Skip to content

k8s: implement velero

Marc Schmitt requested to merge velero into main

Partial remediation to #14 (closed)

This is a quick and dirty implementation of velero for our k8s clusters. There are many things to clean up there, such as:

  • backup is done to s3.cri.epita.fr, it should be done to restic-backup.undercloud.cri.epita.fr, but we need to 1. expose it publicly (not a problem, access is authenticated) and 2. make sure that data stored by velero is encrypted and that the encryption key is protected
  • in k8s/clusters/others the basic settings for velero schedule should be in base

Postgres backup should be done in an extra volume to avoid filling up the data volume of the master. We need to figure out if there is a way to add extra volumes to postgres pods, even if we need to run a sidecar that does nothing, which is fine.

Edited by Marc Schmitt

Merge request reports