diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 2e86610f..68bad41d 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.17.1 kubeVersion: ">=1.16.0-0" description: A Helm chart for velero name: velero -version: 11.2.0 +version: 11.3.0 home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/charts/velero/templates/_helpers.tpl b/charts/velero/templates/_helpers.tpl index e47cb1cc..4d1f1ef9 100644 --- a/charts/velero/templates/_helpers.tpl +++ b/charts/velero/templates/_helpers.tpl @@ -99,17 +99,12 @@ Create the node-Agent runtime class name. {{/* Kubernetes version -Built-in object .Capabilities.KubeVersion.Minor can provide non-number output -For examples: -- on GKE it returns "18+" instead of "18" -- on EKS it returns "20+" instead of "20" */}} {{- define "chart.KubernetesVersion" -}} -{{- $minorVersion := .Capabilities.KubeVersion.Minor | regexFind "[0-9]+" -}} -{{- printf "%s.%s" .Capabilities.KubeVersion.Major $minorVersion -}} +{{- $version := .Capabilities.KubeVersion.Version | regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" -}} +{{- printf "%s" $version -}} {{- end -}} - {{/* Calculate the checksum of the credentials secret. */}} diff --git a/charts/velero/templates/cleanup-crds.yaml b/charts/velero/templates/cleanup-crds.yaml index 4e86320d..27fbd24e 100644 --- a/charts/velero/templates/cleanup-crds.yaml +++ b/charts/velero/templates/cleanup-crds.yaml @@ -3,6 +3,8 @@ # Using this on production systems, especially those that have multiple releases of Velero, will be destructive. {{/* 'securityContext' got renamed to 'podSecurityContext', merge both dicts into one for backward compatibility */}} {{- $podSecurityContext := merge (.Values.podSecurityContext | default dict) (.Values.securityContext | default dict) -}} +{{/* Define the list of resources to clean up */}} +{{- $cleanupResources := list "restore" "backup" "backupstoragelocation" "volumesnapshotlocation" "podvolumerestore" -}} apiVersion: batch/v1 kind: Job metadata: @@ -37,6 +39,32 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ include "velero.serverServiceAccount" . }} + initContainers: + {{- range $cleanupResources }} + - name: delete-{{ . }} + {{- if $.Values.kubectl.image.digest }} + image: "{{ $.Values.kubectl.image.repository }}@{{ $.Values.kubectl.image.digest }}" + {{- else if $.Values.kubectl.image.tag }} + image: "{{ $.Values.kubectl.image.repository }}:{{ $.Values.kubectl.image.tag }}" + {{- else }} + image: "{{ $.Values.kubectl.image.repository }}:{{ template "chart.KubernetesVersion" $ }}" + {{- end }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: + - /bin/kubectl + args: + - delete + - {{ . }} + - --all + {{- with $.Values.kubectl.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $.Values.kubectl.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} containers: - name: kubectl {{- if .Values.kubectl.image.digest }} @@ -48,15 +76,12 @@ spec: {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - - /bin/sh - - -c - - > - kubectl delete restore --all; - kubectl delete backup --all; - kubectl delete backupstoragelocation --all; - kubectl delete volumesnapshotlocation --all; - kubectl delete podvolumerestore --all; - kubectl delete crd -l component=velero; + - /bin/kubectl + args: + - delete + - crd + - -l + - component=velero {{- with .Values.kubectl.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} diff --git a/charts/velero/templates/label-namespace/labelnamespace.yaml b/charts/velero/templates/label-namespace/labelnamespace.yaml index 2c78fa53..7518783d 100644 --- a/charts/velero/templates/label-namespace/labelnamespace.yaml +++ b/charts/velero/templates/label-namespace/labelnamespace.yaml @@ -28,11 +28,13 @@ spec: image: "{{ .Values.kubectl.image.repository }}:{{ template "chart.KubernetesVersion" . }}" {{- end }} command: - - /bin/sh - - -c - - | + - /bin/kubectl + args: + - label + - namespace + - {{ .Release.Namespace }} {{- range $key, $value := .Values.namespace.labels }} - kubectl label namespace {{ $.Release.Namespace }} {{ $key }}={{ $value }} + - {{ $key }}={{ $value }} {{- end }} {{- if .Values.kubectl.extraVolumeMounts }} volumeMounts: @@ -45,4 +47,4 @@ spec: {{- end }} backoffLimit: 3 {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/velero/templates/upgrade-crds/upgrade-crds.yaml b/charts/velero/templates/upgrade-crds/upgrade-crds.yaml index f9cf0346..fef7ce22 100644 --- a/charts/velero/templates/upgrade-crds/upgrade-crds.yaml +++ b/charts/velero/templates/upgrade-crds/upgrade-crds.yaml @@ -40,32 +40,6 @@ spec: {{- end }} serviceAccountName: {{ include "velero.serverServiceAccount" . }}-upgrade-crds automountServiceAccountToken: {{ .Values.upgradeCRDsJob.automountServiceAccountToken }} - initContainers: - - name: kubectl - {{- if .Values.kubectl.image.digest }} - image: "{{ .Values.kubectl.image.repository }}@{{ .Values.kubectl.image.digest }}" - {{- else if .Values.kubectl.image.tag }} - image: "{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" - {{- else }} - image: "{{ .Values.kubectl.image.repository }}:{{ template "chart.KubernetesVersion" . }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/sh - args: - - -c - - cp `which sh` /tmp && cp `which kubectl` /tmp - {{- with .Values.kubectl.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.kubectl.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /tmp - name: crds containers: - name: velero {{- if .Values.image.digest }} @@ -75,10 +49,11 @@ spec: {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - - {{ .Values.upgradeCRDsJob.shellCmd | default "/tmp/sh" }} + - /velero args: - - -c - - {{ .Values.upgradeCRDsJob.updateCmd | default "/velero install --crds-only --dry-run -o yaml | /tmp/kubectl apply -f -" }} + - install + - --crds-only + - --apply {{- with .Values.upgradeJobResources }} resources: {{- toYaml . | nindent 12 }} @@ -87,10 +62,8 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - volumeMounts: - - mountPath: /tmp - name: crds {{- if (.Values.upgradeCRDsJob).extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.upgradeCRDsJob.extraVolumeMounts | nindent 12 }} {{- end }} {{- if (.Values.upgradeCRDsJob).extraEnvVars }} @@ -99,12 +72,10 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} + {{- if (.Values.upgradeCRDsJob).extraVolumes }} volumes: - - name: crds - emptyDir: {} - {{- if (.Values.upgradeCRDsJob).extraVolumes }} {{- toYaml .Values.upgradeCRDsJob.extraVolumes | nindent 8 }} - {{- end }} + {{- end }} restartPolicy: OnFailure {{- with $podSecurityContext }} securityContext: diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index d8f9f234..4113845b 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -18,7 +18,6 @@ namespace: ## End of namespace-related settings. ## - ## ## Configuration settings that directly affect the Velero deployment YAML. ## @@ -36,8 +35,8 @@ image: imagePullSecrets: [] # - registrySecretName -nameOverride: "" -fullnameOverride: "" +nameOverride: '' +fullnameOverride: '' # Annotations to add to the Velero deployment's. Optional. # @@ -118,9 +117,6 @@ upgradeCRDsJob: # Configure if API credential for Service Account is automounted. automountServiceAccountToken: true - # Configure the shell cmd in case you are using custom image - # shellCmd: /tmp/sh - # updateCmd: /velero install --crds-only --dry-run -o yaml | /tmp/kubectl apply -f - # Configure the dnsPolicy of the Velero deployment # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy @@ -155,10 +151,10 @@ containerSecurityContext: {} lifecycle: {} # Pod priority class name to use for the Velero deployment. Optional. -priorityClassName: "" +priorityClassName: '' # Pod runtime class name to use for the Velero deployment. Optional. -runtimeClassName: "" +runtimeClassName: '' # The number of seconds to allow for graceful termination of the pod. Optional. terminationGracePeriodSeconds: 3600 @@ -246,19 +242,19 @@ metrics: # External/Internal traffic policy setting (Cluster, Local) # https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies - externalTrafficPolicy: "" - internalTrafficPolicy: "" + externalTrafficPolicy: '' + internalTrafficPolicy: '' # the IP family policy for the metrics Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). - ipFamilyPolicy: "" + ipFamilyPolicy: '' # a list of IP families for the metrics Service that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6". ipFamilies: [] # Pod annotations for Prometheus podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8085" - prometheus.io/path: "/metrics" + prometheus.io/scrape: 'true' + prometheus.io/port: '8085' + prometheus.io/path: '/metrics' serviceMonitor: autodetect: true @@ -343,12 +339,12 @@ metrics: kubectl: image: - repository: docker.io/bitnamilegacy/kubectl - # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. + repository: registry.k8s.io/kubectl + # Digest value example: sha256:54e66c42a1d3a11a1ed4f866ce9fff7e1e48f32a1cb147e3b98a05168a429917. # If used, it will take precedence over the kubectl.image.tag. # digest: # kubectl image tag. If used, it will take precedence over the cluster Kubernetes version. - # tag: 1.16.15 + # tag: v1.32.8 # Container Level Security Context for the 'kubectl' container of the crd jobs. Optional. # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: {} @@ -374,7 +370,6 @@ cleanUpCRDs: false ## End of deployment-related settings. ## - ## ## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation, ## and additional server settings. @@ -385,76 +380,76 @@ configuration: backupStorageLocation: # name is the name of the backup storage location where backups should be stored. If a name is not provided, # a backup storage location will be created with the name "default". Optional. - - name: - # provider is the name for the backup storage location provider. - provider: "" - # bucket is the name of the bucket to store backups in. Required. - bucket: "" - # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. - caCert: - # prefix is the directory under which all Velero data should be stored within the bucket. Optional. - prefix: - # default indicates this location is the default backup storage location. Optional. - default: false - # validationFrequency defines how frequently Velero should validate the object storage. Optional. - validationFrequency: - # accessMode determines if velero can write to this backup storage location. Optional. - # default to ReadWrite, ReadOnly is used during migrations and restores. - accessMode: ReadWrite - credential: - # name of the secret used by this backupStorageLocation. - name: - # name of key that contains the secret data to be used. - key: - # Additional provider-specific configuration. See link above - # for details of required/optional fields for your provider. - config: {} - # region: - # s3ForcePathStyle: - # s3Url: - # kmsKeyId: - # resourceGroup: - # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) - # subscriptionId: - # storageAccount: - # publicUrl: - # Name of the GCP service account to use for this backup storage location. Specify the - # service account here if you want to use workload identity instead of providing the key file.(GCP only) - # serviceAccount: - # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the - # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify - # insecureSkipTLSVerify: - - # annotations allows adding arbitrary annotations to this BackupStorageLocation resource. Optional. - annotations: {} + - name: + # provider is the name for the backup storage location provider. + provider: '' + # bucket is the name of the bucket to store backups in. Required. + bucket: '' + # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. + caCert: + # prefix is the directory under which all Velero data should be stored within the bucket. Optional. + prefix: + # default indicates this location is the default backup storage location. Optional. + default: false + # validationFrequency defines how frequently Velero should validate the object storage. Optional. + validationFrequency: + # accessMode determines if velero can write to this backup storage location. Optional. + # default to ReadWrite, ReadOnly is used during migrations and restores. + accessMode: ReadWrite + credential: + # name of the secret used by this backupStorageLocation. + name: + # name of key that contains the secret data to be used. + key: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # s3ForcePathStyle: + # s3Url: + # kmsKeyId: + # resourceGroup: + # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) + # subscriptionId: + # storageAccount: + # publicUrl: + # Name of the GCP service account to use for this backup storage location. Specify the + # service account here if you want to use workload identity instead of providing the key file.(GCP only) + # serviceAccount: + # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the + # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify + # insecureSkipTLSVerify: + + # annotations allows adding arbitrary annotations to this BackupStorageLocation resource. Optional. + annotations: {} # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocation: # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided, # a volume snapshot location will be created with the name "default". Optional. - - name: - # provider is the name for the volume snapshot provider. - provider: "" - credential: - # name of the secret used by this volumeSnapshotLocation. - name: - # name of key that contains the secret data to be used. - key: - # Additional provider-specific configuration. See link above - # for details of required/optional fields for your provider. - config: {} - # region: - # apiTimeout: - # resourceGroup: - # The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) - # subscriptionId: - # incremental: - # snapshotLocation: - # project: - - # annotations allows adding arbitrary annotations to this VolumeSnapshotLocation resource. Optional. - annotations: {} + - name: + # provider is the name for the volume snapshot provider. + provider: '' + credential: + # name of the secret used by this volumeSnapshotLocation. + name: + # name of key that contains the secret data to be used. + key: + # Additional provider-specific configuration. See link above + # for details of required/optional fields for your provider. + config: {} + # region: + # apiTimeout: + # resourceGroup: + # The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) + # subscriptionId: + # incremental: + # snapshotLocation: + # project: + + # annotations allows adding arbitrary annotations to this VolumeSnapshotLocation resource. Optional. + annotations: {} # These are server-level settings passed as CLI flags to the `velero server` command. Velero # uses default values if they're not passed in, so they only need to be explicitly specified @@ -522,7 +517,7 @@ configuration: # See: https://velero.io/docs/main/repository-maintenance/ repositoryConfigData: # Name of the ConfigMap to create. If not provided, will use "velero-repo-maintenance" - name: "velero-repo-maintenance" + name: 'velero-repo-maintenance' # Global configuration applied to all repositories # This configuration is used when no specific repository configuration is found # global: @@ -587,7 +582,6 @@ configuration: ## End of backup/snapshot location settings. ## - ## ## Settings for additional Velero resources. ## @@ -643,7 +637,7 @@ credentials: # Name of a pre-existing secret (if any) in the Velero namespace # that will be used to load environment variables into velero and node-agent. # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables - extraSecretRef: "" + extraSecretRef: '' # Whether to create backupstoragelocation crd, if false => do not create a default backup location backupsEnabled: true @@ -657,9 +651,9 @@ nodeAgent: podVolumePath: /var/lib/kubelet/pods pluginVolumePath: /var/lib/kubelet/plugins # Pod priority class name to use for the node-agent daemonset. Optional. - priorityClassName: "" + priorityClassName: '' # Pod runtime class name to use for the node-agent daemonset. Optional. - runtimeClassName: "" + runtimeClassName: '' # Resource requests/limits to specify for the node-agent daemonset deployment. Optional. # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits resources: {} @@ -783,7 +777,7 @@ schedules: {} # Velero ConfigMaps. # Eg: # configMaps: - # See: https://velero.io/docs/v1.11/file-system-backup/ +# See: https://velero.io/docs/v1.11/file-system-backup/ # fs-restore-action-config: # labels: # velero.io/plugin-config: "" @@ -804,7 +798,6 @@ schedules: {} # runAsUser: 1001 # runAsGroup: 999 configMaps: {} - ## ## End of additional Velero resource settings. ##