Implemented backup using restic

charts/sapl/v0.2.0/templates/velero-schedule-monthly.yaml

@@ -0,0 +1,44 @@
+{{- if .Values.velero.backup.enabled }}
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: {{ include "sapl.fullname" . }}-monthly
+  namespace: {{ .Values.velero.namespace }}
+spec:
+  # generate a random backup time between 1 and 5 AM on first day of every month
+  schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * *
+  template:
+    includedNamespaces:
+    - {{ .Release.Namespace }}
+    {{- with .Values.velero.backup.excludedResources }}
+    excludedResources:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
+    # every weekday backup is good for the next year (365 days)
+    ttl: 8760h0m0s
+    defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
+    hooks:
+      resources:
+      - name: fsfreeze
+        includedResources:
+          - pods
+        labelSelector:
+          matchLabels:
+            {{- include "sapl.selectorLabels" . | nindent 12 }}
+        pre:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --freeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+        post:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --unfreeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+  useOwnerReferencesInBackup: false
+{{- end }}

charts/sapl/v0.2.0/templates/velero-schedule-weekdays.yaml

@@ -0,0 +1,44 @@
+{{- if .Values.velero.backup.enabled }}
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: {{ include "sapl.fullname" . }}-weekdays
+  namespace: {{ .Values.velero.namespace }}
+spec:
+  # generate a random backup time between 1 and 5 AM on weekdays
+  schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5
+  template:
+    includedNamespaces:
+    - {{ .Release.Namespace }}
+    {{- with .Values.velero.backup.excludedResources }}
+    excludedResources:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
+    # every weekday backup is good for the next week (7 days)
+    ttl: 168h0m0s
+    defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
+    hooks:
+      resources:
+      - name: fsfreeze
+        includedResources:
+          - pods
+        labelSelector:
+          matchLabels:
+            {{- include "sapl.selectorLabels" . | nindent 12 }}
+        pre:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --freeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+        post:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --unfreeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+  useOwnerReferencesInBackup: false
+{{- end }}

charts/sapl/v0.2.0/templates/velero-schedule-weekly.yaml

@@ -0,0 +1,44 @@
+{{- if .Values.velero.backup.enabled }}
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: {{ include "sapl.fullname" . }}-weekly
+  namespace: {{ .Values.velero.namespace }}
+spec:
+  # generate a random backup time between 1 and 5 AM on sunday
+  schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0
+  template:
+    includedNamespaces:
+    - {{ .Release.Namespace }}
+    {{- with .Values.velero.backup.excludedResources }}
+    excludedResources:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
+    # every sunday backup is good for 30 days (aprox. 1 month)
+    ttl: 744h0m0s
+    defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
+    hooks:
+      resources:
+      - name: fsfreeze
+        includedResources:
+          - pods
+        labelSelector:
+          matchLabels:
+            {{- include "sapl.selectorLabels" . | nindent 12 }}
+        pre:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --freeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+        post:
+          - exec:
+              command:
+                - /sbin/fsfreeze
+                - --unfreeze
+                - /var/interlegis/sapl/media
+              timeout: 10s
+  useOwnerReferencesInBackup: false
+{{- end }}

charts/sapl/v0.2.0/values.yaml

@@ -74,6 +74,19 @@ ingress:
   # extra annotations only
   annotations: {}
 
+velero:
+  namespace: velero
+  backup:
+    enabled: true
+    snapshotVolumes: false
+    defaultVolumesToRestic: true
+    # cert-manager objects are usually blocked during backup
+    excludedResources: 
+      - certificates.cert-manager.io
+      - orders.acme.cert-manager.io
+      - certificaterequests.cert-manager.io
+      - challenges.acme.cert-manager.io
+
 postgresql:
   internal: true
   image: