-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathvelero-deploy.sh
executable file
·94 lines (79 loc) · 3.17 KB
/
velero-deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
echo '-------Deploy Velero for GKE Backup (typically in 1 min)'
starttime=$(date +%s)
. ./setenv.sh
echo "-------Download and Install verlero CLI if needed"
if [ ! -f ~/gke-casa/velero ]; then
wget https://github.com/vmware-tanzu/velero/releases/download/v1.12.0/velero-v1.12.0-linux-amd64.tar.gz
tar -zxvf velero-v1.12.0-linux-amd64.tar.gz
sudo mv velero-v1.12.0-linux-amd64/velero ~/gke-casa
sudo rm velero-v1.12.0-linux-amd64.tar.gz
sudo rm -rf velero-v1.12.0-linux-amd64
fi
echo "-------Create a GCS storage bucket if not exist"
cat bucket4velero1
if [ `echo $?` -eq 1 ];then
echo $MY_BUCKET-$(date +%d%H%M%s) > bucket4velero1
gsutil mb gs://$(cat bucket4velero1)/
fi
echo "-------Create a service account for velero"
gcloud iam service-accounts list | grep vsa4yong1
if [ `echo $?` -eq 1 ];then
export MY_PROJECT_ID=$(gcloud config get-value project)
MY_GSA_NAME=vsa4yong1
gcloud iam service-accounts create $MY_GSA_NAME \
--display-name "Velero service account"
MY_SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:Velero service account" \
--format 'value(email)')
ROLE_PERMISSIONS=(
compute.disks.get
compute.disks.create
compute.disks.createSnapshot
compute.snapshots.get
compute.snapshots.create
compute.snapshots.useReadOnly
compute.snapshots.delete
compute.zones.get
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
iam.serviceAccounts.signBlob
)
gcloud iam roles list --project $MY_PROJECT_ID | grep Velero
if [ `echo $?` -eq 1 ];then
gcloud iam roles create velero.server \
--project $MY_PROJECT_ID \
--title "Velero Server" \
--permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
fi
gcloud projects add-iam-policy-binding $MY_PROJECT_ID \
--member serviceAccount:$MY_SERVICE_ACCOUNT_EMAIL \
--role projects/$MY_PROJECT_ID/roles/velero.server
gsutil iam ch serviceAccount:$MY_SERVICE_ACCOUNT_EMAIL:objectAdmin gs://$(cat bucket4velero1)
gcloud iam service-accounts keys create yongsa4velero1 \
--iam-account $MY_SERVICE_ACCOUNT_EMAIL
fi
echo "-------Install velero using the SA"
velero install \
--provider gcp \
--plugins velero/velero-plugin-for-gcp:v1.6.0 \
--bucket $(cat bucket4velero1) \
--use-node-agent \
--uploader-type restic \
--secret-file ./yongsa4velero1
# --features=EnableCSI \
# --plugins velero/velero-plugin-for-gcp:v1.6.0,velero/velero-plugin-for-csi:v0.3.0 \
echo "-------One time On-Demand Backup of yong-postgresql namespace"
kubectl wait --for=condition=ready --timeout=180s -n velero pod -l component=velero
velero backup create yong-postgresql-backup --include-namespaces yong-postgresql
echo "-------Hourly scheduled backup of yong-postgresql namespace"
kubectl create -f velero-schedule.yaml
endtime=$(date +%s)
duration=$(( $endtime - $starttime ))
echo "" | awk '{print $1}'
echo "-------Total time to enable Velero backup for GKE is $(($duration / 60)) minutes $(($duration % 60)) seconds."
echo "" | awk '{print $1}'
echo "-------Created by Yongkang"
echo "-------Email me if any suggestions or issues he@yongkang.cloud"
echo "" | awk '{print $1}'