{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: etcdmachinesnapshots.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: ETCDMachineSnapshot listKind: ETCDMachineSnapshotList plural: etcdmachinesnapshots singular: etcdmachinesnapshot scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot properties: clusterName: type: string location: type: string machineName: type: string required: - clusterName type: object x-kubernetes-validations: - message: ETCD snapshot location can't be empty. rule: size(self.clusterName)>0 status: default: {} description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore properties: error: type: string phase: description: ETCDSnapshotPhase is a string representation of the phase of the etcd snapshot type: string s3Snapshots: items: properties: creationTime: description: CreationTime is the timestamp when the snapshot was taken by etcd. format: date-time type: string location: type: string name: type: string required: - location - name type: object type: array snapshotFileName: type: string snapshots: items: properties: creationTime: description: CreationTime is the timestamp when the snapshot was taken by etcd. format: date-time type: string location: type: string machineName: type: string name: type: string required: - location - machineName - name type: object type: array type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: etcdsnapshotrestores.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: ETCDSnapshotRestore listKind: ETCDSnapshotRestoreList plural: etcdsnapshotrestores singular: etcdsnapshotrestore scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. properties: clusterName: type: string etcdMachineSnapshotName: type: string required: - clusterName - etcdMachineSnapshotName type: object x-kubernetes-validations: - message: Cluster Name can't be empty. rule: size(self.clusterName)>0 - message: ETCD machine snapshot name can't be empty. rule: size(self.etcdMachineSnapshotName)>0 status: default: {} description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. properties: conditions: description: Conditions provide observations of the operational state of a Cluster API resource. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array phase: default: Pending description: ETCDSnapshotPhase is a string representation of the phase of the etcd snapshot type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: RKE2EtcdMachineSnapshotConfig listKind: RKE2EtcdMachineSnapshotConfigList plural: rke2etcdmachinesnapshotconfigs singular: rke2etcdmachinesnapshotconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state of RKE2EtcdMachineSnapshotConfig properties: local: properties: dataDir: type: string required: - dataDir type: object s3: properties: bucket: type: string endpoint: type: string endpointCAsecret: type: string folder: type: string insecure: type: boolean region: type: string s3CredentialSecret: type: string skipSSLVerify: type: boolean type: object required: - local - s3 type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: controller-manager-sa app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: serviceaccount app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager namespace: {{ index .Values "rancherTurtles" "namespace" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: leader-election-role app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: role app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-leader-election-role namespace: {{ index .Values "rancherTurtles" "namespace" }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- aggregationRule: clusterRoleSelectors: - matchLabels: rancher-turtles-exp/aggregate-to-manager: "true" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rancher-turtles-exp/aggregate-to-manager: "true" rancher-turtles/aggregate-to-manager: "true" turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager-role rules: - apiGroups: - "" resources: - configmaps - events - secrets - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts/token verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - get - apiGroups: - bootstrap.cluster.x-k8s.io resources: - rke2configs - rke2configs/finalizers - rke2configs/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machines verbs: - create - delete - get - list - patch - update - watch - apiGroups: - management.cattle.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots/status verbs: - get - patch - update - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores/status verbs: - get - patch - update - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: leader-election-rolebinding app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: rolebinding app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding namespace: {{ index .Values "rancherTurtles" "namespace" }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rancher-turtles-etcdsnapshotrestore-leader-election-role subjects: - kind: ServiceAccount name: rancher-turtles-etcdsnapshotrestore-manager namespace: {{ index .Values "rancherTurtles" "namespace" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: manager-rolebinding app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: clusterrolebinding app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role subjects: - kind: ServiceAccount name: rancher-turtles-etcdsnapshotrestore-manager namespace: {{ index .Values "rancherTurtles" "namespace" }} --- apiVersion: v1 kind: Service metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: {{ index .Values "rancherTurtles" "namespace" }} spec: ports: - port: 443 targetPort: webhook-server selector: turtles-capi.cattle.io: etcd-restore --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-controller-manager namespace: {{ index .Values "rancherTurtles" "namespace" }} spec: replicas: 1 selector: matchLabels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore spec: containers: - args: - --leader-elect command: - ./etcd-snapshot-restore env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid {{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}} {{- if contains "sha256:" $imageVersion }} image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} {{- else }} image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} {{- end }} imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}' livenessProbe: httpGet: path: /healthz port: 9440 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 9440 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: cert secret: secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-serving-cert namespace: {{ index .Values "rancherTurtles" "namespace" }} spec: dnsNames: - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local issuerRef: kind: Issuer name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer namespace: {{ index .Values "rancherTurtles" "namespace" }} spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: {{ index .Values "rancherTurtles" "namespace" }} path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config failurePolicy: Fail name: systemagentrke2config.kb.io rules: - apiGroups: - bootstrap.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2configs sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: {{ index .Values "rancherTurtles" "namespace" }} path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot failurePolicy: Fail matchPolicy: Equivalent name: etcdmachinesnapshot.kb.io rules: - apiGroups: - turtles-capi.cattle.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - etcdmachinesnapshots sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: {{ index .Values "rancherTurtles" "namespace" }} path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore failurePolicy: Fail matchPolicy: Equivalent name: etcdsnapshotrestore.kb.io rules: - apiGroups: - turtles-capi.cattle.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - etcdsnapshotrestores sideEffects: None {{- end }}