(fleet/rancher-backup) add rancher-backup operator on DEV

cbarria · cbarria · commit 0ca1250bdcb0 · 2025-03-31T16:27:39.000-03:00
diff --git a/fleet/lib/rancher-backup-crd/fleet.yaml b/fleet/lib/rancher-backup-crd/fleet.yaml
@@ -0,0 +1,12 @@
+---
+defaultNamespace: cattle-resources-system
+labels:
+  bundle: &name rancher-backup-crd
+helm:
+  chart: *name
+  releaseName: *name
+  repo: https://charts.rancher.io
+  version: 104.0.2+up5.0.2
+  takeOwnership: true
+  timeoutSeconds: 60
+  waitForJobs: true
diff --git a/fleet/lib/rancher-backup/README.md b/fleet/lib/rancher-backup/README.md
@@ -0,0 +1,49 @@
+# Rancher Backup Operator Fleet Bundle
+
+## Requirements
+
+For this bundle to work properly, complete the following steps:
+
+### 1. Create an IAM User in AWS
+
+- Create an IAM user in AWS named `rancher-backup-(site)`.
+- Generate an **AccessKey**, but **do not allow console access**.
+
+### 2. Store User Credentials
+
+- Save the generated credentials in **1Password**.
+- Store them in the `k8s.(site)` vault, named **"rancher-backup"**.
+
+### 3. Create an AWS S3 Bucket
+
+- Create an **S3 Bucket** with the default configuration.
+- Name it `rancher-backup-(site)`.
+
+### 4. Configure the Bucket Policy
+
+- Insert the following policy inside the bucket, replacing `(site)` with the correct name:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Id": "myPol",
+  "Statement": [
+      {
+          "Sid": "Stmt130",
+          "Effect": "Allow",
+          "Principal": {
+              "AWS": "arn:aws:iam::133428025519:user/rancher-backup-(site)"
+          },
+          "Action": "s3:*",
+          "Resource": [
+              "arn:aws:s3:::rancher-bkp-(site)",
+              "arn:aws:s3:::rancher-bkp-(site)/*"
+          ]
+      }
+  ]
+}
+```
+
+## Deployment
+
+After completing all the above steps, the bundle will be ready for deployment. 🚀
diff --git a/fleet/lib/rancher-backup/base/backup-s3-recurring.yaml b/fleet/lib/rancher-backup/base/backup-s3-recurring.yaml
@@ -0,0 +1,8 @@
+apiVersion: resources.cattle.io/v1
+kind: Backup
+metadata:
+  name: s3-recurring
+spec:
+  resourceSetName: rancher-resource-set
+  schedule: "@every 24h"
+  retentionCount: 30
diff --git a/fleet/lib/rancher-backup/base/externalsecret-rancher-bkp.yaml b/fleet/lib/rancher-backup/base/externalsecret-rancher-bkp.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: rancher-bkp
+  namespace: cattle-resources-system
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  data:
+    - secretKey: accessKey
+      remoteRef:
+        key: rancher-backup
+        property: username
+    - secretKey: secretKey
+      remoteRef:
+        key: rancher-backup
+        property: password
diff --git a/fleet/lib/rancher-backup/base/kustomization.yaml b/fleet/lib/rancher-backup/base/kustomization.yaml
@@ -0,0 +1,4 @@
+---
+resources:
+- externalsecret-rancher-bkp.yaml
+- backup-s3-recurring.yaml
diff --git a/fleet/lib/rancher-backup/fleet.yaml b/fleet/lib/rancher-backup/fleet.yaml
@@ -0,0 +1,20 @@
+---
+defaultNamespace: cattle-resources-system
+labels:
+  bundle: &name rancher-backup
+helm:
+  chart: *name
+  releaseName: *name
+  repo: https://charts.rancher.io
+  version: 104.0.2+up5.0.2
+  takeOwnership: true
+  timeoutSeconds: 60
+  waitForJobs: true
+  valuesFiles:
+    - values.yaml
+dependsOn:
+  - selector:
+      matchLabels:
+        bundle: rancher-backup-crd
+kustomize:
+  dir: base
diff --git a/fleet/lib/rancher-backup/values.yaml b/fleet/lib/rancher-backup/values.yaml
@@ -0,0 +1,13 @@
+## Default s3 bucket for storing all backup files created by the backup-restore-operator
+s3:
+  enabled: true
+  credentialSecretName: rancher-bkp
+  credentialSecretNamespace: cattle-resources-system
+  region: us-east-1
+  bucketName: rancher-bkp-${ .ClusterLabels.site }
+  folder: ${ .ClusterLabels.site }
+  endpoint: s3.us-east-1.amazonaws.com
+
+# Add log level flags to backup-restore
+debug: true
+trace: false
diff --git a/fleet/s/cp/c/rancher/rancher-backup b/fleet/s/cp/c/rancher/rancher-backup
@@ -0,0 +1 @@
+../../../../lib/rancher-backup
diff --git a/fleet/s/cp/c/rancher/rancher-backup-crd b/fleet/s/cp/c/rancher/rancher-backup-crd
@@ -0,0 +1 @@
+../../../../lib/rancher-backup-crd
diff --git a/fleet/s/dev/c/rancher/rancher-backup b/fleet/s/dev/c/rancher/rancher-backup
@@ -0,0 +1 @@
+../../../../lib/rancher-backup
diff --git a/fleet/s/dev/c/rancher/rancher-backup-crd b/fleet/s/dev/c/rancher/rancher-backup-crd
@@ -0,0 +1 @@
+../../../../lib/rancher-backup-crd
diff --git a/fleet/s/ls/c/rancher/rancher-backup b/fleet/s/ls/c/rancher/rancher-backup
@@ -0,0 +1 @@
+../../../../lib/rancher-backup
diff --git a/fleet/s/ls/c/rancher/rancher-backup-crd b/fleet/s/ls/c/rancher/rancher-backup-crd
@@ -0,0 +1 @@
+../../../../lib/rancher-backup-crd
diff --git a/fleet/s/tu/c/rancher/rancher-backup b/fleet/s/tu/c/rancher/rancher-backup
@@ -0,0 +1 @@
+../../../../lib/rancher-backup
diff --git a/fleet/s/tu/c/rancher/rancher-backup-crd b/fleet/s/tu/c/rancher/rancher-backup-crd
@@ -0,0 +1 @@
+../../../../lib/rancher-backup-crd
