Merge pull request #20 from projectsyn/upgrade_v1_0_0

update to work with K8up 1.0+
projectsyn · Mar 11, 2021 · 5307fa4 · 5307fa4
2 parents df91ce6 + 50691ed
commit 5307fa4
Show file tree

Hide file tree

Showing 9 changed files with 138 additions and 82 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,5 +2,6 @@ _archive/
 _public/
 .cache/
 helmcharts/
+crds/
 manifests/
 doxygen/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,10 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v2.0.0]
+### Changed
+
+- Upgrade K8up chart to v1.0.3 release with seperate CRD deployment([#20])
+- Expose all Helm values ([#20])
+- Removed `image` parameter, they are available via Helm values ([#20])
+- Removed `tz` parameter, its available in Helm values ([#20])
+- Set `Etc/UTC` as default Timezone ([#20])
+- Replaced internal parameter usage of `customer.name` with `cluster.tenant` ([#20])
+
 ## [v1.0.0]
 ### Added
 - Initial implementation
-- Introduce paramter for confiugring the Prometheus name ([#11])
+- Introduce parameter for configuring the Prometheus name ([#11])
 - Add alert for slow backup jobs ([#19])
 
 ### Changed
@@ -19,8 +29,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Move alert definitions to parameters ([#18])
 - Adjust K8upJobStuck alert configuration ([#10])
 
-[Unreleased]: https://github.com/projectsyn/component-backup-k8up/compare/v1.0.0...HEAD
+
+[Unreleased]: https://github.com/projectsyn/component-backup-k8up/compare/v2.0.0...HEAD
 [v1.0.0]: https://github.com/projectsyn/component-backup-k8up/releases/tag/v1.0.0
+[v2.0.0]: https://github.com/projectsyn/component-backup-k8up/releases/tag/v1.0.0
 
 [#2]: https://github.com/projectsyn/component-backup-k8up/pull/2
 [#6]: https://github.com/projectsyn/component-backup-k8up/pull/6
@@ -29,3 +41,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#14]: https://github.com/projectsyn/component-backup-k8up/pull/14
 [#18]: https://github.com/projectsyn/component-backup-k8up/pull/18
 [#19]: https://github.com/projectsyn/component-backup-k8up/pull/19
+[#20]: https://github.com/projectsyn/component-backup-k8up/pull/20
diff --git a/class/backup-k8up.yml b/class/backup-k8up.yml
@@ -4,72 +4,26 @@ parameters:
       - type: https
         source: 'https://charts.appuio.ch/k8up-${backup_k8up:charts:k8up}.tgz'
         unpack: true
-        output_path: dependencies/backup-k8up/helmcharts
+        output_path: dependencies/backup-k8up/helmcharts/v${backup_k8up:charts:k8up}
+      - type: https
+        source: 'https://github.com/vshn/k8up/releases/download/v${backup_k8up:charts:k8up}/${backup_k8up:crd}'
+        output_path: dependencies/backup-k8up/crds/v${backup_k8up:charts:k8up}/02_k8up_crds.yaml
     compile:
       - input_paths:
           - backup-k8up/component/app.jsonnet
         input_type: jsonnet
         output_path: apps/
+      - input_paths:
+          - dependencies/backup-k8up/crds/v${backup_k8up:charts:k8up}/
+        output_path: backup-k8up
+        input_type: copy
+        output_type: yaml
       - output_path: backup-k8up/01_k8up_helmchart
         input_type: helm
         output_type: yaml
         input_paths:
-          - backup-k8up/helmcharts/k8up
-        helm_values:
-          image:
-            repository: ${backup_k8up:images:k8up:image}
-            tag: ${backup_k8up:images:k8up:tag}
-          k8up:
-            backupImage:
-              repository: ${backup_k8up:images:wrestic:image}
-              tag: ${backup_k8up:images:wrestic:tag}
-            envVars:
-              - name: BACKUP_PROMURL
-                value: '${backup_k8up:prometheus_push_gateway}'
-              - name: BACKUP_GLOBALACCESSKEYID
-                valueFrom:
-                  secretKeyRef:
-                    name: '${backup_k8up:global_backup_config:s3_credentials:secretname}'
-                    key: '${backup_k8up:global_backup_config:s3_credentials:accesskeyname}'
-              - name: BACKUP_GLOBALSECRETACCESSKEY
-                valueFrom:
-                  secretKeyRef:
-                    name: '${backup_k8up:global_backup_config:s3_credentials:secretname}'
-                    key: '${backup_k8up:global_backup_config:s3_credentials:secretkeyname}'
-              - name: BACKUP_GLOBALREPOPASSWORD
-                valueFrom:
-                  secretKeyRef:
-                    name: '${backup_k8up:global_backup_config:backup_secret:name}'
-                    key: password
-              - name: BACKUP_GLOBALRESTORES3ACCESSKEYID
-                valueFrom:
-                  secretKeyRef:
-                    name: '${backup_k8up:global_backup_config:s3restore_credentials:secretname}'
-                    key: '${backup_k8up:global_backup_config:s3restore_credentials:accesskeyname}'
-              - name: BACKUP_GLOBALRESTORES3SECRETACCESSKEY
-                valueFrom:
-                  secretKeyRef:
-                    name: '${backup_k8up:global_backup_config:s3restore_credentials:secretname}'
-                    key: '${backup_k8up:global_backup_config:s3restore_credentials:secretkeyname}'
-              - name: BACKUP_ANNOTATION
-                value: '${backup_k8up:annotation}'
-              - name: BACKUP_BACKUPCOMMANDANNOTATION
-                value: '${backup_k8up:backupcommandannotation}'
-              - name: BACKUP_GLOBALKEEPJOBS
-                value: '${backup_k8up:global_backup_config:keepjobs}'
-              - name: BACKUP_GLOBALS3ENDPOINT
-                value: '${backup_k8up:global_backup_config:s3_endpoint}'
-              - name: BACKUP_GLOBALSTATSURL
-                value: '${backup_k8up:global_backup_config:stats_url}'
-              - name: BACKUP_BACKOFFLIMIT
-                value: '${backup_k8up:backofflimit}'
-              - name: BACKUP_GLOBALRESTORES3BUCKET
-                value: '${backup_k8up:global_backup_config:restore_bucket}'
-              - name: BACKUP_GLOBALRESTORES3ENDPOINT
-                value: '${backup_k8up:global_backup_config:restore_s3endpoint}'
-              - name: TZ
-                value: '${backup_k8up:tz}'
-
+          - backup-k8up/helmcharts/v${backup_k8up:charts:k8up}/k8up
+        helm_values: ${backup_k8up:helmValues}
         helm_params:
           release_name: k8up
           namespace: '${backup_k8up:namespace}'

diff --git a/class/defaults.yml b/class/defaults.yml
@@ -4,7 +4,65 @@ parameters:
     # TODO: Reevaluate the need for this once we can remove components
     # See: https://github.com/projectsyn/commodore/issues/71
     enabled: true
+
+    charts:
+      k8up: 1.0.3
+
+
+    crd: "k8up-crd.yaml" # Use k8up-crd-legacy.yaml for K8s <= 1.15 (e.g. OpenShift 3.11):
     namespace: syn-backup
+
+    helmValues:
+      replicaCount: 1
+      k8up:
+        enableLeaderElection: true
+        timezone: "Etc/UTC"
+
+        envVars:
+          - name: BACKUP_PROMURL
+            value: '${backup_k8up:prometheus_push_gateway}'
+          - name: BACKUP_GLOBALACCESSKEYID
+            valueFrom:
+              secretKeyRef:
+                name: '${backup_k8up:global_backup_config:s3_credentials:secretname}'
+                key: '${backup_k8up:global_backup_config:s3_credentials:accesskeyname}'
+          - name: BACKUP_GLOBALSECRETACCESSKEY
+            valueFrom:
+              secretKeyRef:
+                name: '${backup_k8up:global_backup_config:s3_credentials:secretname}'
+                key: '${backup_k8up:global_backup_config:s3_credentials:secretkeyname}'
+          - name: BACKUP_GLOBALREPOPASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: '${backup_k8up:global_backup_config:backup_secret:name}'
+                key: password
+          - name: BACKUP_GLOBALRESTORES3ACCESSKEYID
+            valueFrom:
+              secretKeyRef:
+                name: '${backup_k8up:global_backup_config:s3restore_credentials:secretname}'
+                key: '${backup_k8up:global_backup_config:s3restore_credentials:accesskeyname}'
+          - name: BACKUP_GLOBALRESTORES3SECRETACCESSKEY
+            valueFrom:
+              secretKeyRef:
+                name: '${backup_k8up:global_backup_config:s3restore_credentials:secretname}'
+                key: '${backup_k8up:global_backup_config:s3restore_credentials:secretkeyname}'
+          - name: BACKUP_ANNOTATION
+            value: '${backup_k8up:annotation}'
+          - name: BACKUP_BACKUPCOMMANDANNOTATION
+            value: '${backup_k8up:backupcommandannotation}'
+          - name: BACKUP_GLOBALKEEPJOBS
+            value: '${backup_k8up:global_backup_config:keepjobs}'
+          - name: BACKUP_GLOBALS3ENDPOINT
+            value: '${backup_k8up:global_backup_config:s3_endpoint}'
+          - name: BACKUP_GLOBALSTATSURL
+            value: '${backup_k8up:global_backup_config:stats_url}'
+          - name: BACKUP_BACKOFFLIMIT
+            value: '${backup_k8up:backofflimit}'
+          - name: BACKUP_GLOBALRESTORES3BUCKET
+            value: '${backup_k8up:global_backup_config:restore_bucket}'
+          - name: BACKUP_GLOBALRESTORES3ENDPOINT
+            value: '${backup_k8up:global_backup_config:restore_s3endpoint}'
+
     global_backup_config:
       enabled: true
       default_backup_bucket: '${cluster:name}-k8up-backups'
@@ -16,7 +74,7 @@ parameters:
         secretkeyname: password
       backup_secret:
         name: global-backup-password
-        password: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/password}'
+        password: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/password}'
       s3restore_credentials:
         accesskey: ''
         secretkey: ''
@@ -31,7 +89,6 @@ parameters:
     backofflimit: '2'
     annotation: k8up.syn.tools/backup
     backupcommandannotation: k8up.syn.tools/backupcommand
-    tz: Europe/Zurich
     alert_rule_filters:
       namespace: namespace=~"syn.*"
     prometheus_push_gateway: 'http://platform-prometheus-pushgateway.syn-synsights.svc:9091'
@@ -75,12 +132,3 @@ parameters:
         for: 1m
         labels:
           severity: warning
-    charts:
-      k8up: 0.6.1
-    images:
-      k8up:
-        image: quay.io/vshn/k8up
-        tag: 'v0.1.10@sha256:74ef61f26c85b4a6ab6b02761caefe6d59234db559f7ed6bb7430f345b7ac488'
-      wrestic:
-        image: quay.io/vshn/wrestic
-        tag: 'v0.1.9@sha256:6b756ddb70e15977fc3d53a0468bcf6386d79d989768d48696167161f20e115e'
diff --git a/docs/modules/ROOT/pages/how-tos/.gitkeep b/docs/modules/ROOT/pages/how-tos/.gitkeep
diff --git a/docs/modules/ROOT/pages/how-tos/upgrade.adoc b/docs/modules/ROOT/pages/how-tos/upgrade.adoc
@@ -0,0 +1,23 @@
+= How to upgrade
+
+== Upgrade component from v1 to v2
+
+K8up v1.0.0 and also the respective Helm chart v1.0.0 introduced breaking changes that also affect this component.
+The upgrade process of K8up itself is documented here: https://k8up.io/k8up/1.0.0/how-tos/upgrade.html.
+Contrary to the Helm chart, v2 of this component already ships the necessary CRDs.
+
+v2 of the component exposes the parameter `helmValues`, which is one to one passed to the Helm chart.
+See https://github.com/appuio/charts/tree/master/k8up[Helm Chart] for a list of supported values.
+
+TIP: The component exposes additional parameters for ease of access.
+
+=== Parameter migration
+
+- `tz` is now `helmValues.k8up.timezone`, defaults to `Etc/UTC`.
+- `images.k8up` is now `helmValues.image` with same subparameters.
+- `images.wrestic` is now `helmValues.k8up.backupImage` with same subparameters except `registry`, which is integrated in `repository`.
+
+If the target cluster is older than Kubernetes v1.16:
+
+- Set `crd=k8up-crd-legacy.yaml`
+- Set `helmValues.k8up.enableLeaderElection=false`
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -2,6 +2,7 @@
 
 The parent key for all of the following parameters is `backup_k8up`.
 
+
 == `enabled`
 
 [horizontal]
@@ -13,6 +14,27 @@ Setting this to false, effectively disables the component from being deployed.
 
 NOTE: The manifests will still appear in the catalog, but without the ArgoCD app they won't get deployed.
 
+== `crd`
+
+[horizontal]
+type:: string
+default:: `k8up-crd.yaml`
+
+The name of the CRD yaml File.
+
+Use `k8up-crd.yaml` (default) for K8s >= 1.16
+Change to `k8up-crd-legacy.yaml` for K8s <= 1.15 (e.g. OpenShift 3.11)
+
+See https://github.com/appuio/charts/tree/master/k8up#handling-crds
+
+== `helmValues`
+
+[horizontal]
+type:: dict
+default:: See `class/defaults.yaml`
+
+Values passed to Helm. See https://github.com/appuio/charts/tree/master/k8up
+
 == `namespace`
 
 [horizontal]
@@ -46,7 +68,7 @@ default:: `{'accesskey': '', 'secretkey': '', 'secretname': 'global-bucket-crede
 
 [horizontal]
 type:: dict
-default:: `{'name': 'global-backup-password', 'password': '?{vaultkv:${customer:name}/${cluster:name}/global-backup/password}'}`
+default:: `{'name': 'global-backup-password', 'password': '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/password}'}`
 
 == `global_backup_config.s3restore_credentials`
 
@@ -103,12 +125,6 @@ default:: `k8up.syn.tools/backup`
 type:: string
 default:: `k8up.syn.tools/backupcommand`
 
-== `tz`
-
-[horizontal]
-type:: string
-default:: `Europe/Zurich`
-
 == `alert_rule_filters`
 
 [horizontal]
@@ -217,11 +233,11 @@ This structure is chosen to easily adjust individual alert configurations in the
 namespace: example-namespace
 global_keepjobs: "1"
 global_s3_credentials:
-  accesskey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/access-key}'
-  secretkey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/secret-key}'
+  accesskey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/access-key}'
+  secretkey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/secret-key}'
 global_s3restore_credentials:
-  accesskey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/restore-access-key}'
-  secretkey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/restore-secret-key}'
+  accesskey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/restore-access-key}'
+  secretkey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/restore-secret-key}'
 global_restore_s3endpoint: https://s3endpoint.example.com
 global_restore_bucket: example-restore-bucket
 monitoring_alerts:

diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc
@@ -1,2 +1,3 @@
 * xref:index.adoc[Home]
+* xref:how-tos/upgrade.adoc[Upgrade]
 * xref:references/parameters.adoc[Parameters]
diff --git a/lib/backup-k8up.libjsonnet b/lib/backup-k8up.libjsonnet
@@ -38,7 +38,7 @@ local Backend(backupkey, bucket, s3secret, create_bucket=true) =
       s3secret;
   local bname = if create_bucket && bucket != null then
     local prefix = 'syn-%s-%s-%s' % [
-      inv.parameters.customer.name,
+      inv.parameters.cluster.tenant,
       inv.parameters.cluster.name,
       bucket,
     ];