Skip to content

Commit

Permalink
Provide configuration option to encrypt backup-restore-sidecar backups.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gerrit91
Gerrit91 committed Oct 23, 2024
1 parent e7a1e30 commit 83ca1d3
Show file tree
Hide file tree
Showing 22 changed files with 114 additions and 86 deletions.
1 change: 1 addition & 0 deletions control-plane/roles/auditing-meili/defaults/main/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ auditing_meili_backup_restore_sidecar_backup_cron_schedule: "0 * * * *"
auditing_meili_backup_restore_sidecar_log_level: debug
auditing_meili_backup_restore_sidecar_object_prefix: "{{ auditing_meili_name }}-{{ metal_control_plane_stage_name }}"
auditing_meili_backup_restore_sidecar_object_max_keep:
auditing_meili_backup_restore_sidecar_encryption_key:

auditing_meili_backup_restore_sidecar_gcp_bucket_name:
auditing_meili_backup_restore_sidecar_gcp_backup_location:
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/auditing-meili/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,4 @@
meilisearch_backup_restore_sidecar_gcp_serviceaccount_json: "{{ auditing_meili_backup_restore_sidecar_gcp_serviceaccount_json }}"
meilisearch_resources: "{{ auditing_meili_resources }}"
meilisearch_backup_restore_sidecar_object_max_keep: "{{ auditing_meili_backup_restore_sidecar_object_max_keep }}"
meilisearch_backup_restore_sidecar_encryption_key: "{{ auditing_meili_backup_restore_sidecar_encryption_key }}"
1 change: 1 addition & 0 deletions control-plane/roles/headscale/defaults/main/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ headscale_db_backup_restore_sidecar_provider: local
headscale_db_backup_restore_sidecar_backup_cron_schedule: "0 0 * * *"
headscale_db_backup_restore_sidecar_log_level: debug
headscale_db_backup_restore_sidecar_object_prefix: "{{ headscale_db_name }}"
headscale_db_backup_restore_sidecar_encryption_key:

headscale_db_backup_restore_sidecar_gcp_bucket_name:
headscale_db_backup_restore_sidecar_gcp_backup_location:
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/headscale/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
postgres_backup_restore_sidecar_gcp_backup_location: "{{ headscale_db_backup_restore_sidecar_gcp_backup_location }}"
postgres_backup_restore_sidecar_gcp_project_id: "{{ headscale_db_backup_restore_sidecar_gcp_project_id }}"
postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ headscale_db_backup_restore_sidecar_gcp_serviceaccount_json }}"
postgres_backup_restore_sidecar_encryption_key: "{{ headscale_db_backup_restore_sidecar_encryption_key }}"
postgres_resources: "{{ headscale_db_resources }}"

- name: Deploy headscale
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/ipam-db/defaults/main/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ ipam_db_backup_restore_sidecar_backup_cron_schedule: "*/3 * * * *"
ipam_db_backup_restore_sidecar_log_level: debug
ipam_db_backup_restore_sidecar_object_prefix: "{{ ipam_db_name }}-{{ metal_control_plane_stage_name }}"
ipam_db_backup_restore_sidecar_object_max_keep:
ipam_db_backup_restore_sidecar_encryption_key:

ipam_db_backup_restore_sidecar_gcp_bucket_name:
ipam_db_backup_restore_sidecar_gcp_backup_location:
Expand Down
2 changes: 1 addition & 1 deletion control-plane/roles/ipam-db/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,4 @@
postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ ipam_db_backup_restore_sidecar_gcp_serviceaccount_json }}"
postgres_resources: "{{ ipam_db_resources }}"
postgres_backup_restore_sidecar_object_max_keep: "{{ ipam_db_backup_restore_sidecar_object_max_keep }}"

postgres_backup_restore_sidecar_encryption_key: "{{ ipam_db_backup_restore_sidecar_encryption_key }}"
1 change: 1 addition & 0 deletions control-plane/roles/masterdata-db/defaults/main/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ masterdata_db_backup_restore_sidecar_backup_cron_schedule: "*/3 * * * *"
masterdata_db_backup_restore_sidecar_log_level: debug
masterdata_db_backup_restore_sidecar_object_prefix: "{{ masterdata_db_name }}-{{ metal_control_plane_stage_name }}"
masterdata_db_backup_restore_sidecar_object_max_keep:
masterdata_db_backup_restore_sidecar_encryption_key:

masterdata_db_backup_restore_sidecar_gcp_bucket_name:
masterdata_db_backup_restore_sidecar_gcp_backup_location:
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/masterdata-db/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,4 @@
postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ masterdata_db_backup_restore_sidecar_gcp_serviceaccount_json }}"
postgres_resources: "{{ masterdata_db_resources }}"
postgres_backup_restore_sidecar_object_max_keep: "{{ masterdata_db_backup_restore_sidecar_object_max_keep }}"
postgres_backup_restore_sidecar_encryption_key: "{{ masterdata_db_backup_restore_sidecar_encryption_key }}"
50 changes: 26 additions & 24 deletions control-plane/roles/meili-backup-restore/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,29 @@ This role uses variables from [control-plane-defaults](/control-plane). So, make

You can look up all the default values of this role [here](defaults/main/main.yaml).

| Name | Mandatory | Description |
| ---------------------------------------------------------- | --------- | ----------------------------------------------------------------------- |
| meilisearch_image_name | yes | Image version of the meilisearch |
| meilisearch_image_tag | yes | Image tag of the meilisearch |
| meilisearch_registry_auth_enabled | | Enables registry authentication |
| meilisearch_registry_auth | | The dockerconfigjson content used for registry authentication |
| meilisearch_image_pull_policy | | Image pull policy (defaults to IfNotPresent) |
| meilisearch_name | | The name of the meilisearch instance |
| meilisearch_namespace | | The deployment's target namespace |
| meilisearch_storage_size | | The size of the PVC |
| meilisearch_storage_class | | The storage class of the PVC |
| meilisearch_api_key | | The api key for meilisearch |
| meilisearch_environment | | Sets the environment configuration for meilisearch |
| meilisearch_no_analytics | | Sets the no analytics configuration for meilisearch |
| meilisearch_backup_restore_sidecar_image_name | yes | Image version of the backup-restore-sidecar |
| meilisearch_backup_restore_sidecar_image_tag | yes | Image tag of the backup-restore-sidecar |
| meilisearch_backup_restore_sidecar_provider | | The backup provider |
| meilisearch_backup_restore_sidecar_backup_cron_schedule | | The backup cron schedule |
| meilisearch_backup_restore_sidecar_log_level | | The log level of the sidecar |
| meilisearch_backup_restore_sidecar_gcp_bucket_name | | Bucket name of the GCP bucket |
| meilisearch_backup_restore_sidecar_gcp_backup_location | | Location of the GCP bucket |
| meilisearch_backup_restore_sidecar_gcp_project_id | | GCP project name |
| meilisearch_backup_restore_sidecar_gcp_serviceaccount_json | | GCP Serviceaccount JSON string (service account requires bucket access) |
| meilisearch_resources | | The kubernetes resources for the actual meilisearch container |
| Name | Mandatory | Description |
| ---------------------------------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------------- |
| meilisearch_image_name | yes | Image version of the meilisearch |
| meilisearch_image_tag | yes | Image tag of the meilisearch |
| meilisearch_registry_auth_enabled | | Enables registry authentication |
| meilisearch_registry_auth | | The dockerconfigjson content used for registry authentication |
| meilisearch_image_pull_policy | | Image pull policy (defaults to IfNotPresent) |
| meilisearch_name | | The name of the meilisearch instance |
| meilisearch_namespace | | The deployment's target namespace |
| meilisearch_storage_size | | The size of the PVC |
| meilisearch_storage_class | | The storage class of the PVC |
| meilisearch_api_key | | The api key for meilisearch |
| meilisearch_environment | | Sets the environment configuration for meilisearch |
| meilisearch_no_analytics | | Sets the no analytics configuration for meilisearch |
| meilisearch_backup_restore_sidecar_image_name | yes | Image version of the backup-restore-sidecar |
| meilisearch_backup_restore_sidecar_image_tag | yes | Image tag of the backup-restore-sidecar |
| meilisearch_backup_restore_sidecar_provider | | The backup provider |
| meilisearch_backup_restore_sidecar_backup_cron_schedule | | The backup cron schedule |
| meilisearch_backup_restore_sidecar_log_level | | The log level of the sidecar |
| meilisearch_backup_restore_sidecar_gcp_bucket_name | | Bucket name of the GCP bucket |
| meilisearch_backup_restore_sidecar_gcp_backup_location | | Location of the GCP bucket |
| meilisearch_backup_restore_sidecar_gcp_project_id | | GCP project name |
| meilisearch_backup_restore_sidecar_gcp_serviceaccount_json | | GCP Serviceaccount JSON string (service account requires bucket access) |
| meilisearch_resources | | The kubernetes resources for the actual meilisearch container |
| meilisearch_backup_restore_sidecar_object_max_keep | | The number of objects to keep at the cloud provider bucket |
| meilisearch_backup_restore_sidecar_encryption_key | | An optional encryption key to AES-encrypt the backups before uploading them to the backup provider (length == 32) |
1 change: 1 addition & 0 deletions control-plane/roles/meili-backup-restore/defaults/main/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ meilisearch_backup_restore_sidecar_backup_cron_schedule: "0 * * * *"
meilisearch_backup_restore_sidecar_log_level: debug
meilisearch_backup_restore_sidecar_object_prefix: "{{ meilisearch_name }}-{{ metal_control_plane_stage_name }}"
meilisearch_backup_restore_sidecar_object_max_keep:
meilisearch_backup_restore_sidecar_encryption_key:

meilisearch_backup_restore_sidecar_gcp_bucket_name:
meilisearch_backup_restore_sidecar_gcp_backup_location:
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/meili-backup-restore/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
- meilisearch_image_tag is defined
- meilisearch_backup_restore_sidecar_image_name is defined
- meilisearch_backup_restore_sidecar_image_tag is defined
- meilisearch_backup_restore_sidecar_encryption_key is none or meilisearch_backup_restore_sidecar_encryption_key | length == 32

- name: Deploy meilisearch (backup-restore)
k8s:
Expand Down
3 changes: 3 additions & 0 deletions control-plane/roles/meili-backup-restore/templates/meilisearch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,9 @@ data:
compression-method: targz
{% if meilisearch_backup_restore_sidecar_object_max_keep %}
object-max-keep: {{ meilisearch_backup_restore_sidecar_object_max_keep }}
{% endif %}
{% if meilisearch_backup_restore_sidecar_encryption_key %}
encryption-key: {{ meilisearch_backup_restore_sidecar_encryption_key }}
{% endif %}
post-exec-cmds:
- meilisearch --db-path=/data/data.ms/ --dump-dir=/backup/upload/files
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/metal-db/defaults/main/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ metal_db_backup_restore_sidecar_backup_cron_schedule: "*/3 * * * *"
metal_db_backup_restore_sidecar_log_level: debug

metal_db_backup_restore_sidecar_object_max_keep:
metal_db_backup_restore_sidecar_encryption_key:

metal_db_backup_restore_sidecar_gcp_bucket_name:
metal_db_backup_restore_sidecar_gcp_backup_location:
Expand Down
1 change: 1 addition & 0 deletions control-plane/roles/metal-db/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,4 @@
rethinkdb_ingress_dns: "{{ metal_db_ingress_dns }}"
rethinkdb_resources: "{{ metal_db_resources }}"
rethinkdb_backup_restore_sidecar_object_max_keep: "{{ metal_db_backup_restore_sidecar_object_max_keep }}"
rethinkdb_backup_restore_sidecar_encryption_key: "{{ metal_db_backup_restore_sidecar_encryption_key }}"
Loading

0 comments on commit 83ca1d3

Please sign in to comment.