diff --git a/chart/stash/README.md b/chart/stash/README.md index 3bfbd6a84..148cfa65c 100644 --- a/chart/stash/README.md +++ b/chart/stash/README.md @@ -59,7 +59,6 @@ The following table lists the configurable parameters of the Stash chart and the | `annotations` | Annotations applied to operator pod(s) | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Tolerations used pod assignment | `{}` | -| `rbac.create` | If `true`, create and use RBAC resources | `true` | | `serviceAccount.create` | If `true`, create a new service account | `true` | | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` | | `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 | @@ -91,23 +90,4 @@ installing the chart. For example: $ helm install --name stash-operator --values values.yaml appscode/stash ``` -## RBAC -By default the chart will not install the recommended RBAC roles and rolebindings. -You need to have the flag `--authorization-mode=RBAC` on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/). - -To determine if your cluster supports RBAC, run the following command: - -```console -$ kubectl api-versions | grep rbac -``` - -If the output contains "beta", you may install the chart with RBAC enabled (see below). - -### Enable RBAC role/rolebinding creation - -To enable the creation of RBAC resources (On clusters with RBAC). Do the following: - -```console -$ helm install --name stash-operator appscode/stash --set rbac.create=true -``` diff --git a/chart/stash/templates/apiregistration.yaml b/chart/stash/templates/apiregistration.yaml index cda115d4f..93906c372 100644 --- a/chart/stash/templates/apiregistration.yaml +++ b/chart/stash/templates/apiregistration.yaml @@ -66,7 +66,6 @@ data: tls.key: {{ b64enc $cert.Key }} --- {{- end }} -{{ if .Values.rbac.create }} # to read the config for terminating authentication apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -99,4 +98,3 @@ subjects: - kind: ServiceAccount name: {{ template "stash.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/chart/stash/templates/cluster-role-binding.yaml b/chart/stash/templates/cluster-role-binding.yaml index 1e5cbbe99..c87a63ab3 100644 --- a/chart/stash/templates/cluster-role-binding.yaml +++ b/chart/stash/templates/cluster-role-binding.yaml @@ -1,4 +1,3 @@ -{{ if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,4 +12,3 @@ subjects: - kind: ServiceAccount name: {{ template "stash.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/chart/stash/templates/cluster-role.yaml b/chart/stash/templates/cluster-role.yaml index b3c355553..44b984a20 100644 --- a/chart/stash/templates/cluster-role.yaml +++ b/chart/stash/templates/cluster-role.yaml @@ -1,4 +1,3 @@ -{{ if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -86,4 +85,3 @@ rules: - roles - rolebindings verbs: ["get", "create", "delete", "patch"] -{{ end }} diff --git a/chart/stash/templates/deployment.yaml b/chart/stash/templates/deployment.yaml index 4c0f35826..95daec463 100644 --- a/chart/stash/templates/deployment.yaml +++ b/chart/stash/templates/deployment.yaml @@ -44,7 +44,6 @@ spec: args: - run - --v={{ .Values.logLevel }} - - --rbac={{ .Values.rbac.create }} - --docker-registry={{ .Values.operator.registry }} - --secure-port=8443 - --audit-log-path=- diff --git a/chart/stash/templates/user-roles.yaml b/chart/stash/templates/user-roles.yaml index 64aa6218a..35f0e1a65 100644 --- a/chart/stash/templates/user-roles.yaml +++ b/chart/stash/templates/user-roles.yaml @@ -1,4 +1,3 @@ -{{ if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -45,4 +44,3 @@ rules: resources: - snapshots verbs: ["get", "list"] -{{ end }} diff --git a/chart/stash/values.yaml b/chart/stash/values.yaml index 8463158bc..944ac832a 100644 --- a/chart/stash/values.yaml +++ b/chart/stash/values.yaml @@ -53,11 +53,6 @@ tolerations: {} ## affinity: {} -## Install Default RBAC roles and bindings -rbac: - # Specifies whether RBAC resources should be created - create: true - serviceAccount: # Specifies whether a ServiceAccount should be created create: true diff --git a/docs/reference/stash.md b/docs/reference/stash.md index d6f6f4c91..1efdeb6b3 100644 --- a/docs/reference/stash.md +++ b/docs/reference/stash.md @@ -44,11 +44,25 @@ Stash is a Kubernetes operator for restic. For more information, visit here: htt ### SEE ALSO * [stash backup](/docs/reference/stash_backup.md) - Run Stash Backup +* [stash backup-mongo](/docs/reference/stash_backup-mongo.md) - Takes a backup of Mongo DB +* [stash backup-mysql](/docs/reference/stash_backup-mysql.md) - Takes a backup of MySQL DB +* [stash backup-pg](/docs/reference/stash_backup-pg.md) - Takes a backup of Postgres DB +* [stash backup-pvc](/docs/reference/stash_backup-pvc.md) - Takes a backup of Persistent Volume Claim * [stash check](/docs/reference/stash_check.md) - Check restic backup +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI +* [stash create-backupsession](/docs/reference/stash_create-backupsession.md) - create a BackupSession +* [stash docker](/docs/reference/stash_docker.md) - Run restic commands inside Docker * [stash forget](/docs/reference/stash_forget.md) - Delete snapshots from a restic repository * [stash recover](/docs/reference/stash_recover.md) - Recover restic backup +* [stash restore](/docs/reference/stash_restore.md) - Restore from backup +* [stash restore-mongo](/docs/reference/stash_restore-mongo.md) - Restores Mongo DB Backup +* [stash restore-mysql](/docs/reference/stash_restore-mysql.md) - Restores MySQL DB Backup +* [stash restore-pg](/docs/reference/stash_restore-pg.md) - Restores Postgres DB Backup +* [stash restore-pvc](/docs/reference/stash_restore-pvc.md) - Takes a restore of Persistent Volume Claim * [stash run](/docs/reference/stash_run.md) - Launch Stash Controller +* [stash run-backup](/docs/reference/stash_run-backup.md) - Take backup of workload directories * [stash scaledown](/docs/reference/stash_scaledown.md) - Scale down workload * [stash snapshots](/docs/reference/stash_snapshots.md) - Get snapshots of restic repo +* [stash update-status](/docs/reference/stash_update-status.md) - Update status of Repository, Backup/Restore Session * [stash version](/docs/reference/stash_version.md) - Prints binary version number. diff --git a/docs/reference/stash_backup-mongo.md b/docs/reference/stash_backup-mongo.md new file mode 100644 index 000000000..8b0424bf5 --- /dev/null +++ b/docs/reference/stash_backup-mongo.md @@ -0,0 +1,80 @@ +--- +title: Stash Backup-Mongo +menu: + product_stash_0.8.3: + identifier: stash-backup-mongo + name: Stash Backup-Mongo + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash backup-mongo + +Takes a backup of Mongo DB + +### Synopsis + +Takes a backup of Mongo DB + +``` +stash backup-mongo [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for backup-mongo + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --mongo-args string Additional arguments + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --retention-dry-run Specify weather to test retention policy without deleting actual data + --retention-keep-daily int Specify value for retention strategy + --retention-keep-hourly int Specify value for retention strategy + --retention-keep-last int Specify value for retention strategy + --retention-keep-monthly int Specify value for retention strategy + --retention-keep-tags strings Specify value for retention strategy + --retention-keep-weekly int Specify value for retention strategy + --retention-keep-yearly int Specify value for retention strategy + --retention-prune Specify weather to prune old snapshot data + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_backup-mysql.md b/docs/reference/stash_backup-mysql.md new file mode 100644 index 000000000..f6ad43b0f --- /dev/null +++ b/docs/reference/stash_backup-mysql.md @@ -0,0 +1,80 @@ +--- +title: Stash Backup-Mysql +menu: + product_stash_0.8.3: + identifier: stash-backup-mysql + name: Stash Backup-Mysql + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash backup-mysql + +Takes a backup of MySQL DB + +### Synopsis + +Takes a backup of MySQL DB + +``` +stash backup-mysql [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for backup-mysql + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --mysql-args string Additional arguments (default "--all-databases") + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --retention-dry-run Specify weather to test retention policy without deleting actual data + --retention-keep-daily int Specify value for retention strategy + --retention-keep-hourly int Specify value for retention strategy + --retention-keep-last int Specify value for retention strategy + --retention-keep-monthly int Specify value for retention strategy + --retention-keep-tags strings Specify value for retention strategy + --retention-keep-weekly int Specify value for retention strategy + --retention-keep-yearly int Specify value for retention strategy + --retention-prune Specify weather to prune old snapshot data + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_backup-pg.md b/docs/reference/stash_backup-pg.md new file mode 100644 index 000000000..ef918f61d --- /dev/null +++ b/docs/reference/stash_backup-pg.md @@ -0,0 +1,80 @@ +--- +title: Stash Backup-Pg +menu: + product_stash_0.8.3: + identifier: stash-backup-pg + name: Stash Backup-Pg + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash backup-pg + +Takes a backup of Postgres DB + +### Synopsis + +Takes a backup of Postgres DB + +``` +stash backup-pg [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for backup-pg + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --pg-args string Additional arguments + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --retention-dry-run Specify weather to test retention policy without deleting actual data + --retention-keep-daily int Specify value for retention strategy + --retention-keep-hourly int Specify value for retention strategy + --retention-keep-last int Specify value for retention strategy + --retention-keep-monthly int Specify value for retention strategy + --retention-keep-tags strings Specify value for retention strategy + --retention-keep-weekly int Specify value for retention strategy + --retention-keep-yearly int Specify value for retention strategy + --retention-prune Specify weather to prune old snapshot data + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_backup-pvc.md b/docs/reference/stash_backup-pvc.md new file mode 100644 index 000000000..5cb1ae812 --- /dev/null +++ b/docs/reference/stash_backup-pvc.md @@ -0,0 +1,76 @@ +--- +title: Stash Backup-Pvc +menu: + product_stash_0.8.3: + identifier: stash-backup-pvc + name: Stash Backup-Pvc + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash backup-pvc + +Takes a backup of Persistent Volume Claim + +### Synopsis + +Takes a backup of Persistent Volume Claim + +``` +stash backup-pvc [flags] +``` + +### Options + +``` + --backup-dirs strings List of directories to be backed up + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for backup-pvc + --hostname string Name of the host machine (default "host-0") + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --retention-dry-run Specify weather to test retention policy without deleting actual data + --retention-keep-daily int Specify value for retention strategy + --retention-keep-hourly int Specify value for retention strategy + --retention-keep-last int Specify value for retention strategy + --retention-keep-monthly int Specify value for retention strategy + --retention-keep-tags strings Specify value for retention strategy + --retention-keep-weekly int Specify value for retention strategy + --retention-keep-yearly int Specify value for retention strategy + --retention-prune Specify weather to prune old snapshot data + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_backup.md b/docs/reference/stash_backup.md index c89311498..361261405 100644 --- a/docs/reference/stash_backup.md +++ b/docs/reference/stash_backup.md @@ -26,7 +26,6 @@ stash backup [flags] ``` --burst int The maximum burst for throttle (default 100) --docker-registry string Check job image registry. (default "appscode") - --enable-rbac Enable RBAC -h, --help help for backup --image-tag string Check job image tag. --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). diff --git a/docs/reference/stash_cli.md b/docs/reference/stash_cli.md new file mode 100644 index 000000000..8ec519716 --- /dev/null +++ b/docs/reference/stash_cli.md @@ -0,0 +1,58 @@ +--- +title: Stash Cli +menu: + product_stash_0.8.3: + identifier: stash-cli + name: Stash Cli + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli + +Stash CLI + +### Synopsis + +Kubectl plugin for Stash + +``` +stash cli [flags] +``` + +### Options + +``` + -h, --help help for cli +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes +* [stash cli backup-pv](/docs/reference/stash_cli_backup-pv.md) - Backup persistent volume +* [stash cli copy-repository](/docs/reference/stash_cli_copy-repository.md) - Copy Repository and Secret +* [stash cli delete-snapshot](/docs/reference/stash_cli_delete-snapshot.md) - Delete a snapshot from repository backend +* [stash cli download](/docs/reference/stash_cli_download.md) - Download snapshots +* [stash cli trigger-backup](/docs/reference/stash_cli_trigger-backup.md) - Trigger a backup +* [stash cli unlock-local-repository](/docs/reference/stash_cli_unlock-local-repository.md) - Unlock Restic Repository with Local Backend +* [stash cli unlock-repository](/docs/reference/stash_cli_unlock-repository.md) - Unlock Restic Repository + diff --git a/docs/reference/stash_cli_backup-pv.md b/docs/reference/stash_cli_backup-pv.md new file mode 100644 index 000000000..2f33fd079 --- /dev/null +++ b/docs/reference/stash_cli_backup-pv.md @@ -0,0 +1,57 @@ +--- +title: Stash Cli Backup-Pv +menu: + product_stash_0.8.3: + identifier: stash-cli-backup-pv + name: Stash Cli Backup-Pv + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli backup-pv + +Backup persistent volume + +### Synopsis + +Backup persistent volume using BackupConfiguration Template + +``` +stash cli backup-pv [flags] +``` + +### Options + +``` + --directories strings List of target directories. + -h, --help help for backup-pv + --kubeconfig string Path of the Kube config file. + --mountpath string Mount path for PVC. + --namespace string Namespace for Persistent Volume Claim. (default "default") + --template string Name of the BackupConfigurationTemplate. + --volume string Name of the Persistent volume. +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_copy-repository.md b/docs/reference/stash_cli_copy-repository.md new file mode 100644 index 000000000..787061a2b --- /dev/null +++ b/docs/reference/stash_cli_copy-repository.md @@ -0,0 +1,55 @@ +--- +title: Stash Cli Copy-Repository +menu: + product_stash_0.8.3: + identifier: stash-cli-copy-repository + name: Stash Cli Copy-Repository + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli copy-repository + +Copy Repository and Secret + +### Synopsis + +Copy Repository and Secret from one namespace to another namespace + +``` +stash cli copy-repository [flags] +``` + +### Options + +``` + --destination-namespace string Destination namespace. + -h, --help help for copy-repository + --kubeconfig string Path of the Kube config file. + --repository string Name of the Repository. + --source-namespace string Source namespace. +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_delete-snapshot.md b/docs/reference/stash_cli_delete-snapshot.md new file mode 100644 index 000000000..e291be6d0 --- /dev/null +++ b/docs/reference/stash_cli_delete-snapshot.md @@ -0,0 +1,55 @@ +--- +title: Stash Cli Delete-Snapshot +menu: + product_stash_0.8.3: + identifier: stash-cli-delete-snapshot + name: Stash Cli Delete-Snapshot + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli delete-snapshot + +Delete a snapshot from repository backend + +### Synopsis + +Delete a snapshot from repository backend + +``` +stash cli delete-snapshot [flags] +``` + +### Options + +``` + --docker-registry string Docker image registry (default "appscode") + -h, --help help for delete-snapshot + --image-tag string Stash image tag (default "latest") + --kubeconfig string Path of the Kube config file. + --namespace string Namespace of the Repository. (default "default") +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_download.md b/docs/reference/stash_cli_download.md new file mode 100644 index 000000000..9858f9702 --- /dev/null +++ b/docs/reference/stash_cli_download.md @@ -0,0 +1,60 @@ +--- +title: Stash Cli Download +menu: + product_stash_0.8.3: + identifier: stash-cli-download + name: Stash Cli Download + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli download + +Download snapshots + +### Synopsis + +Download contents of snapshots from Repository + +``` +stash cli download [flags] +``` + +### Options + +``` + --destination string Destination path where snapshot will be restored. + --directories strings List of directories to be restored + --docker-registry string Docker image registry (default "appscode") + -h, --help help for download + --host string Name of the source host machine (default "host-0") + --image-tag string Stash image tag (default "latest") + --kubeconfig string Path of the Kube config file. + --namespace string Namespace of the Repository. (default "default") + --repository string Name of the Repository. + --snapshots strings List of snapshots to be restored +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_trigger-backup.md b/docs/reference/stash_cli_trigger-backup.md new file mode 100644 index 000000000..a9e710573 --- /dev/null +++ b/docs/reference/stash_cli_trigger-backup.md @@ -0,0 +1,53 @@ +--- +title: Stash Cli Trigger-Backup +menu: + product_stash_0.8.3: + identifier: stash-cli-trigger-backup + name: Stash Cli Trigger-Backup + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli trigger-backup + +Trigger a backup + +### Synopsis + +Trigger a backup by creating BackupSession + +``` +stash cli trigger-backup [flags] +``` + +### Options + +``` + -h, --help help for trigger-backup + --kubeconfig string Path of the Kube config file. + --namespace string Namespace of the Repository. (default "default") +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_unlock-local-repository.md b/docs/reference/stash_cli_unlock-local-repository.md new file mode 100644 index 000000000..037dff282 --- /dev/null +++ b/docs/reference/stash_cli_unlock-local-repository.md @@ -0,0 +1,53 @@ +--- +title: Stash Cli Unlock-Local-Repository +menu: + product_stash_0.8.3: + identifier: stash-cli-unlock-local-repository + name: Stash Cli Unlock-Local-Repository + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli unlock-local-repository + +Unlock Restic Repository with Local Backend + +### Synopsis + +Unlock Restic Repository with Local Backend + +``` +stash cli unlock-local-repository [flags] +``` + +### Options + +``` + -h, --help help for unlock-local-repository + --path string Directory inside the bucket where backup will be stored + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_cli_unlock-repository.md b/docs/reference/stash_cli_unlock-repository.md new file mode 100644 index 000000000..6ac271dee --- /dev/null +++ b/docs/reference/stash_cli_unlock-repository.md @@ -0,0 +1,56 @@ +--- +title: Stash Cli Unlock-Repository +menu: + product_stash_0.8.3: + identifier: stash-cli-unlock-repository + name: Stash Cli Unlock-Repository + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash cli unlock-repository + +Unlock Restic Repository + +### Synopsis + +Unlock Restic Repository + +``` +stash cli unlock-repository [flags] +``` + +### Options + +``` + --docker-registry string Docker image registry (default "appscode") + -h, --help help for unlock-repository + --image-tag string Stash image tag (default "latest") + --kubeconfig string Path of the Kube config file. + --namespace string Namespace of the Repository. (default "default") + --repository string Name of the Repository. +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash cli](/docs/reference/stash_cli.md) - Stash CLI + diff --git a/docs/reference/stash_create-backupsession.md b/docs/reference/stash_create-backupsession.md new file mode 100644 index 000000000..fb93e87c6 --- /dev/null +++ b/docs/reference/stash_create-backupsession.md @@ -0,0 +1,55 @@ +--- +title: Stash Create-Backupsession +menu: + product_stash_0.8.3: + identifier: stash-create-backupsession + name: Stash Create-Backupsession + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash create-backupsession + +create a BackupSession + +### Synopsis + +create a BackupSession + +``` +stash create-backupsession [flags] +``` + +### Options + +``` + --backupsession.name string Set BackupSession Name + --backupsession.namespace string Set BackupSession Namespace (default "default") + -h, --help help for create-backupsession + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_docker.md b/docs/reference/stash_docker.md new file mode 100644 index 000000000..c3900dce5 --- /dev/null +++ b/docs/reference/stash_docker.md @@ -0,0 +1,54 @@ +--- +title: Stash Docker +menu: + product_stash_0.8.3: + identifier: stash-docker + name: Stash Docker + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash docker + +Run restic commands inside Docker + +### Synopsis + +Run restic commands inside Docker + +``` +stash docker [flags] +``` + +### Options + +``` + -h, --help help for docker +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes +* [stash docker delete-snapshot](/docs/reference/stash_docker_delete-snapshot.md) - Delete a snapshot from repository backend +* [stash docker download-snapshots](/docs/reference/stash_docker_download-snapshots.md) - Download snapshots +* [stash docker unlock-repository](/docs/reference/stash_docker_unlock-repository.md) - Unlock Restic Repository + diff --git a/docs/reference/stash_docker_delete-snapshot.md b/docs/reference/stash_docker_delete-snapshot.md new file mode 100644 index 000000000..e2994fd55 --- /dev/null +++ b/docs/reference/stash_docker_delete-snapshot.md @@ -0,0 +1,52 @@ +--- +title: Stash Docker Delete-Snapshot +menu: + product_stash_0.8.3: + identifier: stash-docker-delete-snapshot + name: Stash Docker Delete-Snapshot + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash docker delete-snapshot + +Delete a snapshot from repository backend + +### Synopsis + +Delete a snapshot from repository backend + +``` +stash docker delete-snapshot [flags] +``` + +### Options + +``` + -h, --help help for delete-snapshot + --snapshot string Snapshot ID to be deleted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash docker](/docs/reference/stash_docker.md) - Run restic commands inside Docker + diff --git a/docs/reference/stash_docker_download-snapshots.md b/docs/reference/stash_docker_download-snapshots.md new file mode 100644 index 000000000..2e33456f8 --- /dev/null +++ b/docs/reference/stash_docker_download-snapshots.md @@ -0,0 +1,51 @@ +--- +title: Stash Docker Download-Snapshots +menu: + product_stash_0.8.3: + identifier: stash-docker-download-snapshots + name: Stash Docker Download-Snapshots + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash docker download-snapshots + +Download snapshots + +### Synopsis + +Download contents of snapshots from Repository + +``` +stash docker download-snapshots [flags] +``` + +### Options + +``` + -h, --help help for download-snapshots +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash docker](/docs/reference/stash_docker.md) - Run restic commands inside Docker + diff --git a/docs/reference/stash_docker_unlock-repository.md b/docs/reference/stash_docker_unlock-repository.md new file mode 100644 index 000000000..90d54c80d --- /dev/null +++ b/docs/reference/stash_docker_unlock-repository.md @@ -0,0 +1,51 @@ +--- +title: Stash Docker Unlock-Repository +menu: + product_stash_0.8.3: + identifier: stash-docker-unlock-repository + name: Stash Docker Unlock-Repository + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash docker unlock-repository + +Unlock Restic Repository + +### Synopsis + +Unlock Restic Repository + +``` +stash docker unlock-repository [flags] +``` + +### Options + +``` + -h, --help help for unlock-repository +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash docker](/docs/reference/stash_docker.md) - Run restic commands inside Docker + diff --git a/docs/reference/stash_restore-mongo.md b/docs/reference/stash_restore-mongo.md new file mode 100644 index 000000000..c26a27265 --- /dev/null +++ b/docs/reference/stash_restore-mongo.md @@ -0,0 +1,72 @@ +--- +title: Stash Restore-Mongo +menu: + product_stash_0.8.3: + identifier: stash-restore-mongo + name: Stash Restore-Mongo + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash restore-mongo + +Restores Mongo DB Backup + +### Synopsis + +Restores Mongo DB Backup + +``` +stash restore-mongo [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for restore-mongo + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --mongo-args string Additional arguments + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted + --snapshot string Snapshot to dump +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_restore-mysql.md b/docs/reference/stash_restore-mysql.md new file mode 100644 index 000000000..6875c760d --- /dev/null +++ b/docs/reference/stash_restore-mysql.md @@ -0,0 +1,72 @@ +--- +title: Stash Restore-Mysql +menu: + product_stash_0.8.3: + identifier: stash-restore-mysql + name: Stash Restore-Mysql + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash restore-mysql + +Restores MySQL DB Backup + +### Synopsis + +Restores MySQL DB Backup + +``` +stash restore-mysql [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for restore-mysql + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --mysql-args string Additional arguments + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted + --snapshot string Snapshot to dump +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_restore-pg.md b/docs/reference/stash_restore-pg.md new file mode 100644 index 000000000..e4bb8353c --- /dev/null +++ b/docs/reference/stash_restore-pg.md @@ -0,0 +1,72 @@ +--- +title: Stash Restore-Pg +menu: + product_stash_0.8.3: + identifier: stash-restore-pg + name: Stash Restore-Pg + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash restore-pg + +Restores Postgres DB Backup + +### Synopsis + +Restores Postgres DB Backup + +``` +stash restore-pg [flags] +``` + +### Options + +``` + --app-binding string Name of the app binding + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for restore-pg + --hostname string Name of the host machine (default "host-0") + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where backup will be stored + --pg-args string Additional arguments + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted + --snapshot string Snapshot to dump +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_restore-pvc.md b/docs/reference/stash_restore-pvc.md new file mode 100644 index 000000000..d30f57d11 --- /dev/null +++ b/docs/reference/stash_restore-pvc.md @@ -0,0 +1,68 @@ +--- +title: Stash Restore-Pvc +menu: + product_stash_0.8.3: + identifier: stash-restore-pvc + name: Stash Restore-Pvc + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash restore-pvc + +Takes a restore of Persistent Volume Claim + +### Synopsis + +Takes a restore of Persistent Volume Claim + +``` +stash restore-pvc [flags] +``` + +### Options + +``` + --bucket string Name of the cloud bucket/container (keep empty for local backend) + --enable-cache Specify weather to enable caching for restic + --endpoint string Endpoint for s3/s3 compatible backend + -h, --help help for restore-pvc + --hostname string Name of the host machine (default "host-0") + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-dir string Directory where to write metric.prom file (keep empty if you don't want to write metric in a text file) + --metrics-enabled Specify weather to export Prometheus metrics + --metrics-labels strings Labels to apply in exported metrics + --metrics-pushgateway-url string Pushgateway URL where the metrics will be pushed + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --path string Directory inside the bucket where restore will be stored + --provider string Backend provider (i.e. gcs, s3, azure etc) + --rest-server-url string URL for rest backend + --restore-dirs strings List of directories to be restored + --scratch-dir string Temporary directory (default "/tmp") + --secret-dir string Directory where storage secret has been mounted + --snapshots strings List of snapshots to be restored +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_restore.md b/docs/reference/stash_restore.md new file mode 100644 index 000000000..40d05f1ff --- /dev/null +++ b/docs/reference/stash_restore.md @@ -0,0 +1,60 @@ +--- +title: Stash Restore +menu: + product_stash_0.8.3: + identifier: stash-restore + name: Stash Restore + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash restore + +Restore from backup + +### Synopsis + +Restore from backup + +``` +stash restore [flags] +``` + +### Options + +``` + --backoff-max-wait duration Maximum wait for initial response from kube apiserver; 0 disables the timeout + --enable-cache Specify weather to enable caching for restic (default true) + -h, --help help for restore + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-enabled Specify weather to export Prometheus metrics + --pushgateway-url string Pushgateway URL where the metrics will be pushed + --restore-session string Name of the RestoreSession CRD. + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_run-backup.md b/docs/reference/stash_run-backup.md new file mode 100644 index 000000000..c938cc28a --- /dev/null +++ b/docs/reference/stash_run-backup.md @@ -0,0 +1,59 @@ +--- +title: Stash Run-Backup +menu: + product_stash_0.8.3: + identifier: stash-run-backup + name: Stash Run-Backup + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash run-backup + +Take backup of workload directories + +### Synopsis + +Take backup of workload directories + +``` +stash run-backup [flags] +``` + +### Options + +``` + --backup-configuration string Set BackupConfiguration Name + --enable-cache Specify weather to enable caching for restic (default true) + -h, --help help for run-backup + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --max-connections int Specify maximum concurrent connections for GCS, Azure and B2 backend + --metrics-enabled Specify weather to export Prometheus metrics + --pushgateway-url string URL of Prometheus pushgateway used to cache backup metrics + --secret-dir string Directory where storage secret has been mounted +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/reference/stash_run.md b/docs/reference/stash_run.md index 15afac4be..1e8accd2e 100644 --- a/docs/reference/stash_run.md +++ b/docs/reference/stash_run.md @@ -24,6 +24,7 @@ stash run [flags] ### Options ``` + --audit-dynamic-configuration Enables dynamic audit configuration. This feature also requires the DynamicAuditing feature flag --audit-log-batch-buffer-size int The size of the buffer to store events before batching and writing. Only used in batch mode. (default 10000) --audit-log-batch-max-size int The maximum size of a batch. Only used in batch mode. (default 1) --audit-log-batch-max-wait duration The amount of time to wait before force writing the batch that hadn't reached the max size. Only used in batch mode. @@ -34,12 +35,12 @@ stash run [flags] --audit-log-maxage int The maximum number of days to retain old audit log files based on the timestamp encoded in their filename. --audit-log-maxbackup int The maximum number of old audit log files to retain. --audit-log-maxsize int The maximum size in megabytes of the audit log file before it gets rotated. - --audit-log-mode string Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking. (default "blocking") + --audit-log-mode string Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking,blocking-strict. (default "blocking") --audit-log-path string If set, all requests coming to the apiserver will be logged to this file. '-' means standard out. --audit-log-truncate-enabled Whether event and batch truncating is enabled. --audit-log-truncate-max-batch-size int Maximum size of the batch sent to the underlying backend. Actual serialized size can be several hundreds of bytes greater. If a batch exceeds this limit, it is split into several batches of smaller size. (default 10485760) --audit-log-truncate-max-event-size int Maximum size of the audit event sent to the underlying backend. If the size of an event is greater than this number, first request and response are removed, and if this doesn't reduce the size enough, event is discarded. (default 102400) - --audit-log-version string API group and version used for serializing audit events written to log. (default "audit.k8s.io/v1beta1") + --audit-log-version string API group and version used for serializing audit events written to log. (default "audit.k8s.io/v1") --audit-policy-file string Path to the file that defines the audit policy configuration. --audit-webhook-batch-buffer-size int The size of the buffer to store events before batching and writing. Only used in batch mode. (default 10000) --audit-webhook-batch-max-size int The maximum size of a batch. Only used in batch mode. (default 400) @@ -49,14 +50,15 @@ stash run [flags] --audit-webhook-batch-throttle-qps float32 Maximum average number of batches per second. Only used in batch mode. (default 10) --audit-webhook-config-file string Path to a kubeconfig formatted file that defines the audit webhook configuration. --audit-webhook-initial-backoff duration The amount of time to wait before retrying the first failed request. (default 10s) - --audit-webhook-mode string Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking. (default "batch") + --audit-webhook-mode string Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking,blocking-strict. (default "batch") --audit-webhook-truncate-enabled Whether event and batch truncating is enabled. --audit-webhook-truncate-max-batch-size int Maximum size of the batch sent to the underlying backend. Actual serialized size can be several hundreds of bytes greater. If a batch exceeds this limit, it is split into several batches of smaller size. (default 10485760) --audit-webhook-truncate-max-event-size int Maximum size of the audit event sent to the underlying backend. If the size of an event is greater than this number, first request and response are removed, and if this doesn't reduce the size enough, event is discarded. (default 102400) - --audit-webhook-version string API group and version used for serializing audit events written to webhook. (default "audit.k8s.io/v1beta1") + --audit-webhook-version string API group and version used for serializing audit events written to webhook. (default "audit.k8s.io/v1") --authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. --authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster. --authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s) + --authentication-tolerate-lookup-failure If true, failures to look up missing authentication configuration from the cluster are not considered fatal. Note that this can result in authentication that treats all requests as anonymous. --authorization-always-allow-paths strings A list of HTTP paths to skip during authorization, i.e. these are authorized without contacting the 'core' kubernetes server. --authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s) @@ -76,7 +78,6 @@ stash run [flags] --kubeconfig string kubeconfig file pointing at the 'core' kubernetes server. --profiling Enable profiling via web interface host:port/debug/pprof/ (default true) --qps float The maximum QPS to the master from this client (default 100) - --rbac Enable RBAC for operator --requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. --requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests. --requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-]) diff --git a/docs/reference/stash_update-status.md b/docs/reference/stash_update-status.md new file mode 100644 index 000000000..9b8d0b8d4 --- /dev/null +++ b/docs/reference/stash_update-status.md @@ -0,0 +1,58 @@ +--- +title: Stash Update-Status +menu: + product_stash_0.8.3: + identifier: stash-update-status + name: Stash Update-Status + parent: reference +product_name: stash +menu_name: product_stash_0.8.3 +section_menu_id: reference +--- +## stash update-status + +Update status of Repository, Backup/Restore Session + +### Synopsis + +Update status of Repository, Backup/Restore Session + +``` +stash update-status [flags] +``` + +### Options + +``` + --backup-session string Name of the Backup Session + -h, --help help for update-status + --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). + --master string The address of the Kubernetes API server (overrides any value in kubeconfig) + --namespace string Namespace of Backup/Restore Session (default "default") + --output-dir string Directory where output.json file will be written (keep empty if you don't need to write output in file) + --repository string Name of the Repository + --restore-session string Name of the Restore Session +``` + +### Options inherited from parent commands + +``` + --alsologtostderr log to standard error as well as files + --bypass-validating-webhook-xray if true, bypasses validating webhook xray checks + --enable-analytics Send analytical events to Google Analytics (default true) + --enable-status-subresource If true, uses sub resource for crds. + --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --logtostderr log to standard error instead of files (default true) + --service-name string Stash service name. (default "stash-operator") + --stderrthreshold severity logs at or above this threshold go to stderr + --use-kubeapiserver-fqdn-for-aks if true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + -v, --v Level log level for V logs + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + +### SEE ALSO + +* [stash](/docs/reference/stash.md) - Stash by AppsCode - Backup your Kubernetes Volumes + diff --git a/docs/setup/install.md b/docs/setup/install.md index ea257cddc..6cb74e109 100644 --- a/docs/setup/install.md +++ b/docs/setup/install.md @@ -56,7 +56,6 @@ stash.sh [options] options: -h, --help show brief help -n, --namespace=NAMESPACE specify namespace (default: kube-system) - --rbac create RBAC roles and bindings (default: true) --docker-registry docker registry used to pull stash images (default: appscode) --image-pull-secret name of secret used to pull stash operator images --run-on-master run stash operator on master @@ -79,7 +78,7 @@ If you would like to run Stash operator pod in `master` instances, pass the `--r ```console $ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.8.3/hack/deploy/stash.sh \ - | bash -s -- --run-on-master [--rbac] + | bash -s -- --run-on-master ``` Stash operator will be installed in a `kube-system` namespace by default. If you would like to run Stash operator pod in `stash` namespace, pass the `--namespace=stash` flag: @@ -87,7 +86,7 @@ Stash operator will be installed in a `kube-system` namespace by default. If you ```console $ kubectl create namespace stash $ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.8.3/hack/deploy/stash.sh \ - | bash -s -- --namespace=stash [--run-on-master] [--rbac] + | bash -s -- --namespace=stash [--run-on-master] ``` If you are using a private Docker registry, you need to pull the following image: @@ -99,14 +98,14 @@ To pass the address of your private registry and optionally a image pull secret ```console $ kubectl create namespace stash $ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.8.3/hack/deploy/stash.sh \ - | bash -s -- --docker-registry=MY_REGISTRY [--image-pull-secret=SECRET_NAME] [--rbac] + | bash -s -- --docker-registry=MY_REGISTRY [--image-pull-secret=SECRET_NAME] ``` Stash implements [validating admission webhooks](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) to validate Stash CRDs and **mutating webhooks** for Kubernetes workload types. This is helpful when you create `Restic` before creating workload objects. This allows stash operator to initialize the target workloads by adding sidecar or, init-container before workload-pods are created. Thus stash operator does not need to delete workload pods for applying changes. This is particularly helpful for workload kind `StatefulSet`, since Kubernetes does not support adding sidecar / init containers to StatefulSets after they are created. This is enabled by default for Kubernetes 1.9.0 or later releases. To disable this feature, pass the `--enable-validating-webhook=false` and `--enable-mutating-webhook=false` flag respectively. ```console $ curl -fsSL https://raw.githubusercontent.com/appscode/stash/0.8.3/hack/deploy/stash.sh \ - | bash -s -- --enable-validating-webhook=false --enable-mutating-webhook=false [--rbac] + | bash -s -- --enable-validating-webhook=false --enable-mutating-webhook=false ``` Stash 0.8.3 or later releases can use status sub resource for CustomResourceDefintions. This is enabled by default for Kubernetes 1.11.0 or later releases. To disable this feature, pass the `--enable-status-subresource=false` flag. diff --git a/hack/deploy/operator.yaml b/hack/deploy/operator.yaml index e9fe64313..393d996df 100644 --- a/hack/deploy/operator.yaml +++ b/hack/deploy/operator.yaml @@ -26,7 +26,6 @@ spec: args: - run - --v=3 - - --rbac=${STASH_ENABLE_RBAC} - --docker-registry=${STASH_DOCKER_REGISTRY} - --secure-port=8443 - --audit-log-path=- diff --git a/hack/deploy/stash.sh b/hack/deploy/stash.sh index 7519428bd..bf0f0fcdd 100755 --- a/hack/deploy/stash.sh +++ b/hack/deploy/stash.sh @@ -108,7 +108,6 @@ onessl_found || { export STASH_NAMESPACE=kube-system export STASH_SERVICE_ACCOUNT=stash-operator export STASH_SERVICE_NAME=stash-operator -export STASH_ENABLE_RBAC=true export STASH_RUN_ON_MASTER=0 export STASH_ENABLE_VALIDATING_WEBHOOK=false export STASH_ENABLE_MUTATING_WEBHOOK=false @@ -160,7 +159,6 @@ show_help() { echo "options:" echo "-h, --help show brief help" echo "-n, --namespace=NAMESPACE specify namespace (default: kube-system)" - echo " --rbac create RBAC roles and bindings (default: true)" echo " --docker-registry docker registry used to pull stash images (default: appscode)" echo " --image-pull-secret name of secret used to pull stash operator images" echo " --run-on-master run stash operator on master" @@ -254,14 +252,6 @@ while test $# -gt 0; do fi shift ;; - --rbac*) - val=$(echo $1 | sed -e 's/^[^=]*=//g') - if [ "$val" = "false" ]; then - export STASH_SERVICE_ACCOUNT=default - export STASH_ENABLE_RBAC=false - fi - shift - ;; --run-on-master) export STASH_RUN_ON_MASTER=1 shift @@ -429,11 +419,9 @@ export TLS_SERVING_KEY=$(cat server.key | $ONESSL base64) ${SCRIPT_LOCATION}hack/deploy/operator.yaml | $ONESSL envsubst | kubectl apply -f - -if [ "$STASH_ENABLE_RBAC" = true ]; then - ${SCRIPT_LOCATION}hack/deploy/service-account.yaml | $ONESSL envsubst | kubectl apply -f - - ${SCRIPT_LOCATION}hack/deploy/rbac-list.yaml | $ONESSL envsubst | kubectl auth reconcile -f - - ${SCRIPT_LOCATION}hack/deploy/user-roles.yaml | $ONESSL envsubst | kubectl auth reconcile -f - -fi +${SCRIPT_LOCATION}hack/deploy/service-account.yaml | $ONESSL envsubst | kubectl apply -f - +${SCRIPT_LOCATION}hack/deploy/rbac-list.yaml | $ONESSL envsubst | kubectl auth reconcile -f - +${SCRIPT_LOCATION}hack/deploy/user-roles.yaml | $ONESSL envsubst | kubectl auth reconcile -f - if [ "$STASH_RUN_ON_MASTER" -eq 1 ]; then kubectl patch deploy stash-operator -n $STASH_NAMESPACE \ diff --git a/hack/dev/run.sh b/hack/dev/run.sh index b4fc6bd54..603253483 100755 --- a/hack/dev/run.sh +++ b/hack/dev/run.sh @@ -125,7 +125,6 @@ if [ "$STASH_E2E_TEST" = false ]; then # don't run operator while run this scrip --authentication-skip-lookup \ --docker-registry="$STASH_DOCKER_REGISTRY" \ --image-tag="$STASH_IMAGE_TAG" \ - --rbac=true \ --enable-status-subresource=true \ --v=5 fi diff --git a/pkg/backup/backup.go b/pkg/backup/backup.go index 8ba733bae..6f5d725d4 100644 --- a/pkg/backup/backup.go +++ b/pkg/backup/backup.go @@ -53,7 +53,6 @@ type Options struct { RunViaCron bool DockerRegistry string // image registry for check job ImageTag string // image tag for check job - EnableRBAC bool // rbac for check job NumThreads int } @@ -155,9 +154,8 @@ func (c *Controller) Backup() error { return err } if errors.IsNotFound(err) { - if c.opt.EnableRBAC { - job.Spec.Template.Spec.ServiceAccountName = job.Name - } + job.Spec.Template.Spec.ServiceAccountName = job.Name + if job, err = c.k8sClient.BatchV1().Jobs(restic.Namespace).Create(job); err != nil { err = fmt.Errorf("failed to get check job, reason: %s", err) ref, rerr := reference.GetReference(scheme.Scheme, repository) @@ -177,14 +175,12 @@ func (c *Controller) Backup() error { } // create service-account and role-binding - if c.opt.EnableRBAC { - ref, err := reference.GetReference(scheme.Scheme, job) - if err != nil { - return err - } - if err = c.ensureCheckRBAC(ref); err != nil { - return fmt.Errorf("error ensuring rbac for check job %s, reason: %s", job.Name, err) - } + ref, err := reference.GetReference(scheme.Scheme, job) + if err != nil { + return err + } + if err = c.ensureCheckRBAC(ref); err != nil { + return fmt.Errorf("error ensuring rbac for check job %s, reason: %s", job.Name, err) } log.Infoln("Created check job:", job.Name) diff --git a/pkg/backup/backupsession.go b/pkg/backup/backupsession.go index d54b6dd45..b24c8465e 100644 --- a/pkg/backup/backupsession.go +++ b/pkg/backup/backupsession.go @@ -40,7 +40,6 @@ type BackupSessionController struct { StashInformerFactory stashinformers.SharedInformerFactory MaxNumRequeues int NumThreads int - EnableRBAC bool // rbac for check job ResyncPeriod time.Duration //backupConfiguration BackupConfigurationName string diff --git a/pkg/cmds/backup.go b/pkg/cmds/backup.go index 8eeaac4df..fa4ad47d8 100644 --- a/pkg/cmds/backup.go +++ b/pkg/cmds/backup.go @@ -130,7 +130,6 @@ func NewCmdBackup() *cobra.Command { cmd.Flags().BoolVar(&opt.RunViaCron, "run-via-cron", opt.RunViaCron, "Run backup periodically via cron.") cmd.Flags().StringVar(&opt.DockerRegistry, "docker-registry", opt.DockerRegistry, "Check job image registry.") cmd.Flags().StringVar(&opt.ImageTag, "image-tag", opt.ImageTag, "Check job image tag.") - cmd.Flags().BoolVar(&opt.EnableRBAC, "enable-rbac", opt.EnableRBAC, "Enable RBAC") return cmd } diff --git a/pkg/cmds/run_backup.go b/pkg/cmds/run_backup.go index c2176e75d..2702a8111 100644 --- a/pkg/cmds/run_backup.go +++ b/pkg/cmds/run_backup.go @@ -66,7 +66,6 @@ func NewCmdRunBackup() *cobra.Command { cmd.Flags().BoolVar(&con.SetupOpt.EnableCache, "enable-cache", con.SetupOpt.EnableCache, "Specify weather to enable caching for restic") cmd.Flags().IntVar(&con.SetupOpt.MaxConnections, "max-connections", con.SetupOpt.MaxConnections, "Specify maximum concurrent connections for GCS, Azure and B2 backend") cmd.Flags().BoolVar(&con.Metrics.Enabled, "metrics-enabled", con.Metrics.Enabled, "Specify weather to export Prometheus metrics") - cmd.Flags().BoolVar(&con.EnableRBAC, "enable-rbac", con.EnableRBAC, "Enable RBAC") cmd.Flags().StringVar(&con.Metrics.PushgatewayURL, "pushgateway-url", con.Metrics.PushgatewayURL, "URL of Prometheus pushgateway used to cache backup metrics") return cmd diff --git a/pkg/cmds/server/options.go b/pkg/cmds/server/options.go index 22b873f82..19d69e65e 100644 --- a/pkg/cmds/server/options.go +++ b/pkg/cmds/server/options.go @@ -20,7 +20,6 @@ import ( ) type ExtraOptions struct { - EnableRBAC bool StashImageTag string DockerRegistry string MaxNumRequeues int @@ -47,7 +46,6 @@ func NewExtraOptions() *ExtraOptions { } func (s *ExtraOptions) AddGoFlags(fs *flag.FlagSet) { - fs.BoolVar(&s.EnableRBAC, "rbac", s.EnableRBAC, "Enable RBAC for operator") fs.StringVar(&s.ScratchDir, "scratch-dir", s.ScratchDir, "Directory used to store temporary files. Use an `emptyDir` in Kubernetes.") fs.StringVar(&s.StashImageTag, "image-tag", s.StashImageTag, "Image tag for sidecar, init-container, check-job and recovery-job") fs.StringVar(&s.DockerRegistry, "docker-registry", s.DockerRegistry, "Docker image registry for sidecar, init-container, check-job, recovery-job and kubectl-job") @@ -71,7 +69,6 @@ func (s *ExtraOptions) AddFlags(fs *pflag.FlagSet) { func (s *ExtraOptions) ApplyTo(cfg *controller.Config) error { var err error - cfg.EnableRBAC = s.EnableRBAC cfg.StashImageTag = s.StashImageTag cfg.DockerRegistry = s.DockerRegistry cfg.MaxNumRequeues = s.MaxNumRequeues diff --git a/pkg/controller/backup_configuration.go b/pkg/controller/backup_configuration.go index a72ae6b19..5110339a8 100644 --- a/pkg/controller/backup_configuration.go +++ b/pkg/controller/backup_configuration.go @@ -205,34 +205,33 @@ func (c *StashController) EnsureCronJob(backupConfiguration *api_v1beta1.BackupC // if RBAC is enabled then ensure respective ClusterRole,RoleBinding,ServiceAccount etc. serviceAccountName := "default" - if c.EnableRBAC { - if backupConfiguration.Spec.RuntimeSettings.Pod != nil && - backupConfiguration.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { - // ServiceAccount has been specified, so use it. - serviceAccountName = backupConfiguration.Spec.RuntimeSettings.Pod.ServiceAccountName - } else { - // ServiceAccount hasn't been specified. so create new one with same name as BackupConfiguration object. - serviceAccountName = meta.Name + if backupConfiguration.Spec.RuntimeSettings.Pod != nil && + backupConfiguration.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { + // ServiceAccount has been specified, so use it. + serviceAccountName = backupConfiguration.Spec.RuntimeSettings.Pod.ServiceAccountName + } else { + // ServiceAccount hasn't been specified. so create new one with same name as BackupConfiguration object. + serviceAccountName = meta.Name - _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, meta, func(in *core.ServiceAccount) *core.ServiceAccount { - core_util.EnsureOwnerReference(&in.ObjectMeta, ref) - if in.Labels == nil { - in.Labels = map[string]string{} - } - in.Labels[util.LabelApp] = util.AppLabelStash - return in - }) - if err != nil { - return err + _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, meta, func(in *core.ServiceAccount) *core.ServiceAccount { + core_util.EnsureOwnerReference(&in.ObjectMeta, ref) + if in.Labels == nil { + in.Labels = map[string]string{} } - } - - // now ensure RBAC stuff for this CronJob - err := c.ensureCronJobRBAC(ref, serviceAccountName) + in.Labels[util.LabelApp] = util.AppLabelStash + return in + }) if err != nil { return err } } + + // now ensure RBAC stuff for this CronJob + err = c.ensureCronJobRBAC(ref, serviceAccountName) + if err != nil { + return err + } + _, _, err = batch_util.CreateOrPatchCronJob(c.kubeClient, meta, func(in *batch_v1beta1.CronJob) *batch_v1beta1.CronJob { //set backup-configuration as cron-job owner core_util.EnsureOwnerReference(&in.ObjectMeta, ref) @@ -255,9 +254,7 @@ func (c *StashController) EnsureCronJob(backupConfiguration *api_v1beta1.BackupC }, }) in.Spec.JobTemplate.Spec.Template.Spec.RestartPolicy = core.RestartPolicyNever - if c.EnableRBAC { - in.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = serviceAccountName - } + in.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = serviceAccountName return in }) diff --git a/pkg/controller/backup_session.go b/pkg/controller/backup_session.go index 1a72ca9ec..8b5809abb 100644 --- a/pkg/controller/backup_session.go +++ b/pkg/controller/backup_session.go @@ -156,35 +156,33 @@ func (c *StashController) ensureBackupJob(backupSession *api_v1beta1.BackupSessi serviceAccountName := "default" // if RBAC is enabled then ensure respective RBAC stuffs - if c.EnableRBAC { - if backupConfig.Spec.RuntimeSettings.Pod != nil && backupConfig.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { - serviceAccountName = backupConfig.Spec.RuntimeSettings.Pod.ServiceAccountName - } else { - // ServiceAccount hasn't been specified. so create new one. - serviceAccountName = backupConfig.Name - saMeta := metav1.ObjectMeta{ - Name: serviceAccountName, - Namespace: backupConfig.Namespace, - } - _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, saMeta, func(in *core.ServiceAccount) *core.ServiceAccount { - core_util.EnsureOwnerReference(&in.ObjectMeta, backupConfigRef) - if in.Labels == nil { - in.Labels = map[string]string{} - } - in.Labels[util.LabelApp] = util.AppLabelStash - return in - }) - if err != nil { - return err - } + if backupConfig.Spec.RuntimeSettings.Pod != nil && backupConfig.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { + serviceAccountName = backupConfig.Spec.RuntimeSettings.Pod.ServiceAccountName + } else { + // ServiceAccount hasn't been specified. so create new one. + serviceAccountName = backupConfig.Name + saMeta := metav1.ObjectMeta{ + Name: serviceAccountName, + Namespace: backupConfig.Namespace, } - - err := c.ensureBackupJobRBAC(backupConfigRef, serviceAccountName) + _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, saMeta, func(in *core.ServiceAccount) *core.ServiceAccount { + core_util.EnsureOwnerReference(&in.ObjectMeta, backupConfigRef) + if in.Labels == nil { + in.Labels = map[string]string{} + } + in.Labels[util.LabelApp] = util.AppLabelStash + return in + }) if err != nil { return err } } + err = c.ensureBackupJobRBAC(backupConfigRef, serviceAccountName) + if err != nil { + return err + } + // get repository for backupConfig repository, err := c.stashClient.StashV1alpha1().Repositories(backupConfig.Namespace).Get( backupConfig.Spec.Repository.Name, diff --git a/pkg/controller/config.go b/pkg/controller/config.go index d75cdf4cc..fe4e8d818 100644 --- a/pkg/controller/config.go +++ b/pkg/controller/config.go @@ -26,7 +26,6 @@ const ( ) type config struct { - EnableRBAC bool StashImageTag string DockerRegistry string MaxNumRequeues int @@ -94,10 +93,8 @@ func (c *Config) New() (*StashController, error) { } } - if ctrl.EnableRBAC { - if err := ctrl.ensureSidecarClusterRole(); err != nil { - return nil, err - } + if err := ctrl.ensureSidecarClusterRole(); err != nil { + return nil, err } ctrl.initNamespaceWatcher() diff --git a/pkg/controller/init_container.go b/pkg/controller/init_container.go index 77dcfd7be..ffef5b02b 100644 --- a/pkg/controller/init_container.go +++ b/pkg/controller/init_container.go @@ -19,20 +19,18 @@ import ( func (c *StashController) ensureRestoreInitContainer(w *wapi.Workload, rs *api_v1beta1.RestoreSession) error { // if RBAC is enabled then ensure ServiceAccount and respective ClusterRole and RoleBinding - if c.EnableRBAC { - sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") - ref, err := reference.GetReference(scheme.Scheme, w) - if err != nil { - ref = &core.ObjectReference{ - Name: w.Name, - Namespace: w.Namespace, - } - } - err = c.ensureRestoreInitContainerRBAC(ref, sa) - if err != nil { - return err + sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") + ref, err := reference.GetReference(scheme.Scheme, w) + if err != nil { + ref = &core.ObjectReference{ + Name: w.Name, + Namespace: w.Namespace, } } + err = c.ensureRestoreInitContainerRBAC(ref, sa) + if err != nil { + return err + } repository, err := c.stashClient.StashV1alpha1().Repositories(rs.Namespace).Get(rs.Spec.Repository.Name, metav1.GetOptions{}) if err != nil { @@ -67,7 +65,7 @@ func (c *StashController) ensureRestoreInitContainer(w *wapi.Workload, rs *api_v // insert restore init container w.Spec.Template.Spec.InitContainers = core_util.UpsertContainer( w.Spec.Template.Spec.InitContainers, - util.NewRestoreInitContainer(rs, repository, image, c.EnableRBAC), + util.NewRestoreInitContainer(rs, repository, image), ) // keep existing image pull secrets and add new image pull secrets if specified in RestoreSession spec. diff --git a/pkg/controller/jobs.go b/pkg/controller/jobs.go index 2177dadb7..ec7b168da 100644 --- a/pkg/controller/jobs.go +++ b/pkg/controller/jobs.go @@ -63,12 +63,11 @@ func (c *StashController) runJobInjector(key string) error { glog.Infof("Deleted stash job: %s", job.GetName()) - if c.EnableRBAC { - err = c.ensureRepoReaderRolebindingDeleted(&job.ObjectMeta) - if err != nil { - return fmt.Errorf("failed to delete repo-reader rolebinding. reason: %s", err) - } + err = c.ensureRepoReaderRolebindingDeleted(&job.ObjectMeta) + if err != nil { + return fmt.Errorf("failed to delete repo-reader rolebinding. reason: %s", err) } + } } return nil diff --git a/pkg/controller/rbac_sidecar.go b/pkg/controller/rbac_sidecar.go index e105eb86a..a116ec4c8 100644 --- a/pkg/controller/rbac_sidecar.go +++ b/pkg/controller/rbac_sidecar.go @@ -134,21 +134,19 @@ func (c *StashController) ensureSidecarRoleBindingDeleted(w *wapi.Workload) erro } func (c *StashController) ensureUnnecessaryWorkloadRBACDeleted(w *wapi.Workload) error { - if c.EnableRBAC { - // delete backup sidecar RoleBinding if workload does not have stash sidecar - if !hasStashSidecar(w.Spec.Template.Spec.Containers) { - err := c.ensureSidecarRoleBindingDeleted(w) - if err != nil && !kerr.IsNotFound(err) { - return err - } + // delete backup sidecar RoleBinding if workload does not have stash sidecar + if !hasStashSidecar(w.Spec.Template.Spec.Containers) { + err := c.ensureSidecarRoleBindingDeleted(w) + if err != nil && !kerr.IsNotFound(err) { + return err } + } - // delete restore init-container RoleBinding if workload does not have sash init-container - if !hasStashInitContainer(w.Spec.Template.Spec.InitContainers) { - err := c.ensureRestoreInitContainerRoleBindingDeleted(w) - if err != nil && !kerr.IsNotFound(err) { - return err - } + // delete restore init-container RoleBinding if workload does not have sash init-container + if !hasStashInitContainer(w.Spec.Template.Spec.InitContainers) { + err := c.ensureRestoreInitContainerRoleBindingDeleted(w) + if err != nil && !kerr.IsNotFound(err) { + return err } } diff --git a/pkg/controller/recoveries.go b/pkg/controller/recoveries.go index f47010237..62da6d092 100644 --- a/pkg/controller/recoveries.go +++ b/pkg/controller/recoveries.go @@ -144,9 +144,7 @@ func (c *StashController) runRecoveryJob(rec *api.Recovery) error { eventer.CreateEvent(c.kubeClient, RecoveryEventComponent, rec, core.EventTypeWarning, eventer.EventReasonJobFailedToCreate, err.Error()) return err } - if c.EnableRBAC { - job.Spec.Template.Spec.ServiceAccountName = job.Name - } + job.Spec.Template.Spec.ServiceAccountName = job.Name job, err = c.kubeClient.BatchV1().Jobs(rec.Namespace).Create(job) if err != nil { @@ -167,22 +165,20 @@ func (c *StashController) runRecoveryJob(rec *api.Recovery) error { return err } - if c.EnableRBAC { - ref, err := reference.GetReference(scheme.Scheme, job) - if err != nil { - return err - } - if err := c.ensureRecoveryRBAC(ref); err != nil { - err = fmt.Errorf("error ensuring rbac for recovery job %s, reason: %s", job.Name, err) - eventer.CreateEvent(c.kubeClient, RecoveryEventComponent, rec, core.EventTypeWarning, eventer.EventReasonJobFailedToCreate, err.Error()) - return err - } + ref, err := reference.GetReference(scheme.Scheme, job) + if err != nil { + return err + } + if err := c.ensureRecoveryRBAC(ref); err != nil { + err = fmt.Errorf("error ensuring rbac for recovery job %s, reason: %s", job.Name, err) + eventer.CreateEvent(c.kubeClient, RecoveryEventComponent, rec, core.EventTypeWarning, eventer.EventReasonJobFailedToCreate, err.Error()) + return err + } - if err := c.ensureRepoReaderRBAC(ref, rec); err != nil { - err = fmt.Errorf("error ensuring repository-reader rbac for recovery job %s, reason: %s", job.Name, err) - eventer.CreateEvent(c.kubeClient, RecoveryEventComponent, rec, core.EventTypeWarning, eventer.EventReasonJobFailedToCreate, err.Error()) - return err - } + if err := c.ensureRepoReaderRBAC(ref, rec); err != nil { + err = fmt.Errorf("error ensuring repository-reader rbac for recovery job %s, reason: %s", job.Name, err) + eventer.CreateEvent(c.kubeClient, RecoveryEventComponent, rec, core.EventTypeWarning, eventer.EventReasonJobFailedToCreate, err.Error()) + return err } log.Infoln("Recovery job created:", job.Name) diff --git a/pkg/controller/restics.go b/pkg/controller/restics.go index b551406ee..e199baae5 100644 --- a/pkg/controller/restics.go +++ b/pkg/controller/restics.go @@ -197,23 +197,19 @@ func (c *StashController) EnsureScaledownCronJob(restic *api.Restic) error { in.Spec.JobTemplate.Spec.Template.Spec.ImagePullSecrets = restic.Spec.ImagePullSecrets in.Spec.JobTemplate.Spec.Template.Spec.RestartPolicy = core.RestartPolicyNever - if c.EnableRBAC { - in.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = in.Name - } + in.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = in.Name return in }) if err != nil { return err } - if c.EnableRBAC { - ref, err := reference.GetReference(scheme.Scheme, cronJob) - if err != nil { - return err - } - if err = c.ensureScaledownJobRBAC(ref); err != nil { - return fmt.Errorf("error ensuring rbac for kubectl cron job %s, reason: %s", meta.Name, err) - } + ref, err := reference.GetReference(scheme.Scheme, cronJob) + if err != nil { + return err + } + if err = c.ensureScaledownJobRBAC(ref); err != nil { + return fmt.Errorf("error ensuring rbac for kubectl cron job %s, reason: %s", meta.Name, err) } return nil diff --git a/pkg/controller/restore_session.go b/pkg/controller/restore_session.go index f07a8a5fb..4c805a694 100644 --- a/pkg/controller/restore_session.go +++ b/pkg/controller/restore_session.go @@ -180,34 +180,32 @@ func (c *StashController) ensureRestoreJob(restoreSession *api_v1beta1.RestoreSe // if RBAC is enabled then ensure respective ClusterRole,RoleBinding,ServiceAccount etc. serviceAccountName := "default" - if c.EnableRBAC { - if restoreSession.Spec.RuntimeSettings.Pod != nil && - restoreSession.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { - // ServiceAccount has been specified, so use it. - serviceAccountName = restoreSession.Spec.RuntimeSettings.Pod.ServiceAccountName - } else { - // ServiceAccount hasn't been specified. so create new one with same name as RestoreSession object. - serviceAccountName = objectMeta.Name + if restoreSession.Spec.RuntimeSettings.Pod != nil && + restoreSession.Spec.RuntimeSettings.Pod.ServiceAccountName != "" { + // ServiceAccount has been specified, so use it. + serviceAccountName = restoreSession.Spec.RuntimeSettings.Pod.ServiceAccountName + } else { + // ServiceAccount hasn't been specified. so create new one with same name as RestoreSession object. + serviceAccountName = objectMeta.Name - _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, objectMeta, func(in *core.ServiceAccount) *core.ServiceAccount { - core_util.EnsureOwnerReference(&in.ObjectMeta, ref) - if in.Labels == nil { - in.Labels = map[string]string{} - } - in.Labels[util.LabelApp] = util.AppLabelStash - return in - }) - if err != nil { - return err + _, _, err := core_util.CreateOrPatchServiceAccount(c.kubeClient, objectMeta, func(in *core.ServiceAccount) *core.ServiceAccount { + core_util.EnsureOwnerReference(&in.ObjectMeta, ref) + if in.Labels == nil { + in.Labels = map[string]string{} } - } - - err := c.ensureRestoreJobRBAC(ref, serviceAccountName) + in.Labels[util.LabelApp] = util.AppLabelStash + return in + }) if err != nil { return err } } + err = c.ensureRestoreJobRBAC(ref, serviceAccountName) + if err != nil { + return err + } + // get repository for backupConfig repository, err := c.stashClient.StashV1alpha1().Repositories(restoreSession.Namespace).Get( restoreSession.Spec.Repository.Name, @@ -265,9 +263,7 @@ func (c *StashController) ensureRestoreJob(restoreSession *api_v1beta1.RestoreSe util.LabelApp: util.AppLabelStashV1Beta1, } in.Spec.Template.Spec = podSpec - if c.EnableRBAC { - in.Spec.Template.Spec.ServiceAccountName = serviceAccountName - } + in.Spec.Template.Spec.ServiceAccountName = serviceAccountName return in }) diff --git a/pkg/controller/sidecar.go b/pkg/controller/sidecar.go index 071e78cbc..83b1263c0 100644 --- a/pkg/controller/sidecar.go +++ b/pkg/controller/sidecar.go @@ -24,27 +24,25 @@ import ( ) func (c *StashController) ensureWorkloadSidecar(w *wapi.Workload, restic *api_v1alpha1.Restic) error { - if c.EnableRBAC { - sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") - ref, err := reference.GetReference(scheme.Scheme, w) - if err != nil { - ref = &core.ObjectReference{ - Name: w.Name, - Namespace: w.Namespace, - } - } - err = c.ensureSidecarRoleBinding(ref, sa) - if err != nil { - return err + sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") + ref, err := reference.GetReference(scheme.Scheme, w) + if err != nil { + ref = &core.ObjectReference{ + Name: w.Name, + Namespace: w.Namespace, } } + err = c.ensureSidecarRoleBinding(ref, sa) + if err != nil { + return err + } if restic.Spec.Backend.StorageSecretName == "" { err := fmt.Errorf("missing repository secret name for Restic %s/%s", restic.Namespace, restic.Name) return err } - _, err := c.kubeClient.CoreV1().Secrets(w.Namespace).Get(restic.Spec.Backend.StorageSecretName, metav1.GetOptions{}) + _, err = c.kubeClient.CoreV1().Secrets(w.Namespace).Get(restic.Spec.Backend.StorageSecretName, metav1.GetOptions{}) if err != nil { return err } @@ -60,7 +58,7 @@ func (c *StashController) ensureWorkloadSidecar(w *wapi.Workload, restic *api_v1 Image: docker.ImageStash, Tag: c.StashImageTag, } - ref := api_v1alpha1.LocalTypedReference{ + localRef := api_v1alpha1.LocalTypedReference{ Kind: w.Kind, Name: w.Name, } @@ -68,12 +66,12 @@ func (c *StashController) ensureWorkloadSidecar(w *wapi.Workload, restic *api_v1 if restic.Spec.Type == api_v1alpha1.BackupOffline { w.Spec.Template.Spec.InitContainers = core_util.UpsertContainer( w.Spec.Template.Spec.InitContainers, - util.NewInitContainer(restic, ref, image, c.EnableRBAC), + util.NewInitContainer(restic, localRef, image), ) } else { w.Spec.Template.Spec.Containers = core_util.UpsertContainer( w.Spec.Template.Spec.Containers, - util.NewSidecarContainer(restic, ref, image, c.EnableRBAC), + util.NewSidecarContainer(restic, localRef, image), ) } @@ -136,21 +134,19 @@ func (c *StashController) ensureWorkloadSidecarDeleted(w *wapi.Workload, restic } func (c *StashController) ensureBackupSidecar(w *wapi.Workload, bc *api_v1beta1.BackupConfiguration) error { - if c.EnableRBAC { - sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") - ref, err := reference.GetReference(scheme.Scheme, w) - if err != nil { - ref = &core.ObjectReference{ - Name: w.Name, - Namespace: w.Namespace, - APIVersion: w.APIVersion, - } - } - err = c.ensureSidecarRoleBinding(ref, sa) - if err != nil { - return err + sa := stringz.Val(w.Spec.Template.Spec.ServiceAccountName, "default") + ref, err := reference.GetReference(scheme.Scheme, w) + if err != nil { + ref = &core.ObjectReference{ + Name: w.Name, + Namespace: w.Namespace, + APIVersion: w.APIVersion, } } + err = c.ensureSidecarRoleBinding(ref, sa) + if err != nil { + return err + } repository, err := c.stashClient.StashV1alpha1().Repositories(bc.Namespace).Get(bc.Spec.Repository.Name, metav1.GetOptions{}) if err != nil { @@ -182,7 +178,7 @@ func (c *StashController) ensureBackupSidecar(w *wapi.Workload, bc *api_v1beta1. w.Spec.Template.Spec.Containers = core_util.UpsertContainer( w.Spec.Template.Spec.Containers, - util.NewBackupSidecarContainer(bc, &repository.Spec.Backend, image, c.EnableRBAC), + util.NewBackupSidecarContainer(bc, &repository.Spec.Backend, image), ) // keep existing image pull secrets diff --git a/pkg/restic/restore.go b/pkg/restic/restore.go index 5364caf3e..ffa5aa612 100644 --- a/pkg/restic/restore.go +++ b/pkg/restic/restore.go @@ -25,7 +25,7 @@ func (w *ResticWrapper) RunRestore(restoreOptions RestoreOptions) (*RestoreOutpu } } else if len(restoreOptions.RestoreDirs) != 0 { for _, path := range restoreOptions.RestoreDirs { - if _, err := w.restore(path, restoreOptions.Host, "", restoreOptions.Destination); err != nil { + if _, err := w.restore(path, restoreOptions.SourceHost, "", restoreOptions.Destination); err != nil { return nil, err } } diff --git a/pkg/util/init_container.go b/pkg/util/init_container.go index 58e587b7b..1d6c453da 100644 --- a/pkg/util/init_container.go +++ b/pkg/util/init_container.go @@ -13,8 +13,8 @@ import ( "kmodules.xyz/client-go/tools/clientcmd" ) -func NewInitContainer(r *v1alpha1_api.Restic, workload v1alpha1_api.LocalTypedReference, image docker.Docker, enableRBAC bool) core.Container { - container := NewSidecarContainer(r, workload, image, enableRBAC) +func NewInitContainer(r *v1alpha1_api.Restic, workload v1alpha1_api.LocalTypedReference, image docker.Docker) core.Container { + container := NewSidecarContainer(r, workload, image) container.Args = []string{ "backup", "--restic-name=" + r.Name, @@ -28,14 +28,12 @@ func NewInitContainer(r *v1alpha1_api.Restic, workload v1alpha1_api.LocalTypedRe fmt.Sprintf("--enable-analytics=%v", cli.EnableAnalytics), } container.Args = append(container.Args, cli.LoggerOptions.ToFlags()...) - if enableRBAC { - container.Args = append(container.Args, "--enable-rbac=true") - } + container.Args = append(container.Args, "--enable-rbac=true") return container } -func NewRestoreInitContainer(rs *v1beta1_api.RestoreSession, repository *v1alpha1_api.Repository, image docker.Docker, enableRBAC bool) core.Container { +func NewRestoreInitContainer(rs *v1beta1_api.RestoreSession, repository *v1alpha1_api.Repository, image docker.Docker) core.Container { initContainer := core.Container{ Name: StashInitContainer, Image: image.ToContainerImage(), diff --git a/pkg/util/sidecar.go b/pkg/util/sidecar.go index ea5b21bc5..505980304 100644 --- a/pkg/util/sidecar.go +++ b/pkg/util/sidecar.go @@ -15,7 +15,7 @@ import ( store "kmodules.xyz/objectstore-api/api/v1" ) -func NewSidecarContainer(r *api.Restic, workload api.LocalTypedReference, image docker.Docker, enableRBAC bool) core.Container { +func NewSidecarContainer(r *api.Restic, workload api.LocalTypedReference, image docker.Docker) core.Container { if r.Annotations != nil { if v, ok := r.Annotations[apis.VersionTag]; ok { image.Tag = v @@ -36,7 +36,6 @@ func NewSidecarContainer(r *api.Restic, workload api.LocalTypedReference, image fmt.Sprintf("--enable-status-subresource=%v", apis.EnableStatusSubresource), fmt.Sprintf("--use-kubeapiserver-fqdn-for-aks=%v", clientcmd.UseKubeAPIServerFQDNForAKS()), fmt.Sprintf("--enable-analytics=%v", cli.EnableAnalytics), - fmt.Sprintf("--enable-rbac=%v", enableRBAC), }, cli.LoggerOptions.ToFlags()...), Env: []core.EnvVar{ { @@ -90,7 +89,7 @@ func NewSidecarContainer(r *api.Restic, workload api.LocalTypedReference, image return sidecar } -func NewBackupSidecarContainer(bc *v1beta1_api.BackupConfiguration, backend *store.Backend, image docker.Docker, enableRBAC bool) core.Container { +func NewBackupSidecarContainer(bc *v1beta1_api.BackupConfiguration, backend *store.Backend, image docker.Docker) core.Container { sidecar := core.Container{ Name: StashContainer, Image: image.ToContainerImage(), @@ -105,7 +104,6 @@ func NewBackupSidecarContainer(bc *v1beta1_api.BackupConfiguration, backend *sto fmt.Sprintf("--enable-status-subresource=%v", apis.EnableStatusSubresource), fmt.Sprintf("--use-kubeapiserver-fqdn-for-aks=%v", clientcmd.UseKubeAPIServerFQDNForAKS()), fmt.Sprintf("--enable-analytics=%v", cli.EnableAnalytics), - fmt.Sprintf("--enable-rbac=%v", enableRBAC), }, cli.LoggerOptions.ToFlags()...), Env: []core.EnvVar{ { diff --git a/test/e2e/framework/functions.go b/test/e2e/framework/functions.go index a218a9a48..a6af7e492 100644 --- a/test/e2e/framework/functions.go +++ b/test/e2e/framework/functions.go @@ -53,7 +53,7 @@ func (f *Invocation) UpdateStatusFunction() v1beta1.Function { fmt.Sprintf("--backup-session=${%s:=}", apis.BackupSession), fmt.Sprintf("--restore-session=${%s:=}", apis.RestoreSession), fmt.Sprintf("--output-dir=${%s:=}", outputDir), - fmt.Sprintf("--enable-status-subresource=${%s:=%s}", apis.StatusSubresourceEnabled, apis.StatusSubresourceEnabled), + fmt.Sprintf("--enable-status-subresource=${%s:=true}", apis.StatusSubresourceEnabled), }, }, } @@ -67,7 +67,7 @@ func (f *Invocation) PvcBackupFunction() v1beta1.Function { Spec: v1beta1.FunctionSpec{ Image: getImage(), Args: []string{ - FunctionPvcBackup, + "backup-pvc", fmt.Sprintf("--provider=${%s:=}", apis.RepositoryProvider), fmt.Sprintf("--bucket=${%s:=}", apis.RepositoryBucket), fmt.Sprintf("--endpoint=${%s:=}", apis.RepositoryEndpoint), @@ -103,7 +103,7 @@ func (f *Invocation) PvcRestoreFunction() v1beta1.Function { Spec: v1beta1.FunctionSpec{ Image: getImage(), Args: []string{ - FunctionPvcRestore, + "restore-pvc", fmt.Sprintf("--provider=${%s:=}", apis.RepositoryProvider), fmt.Sprintf("--bucket=${%s:=}", apis.RepositoryBucket), fmt.Sprintf("--endpoint=${%s:=}", apis.RepositoryEndpoint), diff --git a/test/e2e/framework/restore_session.go b/test/e2e/framework/restore_session.go index 5548efbab..68f28835d 100644 --- a/test/e2e/framework/restore_session.go +++ b/test/e2e/framework/restore_session.go @@ -51,8 +51,8 @@ func (f *Framework) EventuallyRestoreSessionPhase(meta metav1.ObjectMeta) Gomega Expect(err).NotTo(HaveOccurred()) return restoreSession.Status.Phase }, - time.Minute*5, - time.Second*5, + time.Minute*7, + time.Second*7, ) } diff --git a/test/e2e/workload_test.go b/test/e2e/workload_test.go index 1139a7f44..9208b9811 100644 --- a/test/e2e/workload_test.go +++ b/test/e2e/workload_test.go @@ -635,6 +635,8 @@ var _ = Describe("StatefulSet", func() { recoveredss.Spec.Replicas = types.Int32P(5) _, err := f.CreateStatefulSet(recoveredss) Expect(err).NotTo(HaveOccurred()) + err = util.WaitUntilStatefulSetReady(f.KubeClient, recoveredss.ObjectMeta) + Expect(err).NotTo(HaveOccurred()) restoreSession.Spec.Target.Ref.Name = recoveredss.Name