--- # Velero — S3 backup target + built-in CSI snapshots (Longhorn: label VolumeSnapshotClass per README). - name: Apply velero namespace ansible.builtin.command: argv: - kubectl - apply - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/velero/namespace.yaml" environment: KUBECONFIG: "{{ noble_kubeconfig }}" when: noble_velero_install | default(false) | bool changed_when: true - name: Include Velero settings from repository .env (S3 bucket, URL, credentials) ansible.builtin.include_tasks: from_env.yml when: noble_velero_install | default(false) | bool - name: Require S3 bucket and endpoint for Velero ansible.builtin.assert: that: - noble_velero_s3_bucket | default('') | length > 0 - noble_velero_s3_url | default('') | length > 0 fail_msg: >- Set NOBLE_VELERO_S3_BUCKET and NOBLE_VELERO_S3_URL in .env, or noble_velero_s3_bucket / noble_velero_s3_url (e.g. -e ...), or group_vars when noble_velero_install is true. when: noble_velero_install | default(false) | bool - name: Create velero-cloud-credentials from Ansible vars ansible.builtin.shell: | set -euo pipefail CLOUD="$(printf '[default]\naws_access_key_id=%s\naws_secret_access_key=%s\n' \ "${AWS_ACCESS_KEY_ID}" "${AWS_SECRET_ACCESS_KEY}")" kubectl -n velero create secret generic velero-cloud-credentials \ --from-literal=cloud="${CLOUD}" \ --dry-run=client -o yaml | kubectl apply -f - environment: KUBECONFIG: "{{ noble_kubeconfig }}" AWS_ACCESS_KEY_ID: "{{ noble_velero_aws_access_key_id }}" AWS_SECRET_ACCESS_KEY: "{{ noble_velero_aws_secret_access_key }}" when: - noble_velero_install | default(false) | bool - noble_velero_aws_access_key_id | default('') | length > 0 - noble_velero_aws_secret_access_key | default('') | length > 0 no_log: true changed_when: true - name: Check velero-cloud-credentials Secret ansible.builtin.command: argv: - kubectl - -n - velero - get - secret - velero-cloud-credentials environment: KUBECONFIG: "{{ noble_kubeconfig }}" register: noble_velero_secret_check failed_when: false changed_when: false when: noble_velero_install | default(false) | bool - name: Require velero-cloud-credentials before Helm ansible.builtin.assert: that: - noble_velero_secret_check.rc == 0 fail_msg: >- Velero needs Secret velero/velero-cloud-credentials (key cloud). Set NOBLE_VELERO_AWS_ACCESS_KEY_ID and NOBLE_VELERO_AWS_SECRET_ACCESS_KEY in .env, or noble_velero_aws_* extra-vars, or create the Secret manually (see clusters/noble/bootstrap/velero/README.md). when: noble_velero_install | default(false) | bool - name: Optional object prefix argv for Helm ansible.builtin.set_fact: noble_velero_helm_prefix_argv: "{{ ['--set-string', 'configuration.backupStorageLocation[0].prefix=' ~ (noble_velero_s3_prefix | default(''))] if (noble_velero_s3_prefix | default('') | length > 0) else [] }}" when: noble_velero_install | default(false) | bool - name: Install Velero ansible.builtin.command: argv: "{{ ['helm', 'upgrade', '--install', 'velero', 'vmware-tanzu/velero', '--namespace', 'velero', '--version', noble_velero_chart_version, '-f', noble_repo_root ~ '/clusters/noble/bootstrap/velero/values.yaml', '--set-string', 'configuration.backupStorageLocation[0].bucket=' ~ noble_velero_s3_bucket, '--set-string', 'configuration.backupStorageLocation[0].config.s3Url=' ~ noble_velero_s3_url, '--set-string', 'configuration.backupStorageLocation[0].config.region=' ~ noble_velero_s3_region, '--set-string', 'configuration.backupStorageLocation[0].config.s3ForcePathStyle=' ~ noble_velero_s3_force_path_style] + (noble_velero_helm_prefix_argv | default([])) + ['--wait'] }}" environment: KUBECONFIG: "{{ noble_kubeconfig }}" when: noble_velero_install | default(false) | bool changed_when: true