k8s: implement velero
Partial remediation to #14 (closed)
This is a quick and dirty implementation of velero for our k8s clusters. There are many things to clean up there, such as:
- backup is done to s3.cri.epita.fr, it should be done to restic-backup.undercloud.cri.epita.fr, but we need to 1. expose it publicly (not a problem, access is authenticated) and 2. make sure that data stored by velero is encrypted and that the encryption key is protected
- in
k8s/clusters/othersthe basic settings for velero schedule should be inbase
Postgres backup should be done in an extra volume to avoid filling up the data volume of the master. We need to figure out if there is a way to add extra volumes to postgres pods, even if we need to run a sidecar that does nothing, which is fine.