Documentation
¶
Index ¶
- type Authentik
- type AuthentikBackupOptions
- type AuthentikRestoreOptions
- type DREvent
- type OptionsBackupSnapshot
- type OptionsClusterUserCert
- type Teleport
- type TeleportBackupOptions
- type TeleportBackupOptionsAudit
- type TeleportOptionsAudit
- type TeleportOptionsS3Sync
- type TeleportRestoreOptions
- type TeleportRestoreOptionsAudit
- type VaultWarden
- type VaultWardenBackupOptions
- type VaultWardenRestoreOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authentik ¶ added in v0.0.6
type Authentik struct {
// contains filtered or unexported fields
}
func NewAuthentik ¶ added in v0.0.6
func NewAuthentik(kubeClusterClient kubecluster.ClientInterface) *Authentik
func (*Authentik) Backup ¶ added in v0.0.6
func (a *Authentik) Backup(ctx *contexts.Context, namespace, backupName, clusterName, servingCertIssuerName, clientCertIssuerName, mediaS3Path string, mediaS3Credentials s3.CredentialsInterface, opts AuthentikBackupOptions) (backup *DREvent, err error)
func (*Authentik) Restore ¶ added in v0.0.6
func (a *Authentik) Restore(ctx *contexts.Context, namespace, restoreName, clusterName, servingCertName, clientCertIssuerName string, mediaS3Path string, mediaS3Credentials s3.CredentialsInterface, opts AuthentikRestoreOptions) (restore *DREvent, err error)
type AuthentikBackupOptions ¶ added in v0.0.6
type AuthentikBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type AuthentikRestoreOptions ¶ added in v0.0.6
type AuthentikRestoreOptions struct {
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type DREvent ¶ added in v0.0.2
type DREvent struct {
Name string // Human-readable, DNS-safe name to identify the DR event. Must be unique for a given timestamp (within 1s).
StartTime time.Time
EndTime time.Time
}
func NewDREventNow ¶ added in v0.0.2
func (*DREvent) CalculateRuntime ¶ added in v0.0.2
func (*DREvent) GetFullName ¶ added in v0.0.2
func (*DREvent) HasCompleted ¶ added in v0.0.2
type OptionsBackupSnapshot ¶ added in v0.0.5
type OptionsBackupSnapshot struct {
ReadyTimeout helpers.MaxWaitTime `yaml:"snapshotReadyTimeout,omitempty"`
SnapshotClass string `yaml:"snapshotClass,omitempty"`
}
type OptionsClusterUserCert ¶ added in v0.0.5
type OptionsClusterUserCert struct {
Subject *certmanagerv1.X509Subject `yaml:"subject,omitempty"`
WaitForReadyTimeout helpers.MaxWaitTime `yaml:"waitForReadyTimeout,omitempty"`
CRPOpts clusterusercert.NewClusterUserCertOptsCRP `yaml:"certificateRequestPolicy,omitempty"`
}
type Teleport ¶ added in v0.0.5
type Teleport struct {
// contains filtered or unexported fields
}
func NewTeleport ¶ added in v0.0.5
func NewTeleport(kubeClusterClient kubecluster.ClientInterface) *Teleport
func (*Teleport) Backup ¶ added in v0.0.5
func (t *Teleport) Backup(ctx *contexts.Context, namespace, backupName, coreClusterName, servingCertIssuerName, clientCertIssuerName string, opts TeleportBackupOptions) (backup *DREvent, err error)
Backup process: 1. Create the DR PVC if not exists 2. Clone the Core cluster 3. Clone the Audit cluster (if enabled) with PITR set to the same time as the Core cluster clone 4. Deploy a backup-tool instance with access to both the Core and Audit cloned clusters 5. Perform a logical backup of the Core cluster 6. Perform a logical backup of the Audit cluster (if enabled) 7. Sync the audit session logs from object storage (if enabled) 8. Snapshot the backup PVC
func (*Teleport) Restore ¶ added in v0.0.5
func (t *Teleport) Restore(ctx *contexts.Context, namespace, restoreName, coreClusterName, coreServingCertName, coreClientCertIssuerName string, opts TeleportRestoreOptions) (restore *DREvent, err error)
Restore requirements: * The DR PVC must exist * Replacement clusters must be already deployed * The enabled CNPG cluster must already exist, but not be in use * The enabled CNPG client CA issuer must already exist * The enabled CNPG cluster must support TLS auth for the postgres user * The enabled CNPG cluster serving cert must already exist Restore process: 1. Ensure that the provided resources exist and are ready 2. Restore the core CNPG cluster 2. 1. Create postgres user cert 2. 2. Spawn a new backup-tool pod with postgres auth and serving certs, and DR mount attached 2. 3. Perform a Postgres logical recovery of the cluster 3. Restore the audit CNPG cluster (if enabled) 3. 1. Create postgres user cert 3. 2. Spawn a new backup-tool pod with postgres auth and serving certs, and DR mount attached 3. 3. Perform a Postgres logical recovery of the cluster 4. Restore the audit session logs (if enabled)
type TeleportBackupOptions ¶ added in v0.0.5
type TeleportBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
AuditCluster TeleportBackupOptionsAudit `yaml:"auditCluster,omitempty"`
AuditSessionLogs TeleportOptionsS3Sync `yaml:"auditSessionLogs,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type TeleportBackupOptionsAudit ¶ added in v0.0.5
type TeleportBackupOptionsAudit struct {
TeleportOptionsAudit
}
type TeleportOptionsAudit ¶ added in v0.0.5
type TeleportOptionsS3Sync ¶ added in v0.0.5
type TeleportOptionsS3Sync struct {
Enabled bool `yaml:"enabled,omitempty"`
S3Path string `yaml:"s3Path,omitempty"`
// TODO accept values from env, file, or k8s secret
// TODO if I switch to COSI, remove this and generate a BucketAccess resource instead
Credentials s3.Credentials `yaml:"credentials,omitempty"`
}
type TeleportRestoreOptions ¶ added in v0.0.5
type TeleportRestoreOptions struct {
AuditCluster TeleportRestoreOptionsAudit `yaml:"auditCluster,omitempty"`
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
AuditSessionLogs TeleportOptionsS3Sync `yaml:"auditSessionLogs,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type TeleportRestoreOptionsAudit ¶ added in v0.0.5
type TeleportRestoreOptionsAudit struct {
TeleportOptionsAudit
ServingCertName string `yaml:"servingCertName,omitempty"`
ClientCertIssuerName string `yaml:"clientCertIssuerName,omitempty"`
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
}
type VaultWarden ¶
type VaultWarden struct {
// contains filtered or unexported fields
}
func NewVaultWarden ¶
func NewVaultWarden(client kubecluster.ClientInterface) *VaultWarden
func (*VaultWarden) Backup ¶
func (vw *VaultWarden) Backup(ctx *contexts.Context, namespace, backupName, dataPVC, cnpgClusterName, servingCertIssuerName, clientCertIssuerName string, backupOptions VaultWardenBackupOptions) (backup *DREvent, err error)
Backup process: 1. Take the CNPG base backup (establishes the DB consistency point, before the other captures) 2. Snapshot/clone the PVC containing the data directory (its clone time is the recovery target T_dr) 3. Create the DR PVC if not exists 4. Create the cloned CNPG cluster, recovering forward to T_dr (idle source falls back to the consistency point) 5. Spawn a tool instance with the cloned PVC, cloned-cluster certs, and DR mount attached 6. Sync the data directory to the DR volume 7. Perform a CNPG logical backup (pg_dumpall) to the DR mount 8. Take a snapshot of the DR volume 9. Exit the tool instance, delete all created resources except for the DR volume snapshot
func (*VaultWarden) Restore ¶ added in v0.0.2
func (vw *VaultWarden) Restore(ctx *contexts.Context, namespace, restoreName, dataPVCName, cnpgClusterName, servingCertName, clientCertIssuerName string, opts VaultWardenRestoreOptions) (restore *DREvent, err error)
Restore requirements: * The DR PVC must exist * Data PVC must already exist, but not be in use * Replacement cluster must be already deployed * The CNPG cluster must already exist, but not be in use * The CNPG client CA issuer must already exist * The CNPG cluster must support TLS auth for the postgres user * The CNPG cluster serving cert must already exist Restore process: 1. Ensure that the provided resources exist and are ready 2. Spawn a new backup-tool pod with data directory PVC attached, and DR mount attached 3. Sync the data files from the DR mount to the data directory PVC 4. Perform a CNPG logical recovery 5. Exit the backup-tool pod
type VaultWardenBackupOptions ¶
type VaultWardenBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
BackupToolPodCreationTimeout helpers.MaxWaitTime `yaml:"backupToolPodCreationTimeout,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
TODO plumb a lot more options through to here
type VaultWardenRestoreOptions ¶ added in v0.0.2
type VaultWardenRestoreOptions struct {
Certificates vaultWardenRestoreOptionsCertificates `yaml:"certificates,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
}
Source Files
Directories