feat: enable csi plugin for backups using nutanix csi and velero (#112)

* merge main

* image fixes

* checkpoint, please squish after fixing

* ironbank image

* pushing to ask for eyes

* downgrade csi plugin

* readme

* fmt

* Update backup-restore.md

* flavor

---------

Co-authored-by: Opnauticus <[email protected]>

README.md

@@ -61,11 +61,6 @@ These are the default bucket names. Gitlab allows you to add a suffix in your `u
 
     * velero-backups
   </details>
-  <details>
-    <summary> Velero </summary>
-
-    * velero-backups
-  </details>
   <details>
     <summary> Gitlab </summary>
 

bundles/uds-core-swf/uds-bundle.yaml

@@ -57,6 +57,22 @@ packages:
       velero:
         velero:
           values:
+            - path: initContainers
+              value:
+                - name: velero-plugin-for-aws
+                  image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2
+                  imagePullPolicy: IfNotPresent
+                  volumeMounts:
+                    - mountPath: /target
+                      name: plugins
+                - name: velero-plugin-for-csi
+                  image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0
+                  imagePullPolicy: IfNotPresent
+                  volumeMounts:
+                    - mountPath: /target
+                      name: plugins
+            - path: configuration.features
+              value: EnableCSI
             - path: snapshotsEnabled
               value: true
             - path: configuration.volumeSnapshotLocation

docs/backup-restore.md

@@ -1,15 +1,55 @@
 # Backup and Restore
 
 ## Velero
-This bundle has Velero configured to run automated backups and stores that data to the configured object storage bucket. To perform a restore you will want to get the name of the velero backup you want to use for your restore and perform a velero restore for the relevant namespace.
+This bundle has Velero configured to run automated backups and stores that data to the configured object storage bucket. The backup can be kicked off manually. Below is a start to finish process of taking a backup and restoring it, including restoring data on the Persistant Volume. If running a restore off of an automated backup, skip the first, manual step; the rest is the same.
 
-Example command to start a velero restore for a namespace:
+- Manually kick off a backup
 ```bash
-kubectl exec -it -n velero svc/velero-velero -- /bin/bash -c \
-    "velero restore create my-confluence-restore-$(date +%s)  \
-    --from-backup velero-velero-uds-confluence-backup-20240129050033 --include-namespaces confluence --wait"
+$ kubectl exec -it -n velero svc/velero -- /bin/bash -c "velero backup create \
+  manual-nexus-velero-backup-$(date +%s) --include-namespaces nexus"
+
+Backup request "manual-nexus-velero-backup-1716311265" submitted successfully.
+Run `velero backup describe manual-nexus-velero-backup-1716311265` or `velero backup logs manual-nexus-velero-backup-1716311265` for more details.
+```
+
+- Delete the PVC (Velero will not restore data if the backed up PV/PVC still exist)
+```bash
+$ kubectl delete pvc nexus-nexus-repository-manager-data 
+
+persistentvolumeclaim "nexus-nexus-repository-manager-data" deleted
 ```
 
+- Remove the finalizers on the PVC, allowing it to be deleted
+  ```yaml
+    finalizers:
+      - kubernetes.io/pvc-protection
+  ```
+```bash
+$ kubectl edit pvc nexus-nexus-repository-manager-data
+
+persistentvolumeclaim/nexus-nexus-repository-manager-data edited
+
+$ kubectl get pvc
+
+No resources found in nexus namespace.
+```
+
+- Run the restore
+```bash
+$ kubectl exec -it -n velero svc/velero -- /bin/bash -c "velero restore create velero-test-nexus-restore-$(date +%s) \
+  --from-backup manual-nexus-velero-backup-1716311265 --include-namespaces nexus --wait"
+
+Restore request "velero-test-nexus-restore-1716311387" submitted successfully.
+Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.
+.........
+Restore completed with status: Completed. You may check for more information using the commands `velero restore describe velero-test-nexus-restore-1716311387` and `velero restore logs velero-test-nexus-restore-1716311387`.
+```
+
+At this point, the pods should restart with the new data. The pods can also be deleted and allowed to recreate. Data should be restored to the PV from the time of the backup.
+
+> [!WARNING]
+> Unfortunately [according to the nutanix docs](https://portal.nutanix.com/page/documents/solutions/details?targetId=NVD-2177-Cloud-Native-6-5-OpenShift:application-backup-and-disaster-recovery.html#:~:text=As%20an%20alternative%20solution), NFS shares that are dynamically provisioned by the Nutanix Files CSI provisioner don't currently support the Kubernetes CSI Snapshot API -- meaning RWX volumes WILL NOT BE BACKED UP BY THIS PROCESS until an alternative solution like restic is in place.
+
 ## Gitlab
 Gitlab has its own utility to perform the backup and restore functionality. More details on how to use it shown are below.
 

packages/init/zarf.yaml

@@ -71,6 +71,8 @@ components:
       - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
       - registry.k8s.io/sig-storage/csi-resizer:v1.9.2
       - registry.k8s.io/sig-storage/livenessprobe:v2.11.0
+      - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0
+      - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2
 
   - name: namespaces
     required: true
@@ -131,6 +133,8 @@ components:
       - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
       - registry.k8s.io/sig-storage/csi-resizer:v1.9.2
       - registry.k8s.io/sig-storage/livenessprobe:v2.11.0
+      - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0
+      - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2
       - "###ZARF_PKG_TMPL_REGISTRY_IMAGE_DOMAIN######ZARF_PKG_TMPL_REGISTRY_IMAGE###:###ZARF_PKG_TMPL_REGISTRY_IMAGE_TAG###"
 
   # Creates the pod+git mutating webhook