snel.kubernetes-cluster/roles/k8s_velero/tasks/main.yml

---

- name: Helm add VMware Tanzu repo for Velero
  delegate_to: "{{ kubectl_host }}"
  run_once: true
  kubernetes.core.helm_repository:
    name: vmware-tanzu
    repo_url: "https://vmware-tanzu.github.io/helm-charts"

- name: Namespace for Velero
  delegate_to: "{{ kubectl_host }}"
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeconfig }}"
    resource_definition:
      kind: Namespace
      metadata:
        name: velero
        labels:
          pod-security.kubernetes.io/audit: privileged
          pod-security.kubernetes.io/enforce: privileged
          pod-security.kubernetes.io/warn: privileged

- name: Helm deploy Velero
  delegate_to: "{{ kubectl_host }}"
  kubernetes.core.helm:
    kubeconfig: "{{ kubeconfig }}"
    chart_ref: vmware-tanzu/velero
    release_name: velero
    release_namespace: velero
    create_namespace: false
    wait: true
    # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/values.yaml
    values:
      snapshotsEnabled: false
      initContainers:
        - name: velero-plugin-for-aws
          image: velero/velero-plugin-for-aws:latest
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
        - name: openebs-velero-plugin
          image: openebs/velero-plugin:latest
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
      configuration:
        # https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/backupstoragelocation.md
        # https://velero.io/docs/v1.12/api-types/backupstoragelocation/#parameter-reference
        backupStorageLocation:
          - name: wasabi
            provider: velero.io/aws
            bucket: snelcom-velero
            prefix: "{{ cluster_name_short }}"
            default: true
            credential:
              name: wasabi-secret
              key: cloud
            config:
              region: eu-central-2
              s3Url: https://s3.eu-central-2.wasabisys.com
      credentials:
        name: wasabi-secret
        secretContents:
          cloud: |
            [default]
            aws_access_key_id={{ velero_s3_access_key_id }}
            aws_secret_access_key={{ velero_s3_secret_access_key }}            

- name: Velero backup schedule
  delegate_to: "{{ kubectl_host }}"
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeconfig }}"
    resource_definition:
      apiVersion: velero.io/v1
      kind: Schedule
      metadata:
        name: daily
        namespace: velero
      spec:
        # UTC time
        schedule: 41 12 * * *
        template:
          includedNamespaces:
            - '*'
          ttl: 720h