects.
+  - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
+- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals.
+- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to.
+
+## Upgrading to Kubernetes v1.25+
+    
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. 
+    
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
+    
+> **Note:**
+> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
+    
+> **Note:**
+> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+>
+> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
+
+Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/aks.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/aks.yaml
@@ -0,0 +1,25 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "aks.cattle.io$"
+- apiVersion: "aks.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  namespaces:
+    - "cattle-system"
+  resourceNames:
+    - "aks-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "aks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "aks-operator"
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaces:
+    - "cattle-system"
+  resourceNames:
+  - "aks-operator"
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/eks.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/eks.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "eks.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "eks-config-operator"
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "eks.cattle.io$"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "eks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "eks-operator"
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/elemental.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/elemental.yaml
@@ -0,0 +1,49 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "elemental.cattle.io$"
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  namespaces:
+    - "cattle-elemental-system"
+  resourceNames:
+    - "elemental-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "elemental-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "elemental-operator"
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaces:
+    - "cattle-elemental-system"
+  resourceNames:
+    - "elemental-operator"
+- apiVersion: "management.cattle.io/v3"
+  kindsRegexp: "^globalrole$"
+  resourceNames:
+    - "elemental-operator"
+- apiVersion: "management.cattle.io/v3"
+  kindsRegexp: "^apiservice$"
+  resourceNameRegexp: "elemental.cattle.io$"
+- apiVersion: "elemental.cattle.io/v1beta1"
+  kindsRegexp: "."
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^roles$|^rolebindings$"
+  labelSelectors:
+    matchExpressions:
+    - key: "elemental.cattle.io/managed"
+      operator: "In"
+      values: ["true"]
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$|^serviceaccounts$"
+  labelSelectors:
+    matchExpressions:
+    - key: "elemental.cattle.io/managed"
+      operator: "In"
+      values: ["true"]
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/fleet.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/fleet.yaml
@@ -0,0 +1,60 @@
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  resourceNameRegexp: "^fleet-"
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  labelSelectors:
+    matchExpressions:
+      - key: "app.kubernetes.io/managed-by"
+        operator: "In"
+        values: ["rancher"]
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+  excludeResourceNameRegexp: "^import-token"
+  labelSelectors:
+    matchExpressions:
+      - key: "owner"
+        operator: "NotIn"
+        values: ["helm"]
+      - key: "fleet.cattle.io/managed"
+        operator: "In"
+        values: ["true"]
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+  excludeResourceNameRegexp: "^default$"
+- apiVersion: "v1"
+  kindsRegexp: "^configmaps$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^roles$|^rolebindings$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNameRegexp: "^fleet-|^gitjob-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNameRegexp: "^fleet-"
+  resourceNames:
+    - "gitjob"
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$"
+- apiVersion: "fleet.cattle.io/v1alpha1"
+  kindsRegexp: "."
+  excludeKinds:
+    - "bundledeployments"
+- apiVersion: "gitjob.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+  resourceNameRegexp: "^fleet-"
+  resourceNames:
+    - "gitjob"
+- apiVersion: "apps/v1"
+  kindsRegexp: "^services$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-"
+  resourceNames:
+    - "gitjob"
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/gke.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/gke.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "gke.cattle.io$"
+- apiVersion: "gke.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "gke-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "gke-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "gke-operator"
diff --git a/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/provisioningv2.yaml
@@ -0,0 +1,23 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "provisioning.cattle.io$|rke-machine-config.cattle.io$|rke-machine.cattle.io$|rke.cattle.io$|cluster.x-k8s.io$"
+- apiVersion: "provisioning.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke-machine-config.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke-machine.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "cluster.x-k8s.io/v1beta1"
+  kindsRegexp: "."
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$"
+  resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|^harvesterconfig|^registryconfig-auth"
+  namespaces:
+  - "fleet-default"
+- apiVersion: "v1"
+  kindsRegexp: "^configmaps$"
+  resourceNames:
+    - "provisioning-log"
+  namespaceRegexp: "^c-m-"
diff --git a/...s/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/rancher-operator.yaml b/...s/rancher-backup/105.0.0+up6.0.0/files/default-resourceset-contents/rancher-operator.yaml
@@ -0,0 +1,28 @@
+- apiVersion: "rancher.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "rancher-operator"
+  namespaces:
+    - "rancher-operator-system"
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaces:
+    - "rancher-operator-system"
+  excludeResourceNameRegexp: "^default$"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "rancher-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "rancher-operator"
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "rancher.cattle.io$"
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  resourceNames:
+    - "rancher-operator-system"