Skip to content

Commit fb9680d

Browse files
author
Simon Emms
committed
feat(backups): configure resource required for enabling backups
1 parent f8e1981 commit fb9680d

File tree

4 files changed

+89
-1
lines changed

4 files changed

+89
-1
lines changed

.env.example

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@
33
AZURE_SUBSCRIPTION_ID=""
44
AZURE_TENANT_ID=""
55

6+
# Set if you want to configure KOTS backups
7+
# https://docs.replicated.com/vendor/snapshots-overview
8+
BACKUPS_ENABLED=false
9+
610
# The name of the Kubernetes cluster
711
CLUSTER_NAME=gitpod
812

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@
33
.idea
44
gitpod.yaml
55
gitpod-config.yaml
6+
credentials-velero

Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ RUN mkdir -p /tmp/helm/ \
1717
RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.12.2/yq_linux_amd64 -o /usr/local/bin/yq \
1818
&& chmod +x /usr/local/bin/yq
1919

20+
COPY --from=velero/velero:v1.8.1 /velero /usr/bin/velero
21+
2022
WORKDIR /gitpod
2123

2224
COPY . /gitpod

setup.sh

Lines changed: 82 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ set -a
1616
SERVICES_POOL="services"
1717
WORKSPACES_POOL="workspaces"
1818

19-
K8S_NODE_VM_SIZE=${K8S_NODE_VM_SIZE:="Standard_D4_v3"}
19+
K8S_NODE_VM_SIZE=${K8S_NODE_VM_SIZE:="Standard_DS3_v2"}
2020

2121
function check_prerequisites() {
2222
if [ -z "${AZURE_SUBSCRIPTION_ID}" ]; then
@@ -141,6 +141,7 @@ function install() {
141141
setup_managed_dns
142142
setup_mysql_database
143143
setup_storage
144+
setup_backup
144145
output_config
145146
}
146147

@@ -366,6 +367,86 @@ function setup_mysql_database() {
366367
--start-ip-address "0.0.0.0"
367368
}
368369

370+
function setup_backup() {
371+
if [ -n "${BACKUPS_ENABLED}" ] && [ "${BACKUPS_ENABLED}" == "true" ]; then
372+
echo "Configuring backups..."
373+
374+
# Based from https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#setup
375+
BACKUP_ACCOUNT="${STORAGE_ACCOUNT_NAME}backup"
376+
if [ "$(az storage account show --name ${BACKUP_ACCOUNT} --resource-group ${RESOURCE_GROUP} --query "name == '${BACKUP_ACCOUNT}'" || echo "empty")" == "true" ]; then
377+
echo "Backup storage account exists..."
378+
else
379+
echo "Create backup storage account..."
380+
az storage account create \
381+
--name "${STORAGE_ACCOUNT_NAME}backup" \
382+
--resource-group "${RESOURCE_GROUP}" \
383+
--location "${LOCATION}" \
384+
--sku Standard_GRS \
385+
--encryption-services blob \
386+
--https-only true \
387+
--kind BlobStorage \
388+
--access-tier Hot
389+
fi
390+
391+
ACCOUNT_KEY="$(az storage account keys list --resource-group "${RESOURCE_GROUP}" --account-name "${BACKUP_ACCOUNT}" --query "[0].value" -o tsv)"
392+
393+
BLOB_CONTAINER="velero"
394+
if [ "$(az storage container show --account-name ${BACKUP_ACCOUNT} --name ${BLOB_CONTAINER} --account-key="${ACCOUNT_KEY}" --query "name == '${BLOB_CONTAINER}'" || echo "empty")" == "true" ]; then
395+
echo "Backup storage container exists..."
396+
else
397+
echo "Create backup storage container..."
398+
az storage container create \
399+
-n "${BLOB_CONTAINER}" \
400+
--account-key="${ACCOUNT_KEY}" \
401+
--public-access off \
402+
--account-name "${BACKUP_ACCOUNT}"
403+
fi
404+
405+
kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.9/deploy/infra/deployment-rbac.yaml
406+
407+
IDENTITY_NAME=velero
408+
IDENTITY_RESOURCE_ID=$(az aks show --name "${CLUSTER_NAME}" --resource-group "${RESOURCE_GROUP}" --query "identityProfile.kubeletidentity.resourceId" -o tsv)
409+
IDENTITY_CLIENT_ID=$(az aks show --name "${CLUSTER_NAME}" --resource-group "${RESOURCE_GROUP}" --query "identityProfile.kubeletidentity.clientId" -o tsv)
410+
411+
cat <<EOF | kubectl apply -f -
412+
apiVersion: "aadpodidentity.k8s.io/v1"
413+
kind: AzureIdentity
414+
metadata:
415+
name: $IDENTITY_NAME
416+
spec:
417+
type: 0
418+
resourceID: $IDENTITY_RESOURCE_ID
419+
clientID: $IDENTITY_CLIENT_ID
420+
EOF
421+
422+
cat <<EOF | kubectl apply -f -
423+
apiVersion: "aadpodidentity.k8s.io/v1"
424+
kind: AzureIdentityBinding
425+
metadata:
426+
name: $IDENTITY_NAME-binding
427+
spec:
428+
azureIdentity: $IDENTITY_NAME
429+
selector: $IDENTITY_NAME
430+
EOF
431+
432+
cat << EOF > ./credentials-velero
433+
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
434+
AZURE_RESOURCE_GROUP=${RESOURCE_GROUP}
435+
AZURE_CLOUD_NAME=AzurePublicCloud
436+
EOF
437+
438+
velero install \
439+
--provider azure \
440+
--plugins velero/velero-plugin-for-microsoft-azure:v1.4.0 \
441+
--bucket "${BLOB_CONTAINER}" \
442+
--secret-file ./credentials-velero \
443+
--backup-location-config "resourceGroup=${RESOURCE_GROUP},storageAccount=${BACKUP_ACCOUNT}" \
444+
--snapshot-location-config apiTimeout=30m \
445+
--use-restic \
446+
--wait
447+
fi
448+
}
449+
369450
function setup_storage() {
370451
if [ "$(az storage account show --name ${STORAGE_ACCOUNT_NAME} --resource-group ${RESOURCE_GROUP} --query "name == '${STORAGE_ACCOUNT_NAME}'" || echo "empty")" == "true" ]; then
371452
echo "Storage account exists..."

0 commit comments

Comments
 (0)