Update rclone/restic exmaples for privileged

Signed-off-by: Tesshu Flower <[email protected]>
backube · Aug 21, 2023 · d39520b · d39520b
1 parent 19984c8
commit d39520b
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 6 deletions.
diff --git a/docs/usage/rclone/database_example.rst b/docs/usage/rclone/database_example.rst
@@ -9,6 +9,19 @@ First, create the source namespace and deploy the source MySQL database.
 .. code:: console
 
    $ kubectl create ns source
+   $ kubectl annotate namespace source volsync.backube/privileged-movers="true"
+
+.. note::
+    The second command to annotate the namespace is used to enable the rclone data mover to run in privileged mode.
+    This is because this simple example runs MySQL as root. For your own applications, you can run unprivileged by
+    setting the ``moverSecurityContext`` in your ReplicationSource/ReplicationDestination to match that of your
+    application in which case the namespace annotation will not be required. See the
+    :doc:`permission model documentation </usage/permissionmodel>` for more details.
+
+Deploy the source MySQL database.
+
+.. code:: console
+
    $ kubectl create -f examples/source-database/ -n source
 
 Verify the database is running.
@@ -41,6 +54,30 @@ Add a new database.
    > exit
    $ exit
 
+
+Now edit ``examples/rclone/rclone.conf`` with your rclone configuration, or you can deploy minio as object-storage to use
+with the examples.
+
+To start minio in your cluster, run:
+
+.. code:: console
+
+   $ hack/run-minio.sh
+
+If using minio then you can edit ``examples/rclone/rclone.conf`` to match the following:
+
+.. code-block:: none
+    :caption: rclone.conf for use with local minio
+
+    [rclone-bucket]
+    type = s3
+    provider = Minio
+    env_auth = false
+    access_key_id = access
+    secret_access_key = password
+    region = us-east-1
+    endpoint = http://minio.minio.svc.cluster.local:9000
+
 Now, deploy the ``rclone-secret`` followed by ``ReplicationSource`` configuration.
 
 .. code:: console
@@ -78,6 +115,7 @@ on the destination.
 .. code:: console
 
    $ kubectl create ns dest
+   $ kubectl annotate namespace dest volsync.backube/privileged-movers="true"
    $ kubectl create secret generic rclone-secret --from-file=rclone.conf=./examples/rclone/rclone.conf -n dest
    $ kubectl create -f examples/rclone/volsync_v1alpha1_replicationdestination.yaml -n dest
 

diff --git a/docs/usage/restic/database_example.rst b/docs/usage/restic/database_example.rst
@@ -13,11 +13,24 @@ A MySQL database will be used as the example application.
 Creating source PVC to be backed up
 -----------------------------------
 
-Create a namespace called ``source``, and deploy the source MySQL database.
+Create a namespace called ``source``
 
 .. code-block:: console
 
    $ kubectl create ns source
+   $ kubectl annotate namespace source volsync.backube/privileged-movers="true"
+
+.. note::
+    The second command to annotate the namespace is used to enable the restic data mover to run in privileged mode.
+    This is because this simple example runs MySQL as root. For your own applications, you can run unprivileged by
+    setting the ``moverSecurityContext`` in your ReplicationSource/ReplicationDestination to match that of your
+    application in which case the namespace annotation will not be required. See the
+    :doc:`permission model documentation </usage/permissionmodel>` for more details.
+
+Deploy the source MySQL database.
+
+.. code:: console
+
    $ kubectl -n source create -f examples/source-database/
 
 Verify the database is running:
@@ -205,6 +218,7 @@ To restore from the backup, create a destination, deploy ``restic-config`` and
 .. code-block:: console
 
    $ kubectl create ns dest
+   $ kubectl annotate namespace dest volsync.backube/privileged-movers="true"
    $ kubectl -n dest create -f examples/restic/source-restic/
 
 To start the restore, create a empty PVC for the data:

diff --git a/docs/usage/volume-populator/index.rst b/docs/usage/volume-populator/index.rst
@@ -5,8 +5,6 @@ ReplicationDestination Volume Populator
 .. toctree::
    :hidden:
 
-   volumepopulator_example
-
 .. sidebar:: Contents
 
    .. contents:: ReplicationDestination Volume Populator

diff --git a/examples/rclone/rclone.conf b/examples/rclone/rclone.conf
@@ -1,4 +1,4 @@
-[aws-s3-bucket]
+[rclone-bucket]
 type = s3
 provider = AWS
 env_auth = false

diff --git a/examples/rclone/volsync_v1alpha1_replicationdestination.yaml b/examples/rclone/volsync_v1alpha1_replicationdestination.yaml
@@ -8,7 +8,7 @@ spec:
   trigger:
     schedule: "*/5 * * * *"
   rclone:
-    rcloneConfigSection: "aws-s3-bucket"
+    rcloneConfigSection: "rclone-bucket"
     rcloneDestPath: "volsync-test-bucket/mysql-pv-claim"
     rcloneConfig: "rclone-secret"
     copyMethod: Snapshot

diff --git a/examples/rclone/volsync_v1alpha1_replicationsource.yaml b/examples/rclone/volsync_v1alpha1_replicationsource.yaml
@@ -9,7 +9,7 @@ spec:
   trigger:
     schedule: "*/10 * * * *"
   rclone:
-    rcloneConfigSection: "aws-s3-bucket"
+    rcloneConfigSection: "rclone-bucket"
     rcloneDestPath: "volsync-test-bucket/mysql-pv-claim"
     rcloneConfig: "rclone-secret"
     copyMethod: Snapshot