cscott/oadp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restructure for argo

Browse Source
This commit is contained in:
Conan Scott
2025-12-30 17:41:26 +11:00
parent c1e8b9bf35
commit bf94b90d9d
6 changed files with 25 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
manifests/backup-test-cronjob.yaml Normal file
View File

@@ -0,0 +1,63 @@
---
# Optional: Monthly restore test automation
apiVersion: batch/v1
kind: CronJob
metadata:
name: monthly-restore-test
namespace: openshift-adp
spec:
schedule: "0 06 15 * *" # 15th of month, 6 AM
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
metadata:
labels:
app: restore-test
spec:
serviceAccountName: velero
restartPolicy: OnFailure
containers:
- name: restore-test
image: quay.io/konveyor/velero:latest
env:
- name: VELERO_NAMESPACE
value: openshift-adp
command:
- /bin/bash
- -c
- |
set -e
echo "=== Velero Restore Test ==="
echo "Date: $(date)"
# Get latest daily-config backup
CONFIG_BACKUP=$(velero backup get --selector="backup-type=config" \
-o json | jq -r '.items[0].metadata.name')
# Get latest daily-stateful backup
STATEFUL_BACKUP=$(velero backup get --selector="backup-type=stateful" \
-o json | jq -r '.items[0].metadata.name')
echo "Latest config backup: $CONFIG_BACKUP"
echo "Latest stateful backup: $STATEFUL_BACKUP"
# Verify backups are successful
CONFIG_STATUS=$(velero backup get $CONFIG_BACKUP -o json | \
jq -r '.status.phase')
STATEFUL_STATUS=$(velero backup get $STATEFUL_BACKUP -o json | \
jq -r '.status.phase')
echo "Config backup status: $CONFIG_STATUS"
echo "Stateful backup status: $STATEFUL_STATUS"
if [ "$CONFIG_STATUS" != "Completed" ] || [ "$STATEFUL_STATUS" != "Completed" ]; then
echo "ERROR: Backups not in Completed state"
exit 1
fi
echo "=== Test Passed ==="
echo "All backups verified successfully"

41
manifests/config-backups.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
# Schedule 1: Daily config-only backup (fast, all namespaces)
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: daily-config
namespace: openshift-adp
spec:
schedule: "0 02 * * *" # 2 AM daily
# Make backups readable, sortable, unique
nameTemplate: "{{ .ScheduleName }}-{{ .Timestamp }}"
template:
# Backup all namespaces
includedNamespaces:
- "*"
# Labels for filtering and reporting
labels:
backup-type: config
schedule: daily
retention: short
# Exclude ephemeral/generated resources
excludedResources:
- events
- events.events.k8s.io
- pipelineruns.tekton.dev # Completed pipeline runs
- taskruns.tekton.dev # Completed task runs
- replicasets.apps # Managed by deployments
- pods # Recreated by controllers
- endpoints # Auto-generated
- endpointslices.discovery.k8s.io
# No volume data - manifests only
snapshotVolumes: false
defaultVolumesToFsBackup: false
# 14 days retention
ttl: 336h

58
manifests/dpa.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
# DPA Configuration - optimized for SNO with Kopia
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: dpa-minio
namespace: openshift-adp
spec:
backupImages: false
backupLocations:
- name: default
velero:
provider: aws
default: true
credential:
name: cloud-credentials
key: cloud
objectStorage:
bucket: oadp
prefix: velero
config:
profile: default
region: ap-southeast-2
s3ForcePathStyle: "true"
s3Url: http://minio.minio.svc.cluster.local:9000
insecureSkipTLSVerify: "true"
configuration:
nodeAgent:
enable: true
uploaderType: kopia
podConfig:
resourceAllocations:
limits:
cpu: "1" # Increased for database compression
memory: "1Gi" # Increased for larger chunks
requests:
cpu: "200m"
memory: "512Mi"
velero:
defaultPlugins:
- openshift
- aws
- csi
- kubevirt
defaultSnapshotMoveData: false
disableFsBackup: false
podConfig:
resourceAllocations:
limits:
cpu: "500m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "256Mi"
logFormat: text

99
manifests/stateful-backups.yaml Normal file
View File

@@ -0,0 +1,99 @@
---
# Schedule 2: Daily stateful backup (with volume data)
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: daily-stateful
namespace: openshift-adp
spec:
schedule: "0 03 * * *" # 3 AM daily (after config backup)
nameTemplate: "{{ .ScheduleName }}-{{ .Timestamp }}"
template:
# Only namespaces with persistent data
includedNamespaces:
- gitea
- authentik
- calibre
- cassandra
- n8n
- apim
- gitea-ci
labels:
backup-type: stateful
schedule: daily
retention: short
# Exclude ephemeral resources
excludedResources:
- events
- events.events.k8s.io
- pipelineruns.tekton.dev
- taskruns.tekton.dev
- replicasets.apps
- pods
# Use Kopia for volume backups
snapshotVolumes: false
defaultVolumesToFsBackup: true
# 14 days retention
ttl: 336h
# Pre-backup hooks for data consistency
hooks:
resources:
# Cassandra: flush memtables to disk before backup
- name: cassandra-flush
includedNamespaces:
- cassandra
labelSelector:
matchLabels:
app.kubernetes.io/name: cassandra
pre:
- exec:
container: cassandra
command:
- /bin/bash
- -c
- nodetool flush
timeout: 5m
onError: Continue
# Gitea PostgreSQL: checkpoint before backup
- name: gitea-postgres-checkpoint
includedNamespaces:
- gitea
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: gitea
pre:
- exec:
container: postgresql
command:
- /bin/bash
- -c
- psql -U postgres -c 'CHECKPOINT;'
timeout: 2m
onError: Continue
# Authentik PostgreSQL: checkpoint before backup
- name: authentik-postgres-checkpoint
includedNamespaces:
- authentik
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: authentik
pre:
- exec:
container: postgresql
command:
- /bin/bash
- -c
- psql -U postgres -c 'CHECKPOINT;'
timeout: 2m
onError: Continue