snel.kubernetes-cluster/roles/velero/tasks/main.yml

---

- name: Helm add VMware Tanzu repo for Velero
  delegate_to: "{{ kubectl_host }}"
  run_once: true
  kubernetes.core.helm_repository:
    name: vmware-tanzu
    repo_url: "https://vmware-tanzu.github.io/helm-charts"

- name: Namespace for Velero
  delegate_to: "{{ kubectl_host }}"
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeconfig }}"
    resource_definition:
      kind: Namespace
      metadata:
        name: velero
        labels:
          pod-security.kubernetes.io/audit: privileged
          pod-security.kubernetes.io/enforce: privileged
          pod-security.kubernetes.io/warn: privileged

#- name: Secret for Velero
#  delegate_to: "{{ kubectl_host }}"
#  kubernetes.core.k8s:
#    kubeconfig: "{{ kubeconfig }}"
#    resource_definition:
#      apiVersion: v1
#      kind: Secret
#      metadata:
#        name: wasabi
#        namespace: velero
#        labels:
#          app.kubernetes.io/name: {{ include "velero.name" . }}
#          app.kubernetes.io/instance: {{ .Release.Name }}
#          app.kubernetes.io/managed-by: {{ .Release.Service }}
#          helm.sh/chart: {{ include "velero.chart" . }}
#      type: Opaque
#      data:

- name: Helm deploy Velero
  delegate_to: "{{ kubectl_host }}"
  kubernetes.core.helm:
    kubeconfig: "{{ kubeconfig }}"
    chart_ref: vmware-tanzu/velero
    release_name: velero
    release_namespace: velero
    create_namespace: false
    wait: true
    # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/values.yaml
    values:
      initContainers:
        - name: velero-plugin-for-aws
          image: velero/velero-plugin-for-aws:latest
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
        - name: openebs-velero-plugin
          image: openebs/velero-plugin:latest
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
      configuration:
        # https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/backupstoragelocation.md
        # https://velero.io/docs/v1.12/api-types/backupstoragelocation/#parameter-reference
        backupStorageLocation:
          - name: wasabi
            provider: velero.io/aws
            bucket: snelcom-velero
            default: true
            credential:
              name: wasabi-secret
              key: cloud
            config:
              region: eu-central-2
              s3ForcePathStyle: true
              s3Url: https://s3.eu-central-2.wasabisys.com
        # https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/volumesnapshotlocation.md
        # https://velero.io/docs/v1.12/api-types/volumesnapshotlocation/#parameter-reference
        volumeSnapshotLocation:
          - name: wasabi
            provider: openebs.io/cstor-blockstore
            bucket: snelcom-velero
            default: true
            credential:
              name: wasabi-secret
              key: cloud
            config:
              namespace: mayastor
              local: "true"
      credentials:
        name: wasabi-secret
        secretContents:
          cloud: |
            [default]
            aws_access_key_id=PZJC2PIGBBUGV6SADUTH
            aws_secret_access_key=Ir3eLXvZflinjIe01MDag6s0ReE1Af3zCG5bS4ID