{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: etcdmachinesnapshots.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: ETCDMachineSnapshot listKind: ETCDMachineSnapshotList plural: etcdmachinesnapshots singular: etcdmachinesnapshot scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot properties: clusterName: type: string configRef: type: string location: type: string machineName: type: string required: - clusterName - configRef - location - machineName type: object x-kubernetes-validations: - message: ETCD snapshot location can't be empty. rule: size(self.location)>0 status: default: {} description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore properties: conditions: description: Conditions provide observations of the operational state of a Cluster API resource. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array manual: type: boolean phase: description: ETCDSnapshotPhase is a string representation of the phase of the etcd snapshot type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: etcdsnapshotrestores.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: ETCDSnapshotRestore listKind: ETCDSnapshotRestoreList plural: etcdsnapshotrestores singular: etcdsnapshotrestore scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. properties: clusterName: type: string etcdMachineSnapshotName: type: string required: - clusterName - etcdMachineSnapshotName type: object x-kubernetes-validations: - message: Cluster Name can't be empty. rule: size(self.clusterName)>0 - message: ETCD machine snapshot name can't be empty. rule: size(self.etcdMachineSnapshotName)>0 status: default: {} description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. properties: conditions: description: Conditions provide observations of the operational state of a Cluster API resource. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array phase: default: Pending description: ETCDSnapshotPhase is a string representation of the phase of the etcd snapshot type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert controller-gen.kubebuilder.io/version: v0.14.0 labels: turtles-capi.cattle.io: etcd-restore name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io spec: group: turtles-capi.cattle.io names: kind: RKE2EtcdMachineSnapshotConfig listKind: RKE2EtcdMachineSnapshotConfigList plural: rke2etcdmachinesnapshotconfigs singular: rke2etcdmachinesnapshotconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state of RKE2EtcdMachineSnapshotConfig properties: local: properties: dataDir: type: string required: - dataDir type: object s3: properties: bucket: type: string endpoint: type: string endpointCAsecret: type: string folder: type: string insecure: type: boolean location: type: string region: type: string s3CredentialSecret: type: string skipSSLVerify: type: boolean type: object required: - local - s3 type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: controller-manager-sa app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: serviceaccount app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager namespace: rancher-turtles-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: leader-election-role app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: role app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-leader-election-role namespace: rancher-turtles-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- aggregationRule: clusterRoleSelectors: - matchLabels: rancher-turtles-exp/aggregate-to-manager: "true" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rancher-turtles-exp/aggregate-to-manager: "true" rancher-turtles/aggregate-to-manager: "true" turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager-role rules: - apiGroups: - "" resources: - configmaps - events - secrets - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts/token verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - get - apiGroups: - bootstrap.cluster.x-k8s.io resources: - rke2configs - rke2configs/finalizers - rke2configs/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machines verbs: - create - delete - get - list - patch - update - watch - apiGroups: - management.cattle.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - etcdmachinesnapshots/status verbs: - get - patch - update - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - etcdsnapshotrestores/status verbs: - get - patch - update - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: - rke2etcdmachinesnapshotconfigs/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: leader-election-rolebinding app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: rolebinding app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding namespace: rancher-turtles-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rancher-turtles-etcdsnapshotrestore-leader-election-role subjects: - kind: ServiceAccount name: rancher-turtles-etcdsnapshotrestore-manager namespace: rancher-turtles-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: rancher-turtles app.kubernetes.io/instance: manager-rolebinding app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: clusterrolebinding app.kubernetes.io/part-of: rancher-turtles turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role subjects: - kind: ServiceAccount name: rancher-turtles-etcdsnapshotrestore-manager namespace: rancher-turtles-system --- apiVersion: v1 kind: Service metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: rancher-turtles-system spec: ports: - port: 443 targetPort: webhook-server selector: turtles-capi.cattle.io: etcd-restore --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-controller-manager namespace: rancher-turtles-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager turtles-capi.cattle.io: etcd-restore spec: containers: - args: - --leader-elect command: - /manager env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_UID valueFrom: fieldRef: fieldPath: metadata.uid image: ghcr.io/rancher/turtles-etcd-snapshot-restore:dev imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 9440 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 9440 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: cert secret: secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-serving-cert namespace: rancher-turtles-system spec: dnsNames: - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc.cluster.local issuerRef: kind: Issuer name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer namespace: rancher-turtles-system spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: rancher-turtles-system path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config failurePolicy: Fail name: systemagentrke2config.kb.io rules: - apiGroups: - bootstrap.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - rke2configs sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert labels: turtles-capi.cattle.io: etcd-restore name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: rancher-turtles-system path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot failurePolicy: Fail matchPolicy: Equivalent name: etcdmachinesnapshot.kb.io rules: - apiGroups: - turtles-capi.cattle.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - etcdmachinesnapshots sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: rancher-turtles-etcdsnapshotrestore-webhook-service namespace: rancher-turtles-system path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore failurePolicy: Fail matchPolicy: Equivalent name: etcdsnapshotrestore.kb.io rules: - apiGroups: - turtles-capi.cattle.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - etcdsnapshotrestores sideEffects: None {{- end }}