Add benji ceph configuration

Keyring is encrypted with sops: sops --encrypt --in-place infrastructure/dev/benji-ceph-keyring.yaml Issue #274
allenporter · Aug 24, 2021 · 226e3f4 · 226e3f4
1 parent 9388a17
commit 226e3f4
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 2 deletions.
diff --git a/infrastructure/base/benji/configmap.yaml b/infrastructure/base/benji/configmap.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ceph-config
+  namespace: benji
+data:
+  ceph.conf: |
+    [global]
+    mon_host = 10.10.20.5:6879,10.10.20.6:6879,10.10.20.7:6879
+
+    [client.admin]
+    keyring = /etc/ceph/keyring
diff --git a/infrastructure/base/benji/kustomization.yaml b/infrastructure/base/benji/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
   - namespace.yaml
   - release.yaml
   - backup-pvc.yaml
+  - configmap.yaml
diff --git a/infrastructure/base/benji/release.yaml b/infrastructure/base/benji/release.yaml
@@ -26,24 +26,64 @@ spec:
         repository: elemental-lf/benji-k8s
         tag: 0.15.0
         pullPolicy: IfNotPresent
+      configuration:
+        configurationVersion: '1'
+        databaseEngine: sqlite:////tmp/benji.sqlite
+        storages:
+          - name: storage-1
+            storageId: 1
+            module: file
+            configuration:
+              path: /backup-nfs
+        ios:
+          - name: rbd-kube-pool
+            module: rbd
+            configuration:
+              cephConfigFile: /etc/ceph/ceph.conf
+              clientIdentifier: admin
+              simultaneousReads: 3
+              simultaneousWrites: 3
+              newImageFeatures:
+                - RBD_FEATURE_LAYERING
+                - RBD_FEATURE_EXCLUSIVE_LOCK
+                - RBD_FEATURE_STRIPINGV2
+                - RBD_FEATURE_OBJECT_MAP
+                - RBD_FEATURE_FAST_DIFF
+                - RBD_FEATURE_DEEP_FLATTEN
       volumes:
         - name: k8s-backup
           persistentVolumeClaim:
             claimName: k8s-nfs-backup-pvc
+        - name: ceph-config
+          configMap:
+            name: ceph-config
+            defaultMode: 0444
+        - name: ceph-keyring
+          secret:
+            secretName: ceph-keyring
+            defaultMode: 0444
       volumeMounts:
         - name: k8s-backup
           mountPath: /backup-nfs
+        - name: ceph-config
+          mountPath: /etc/ceph/ceph.conf
+          subPath: ceph.conf
+          readOnly: true
+        - name: ceph-keyring
+          mountPath: /etc/ceph/keyring
+          subPath: keyring
+          readOnly: true
       crontab:
         - name: backup-all
-          schedule: "*/10 * * * *"
+          schedule: "00 03 * * *"
           command:
             - benji-backup-pvc
         - name: enforce
           schedule: "00 04 * * *"
           command:
             - benji-command
             - enforce
-            - latest3,hours24,days30,months3
+            - latest3,hours24,days14,months3
             - 'labels["benji-backup.me/instance"] == "benji-k8s"'
         - name: cleanup
           schedule: "00 05 * * *"

diff --git a/infrastructure/dev/benji-ceph-keyring.yaml b/infrastructure/dev/benji-ceph-keyring.yaml
@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+data:
+  keyring: ENC[AES256_GCM,data:2dlTcjC1g5L0TsHcjlID8zD7eaO0sJAlNUJO1bZmkwfnlcrbLOmwmJ/oMiNGaYz9yMV2MaytdmZQz2wK4FWV/33BWI6QbhPCCky85QELZjIH65EZ,iv:7WHlFB5ZmLkD7Z+4oofm1Cg4nMHSxJ6l7G5q2SInQYc=,tag:OqH2pOQNttQKOfTFaBpExw==,type:str]
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: ceph-keyring
+  namespace: benji
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2021-08-24T05:35:21Z"
+  mac: ENC[AES256_GCM,data:0MgP5x0anXjtm/3U+tx37Q/4DRzWzJIjBdIuOFb8k5c1Vpq41XpF7b5cxE++DwTqCR68ozqDg6uoDmzmFUe8J4VeytnM1anR1MKpHDMPil3th2zcA56Qvt27ZR+jMI9vUrHJgvRWkRG4XEjOob00ba5IlHq/UYFr/FRgpz57k3U=,iv:et+xZmW1TuLVNXeDA+o3Yf/SCtQgFDTUiPwr4WOAiNg=,tag:fc1cQdkAL6XqlzhCceds/g==,type:str]
+  pgp:
+    - created_at: "2021-08-24T05:35:21Z"
+      enc: |
+        -----BEGIN PGP MESSAGE-----
+
+        hQIMA4i68krkYe+LARAAgU/Ski4KrPMT1clXtATGjEnWqq23dpt6Oonq+uk49fDz
+        cZ9JUwdJMWEMwH4C2vFCWz4bWC1aSXnQ81R2oIqmo36JJOO3SwpHKDe3U9z+Ks8z
+        P4xIjbSM2uwKWZqon4zqwPsblykNBvjxqaGo1mGRc9pEdxYOHq6BmBzqqNP5hsZ/
+        FXAma+7mGVweXrDTGS8CSZcjjvoscs63VhbDG0WyhlUwKfqKo10m25yhCZWsQb3Q
+        YPBDG3fppjD/DhChFoX13TA9U9RXvFci6OMX4mMNuiqFKRE9P9dTJQUGnEhy6LdF
+        SKO84AEDfOVP3y483uEYLBimwBll7YaU+aNf3YR3MeeedbZdwD8UWI4gAsHvdt14
+        gpHIn/VQ/0+mhc/tGeuNuLreB6jHkd07tc9Dtz0wkak0970c39f/sz3q6nun0Ias
+        IANaGykyfAtP21Y6hu4lZW/AZWIaD+IEQlxmjsSKDoVdVSsrS9QhS93tXfWyeC5F
+        /TrZgc9C4Btvzr3JRPzKrjrs9/dUoEsWUAi9HcatGZ1HYv1fFQKh9+uvRjeuAJa0
+        Qut3LADVkjXqPd1OCQcNNTAJaApjxvhxKLRxSnXf+n6doe+AtaHJoQ43BOMx4PuD
+        iByYcrCV7XLnE4us0vw0lH9t59dBCuuKQAOwE2Ijdf9Yb967IyXfLX0y0j3pOkfU
+        aAEJAhUbCtBG9Rc/IrCReY9utdcZx1wG21hY18hshsIyjR1GDJubGvIpMogQLgAH
+        b5R8+d54gy1p3AO569vPBj/eD4szZxEa18UoALvC2w5CZ6LYXLW1qnkbz7ZSWZU5
+        suhUOhBFTxa4
+        =EGyv
+        -----END PGP MESSAGE-----
+      fp: 0DC308A34AF5341720C2A105EA2374A8509B82C6
+  encrypted_regex: ^(data|stringData)$
+  version: 3.7.1