velero

velero/bsl/bsl-default-site-a.yaml

@@ -1,16 +0,0 @@
-apiVersion: velero.io/v1
-kind: BackupStorageLocation
-metadata:
-  name: default
-  namespace: velero
-spec:
-  provider: aws
-  objectStorage:
-    bucket: velero
-  config:
-    region: minio
-    s3Url: https://s3-a.c2et.net
-    s3ForcePathStyle: "true"
-  credential:
-    name: cloud-credentials-site-a
-    key: cloud

velero/bsl/bsl-site-b.yaml

@@ -1,16 +0,0 @@
-apiVersion: velero.io/v1
-kind: BackupStorageLocation
-metadata:
-  name: site-b
-  namespace: velero
-spec:
-  provider: aws
-  objectStorage:
-    bucket: velero
-  config:
-    region: minio
-    s3Url: https://s3-b.c2et.net
-    s3ForcePathStyle: "true"
-  credential:
-    name: cloud-credentials-site-b
-    key: cloud

velero/helm/values-approach-a.yaml

@@ -1,36 +0,0 @@
-credentials:
-  useSecret: true
-  existingSecret: ""
-  secretContents:
-    cloud: |
-      [default]
-      aws_access_key_id=velero-a
-      aws_secret_access_key=Clave-Velero-A
-
-configuration:
-  features: EnableCSI
-  backupStorageLocation:
-    - name: default
-      provider: aws
-      bucket: velero
-      config:
-        region: minio
-        s3Url: https://s3-a.c2et.net
-        s3ForcePathStyle: "true"
-
-initContainers:
-  - name: velero-plugin-for-aws
-    image: velero/velero-plugin-for-aws:v1.9.0
-    imagePullPolicy: IfNotPresent
-    volumeMounts:
-      - name: plugins
-        mountPath: /target
-  - name: velero-plugin-for-csi
-    image: velero/velero-plugin-for-csi:v0.7.0
-    imagePullPolicy: IfNotPresent
-    volumeMounts:
-      - name: plugins
-        mountPath: /target
-
-nodeAgent:
-  enabled: true

velero/helm/values-approach-b.yaml

@@ -1,30 +0,0 @@
-# values-combined.yaml
-credentials:
-  useSecret: false   # Secrets y BSLs los aplicas tú por YAML (como ya hiciste)
-
-configuration:
-  features: ""
-  backupStorageLocation: []       # ninguno desde Helm (los gestionas por YAML)
-  defaultVolumesToFsBackup: true  # copia datos de PV vía node-agent/Kopia al BSL
-
-# Dejamos SOLO el plugin de AWS; el CSI externo se quita (viene integrado en Velero 1.16)
-initContainers:
-  - name: velero-plugin-for-aws
-    image: velero/velero-plugin-for-aws:v1.9.0
-    imagePullPolicy: IfNotPresent
-    volumeMounts:
-      - name: plugins
-        mountPath: /target
-
-# **activar** el node-agent (DaemonSet) y darle tolerations "catch-all"
-deployNodeAgent: true
-nodeAgent:
-  podConfig:
-    tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      - key: "node-role.kubernetes.io/control-plane"
-        operator: "Exists"
-        effect: "NoSchedule"
-      - operator: "Exists"   # tolera cualquier otro taint

velero/monitoring/grafana-dashboard-velero.json

@@ -1,92 +0,0 @@
-{
-  "annotations": {
-    "list": []
-  },
-  "editable": true,
-  "gnetId": null,
-  "graphTooltip": 0,
-  "panels": [
-    {
-      "type": "stat",
-      "title": "Backups - Total",
-      "targets": [
-        {
-          "expr": "sum(velero_backup_total)",
-          "legendFormat": "total"
-        }
-      ],
-      "id": 1,
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "options": {
-        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ]
-        }
-      }
-    },
-    {
-      "type": "timeSeries",
-      "title": "Backups por estado",
-      "targets": [
-        {
-          "expr": "sum by (phase) (increase(velero_backup_attempt_total[1h]))",
-          "legendFormat": "{{phase}}"
-        }
-      ],
-      "id": 2,
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      }
-    },
-    {
-      "type": "timeSeries",
-      "title": "Duraci\u00f3n de backups (p95)",
-      "targets": [
-        {
-          "expr": "histogram_quantile(0.95, sum(rate(velero_backup_duration_seconds_bucket[5m])) by (le))",
-          "legendFormat": "p95"
-        }
-      ],
-      "id": 3,
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      }
-    },
-    {
-      "type": "timeSeries",
-      "title": "Errores del node-agent",
-      "targets": [
-        {
-          "expr": "sum(rate(velero_node_agent_errors_total[5m]))",
-          "legendFormat": "errores"
-        }
-      ],
-      "id": 4,
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      }
-    }
-  ],
-  "schemaVersion": 37,
-  "style": "dark",
-  "tags": [
-    "velero",
-    "backup"
-  ],
-  "templating": {
-    "list": []
-  },
-  "time": {
-    "from": "now-24h",
-    "to": "now"
-  },
-  "title": "Velero (MinIO S3)",
-  "version": 1
-}

velero/monitoring/servicemonitor.yaml

@@ -1,16 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: velero
-  namespace: velero
-  labels:
-    release: prometheus  # ajusta al selector de tu Prometheus
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: velero
-  namespaceSelector:
-    matchNames: ["velero"]
-  endpoints:
-    - port: metrics
-      interval: 30s

velero/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: velero

velero/readme.md

@@ -1,86 +0,0 @@
-# Velero + MinIO (c2et.net)
-
-Este paquete contiene:
-- `namespace.yaml`
-- Secrets de credenciales (`cloud-credentials-site-a`, `cloud-credentials-site-b`)
-- BackupStorageLocation (BSL) por YAML: `default` (site-a) y `site-b`
-- Ejemplo de `Schedule` (nightly a las 02:00 y 02:30)
-- `helm/values-approach-b.yaml`: despliegue de Velero sin BSL/Secret (GitOps)
-- `ServiceMonitor` (si usas Prometheus Operator)
-- Dashboard de Grafana (JSON)
-
-## Flujo recomendado (GitOps, Approach B)
-```bash
-# 1) Instala Velero por Helm sin BSL ni secrets
-helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-charts
-helm upgrade --install velero vmware-tanzu/velero -n velero --create-namespace -f helm/values-approach-b.yaml
-
-# 2) Aplica Secrets, BSLs y Schedules
-kubectl apply -f namespace.yaml
-kubectl apply -f secrets/secret-site-a.yaml -f secrets/secret-site-b.yaml
-kubectl apply -f bsl/bsl-default-site-a.yaml -f bsl/bsl-site-b.yaml
-kubectl apply -f schedules/schedules.yaml
-```
-
-## Cliente Velero
-Para interactuar con Velero necesitas el binario en tu máquina de administración.
-
-```bash
-# Linux AMD64
-wget https://github.com/vmware-tanzu/velero/releases/download/v1.16.2/velero-v1.16.2-linux-amd64.tar.gz
-tar -xvf velero-v1.16.2-linux-amd64.tar.gz
-sudo mv velero-v1.16.2-linux-amd64/velero /usr/local/bin/
-
-# MacOS Intel
-wget https://github.com/vmware-tanzu/velero/releases/download/v1.16.2/velero-v1.16.2-darwin-amd64.tar.gz
-tar -xvf velero-v1.16.2-darwin-amd64.tar.gz
-sudo mv velero-v1.16.2-darwin-amd64/velero /usr/local/bin/
-```
-
-Verifica la instalación:
-```bash
-velero version
-```
-
-## Hacer un backup manual
-Ejemplo: respaldar el namespace `wireguard`.
-```bash
-velero backup create wireguard-backup --include-namespaces wireguard --wait
-velero backup describe wireguard-backup --details
-```
-
-Puedes excluir recursos innecesarios (ej. CRDs de KubeVirt):
-```bash
-velero backup create smoke --include-namespaces default --exclude-resources uploadtokenrequests.upload.cdi.kubevirt.io --wait
-```
-
-## Programar backups (Schedules)
-Ejemplo de programación diaria a las 03:15, TTL de 30 días:
-```bash
-velero schedule create daily-wireguard   --schedule "15 3 * * *"   --include-namespaces wireguard   --ttl 720h   --default-volumes-to-fs-backup
-```
-
-Los schedules también se pueden definir por YAML en `schedules/schedules.yaml`.
-
-## Restaurar un backup
-### Restaurar al mismo namespace (desastre real)
-```bash
-# 1) Borrar el namespace roto
-kubectl delete ns wireguard
-
-# 2) Restaurar desde el backup
-velero restore create wireguard-restore --from-backup wireguard-backup --wait
-velero restore describe wireguard-restore --details
-```
-
-### Restaurar a otro namespace (ensayo)
-```bash
-kubectl create ns wireguard-restore
-velero restore create wireguard-restore-test   --from-backup wireguard-backup   --namespace-mappings wireguard:wireguard-restore   --wait
-```
-
-## Notas
-- MinIO requiere `s3ForcePathStyle=true`.
-- Si usas CA propia, añade `spec.config.caCert` en los BSL.
-- `ServiceMonitor` requiere Prometheus Operator; ajusta `metadata.labels.release` al valor que use tu Prometheus.
-- Importa el dashboard JSON en Grafana (datasource `prometheus`).

velero/schedules/schedules.yaml

@@ -1,27 +0,0 @@
-apiVersion: velero.io/v1
-kind: Schedule
-metadata:
-  name: nightly-a
-  namespace: velero
-spec:
-  schedule: "0 2 * * *"
-  template:
-    ttl: 168h
-    includedNamespaces:
-      - gitea
-      - apolo
-    storageLocation: default
----
-apiVersion: velero.io/v1
-kind: Schedule
-metadata:
-  name: nightly-b
-  namespace: velero
-spec:
-  schedule: "30 2 * * *"
-  template:
-    ttl: 168h
-    includedNamespaces:
-      - giteay
-      - apolo
-    storageLocation: site-b

velero/secrets/secret-site-a.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloud-credentials-site-a
-  namespace: velero
-type: Opaque
-stringData:
-  cloud: |
-    [default]
-    aws_access_key_id=velero-a
-    aws_secret_access_key=Pozuelo12345

velero/secrets/secret-site-b.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloud-credentials-site-b
-  namespace: velero
-type: Opaque
-stringData:
-  cloud: |
-    [default]
-    aws_access_key_id=velero-b
-    aws_secret_access_key=Pozuelo12345

velero/vsl-default.yaml

@@ -1,7 +0,0 @@
-apiVersion: velero.io/v1
-kind: VolumeSnapshotLocation
-metadata:
-  name: default
-  namespace: velero
-spec:
-  provider: velero.io/csi