k8s: implement velero (!13) · Merge requests · Forge / infra / infrastructure

Marc Schmitt requested to merge velero into main Sep 02, 2021

Partial remediation to #14 (closed)

This is a quick and dirty implementation of velero for our k8s clusters. There are many things to clean up there, such as:

backup is done to s3.cri.epita.fr, it should be done to restic-backup.undercloud.cri.epita.fr, but we need to 1. expose it publicly (not a problem, access is authenticated) and 2. make sure that data stored by velero is encrypted and that the encryption key is protected
in k8s/clusters/others the basic settings for velero schedule should be in base

Postgres backup should be done in an extra volume to avoid filling up the data volume of the master. We need to figure out if there is a way to add extra volumes to postgres pods, even if we need to run a sidecar that does nothing, which is fine.

Edited Sep 02, 2021 by Marc Schmitt

k8s: implement velero

Merge request reports