From e79d2a1a33c7b1b80a5e1ecaa0e1ae148c2ea3c6 Mon Sep 17 00:00:00 2001
From: auricom <github@xpander.eml.cc>
Date: Mon, 19 Apr 2021 17:16:51 +0200
Subject: [PATCH] feat: kasten-io k10 policies

---
 cluster/apps/kasten-io/k10/kustomization.yaml |  2 +
 .../k10-disaster-recovery-policy.yaml         | 27 +++++++++++
 .../kasten-io/k10/policies/kustomization.yaml |  5 ++
 .../kasten-io/k10/policies/pvc-export.yaml    | 48 +++++++++++++++++++
 .../kasten-io/k10/profiles/kustomization.yaml |  5 ++
 .../apps/kasten-io/k10/profiles/minio.yaml    | 23 +++++++++
 .../kasten-io/k10/profiles/secret.enc.yaml    | 37 ++++++++++++++
 7 files changed, 147 insertions(+)
 create mode 100644 cluster/apps/kasten-io/k10/policies/k10-disaster-recovery-policy.yaml
 create mode 100644 cluster/apps/kasten-io/k10/policies/kustomization.yaml
 create mode 100644 cluster/apps/kasten-io/k10/policies/pvc-export.yaml
 create mode 100644 cluster/apps/kasten-io/k10/profiles/kustomization.yaml
 create mode 100644 cluster/apps/kasten-io/k10/profiles/minio.yaml
 create mode 100644 cluster/apps/kasten-io/k10/profiles/secret.enc.yaml

diff --git a/cluster/apps/kasten-io/k10/kustomization.yaml b/cluster/apps/kasten-io/k10/kustomization.yaml
index 50e1ec45d..d464fd4ed 100644
--- a/cluster/apps/kasten-io/k10/kustomization.yaml
+++ b/cluster/apps/kasten-io/k10/kustomization.yaml
@@ -4,3 +4,5 @@ resources:
   - helm-release.yaml
   - prometheus-rule.yaml
   - service-monitor.yaml
+  - profiles
+  - policies
diff --git a/cluster/apps/kasten-io/k10/policies/k10-disaster-recovery-policy.yaml b/cluster/apps/kasten-io/k10/policies/k10-disaster-recovery-policy.yaml
new file mode 100644
index 000000000..de62715b1
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/policies/k10-disaster-recovery-policy.yaml
@@ -0,0 +1,27 @@
+---
+kind: Policy
+apiVersion: config.kio.kasten.io/v1alpha1
+metadata:
+  name: k10-disaster-recovery-policy
+  namespace: kasten-io
+spec:
+  frequency: "@hourly"
+  retention:
+    hourly: 4
+    daily: 1
+    weekly: 1
+    monthly: 1
+    yearly: 1
+  selector:
+    matchExpressions:
+      - key: k10.kasten.io/appNamespace
+        operator: In
+        values:
+          - kasten-io
+  actions:
+    - action: backup
+      backupParameters:
+        filters: {}
+        profile:
+          name: minio
+          namespace: kasten-io
diff --git a/cluster/apps/kasten-io/k10/policies/kustomization.yaml b/cluster/apps/kasten-io/k10/policies/kustomization.yaml
new file mode 100644
index 000000000..089d10900
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/policies/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - k10-disaster-recovery-policy.yaml
+  - pvc-export.yaml
diff --git a/cluster/apps/kasten-io/k10/policies/pvc-export.yaml b/cluster/apps/kasten-io/k10/policies/pvc-export.yaml
new file mode 100644
index 000000000..0ea46e975
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/policies/pvc-export.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: config.kio.kasten.io/v1alpha1
+kind: Policy
+metadata:
+  name: pvc-export
+  namespace: kasten-io
+spec:
+  frequency: "@daily"
+  actions:
+    - action: backup
+      backupParameters:
+        filters:
+          includeResources:
+            - resource: persistentvolumeclaims
+              matchExpressions:
+                - key: kasten-io/snapshots
+                  operator: In
+                  values:
+                    - enable
+        profile:
+          namespace: kasten-io
+          name: minio
+    - action: export
+      exportParameters:
+        frequency: "@daily"
+        migrationToken:
+          name: pvc-export-migration-token-fzvgp
+          namespace: kasten-io
+        profile:
+          name: minio
+          namespace: kasten-io
+        exportData:
+          enabled: true
+      retention: {}
+  retention:
+    daily: 7
+    weekly: 2
+    monthly: 2
+  selector:
+    matchExpressions:
+      - key: k10.kasten.io/appNamespace
+        operator: In
+        values:
+          - networking
+          - media
+          - home
+          - development
+          - data
diff --git a/cluster/apps/kasten-io/k10/profiles/kustomization.yaml b/cluster/apps/kasten-io/k10/profiles/kustomization.yaml
new file mode 100644
index 000000000..00f4f8d14
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/profiles/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - secret.enc.yaml
+  - minio.yaml
diff --git a/cluster/apps/kasten-io/k10/profiles/minio.yaml b/cluster/apps/kasten-io/k10/profiles/minio.yaml
new file mode 100644
index 000000000..f029ecbc9
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/profiles/minio.yaml
@@ -0,0 +1,23 @@
+---
+kind: Profile
+apiVersion: config.kio.kasten.io/v1alpha1
+metadata:
+  name: minio
+  namespace: kasten-io
+spec:
+  locationSpec:
+    type: ObjectStore
+    objectStore:
+      endpoint: https://${SECRET_MINIO_ENDPOINT}/
+      name: kasten-io
+      objectStoreType: S3
+      path: k10/43a17ab4-6887-49ec-b63c-830328fb55ab/migration
+      pathType: Directory
+    credential:
+      secretType: AwsAccessKey
+      secret:
+        apiVersion: v1
+        kind: secret
+        name: profile-minio-secret
+        namespace: kasten-io
+  type: Location
diff --git a/cluster/apps/kasten-io/k10/profiles/secret.enc.yaml b/cluster/apps/kasten-io/k10/profiles/secret.enc.yaml
new file mode 100644
index 000000000..d29a0749c
--- /dev/null
+++ b/cluster/apps/kasten-io/k10/profiles/secret.enc.yaml
@@ -0,0 +1,37 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: profile-minio-secret
+  namespace: kasten-io
+data:
+  aws_access_key_id: ENC[AES256_GCM,data:lMU7OjrNVPg=,iv:sWoJr652T848utmB0ZIkiawMSaUlsmifGQUCaE951Zo=,tag:0gFT46WsMCMT48ePiaV8UA==,type:str]
+  aws_secret_access_key: ENC[AES256_GCM,data:+4XcjlZxr2RzHpSxJcvs2OkK9yyMrqndCwNH3g==,iv:kmrtL3cK75EnRcbLN9a0XBRcnMAgrqDgLK7l/IlBfBE=,tag:Hpc8WpVfUwrnPVMterF8Wg==,type:str]
+type: secrets.kanister.io/aws
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  lastmodified: "2021-04-19T15:55:07Z"
+  mac: ENC[AES256_GCM,data:Qeuz1o2aDgNRZEbK3ihWxo6c1IYYFLjC7tNc3u21hzi6zf2an8mFirIp6FjHphnZhlDadCE1ie+4ldifQOqO7tKM/MjsOh+Hnw0hEgLGvSQuXFAj6qit+XfK+EJKDW96hnBUHweuvEyuNo3U+AViyJ7hb3zL8RpcatjHve+a0Kc=,iv:T3XeQXgC2jsV1A4g0Y2+6B7RE5wMCo8pjX9IcC9JiYA=,tag:Rm5CbvNTA0NiESHL+CPBDA==,type:str]
+  pgp:
+    - created_at: "2021-04-19T15:53:31Z"
+      enc: |
+        -----BEGIN PGP MESSAGE-----
+
+        hQGMA/JorPHm1g9XAQv/fyqu4tcdRCBMrJfBCMKQml54O/RsCUZmQu6jYh/vpHGQ
+        u2Na0pqwY/Ljbt1r+UvddkskDQrMNAMGZZFjAZJlXk5B29jTfYtki6/Um937/f2s
+        3ttehq8R+b+jsVar4PUdDvqZiNRUXHMZ6UWwQmst9vtBnYBav983OJCmWWZ5IW8f
+        sH7KyyfSVn/DEfnDRr2epZAdFyadv098O/mwx4Oq932CM5YdLTP6k0gkTaih9pl/
+        uj8UTReH72pJK06LuYdJgs5QbysSM01C3CTNwtyGNARqBhga1RWTWe5MA13kIeUd
+        S3RGnNql86K/45uo9MEyVzIYZ9OQdIr/8Rdd/Wp/qyvKPO/OJqmrl0ItrcFyrSpm
+        JaY9LKi9ra4Ym3CQeJaAI43d4zhFTe3RNWXaIjykuSzD8sPAIRSkHvKFAoSNMEGh
+        ejJVaiVKDn7ZlpIOF1soAJJ9Mu40NMGuMOEw51tf6ydllzvgy8WOjbybPtNh/W/p
+        0utYPSGNm/QwsjXJQzTl0l4BJPDxG0i3Ao4cdYs/l8A/Ad9YtJ6bqdSZyNkbp0uk
+        4NU/6WIIyp08DZukZVSSJV4lpobF4/GLCBa9fd80l6bkGqq8fBVV6e8V5g/x6Wce
+        yJLLdb7ONdmISGssGsLx
+        =mwEE
+        -----END PGP MESSAGE-----
+      fp: C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD
+  encrypted_regex: ^(data|stringData)$
+  version: 3.6.1