(k8up/fleet.yaml) add k8up fleet and values

badenerb · dtapiacl · commit f88b5761d965 · 2025-06-30T15:45:27.000-04:00
diff --git a/fleet/lib/k8up-crds/fleet.yaml b/fleet/lib/k8up-crds/fleet.yaml
@@ -0,0 +1,12 @@
+---
+defaultNamespace: k8up
+namespaceLabels:
+  lsst.io/discover: "true"
+labels:
+  bundle: &name k8up-crds
+helm:
+  releaseName: *name
+  takeOwnership: true
+  force: true
+  timeoutSeconds: 60
+  waitForJobs: true
diff --git a/fleet/lib/k8up-crds/k8up-crds.yaml b/fleet/lib/k8up-crds/k8up-crds.yaml
diff --git a/fleet/lib/k8up-pre/clusterexternal-secret-k8up.yaml b/fleet/lib/k8up-pre/clusterexternal-secret-k8up.yaml
@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterExternalSecret
+metadata:
+  name: k8up-credentials
+spec:
+  externalSecretName: k8up-s3-credentials
+  refreshTime: 1m
+  namespaceSelector:
+    matchLabels:
+      k8up-enabled: "true"
+  externalSecretSpec:
+    secretStoreRef:
+      kind: ClusterSecretStore
+      name: onepassword
+    target:
+      name: k8up-s3-credentials
+      creationPolicy: Owner
+    data:
+      - secretKey: access_key
+        remoteRef:
+          key: k8up-credentials
+          property: access_key
+      - secretKey: secret_key
+        remoteRef:
+          key: k8up-credentials
+          property: secret_key
+      - secretKey: restic_password
+        remoteRef:
+          key: k8up-credentials
+          property: restic_password
diff --git a/fleet/lib/k8up-pre/fleet.yaml b/fleet/lib/k8up-pre/fleet.yaml
@@ -0,0 +1,10 @@
+---
+defaultNamespace: k8up
+labels:
+  bundle: &name k8up-pre
+namespaceLabels:
+  lsst.io/discover: "true"
+helm:
+  releaseName: *name
+  timeoutSeconds: 60
+  waitForJobs: true
diff --git a/fleet/lib/k8up/fleet.yaml b/fleet/lib/k8up/fleet.yaml
@@ -0,0 +1,33 @@
+---
+defaultNamespace: &name k8up
+namespaceLabels:
+  lsst.io/discover: "true"
+labels:
+  bundle: *name
+dependsOn:
+  - selector:
+      matchLabels:
+        bundle: k8up-pre
+  - selector:
+      matchLabels:
+        bundle: k8up-crds
+helm:
+  chart: *name
+  releaseName: *name
+  repo: https://k8up-io.github.io/k8up
+  version: 4.8.4
+  timeoutSeconds: 60
+  waitForJobs: true
+targetCustomizations:
+  - name: ruka
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - ruka
+    helm:
+      valuesFiles:
+        - overlays/ruka/values.yaml
+    kustomize:
+      dir: overlays/ruka
diff --git a/fleet/lib/k8up/overlays/ruka/kustomization.yaml b/fleet/lib/k8up/overlays/ruka/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - namespace.yaml
diff --git a/fleet/lib/k8up/overlays/ruka/namespace.yaml b/fleet/lib/k8up/overlays/ruka/namespace.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: k8up
+  labels:
+    k8up-enabled: "true"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: k8up
+    meta.helm.sh/release-namespace: k8up
diff --git a/fleet/lib/k8up/overlays/ruka/values.yaml b/fleet/lib/k8up/overlays/ruka/values.yaml
@@ -0,0 +1,34 @@
+k8up:
+  envVars:
+    - name: BACKUP_S3_ENDPOINT
+      value: s3.gaw.ls.lsst.org
+    - name: BACKUP_GLOBALACCESSKEYID
+      valueFrom:
+        secretKeyRef:
+          name: k8up-s3-credentials
+          key: access_key
+    - name: BACKUP_GLOBALSECRETACCESSKEY
+      valueFrom:
+        secretKeyRef:
+          name: k8up-s3-credentials
+          key: secret_key
+    - name: RESTIC_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: k8up-s3-credentials
+          key: restic_password
+
+  timezone: America/Santiago
+
+resources:
+  limits:
+    memory: 2Gi
+  requests:
+    cpu: 1
+    memory: 1Gi
+
+metrics:
+  serviceMonitor:
+    enabled: true
+    additionalLabels:
+      lsst.io/monitor: "true"
diff --git a/fleet/lib/rook-ceph-conf/charts/gaw/templates/cephobjectstoreusers-k8up.yaml b/fleet/lib/rook-ceph-conf/charts/gaw/templates/cephobjectstoreusers-k8up.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: k8up
+  namespace: rook-ceph
+spec:
+  store: k8up-backups
+  clusterNamespace: rook-ceph
+  quotas:
+    maxBuckets: 1
diff --git a/fleet/lib/rook-ceph-conf/charts/gaw/templates/obc-gaw-k8up.yaml b/fleet/lib/rook-ceph-conf/charts/gaw/templates/obc-gaw-k8up.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: &name gaw-k8up
+  namespace: rook-ceph
+spec:
+  bucketName: *name
+  storageClassName: k8up-backups
+  additionalConfig:
+    bucketOwner: k8up
+    bucketMaxSize: 10Ti
+    bucketLifecycle: |
+      {
+        "Rules": [
+          {
+            "ID": "AbortIncompleteMultipartUploads",
+            "Status": "Enabled",
+            "Prefix": "",
+            "AbortIncompleteMultipartUpload": {
+              "DaysAfterInitiation": 1
+            }
+          }
+        ]
+      }
diff --git a/fleet/s/dev/c/ruka/k8up b/fleet/s/dev/c/ruka/k8up
@@ -0,0 +1 @@
+../../../../lib/k8up
diff --git a/fleet/s/dev/c/ruka/k8up-crds b/fleet/s/dev/c/ruka/k8up-crds
@@ -0,0 +1 @@
+../../../../lib/k8up-crds
diff --git a/fleet/s/dev/c/ruka/k8up-pre b/fleet/s/dev/c/ruka/k8up-pre
@@ -0,0 +1 @@
+../../../../lib/k8up-pre
