chore(base-cluster/backup): migrate velero to 5.x (#529)

teutonet · Aug 25, 2023 · 10759bf · 10759bf
1 parent 4f1efa3
commit 10759bf
Show file tree

Hide file tree

Showing 2 changed files with 98 additions and 1 deletion.
diff --git a/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml b/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml
@@ -0,0 +1,97 @@
+{{- if and .Values.backup.enabled (hasPrefix "4." (dig "spec" "chart" "spec" "version" "" (lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "backup" "velero"))) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: remove-backup-storage-locations
+ namespace: backup
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+spec:
+ backoffLimit: 0
+ template:
+ spec:
+ restartPolicy: Never
+ automountServiceAccountToken: true
+ serviceAccountName: remove-backup-storage-locations
+ securityContext:
+ runAsNonRoot: true
+ runAsGroup: 1000
+ runAsUser: 1000
+ fsGroup: 1000
+ containers:
+ - name: remove-backup-storage-locations
+ image: {{ include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) }}
+ {{- if .Values.global.kubectl.image.digest }}
+ imagePullPolicy: IfNotPresent
+ {{- else }}
+ imagePullPolicy: Always
+ {{- end }}
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ command:
+ - bash
+ - -ex
+ - -c
+ - |
+ kubectl get backupstoragelocations # test if RBAC is working
+ for NAME in {{ .Values.backup.backupStorageLocations | keys | join " " }}; do
+ if kubectl get backupstoragelocation $NAME >/dev/null; then
+ kubectl delete backupstoragelocation $NAME
+ fi
+ done
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: remove-backup-storage-locations
+ namespace: backup
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: remove-backup-storage-locations
+ namespace: backup
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+rules:
+ - verbs:
+ - list
+ - get
+ - delete
+ resources:
+ - backupstoragelocations
+ apiGroups:
+ - velero.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: remove-backup-storage-locations
+ namespace: backup
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+subjects:
+ - kind: ServiceAccount
+ name: remove-backup-storage-locations
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: remove-backup-storage-locations
+{{- end }}
diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
@@ -143,7 +143,7 @@ global:
  vmware:
  url: https://vmware-tanzu.github.io/helm-charts
  charts:
- velero: 4.x.x
+ velero: 5.x
  condition: "{{ .Values.backup.enabled }}"
 
 kyverno: