Documentation
¶
Index ¶
- type Authentik
- type AuthentikBackupOptions
- type AuthentikRestoreOptions
- type DREvent
- type OptionsBackupSnapshot
- type OptionsClusterUserCert
- type Teleport
- type TeleportBackupOptions
- type TeleportBackupOptionsAudit
- type TeleportOptionsAudit
- type TeleportOptionsS3Sync
- type TeleportRestoreOptions
- type TeleportRestoreOptionsAudit
- type VaultWarden
- type VaultWardenBackupOptions
- type VaultWardenRestoreOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authentik ¶ added in v0.0.6
type Authentik struct {
// contains filtered or unexported fields
}
func NewAuthentik ¶ added in v0.0.6
func NewAuthentik(kubeClusterClient kubecluster.ClientInterface) *Authentik
func (*Authentik) Backup ¶ added in v0.0.6
func (a *Authentik) Backup(ctx *contexts.Context, namespace, backupName, clusterName, servingCertIssuerName, clientCertIssuerName, mediaS3Path string, mediaS3Credentials s3.CredentialsInterface, opts AuthentikBackupOptions) (backup *DREvent, err error)
func (*Authentik) Restore ¶ added in v0.0.6
func (a *Authentik) Restore(ctx *contexts.Context, namespace, restoreName, clusterName, servingCertName, clientCertIssuerName string, mediaS3Path string, mediaS3Credentials s3.CredentialsInterface, opts AuthentikRestoreOptions) (restore *DREvent, err error)
type AuthentikBackupOptions ¶ added in v0.0.6
type AuthentikBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type AuthentikRestoreOptions ¶ added in v0.0.6
type AuthentikRestoreOptions struct {
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type DREvent ¶ added in v0.0.2
type DREvent struct {
Name string // Human-readable, DNS-safe name to identify the DR event. Must be unique for a given timestamp (within 1s).
StartTime time.Time
EndTime time.Time
}
func NewDREventNow ¶ added in v0.0.2
func (*DREvent) CalculateRuntime ¶ added in v0.0.2
func (*DREvent) GetFullName ¶ added in v0.0.2
func (*DREvent) HasCompleted ¶ added in v0.0.2
type OptionsBackupSnapshot ¶ added in v0.0.5
type OptionsBackupSnapshot struct {
ReadyTimeout helpers.MaxWaitTime `yaml:"snapshotReadyTimeout,omitempty"`
SnapshotClass string `yaml:"snapshotClass,omitempty"`
}
type OptionsClusterUserCert ¶ added in v0.0.5
type OptionsClusterUserCert struct {
Subject *certmanagerv1.X509Subject `yaml:"subject,omitempty"`
WaitForReadyTimeout helpers.MaxWaitTime `yaml:"waitForReadyTimeout,omitempty"`
CRPOpts clusterusercert.NewClusterUserCertOptsCRP `yaml:"certificateRequestPolicy,omitempty"`
}
type Teleport ¶ added in v0.0.5
type Teleport struct {
// contains filtered or unexported fields
}
func NewTeleport ¶ added in v0.0.5
func NewTeleport(kubeClusterClient kubecluster.ClientInterface) *Teleport
func (*Teleport) Backup ¶ added in v0.0.5
func (t *Teleport) Backup(ctx *contexts.Context, namespace, backupName, coreClusterName, servingCertIssuerName, clientCertIssuerName string, opts TeleportBackupOptions) (backup *DREvent, err error)
Backup process: 1. Create the DR PVC if not exists 2. Clone the Core cluster 3. Clone the Audit cluster (if enabled) with PITR set to the same time as the Core cluster clone 4. Deploy a backup-tool instance with access to both the Core and Audit cloned clusters 5. Perform a logical backup of the Core cluster 6. Perform a logical backup of the Audit cluster (if enabled) 7. Sync the audit session logs from object storage (if enabled) 8. Snapshot the backup PVC
func (*Teleport) Restore ¶ added in v0.0.5
func (t *Teleport) Restore(ctx *contexts.Context, namespace, restoreName, coreClusterName, coreServingCertName, coreClientCertIssuerName string, opts TeleportRestoreOptions) (restore *DREvent, err error)
Restore requirements: * The DR PVC must exist * Replacement clusters must be already deployed * The enabled CNPG cluster must already exist, but not be in use * The enabled CNPG client CA issuer must already exist * The enabled CNPG cluster must support TLS auth for the postgres user * The enabled CNPG cluster serving cert must already exist Restore process: 1. Ensure that the provided resources exist and are ready 2. Restore the core CNPG cluster 2. 1. Create postgres user cert 2. 2. Spawn a new backup-tool pod with postgres auth and serving certs, and DR mount attached 2. 3. Perform a Postgres logical recovery of the cluster 3. Restore the audit CNPG cluster (if enabled) 3. 1. Create postgres user cert 3. 2. Spawn a new backup-tool pod with postgres auth and serving certs, and DR mount attached 3. 3. Perform a Postgres logical recovery of the cluster 4. Restore the audit session logs (if enabled)
type TeleportBackupOptions ¶ added in v0.0.5
type TeleportBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
AuditCluster TeleportBackupOptionsAudit `yaml:"auditCluster,omitempty"`
AuditSessionLogs TeleportOptionsS3Sync `yaml:"auditSessionLogs,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type TeleportBackupOptionsAudit ¶ added in v0.0.5
type TeleportBackupOptionsAudit struct {
TeleportOptionsAudit
}
type TeleportOptionsAudit ¶ added in v0.0.5
type TeleportOptionsS3Sync ¶ added in v0.0.5
type TeleportOptionsS3Sync struct {
Enabled bool `yaml:"enabled,omitempty"`
S3Path string `yaml:"s3Path,omitempty"`
// TODO accept values from env, file, or k8s secret
// TODO if I switch to COSI, remove this and generate a BucketAccess resource instead
Credentials s3.Credentials `yaml:"credentials,omitempty"`
}
type TeleportRestoreOptions ¶ added in v0.0.5
type TeleportRestoreOptions struct {
AuditCluster TeleportRestoreOptionsAudit `yaml:"auditCluster,omitempty"`
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
AuditSessionLogs TeleportOptionsS3Sync `yaml:"auditSessionLogs,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
type TeleportRestoreOptionsAudit ¶ added in v0.0.5
type TeleportRestoreOptionsAudit struct {
TeleportOptionsAudit
ServingCertName string `yaml:"servingCertName,omitempty"`
ClientCertIssuerName string `yaml:"clientCertIssuerName,omitempty"`
PostgresUserCert cnpgrestore.CNPGRestoreOptionsCert `yaml:"postgresUserCert,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
}
type VaultWarden ¶
type VaultWarden struct {
// contains filtered or unexported fields
}
func NewVaultWarden ¶
func NewVaultWarden(client kubecluster.ClientInterface) *VaultWarden
func (*VaultWarden) Backup ¶
func (vw *VaultWarden) Backup(ctx *contexts.Context, namespace, backupName, dataPVC, cnpgClusterName, servingCertIssuerName, clientCertIssuerName string, opts VaultWardenBackupOptions) (backup *DREvent, err error)
Backup process:
- Create the DR PVC if not exists
- Configure the backup actions: a CNPG logical backup of the cluster, and a files capture of the data-directory PVC
- Run the stage's pre-consistency-point work in order — the CNPG action takes its base backup, then the files action clones the live data PVC. The clone's creation time becomes the event's consistency point, and the stage sets up and executes each action against a single tool pod: - the CNPG action clones the cluster recovering forward to the consistency point (the data-directory freeze) and dumps it to the DR volume - the files action syncs the clone into the DR volume's data-vol subdirectory
- Snapshot the DR volume
The CNPG action is registered before the files action because the database base backup must be taken before the data-directory clone: the clone time is the consistency point, and the database can only recover forward to it from a base backup taken earlier. Recovering forward to exactly the filesystem freeze reproduces the original Vaultwarden behaviour, where the database is aligned to the moment the data directory was captured.
func (*VaultWarden) Restore ¶ added in v0.0.2
func (vw *VaultWarden) Restore(ctx *contexts.Context, namespace, restoreName, dataPVCName, cnpgClusterName, servingCertName, clientCertIssuerName string, opts VaultWardenRestoreOptions) (restore *DREvent, err error)
Restore requirements: * The DR PVC must exist * Data PVC must already exist, but not be in use * Replacement cluster must be already deployed * The CNPG cluster must already exist, but not be in use * The CNPG client CA issuer must already exist * The CNPG cluster must support TLS auth for the postgres user * The CNPG cluster serving cert must already exist Restore process:
- Configure the restoration actions: a files restore of the data directory onto the data PVC, and a CNPG logical recovery of the cluster
- Run the stage. It sets up and executes each action against a single tool pod: - the CNPG action issues a postgres user cert and restores the SQL dump into the cluster - the files action syncs the DR volume's data-vol subdirectory back onto the data PVC
type VaultWardenBackupOptions ¶
type VaultWardenBackupOptions struct {
VolumeSize resource.Quantity `yaml:"volumeSize,omitempty"`
VolumeStorageClass string `yaml:"volumeStorageClass,omitempty"`
CloneClusterOptions clonedcluster.CloneClusterOptions `yaml:"clusterCloning,omitempty"`
BackupToolPodCreationTimeout helpers.MaxWaitTime `yaml:"backupToolPodCreationTimeout,omitempty"`
BackupSnapshot OptionsBackupSnapshot `yaml:"backupSnapshot,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
}
TODO plumb a lot more options through to here
type VaultWardenRestoreOptions ¶ added in v0.0.2
type VaultWardenRestoreOptions struct {
Certificates vaultWardenRestoreOptionsCertificates `yaml:"certificates,omitempty"`
IssuerKind string `yaml:"issuerKind,omitempty"`
CleanupTimeout helpers.MaxWaitTime `yaml:"cleanupTimeout,omitempty"`
RemoteBackupToolOptions backuptoolinstance.CreateBackupToolInstanceOptions `yaml:"remoteBackupToolOptions,omitempty"`
}
Source Files
Directories