kubectl get storageclasses.storage.k8s.io
kubectl get volumesnapshotclasses.snapshot.storage.k8s.ioNAMESPACE=gtopopup
RESTORE_NAMESPACE=restore
PPDM_POLICY=PPDM_GOLDSTORAGECLASS=$(kubectl get storageclass -o=jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubernetes\.io/is-default-class=="true")].metadata.name}')
# for using storageclass.beta.kubernetes.io :
[ -z "$STORAGECLASS" ] && STORAGECLASS="$(kubectl get storageclass -o=jsonpath='{.items[?(@.metadata.annotations.storageclass\.beta\.kubernetes\.io/is-default-class=="true")].metadata.name}')"kubectl apply -f - <<EOF
kind: Namespace
apiVersion: v1
metadata:
name: ${NAMESPACE}
labels:
ppdm_policy: ${PPDM_POLICY}
EOFkubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-${NAMESPACE}
namespace: ${NAMESPACE}
labels:
usage: pvc-${NAMESPACE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: ${STORAGECLASS}
EOFkubectl get persistentvolume
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: pod-${NAMESPACE}
namespace: ${NAMESPACE}
spec:
volumes:
- name: pvc-${NAMESPACE}
persistentVolumeClaim:
claimName: pvc-${NAMESPACE}
containers:
- name: container-${NAMESPACE}
image: bottkars/dps-automation-image-alpine
command: ["/bin/sh"]
args: ["-c", "sleep 100000"]
volumeMounts:
- mountPath: "/data"
name: pvc-${NAMESPACE}
EOFkubectl wait -n ${NAMESPACE} pod/pod-${NAMESPACE} --for condition=Ready --timeout=200skubectl -n ${NAMESPACE} exec -it pods/pod-${NAMESPACE} -- /bin/bashhead -c 1024m /dev/zero | openssl enc -aes-128-cbc -pbkdf2 -pass pass:"$(head -c 20 /dev/urandom | base64)" > /data/my1GBfilethe ppdm discovery should invoke the protection rule for the newly discovered namespaces and add the to teh policy
ansible-playbook ~/workspace/ansible_ppdm/playbook_start_k8s_discoveries.ymlFinally, we can stat the Policy AdHoc:
ansible-playbook ~/workspace/ansible_ppdm/playbook_start_k8s_policy.yml