v1.4.3 cherry-picks and changelogs (#3025)

* Ensure PVs and PVCs remain bound when doing a restore (#3007)

* Only remove the UID from a PV's claimRef

The UID is the only part of a claimRef that might prevent it from being
rebound correctly on a restore. The namespace and name within the
claimRef should be preserved in order to ensure that the PV is claimed
by the correct PVC on restore.

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Remap PVs claimRef.namespace on relevant restores

When remapping namespaces, any included PVs need to have their claimRef
updated to point remapped namespaces to the new namespace name in order
to be bound to the correct PVC.

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Update tests and ensure claimRef namespace remaps

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Remove lowercased uid field from unstructured PV

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Fix issues that prevented PVs from being restored

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Add changelog

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Dynamically reprovision volumes without snapshots

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Update test for lower case uid field

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Remove stray debugging print statement

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Fix typo, remove extra code, add tests.

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* fix: rename the PV if VolumeSnapshotter has modified the PV name (#2835)

When VolumeSnapshotter sets the PV name via SetVolumeID and PV is
not there in the cluster, velero does not rename the PV. Which causes
the pvc to be in the lost state as pvc points to the old PV but pv object
has been renamed by VolumeSnapshotter.

Signed-off-by: Pawan <pawan@mayadata.io>

* adding a test case for pv rename

Signed-off-by: Pawan <pawan@mayadata.io>
Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* restore proper lowercase/plural CRD resource (#2949)

* restore proper lowercase/plural CRD resource

This commit restores the proper resource string
"customresourcedefinitions" for CRD. The prior change to
"CustomResourceDefinition" was made because this was being used
in another place to populate the CRD "Kind" field in
remap_crd_version_action.go -- there, just use the correct Kind
string instead of pulling from Resource.

Signed-off-by: Scott Seago <sseago@redhat.com>

* add changelog

Signed-off-by: Scott Seago <sseago@redhat.com>

* Update changelogs for v1.4.3

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

Co-authored-by: Pawan Prakash Sharma <pawanprakash101@gmail.com>
Co-authored-by: Scott Seago <sseago@redhat.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: Tell us about a problem you are experiencing
+
+---
+
+**What steps did you take and what happened:**
+[A clear and concise description of what the bug is, and what commands you ran.)
+
+
+**What did you expect to happen:**
+
+
+**The output of the following commands will help us better understand what's going on**:
+(Pasting long output into a [GitHub gist](https://gist.github.com) or other pastebin is fine.)
+
+* `kubectl logs deployment/velero -n velero`
+* `velero backup describe <backupname>` or `kubectl get backup/<backupname> -n velero -o yaml`
+* `velero backup logs <backupname>`
+* `velero restore describe <restorename>` or `kubectl get restore/<restorename> -n velero -o yaml`
+* `velero restore logs <restorename>`
+
+
+**Anything else you would like to add:**
+[Miscellaneous information that will assist in solving the issue.]
+
+
+**Environment:**
+
+- Velero version (use `velero version`): 
+- Velero features (use `velero client config get features`): 
+- Kubernetes version (use `kubectl version`):
+- Kubernetes installer & version:
+- Cloud provider or hardware configuration:
+- OS (e.g. from `/etc/os-release`):

.github/ISSUE_TEMPLATE/feature-enhancement-request.md

@@ -0,0 +1,25 @@
+---
+name: Feature enhancement request
+about: Suggest an idea for this project
+
+---
+
+**Describe the problem/challenge you have**
+[A description of the current limitation/problem/challenge that you are experiencing.]
+
+
+**Describe the solution you'd like**
+[A clear and concise description of what you want to happen.]
+
+
+**Anything else you would like to add:**
+[Miscellaneous information that will assist in solving the issue.]
+
+
+**Environment:**
+
+- Velero version (use `velero version`):
+- Kubernetes version (use `kubectl version`):
+- Kubernetes installer & version:
+- Cloud provider or hardware configuration:
+- OS (e.g. from `/etc/os-release`):

.github/workflows/pr.yml

@@ -0,0 +1,14 @@
+name: Pull Request CI Check
+on: [pull_request]
+jobs:
+
+  build:
+    name: Run CI
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Check out the code
+      uses: actions/checkout@v2
+
+    - name: Make ci
+      run: make ci

.github/workflows/push.yml

@@ -0,0 +1,34 @@
+name: Master CI
+
+on:
+  push:
+    branches: [ master ]
+    tags:
+      - '*'
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.14
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.14
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Build
+      run: make local
+
+    - name: Test
+      run: make test
+
+    - name: Publish container image
+      run: |
+        docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }}
+        ./hack/docker-push.sh

.gitignore

@@ -26,8 +26,9 @@ _testmain.go
 
 debug
 
-/ark
+/velero
 .idea/
+Tiltfile
 
 .container-*
 .vimrc
@@ -37,4 +38,13 @@ debug
 .vscode
 *.diff
 
-_site/
+# Jekyll compiled data
+site/_site
+site/.sass-cache
+site/.jekyll
+site/.jekyll-metadata
+site/.bundle
+site/vendor
+.ruby-version
+
+.vs

.goreleaser.yml

@@ -0,0 +1,58 @@
+# Copyright 2018 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dist: _output
+builds:
+  - main: ./cmd/velero/main.go
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm
+      - arm64
+      - ppc64le
+    ignore:
+      # don't build arm/arm64 for darwin or windows
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: arm64
+      - goos: darwin
+        goarch: ppc64le
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: ppc64le
+    ldflags:
+      - -X "github.com/vmware-tanzu/velero/pkg/buildinfo.Version={{ .Tag }}" -X "github.com/vmware-tanzu/velero/pkg/buildinfo.GitSHA={{ .FullCommit }}" -X "github.com/vmware-tanzu/velero/pkg/buildinfo.GitTreeState={{ .Env.GIT_TREE_STATE }}"
+archives:
+  - name_template: "{{ .ProjectName }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
+    wrap_in_directory: true
+    files:
+      - LICENSE
+      - examples/**/*
+checksum:
+  name_template: 'CHECKSUM'
+release:
+  github:
+    owner: vmware-tanzu
+    name: velero
+  draft: true
+  prerelease: auto

.travis.yml

@@ -1,11 +0,0 @@
-language: go
-
-go:
-  - 1.10.x
-
-sudo: required
-
-services:
-  - docker
-
-script: make ci

ADOPTERS.md

@@ -0,0 +1,104 @@
+# Velero Adopters
+
+If you're using Velero and want to add your organization to this list, 
+[follow these directions][1]!
+
+<a href="https://www.bitgo.com" border="0" target="_blank"><img alt="bitgo.com" src="site/img/adopters/BitGo.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://www.nirmata.com" border="0" target="_blank"><img alt="nirmata.com" src="site/img/adopters/nirmata.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://kyma-project.io/" border="0" target="_blank"><img alt="kyma-project.io" src="site/img/adopters/kyma.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://redhat.com/" border="0" target="_blank"><img alt="redhat.com" src="site/img/adopters/redhat.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://dellemc.com/" border="0" target="_blank"><img alt="dellemc.com" src="site/img/adopters/DellEMC.png" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://bugsnag.com/" border="0" target="_blank"><img alt="bugsnag.com" src="site/img/adopters/bugsnag.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://okteto.com/" border="0" target="_blank"><img alt="okteto.com" src="site/img/adopters/okteto.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://banzaicloud.com/" border="0" target="_blank"><img alt="banzaicloud.com" src="site/img/adopters/banzaicloud.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://sighup.io/" border="0" target="_blank"><img alt="sighup.io" src="site/img/adopters/sighup.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+<a href="https://mayadata.io/" border="0" target="_blank"><img alt="mayadata.io" src="site/img/adopters/mayadata.svg" height="50"></a>&nbsp; &nbsp; &nbsp;
+
+## Success Stories
+
+Below is a list of adopters of Velero in **production environments** that have
+publicly shared the details of how they use it.
+
+**[BitGo][20]**  
+BitGo uses Velero backup and restore capabilities to seamlessly provision and scale fullnode statefulsets on the fly as well as having it serve an integral piece for our kubernetes disaster-recovery story.
+
+**[Bugsnag][30]**  
+We use Velero for managing backups of an internal instance of our on-premise clustered solution. We also recommend our users of [on-premise Bugsnag installations][31] use Velero for [managing their own backups][32].
+
+**[Banzai Cloud][60]**  
+[Banzai Cloud Pipeline][61] is a Kubernetes-based microservices platform that integrates services needed for Day-1 and Day-2 operations along with first-class support both for on-prem and hybrid multi-cloud deployments. We use Velero to periodically [backup and restore these clusters in case of disasters][62].
+
+## Solutions built with Velero
+
+Below is a list of solutions where Velero is being used as a component.
+
+**[Nirmata][10]**  
+We have integrated our [solution with Velero][11] to provide our customers with out of box backup/DR.
+
+**[Kyma][40]**  
+Kyma [integrates with Velero][41] to effortlessly back up and restore Kyma clusters with all its resources. Velero capabilities allow Kyma users to define and run manual and scheduled backups in order to successfully handle a disaster-recovery scenario.
+
+**[Red Hat][50]**  
+Red Hat has developed the [Cluster Application Migration Tool][51] which uses [Velero and Restic][52] to drive the migration of applications between OpenShift clusters.
+
+**[Dell EMC][70]**  
+For Kubernetes environments, [PowerProtect Data Manager][71] leverages the Container Storage Interface (CSI) framework to take snapshots to back up the persistent data or the data that the application creates e.g. databases. [Dell EMC leverages Velero][72] to backup the namespace configuration files (also known as Namespace meta data) for enterprise grade data protection.
+
+**[SIGHUP][80]**  
+SIGHUP integrates Velero in its [Fury Kubernetes Distribution][81] providing predefined schedules and configurations to ensure an optimized disaster recovery experience.
+[Fury Kubernetes Disaster Recovery Module][82] is ready to be deployed into any Kubernetes cluster running anywhere.
+
+**[MayaData][90]**  
+MayaData is a large user of Velero as well as a contributor. MayaData offers a Data Agility platform called [OpenEBS Director][91], that helps customers confidently and easily manage stateful workloads in Kubernetes. Velero is one of the core software building block of the OpenEBS Director's [DMaaS or data migration as a service offering][92] used to enable data protection strategies.
+
+**[Okteto][93]**  
+Okteto integrates Velero in [Okteto Cloud][94] and [Okteto Enterprise][95] to periodically backup and restore our clusters for disaster recovery. Velero is also a core software building block to provide namespace cloning capabilities, a feature that allows our users cloning staging environments into their personal development namespace for providing production-like development environments.
+​
+## Adding your organization to the list of Velero Adopters
+
+If you are using Velero and would like to be included in the list of `Velero Adopters`, add an SVG version of your logo to the `site/img/adopters` directory in this repo and submit a [pull request][3] with your change. Name the image file something that reflects your company (e.g., if your company is called Acme, name the image acme.png). See this for an example [PR][4].
+
+### Adding a logo to velero.io
+
+If you would like to add your logo to a future `Adopters of Velero` section on [velero.io][2], follow the steps above to add your organization to the list of Velero Adopters. Our community will follow up and publish it to the [velero.io][2] website.
+
+[1]: #adding-a-logo-to-veleroio
+[2]: https://velero.io
+[3]: https://github.com/vmware-tanzu/velero/pulls
+[4]: https://github.com/vmware-tanzu/velero/pull/2242
+
+[10]: https://www.nirmata.com/2019/08/14/kubernetes-disaster-recovery-using-velero-and-nirmata/
+[11]: https://nirmata.com
+
+[20]: https://bitgo.com
+
+[30]: https://bugsnag.com
+[31]: https://www.bugsnag.com/on-premise
+[32]: https://docs.bugsnag.com/on-premise/clustered/backup-restore/
+
+[40]: https://kyma-project.io
+[41]: https://kyma-project.io/docs/components/backup/#overview-overview
+
+[50]: https://redhat.com
+[51]: https://github.com/fusor/mig-operator
+[52]: https://github.com/fusor/mig-operator/blob/master/docs/usage/2.md
+
+[60]: https://banzaicloud.com
+[61]: https://banzaicloud.com/products/pipeline/
+[62]: https://banzaicloud.com/blog/vault-backup-velero/
+
+[70]: https://dellemc.com
+[71]: https://dellemc.com/dataprotection
+[72]: https://www.dellemc.com/resources/en-us/asset/briefs-handouts/solutions/h18141-dellemc-dpd-kubernetes.pdf
+
+[80]: https://sighup.io
+[81]: https://github.com/sighupio/fury-distribution
+[82]: https://github.com/sighupio/fury-kubernetes-dr
+
+[90]: https://mayadata.io
+[91]: https://director.mayadata.io/
+[92]: https://help.mayadata.io/hc/en-us/articles/360033401591-DMaaS
+
+[93]: https://okteto.com
+[94]: https://cloud.okteto.com
+[95]: https://okteto.com/enterprise/

CHANGELOG.md

@@ -1,321 +1,37 @@
-# Changelog
+## Current release:
+  * [CHANGELOG-1.4.md][14]
 
-#### [v0.9.11](https://github.com/heptio/ark/releases/tag/v0.9.11) - 2018-11-08
+## Development release:
+  * [Unreleased Changes][0]
 
-#### Bug Fixes
-  * Fix bug preventing PV snapshots from being restored (#1040, @ncdc)
-
-#### [v0.9.10](https://github.com/heptio/ark/releases/tag/v0.9.10) - 2018-11-01
-
-#### Bug Fixes
-  * restore storageclasses before pvs and pvcs (#594, @shubheksha)
-  * AWS: Ensure that the order returned by ListObjects is consistent (#999, @bashofmann)
-  * Add CRDs to list of prioritized resources (#424, @domenicrosati)
-  * Verify PV doesn't exist before creating new volume (#609, @nrb)
-  * Update README.md - Grammar mistake corrected (#1018, @midhunbiju)
-
-#### [v0.9.9](https://github.com/heptio/ark/releases/tag/v0.9.9) - 2018-10-24
-
-#### Bug Fixes
-  * Check if initContainers key exists before attempting to remove volume mounts. (#927, @skriss)
-
-#### [v0.9.8](https://github.com/heptio/ark/releases/tag/v0.9.8) - 2018-10-18
-
-#### Bug Fixes
-  * Discard service account token volume mounts from init containers on restore (#910, @james-powis)
-  * Support --include-cluster-resources flag when creating schedule (#942, @captjt)
-  * Remove logic to get a GCP project (#926, @shubheksha)
-  * Only try to back up PVCs linked PV if the PVC's phase is Bound (#920, @skriss)
-  * Claim ownership of new AWS volumes on Kubernetes cluster being restored into (#801, @ljakimczuk)
-  * Remove timeout check when taking snapshots (#928, @carlisia)
-
-#### [v0.9.7](https://github.com/heptio/ark/releases/tag/v0.9.7) - 2018-10-04
-
-#### Bug Fixes
-  * Preserve explicitly-specified node ports during restore (#712, @timoreimann)
-  * Enable restoring resources with ownerReference set (#837, @mwieczorek)
-  * Fix error when restoring ExternalName services (#869, @shubheksha)
-  * remove restore log helper for accurate line numbers (#891, @skriss)
-  * Display backup StartTimestamp in `ark backup get` output (#894, @marctc)
-  * Fix restic restores when using namespace mappings (#900, @skriss)
-
-#### [v0.9.6](https://github.com/heptio/ark/releases/tag/v0.9.6) - 2018-09-21
-
-#### Bug Fixes
-  * Discard service account tokens from non-default service accounts on restore (#843, @james-powis)
-  * Update Docker images to use `alpine:3.8` (#852, @nrb)
-
-#### [v0.9.5](https://github.com/heptio/ark/releases/tag/v0.9.5) - 2018-09-17
-
-#### Bug Fixes
-  * Fix issue causing restic restores not to work (#834, @skriss)
-
-#### [v0.9.4](https://github.com/heptio/ark/releases/tag/v0.9.4) - 2018-09-05
-
-#### Bug Fixes
-  * Terminate plugin clients to resolve memory leaks (#797, @skriss)
-  * Fix nil map errors when merging annotations (#812, @nrb)
-
-#### [v0.9.3](https://github.com/heptio/ark/releases/tag/v0.9.3) - 2018-08-10
-
-#### Bug Fixes
-  * Initalize Prometheus metrics when creating a new schedule (#689, @lemaral)
-
-#### [v0.9.2](https://github.com/heptio/ark/releases/tag/v0.9.2) - 2018-07-26
-
-##### Bug Fixes:
-  * Fix issue where modifications made by backup item actions were not being saved to backup tarball (#704, @skriss)
-
-#### [v0.9.1](https://github.com/heptio/ark/releases/tag/v0.9.1) - 2018-07-23
-
-##### Bug Fixes:
-  * Require namespace for Ark's CRDs to already exist at server startup (#676, @skriss)
-  * Require all Ark CRDs to exist at server startup (#683, @skriss)
-  * Fix `latest` tagging in Makefile (#690, @skriss)
-  * Make Ark compatible with clusters that don't have the `rbac.authorization.k8s.io/v1` API group (#682, @nrb)
-  * Don't consider missing snapshots an error during backup deletion, limit backup deletion requests per backup to 1 (#687, @skriss)
-
-#### [v0.9.0](https://github.com/heptio/ark/releases/tag/v0.9.0) - 2018-07-06
-
-##### Highlights:
-  * Ark now has support for backing up and restoring Kubernetes volumes using a free open-source backup tool called [restic](https://github.com/restic/restic).
-    This provides users an out-of-the-box solution for backing up and restoring almost any type of Kubernetes volume, whether or not it has snapshot support
-    integrated with Ark. For more information, see the [documentation](https://github.com/heptio/ark/blob/master/docs/restic.md).
-  * Support for Prometheus metrics has been added! View total number of backup attempts (including success or failure), total backup size in bytes, and backup
-    durations. More metrics coming in future releases!
-
-##### All New Features:
-  * Add restic support (#508 #532 #533 #534 #535 #537 #540 #541 #545 #546 #547 #548 #555 #557 #561 #563 #569 #570 #571 #606 #608 #610 #621 #631 #636, @skriss)
-  * Add prometheus metrics (#531 #551 #564, @ashish-amarnath @nrb)
-  * When backing up a service account, include cluster roles/cluster role bindings that reference it (#470, @skriss)
-  * When restoring service accounts, copy secrets/image pull secrets into the target cluster even if the service account already exists (#403, @nrb)
-
-##### Bug Fixes / Other Changes:
-  * Upgrade to Kubernetes 1.10 dependencies (#417, @skriss)
-  * Upgrade to go 1.10 and alpine 3.7 (#456, @skriss)
-  * Display no excluded resources/namespaces as `<none>` rather than `*` (#453, @nrb)
-  * Skip completed jobs and pods when restoring (#463, @nrb)
-  * Set namespace correctly when syncing backups from object storage (#472, @skriss)
-  * When building on macOS, bind-mount volumes with delegated config (#478, @skriss)
-  * Add replica sets and daemonsets to cohabitating resources so they're not backed up twice (#482 #485, @skriss)
-  * Shut down the Ark server gracefully on SIGINT/SIGTERM (#483, @skriss)
-  * Only back up resources that support GET and DELETE in addition to LIST and CREATE (#486, @nrb)
-  * Show a better error message when trying to get an incomplete restore's logs (#496, @nrb)
-  * Stop processing when setting a backup deletion request's phase to `Deleting` fails (#500, @nrb)
-  * Add library code to install Ark's server components (#437 #506, @marpaia)
-  * Properly handle errors when backing up additional items (#512, @carlpett)
-  * Run post hooks even if backup actions fail (#514, @carlpett)
-  * GCP: fail backup if upload to object storage fails (#510, @nrb)
-  * AWS: don't require `region` as part of backup storage provider config (#455, @skriss)
-  * Ignore terminating resources while doing a backup (#526, @yastij)
-  * Log to stdout instead of stderr (#553, @ncdc)
-  * Move sample minio deployment's config to an emptyDir (#566, @runyontr)
-  * Add `omitempty` tag to optional API fields (@580, @nikhita)
-  * Don't restore PVs with a reclaim policy of `Delete` and no snapshot (#613, @ncdc)
-  * Don't restore mirror pods (#619, @ncdc)
-
-##### Docs Contributors:
-  * @gianrubio
-  * @castrojo
-  * @dhananjaysathe
-  * @c-knowles
-  * @mattkelly
-  * @ae-v
-  * @hamidzr
+## Older releases:
+  * [CHANGELOG-1.3.md][13]
+  * [CHANGELOG-1.2.md][12]
+  * [CHANGELOG-1.1.md][11]
+  * [CHANGELOG-1.0.md][10]
+  * [CHANGELOG-0.11.md][9]
+  * [CHANGELOG-0.10.md][8]
+  * [CHANGELOG-0.9.md][7]
+  * [CHANGELOG-0.8.md][6]
+  * [CHANGELOG-0.7.md][5]
+  * [CHANGELOG-0.6.md][4]
+  * [CHANGELOG-0.5.md][3]
+  * [CHANGELOG-0.4.md][2]
+  * [CHANGELOG-0.3.md][1]
 
 
-#### [v0.8.3](https://github.com/heptio/ark/releases/tag/v0.8.3) - 2018-06-29
-
-##### Bug Fixes:
-  * Don't restore backup and restore resources to avoid possible data corruption (#622, @ncdc)
-
-#### [v0.8.2](https://github.com/heptio/ark/releases/tag/v0.8.2) - 2018-06-01
-
-##### Bug Fixes:
-  * Don't crash when a persistent volume claim is missing spec.volumeName (#520, @ncdc)
-
-#### [v0.8.1](https://github.com/heptio/ark/releases/tag/v0.8.1) - 2018-04-23
-
-##### Bug Fixes:
-  * Azure: allow pre-v0.8.0 backups with disk snapshots to be restored and deleted (#446 #449, @skriss)
-
-#### [v0.8.0](https://github.com/heptio/ark/releases/tag/v0.8.0) - 2018-04-19
-
-##### Highlights:
-  * Backup deletion has been completely revamped to make it simpler and less error-prone. As a user, you still use the `ark backup delete` command to request deletion of a backup and its associated cloud
-  resources; behind the scenes, we've switched to using a new `DeleteBackupRequest` Custom Resource and associated controller for processing deletion requests.
-  * We've reduced the number of required fields in the Ark config. For Azure, `location` is no longer required, and for GCP, `project` is not needed.
-  * Ark now copies tags from volumes to snapshots during backup, and from snapshots to new volumes during restore. 
-
-##### Breaking Changes:
-  * Ark has moved back to a single namespace (`heptio-ark` by default) as part of #383.
-
-##### All New Features:
-  * Add global `--kubecontext` flag to Ark CLI (#296, @blakebarnett)
-  * Azure: support cross-resource group restores of volumes (#356 #378, @skriss)
-  * AWS/Azure/GCP: copy tags from volumes to snapshots, and from snapshots to volumes (#341, @skriss)
-  * Replace finalizer for backup deletion with `DeleteBackupRequest` custom resource & controller (#383 #431, @ncdc @nrb)
-  * Don't log warnings during restore if an identical object already exists in the cluster (#405, @nrb)
-  * Add bash & zsh completion support (#384, @containscafeine)
-  
-##### Bug Fixes / Other Changes:
-  * Error from the Ark CLI if attempting to restore a non-existent backup (#302, @ncdc)
-  * Enable running the Ark server locally for development purposes (#334, @ncdc)
-  * Add examples to `ark schedule create` documentation (#331, @lypht)
-  * GCP: Remove `project` requirement from Ark config (#345, @skriss)
-  * Add `--from-backup` flag to `ark restore create` and allow custom restore names (#342 #409, @skriss)
-  * Azure: remove `location` requirement from Ark config (#344, @skriss)
-  * Add documentation/examples for storing backups in IBM Cloud Object Storage (#321, @roytman)
-  * Reduce verbosity of hooks logging (#362, @skriss)
-  * AWS: Add minimal IAM policy to documentation (#363 #419, @hopkinsth)
-  * Don't restore events (#374, @sanketjpatel)
-  * Azure: reduce API polling interval from 60s to 5s (#359, @skriss)
-  * Switch from hostPath to emptyDir volume type for minio example (#386, @containscafeine)
-  * Add limit ranges as a prioritized resource for restores (#392, @containscafeine)
-  * AWS: Add documentation on using Ark with kube2iam (#402, @domderen)
-  * Azure: add node selector so Ark pod is scheduled on a linux node (#415, @ffd2subroutine)
-  * Error from the Ark CLI if attempting to get logs for a non-existent restore (#391, @containscafeine)
-  * GCP: Add minimal IAM policy to documentation (#429, @skriss @jody-frankowski)
-
-##### Upgrading from v0.7.1:
-  Ark v0.7.1 moved the Ark server deployment into a separate namespace, `heptio-ark-server`. As of v0.8.0 we've
-  returned to a single namespace, `heptio-ark`, for all Ark-related resources. If you're currently running v0.7.1,
-  here are the steps you can take to upgrade:
-
-1. Execute the steps from the **Credentials and configuration** section for your cloud:
-    * [AWS](https://heptio.github.io/ark/v0.8.0/aws-config#credentials-and-configuration)
-    * [Azure](https://heptio.github.io/ark/v0.8.0/azure-config#credentials-and-configuration)
-    * [GCP](https://heptio.github.io/ark/v0.8.0/gcp-config#credentials-and-configuration)
-
-    When you get to the secret creation step, if you don't have your `credentials-ark` file handy, 
-    you can copy the existing secret from your `heptio-ark-server` namespace into the `heptio-ark` namespace:
-    ```bash
-    kubectl get secret/cloud-credentials -n heptio-ark-server --export -o json | \
-      jq '.metadata.namespace="heptio-ark"' | \
-      kubectl apply -f -
-    ```
-
-2. You can now safely delete the `heptio-ark-server` namespace:
-    ```bash
-    kubectl delete namespace heptio-ark-server
-    ```
-
-3. Execute the commands from the **Start the server** section for your cloud:
-    * [AWS](https://heptio.github.io/ark/v0.8.0/aws-config#start-the-server)
-    * [Azure](https://heptio.github.io/ark/v0.8.0/azure-config#start-the-server)
-    * [GCP](https://heptio.github.io/ark/v0.8.0/gcp-config#start-the-server)
-
-
-#### [v0.7.1](https://github.com/heptio/ark/releases/tag/v0.7.1) - 2018-02-22
-
-Bug Fixes:
-  * Run the Ark server in its own namespace, separate from backups/schedules/restores/config (#322, @ncdc)
-
-#### [v0.7.0](https://github.com/heptio/ark/releases/tag/v0.7.0) - 2018-02-15
-
-New Features:
-  * Run the Ark server in any namespace (#272, @ncdc)
-  * Add ability to delete backups and their associated data (#252, @skriss)
-  * Support both pre and post backup hooks (#243, @ncdc)
-
-Bug Fixes / Other Changes:
-  * Switch from Update() to Patch() when updating Ark resources (#241, @skriss)
-  * Don't fail the backup if a PVC is not bound to a PV (#256, @skriss)
-  * Restore serviceaccounts prior to workload controllers (#258, @ncdc)
-  * Stop removing annotations from PVs when restoring them (#263, @skriss)
-  * Update GCP client libraries (#249, @skriss)
-  * Clarify backup and restore creation messages (#270, @nrb)
-  * Update S3 bucket creation docs for us-east-1 (#285, @lypht)
-
-#### [v0.6.0](https://github.com/heptio/ark/tree/v0.6.0) - 2017-11-30
-
-Highlights:
-  * **Plugins** - We now support user-defined plugins that can extend Ark functionality to meet your custom backup/restore needs without needing to be compiled into the core binary. We support pluggable block and object stores as well as per-item backup and restore actions that can execute arbitrary logic, including modifying the items being backed up or restored. For more information see the [documentation](docs/plugins.md), which includes a reference to a fully-functional sample plugin repository. (#174 #188 #206 #213 #215 #217 #223 #226)
-  * **Describers** - The Ark CLI now includes `describe` commands for `backups`, `restores`, and `schedules` that provide human-friendly representations of the relevant API objects.
-
-Breaking Changes:
-  * The config object format has changed. In order to upgrade to v0.6.0, the config object will have to be updated to match the new format. See the [examples](examples) and [documentation](docs/config-definition.md) for more information.
-  * The restore object format has changed. The `warnings` and `errors` fields are now ints containing the counts, while full warnings and errors are now stored in the object store instead of etcd. Restore objects created prior to v.0.6.0 should be deleted, or a new bucket used, and the old restore objects deleted from Kubernetes (`kubectl -n heptio-ark delete restore --all`).
-
-All New Features:
-  * Add `ark plugin add` and `ark plugin remove` commands #217, @skriss
-  * Add plugin support for block/object stores, backup/restore item actions #174 #188 #206 #213 #215 #223 #226, @skriss @ncdc
-  * Improve Azure deployment instructions #216, @ncdc
-  * Change default TTL for backups to 30 days #204, @nrb
-  * Improve logging for backups and restores #199, @ncdc
-  * Add `ark backup describe`, `ark schedule describe` #196, @ncdc
-  * Add `ark restore describe` and move restore warnings/errors to object storage #173 #201 #202, @ncdc
-  * Upgrade to client-go v5.0.1, kubernetes v1.8.2 #157, @ncdc
-  * Add Travis CI support #165 #166, @ncdc
-
-Bug Fixes:
-  * Fix log location hook prefix stripping #222, @ncdc
-  * When running `ark backup download`, remove file if there's an error #154, @ncdc
-  * Update documentation for AWS KMS Key alias support #163, @lli-hiya
-  * Remove clock from `volume_snapshot_action` #137, @athampy
-
-#### [v0.5.1](https://github.com/heptio/ark/tree/v0.5.1) - 2017-11-06
-Bug fixes:
-  * If a Service is headless, retain ClusterIP = None when backing up and restoring.
-  * Use the specifed --label-selector when listing backups, schedules, and restores.
-  * Restore namespace mapping functionality that was accidentally broken in 0.5.0.
-  * Always include namespaces in the backup, regardless of the --include-cluster-resources setting.
-
-#### [v0.5.0](https://github.com/heptio/ark/tree/v0.5.0) - 2017-10-26
-Breaking changes:
-  * The backup tar file format has changed. Backups created using previous versions of Ark cannot be restored using v0.5.0.
-  * When backing up one or more specific namespaces, cluster-scoped resources are no longer backed up by default, with the exception of PVs that are used within the target namespace(s). Cluster-scoped resources can still be included by explicitly specifying `--include-cluster-resources`.
-
-New features:
-  * Add customized user-agent string for Ark CLI
-  * Switch from glog to logrus
-  * Exclude nodes from restoration
-  * Add a FAQ
-  * Record PV availability zone and use it when restoring volumes from snapshots
-  * Back up the PV associated with a PVC
-  * Add `--include-cluster-resources` flag to `ark backup create`
-  * Add `--include-cluster-resources` flag to `ark restore create`
-  * Properly support resource restore priorities across cluster-scoped and namespace-scoped resources
-  * Support `ark create ...` and `ark get ...`
-  * Make ark run as cluster-admin
-  * Add pod exec backup hooks
-  * Support cross-compilation & upgrade to go 1.9
-  
-Bug fixes:
-  * Make config change detection more robust
-
-#### [v0.4.0](https://github.com/heptio/ark/tree/v0.4.0) - 2017-09-14
-Breaking changes:
-  * Snapshotting and restoring volumes is now enabled by default
-  * The --namespaces flag for 'ark restore create' has been replaced by --include-namespaces and
-    --exclude-namespaces
-
-New features:
-  * Support for S3 SSE with KMS
-  * Cloud provider configurations are validated at startup
-  * The persistentVolumeProvider is now optional
-  * Restore objects are garbage collected
-  * Each backup now has an associated log file, viewable via 'ark backup logs'
-  * Each restore now has an associated log file, viewable via 'ark restore logs'
-  * Add --include-resources/--exclude-resources for restores
-
-Bug fixes:
-  * Only save/use iops for io1 volumes on AWS
-  * When restoring, try to retrieve the Backup directly from object storage if it's not found
-  * When syncing Backups from object storage to Kubernetes, don't return at the first error
-    encountered
-  * More closely match how kubectl performs kubeconfig resolution
-  * Increase default Azure API request timeout to 2 minutes
-  * Update Azure diskURI to match diskName
-
-#### [v0.3.3](https://github.com/heptio/ark/tree/v0.3.3) - 2017-08-10
-  * Treat the first field in a schedule's cron expression as minutes, not seconds
-
-#### [v0.3.2](https://github.com/heptio/ark/tree/v0.3.2) - 2017-08-07
-  * Add client-go auth provider plugins for Azure, GCP, OIDC
-
-#### [v0.3.1](https://github.com/heptio/ark/tree/v0.3.1) - 2017-08-03
-  * Fix Makefile VERSION
-
-#### [v0.3.0](https://github.com/heptio/ark/tree/v0.3.0) - 2017-08-03
-  * Initial Release
+[14]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-1.4.md
+[13]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-1.3.md
+[12]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-1.2.md
+[11]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-1.1.md
+[10]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-1.0.md
+[9]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.11.md
+[8]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.10.md
+[7]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.9.md
+[6]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.8.md
+[5]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.7.md
+[4]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.6.md
+[3]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.5.md
+[2]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.4.md
+[1]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/CHANGELOG-0.3.md
+[0]: https://github.com/vmware-tanzu/velero/blob/master/changelogs/unreleased

CODE_OF_CONDUCT.md

@@ -1,37 +1,84 @@
-# Heptio Ark Community Code of Conduct
+# Contributor Covenant Code of Conduct
 
-## Contributor Code of Conduct
+## Our Pledge
 
-As contributors and maintainers of this project, and in the interest of fostering
-an open and welcoming community, we pledge to respect all people who contribute
-through reporting issues, posting feature requests, updating documentation,
-submitting pull requests or patches, and other activities.
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
 
-We are committed to making participation in this project a harassment-free experience for
-everyone, regardless of level of experience, gender, gender identity and expression,
-sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
-religion, or nationality.
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
 
-Examples of unacceptable behavior by participants include:
+## Our Standards
 
-* The use of sexualized language or imagery
-* Personal attacks
-* Trolling or insulting/derogatory comments
+Examples of behavior that contributes to a positive environment for our community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing other's private information, such as physical or electronic addresses,
- without explicit permission
-* Other unethical or unprofessional conduct.
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
-Project maintainers have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are not
-aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
-commit themselves to fairly and consistently applying these principles to every aspect
-of managing this project. Project maintainers who do not follow or enforce the Code of
-Conduct may be permanently removed from the project team.
+## Enforcement Responsibilities
 
-This code of conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community.
+Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainer(s).
+Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
 
-This Code of Conduct is adapted from the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md) and [Contributor Covenant](http://contributor-covenant.org/version/1/2/0/), version 1.2.0.
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at [oss-coc@vmware.com](mailto:oss-coc@vmware.com). All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior,  harassment of an individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0,
+available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -1,58 +1,3 @@
 # Contributing
-## DCO Sign off
 
-All authors to the project retain copyright to their work. However, to ensure
-that they are only submitting work that they have rights to, we are requiring
-everyone to acknowledge this by signing their work.
-
-Any copyright notices in this repo should specify the authors as "the Heptio Ark project contributors".
-
-To sign your work, just add a line like this at the end of your commit message:
-
-```
-Signed-off-by: Joe Beda <joe@heptio.com>
-```
-
-This can easily be done with the `--signoff` option to `git commit`.
-
-By doing this you state that you can certify the following (from https://developercertificate.org/):
-
-```
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-1 Letterman Drive
-Suite D4700
-San Francisco, CA, 94129
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
-```
+Authors are expected to follow some guidelines when submitting PRs. Please see [our documentation](https://velero.io/docs/master/code-standards/) for details.

Dockerfile-ark-restic-restore-helper.alpine

@@ -1,23 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM alpine:3.8
-
-MAINTAINER Steve Kriss <steve@heptio.com>
-
-ADD /bin/linux/amd64/ark-restic-restore-helper .
-
-USER nobody:nobody
-
-ENTRYPOINT [ "/ark-restic-restore-helper" ]

Dockerfile-ark.alpine

@@ -1,31 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM alpine:3.8
-
-MAINTAINER Andy Goldstein <andy@heptio.com>
-
-RUN apk add --no-cache ca-certificates
-
-RUN apk add --update --no-cache bzip2 && \
-    wget --quiet https://github.com/restic/restic/releases/download/v0.9.1/restic_0.9.1_linux_amd64.bz2 && \
-    bunzip2 restic_0.9.1_linux_amd64.bz2 && \
-    mv restic_0.9.1_linux_amd64 /usr/bin/restic && \
-    chmod +x /usr/bin/restic
-
-ADD /bin/linux/amd64/ark /ark
-
-USER nobody:nobody
-
-ENTRYPOINT ["/ark"]

Dockerfile-velero

@@ -0,0 +1,33 @@
+# Copyright 2017, 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ubuntu:focal
+
+LABEL maintainer="Steve Kriss <krisss@vmware.com>"
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends ca-certificates wget bzip2 && \
+    wget --quiet https://github.com/restic/restic/releases/download/v0.9.6/restic_0.9.6_linux_amd64.bz2 && \
+    bunzip2 restic_0.9.6_linux_amd64.bz2 && \
+    mv restic_0.9.6_linux_amd64 /usr/bin/restic && \
+    chmod +x /usr/bin/restic && \
+    apt-get remove -y wget bzip2 && \
+    rm -rf /var/lib/apt/lists/*
+
+
+ADD /bin/linux/amd64/velero /velero
+
+USER nobody:nogroup
+
+ENTRYPOINT ["/velero"]

Dockerfile-velero-arm

@@ -0,0 +1,23 @@
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM arm32v7/ubuntu:focal
+
+ADD /bin/linux/arm/restic /usr/bin/restic
+
+ADD /bin/linux/arm/velero /velero
+
+USER nobody:nogroup
+
+ENTRYPOINT ["/velero"]

Dockerfile-velero-arm64

@@ -0,0 +1,23 @@
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM arm64v8/ubuntu:focal
+
+ADD /bin/linux/arm64/restic /usr/bin/restic
+
+ADD /bin/linux/arm64/velero /velero
+
+USER nobody:nogroup
+
+ENTRYPOINT ["/velero"]

Dockerfile-velero-ppc64le

@@ -0,0 +1,25 @@
+# Copyright 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ppc64le/ubuntu:focal
+
+LABEL maintainer="Prajyot Parab <prajyot.parab@ibm.com>"
+
+ADD /bin/linux/ppc64le/restic /usr/bin/restic
+
+ADD /bin/linux/ppc64le/velero /velero
+
+USER nobody:nogroup
+
+ENTRYPOINT ["/velero"]

Dockerfile-velero-restic-restore-helper

@@ -0,0 +1,23 @@
+# Copyright 2018, 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ubuntu:focal
+
+LABEL maintainer="Steve Kriss <krisss@vmware.com>"
+
+ADD /bin/linux/amd64/velero-restic-restore-helper .
+
+USER nobody:nogroup
+
+ENTRYPOINT [ "/velero-restic-restore-helper" ]

Dockerfile-velero-restic-restore-helper-arm

@@ -0,0 +1,21 @@
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM arm32v7/ubuntu:focal
+
+ADD /bin/linux/arm/velero-restic-restore-helper .
+
+USER nobody:nogroup
+
+ENTRYPOINT [ "/velero-restic-restore-helper" ]

Dockerfile-velero-restic-restore-helper-arm64

@@ -0,0 +1,21 @@
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM arm64v8/ubuntu:focal
+
+ADD /bin/linux/arm64/velero-restic-restore-helper .
+
+USER nobody:nogroup
+
+ENTRYPOINT [ "/velero-restic-restore-helper" ]

Dockerfile-velero-restic-restore-helper-ppc64le

@@ -0,0 +1,23 @@
+# Copyright 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ppc64le/ubuntu:focal
+
+LABEL maintainer="Prajyot Parab <prajyot.parab@ibm.com>"
+
+ADD /bin/linux/ppc64le/velero-restic-restore-helper .
+
+USER nobody:nogroup
+
+ENTRYPOINT [ "/velero-restic-restore-helper" ]

Gopkg.lock

@@ -1,749 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  name = "cloud.google.com/go"
-  packages = [
-    "compute/metadata",
-    "iam",
-    "internal",
-    "internal/optional",
-    "internal/version",
-    "storage"
-  ]
-  revision = "44bcd0b2078ba5e7fedbeb36808d1ed893534750"
-  version = "v0.11.0"
-
-[[projects]]
-  name = "github.com/Azure/azure-sdk-for-go"
-  packages = [
-    "arm/disk",
-    "arm/examples/helpers",
-    "storage"
-  ]
-  revision = "2d49bb8f2cee530cc16f1f1a9f0aae763dee257d"
-  version = "v10.2.1-beta"
-
-[[projects]]
-  name = "github.com/Azure/go-autorest"
-  packages = [
-    "autorest",
-    "autorest/adal",
-    "autorest/azure",
-    "autorest/date",
-    "autorest/to",
-    "autorest/validation"
-  ]
-  revision = "f6e08fe5e4d45c9a66e40196d3fed5f37331d224"
-  version = "v8.1.1"
-
-[[projects]]
-  name = "github.com/aws/aws-sdk-go"
-  packages = [
-    "aws",
-    "aws/awserr",
-    "aws/awsutil",
-    "aws/client",
-    "aws/client/metadata",
-    "aws/corehandlers",
-    "aws/credentials",
-    "aws/credentials/ec2rolecreds",
-    "aws/credentials/endpointcreds",
-    "aws/credentials/stscreds",
-    "aws/defaults",
-    "aws/ec2metadata",
-    "aws/endpoints",
-    "aws/request",
-    "aws/session",
-    "aws/signer/v4",
-    "internal/sdkio",
-    "internal/sdkrand",
-    "internal/shareddefaults",
-    "private/protocol",
-    "private/protocol/ec2query",
-    "private/protocol/query",
-    "private/protocol/query/queryutil",
-    "private/protocol/rest",
-    "private/protocol/restxml",
-    "private/protocol/xml/xmlutil",
-    "service/ec2",
-    "service/s3",
-    "service/s3/s3iface",
-    "service/s3/s3manager",
-    "service/sts"
-  ]
-  revision = "1f8fb9d0919e5a58992207db9512a03f76ab0274"
-  version = "v1.13.12"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/beorn7/perks"
-  packages = ["quantile"]
-  revision = "3a771d992973f24aa725d07868b467d1ddfceafb"
-
-[[projects]]
-  name = "github.com/cpuguy83/go-md2man"
-  packages = ["md2man"]
-  revision = "a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa"
-  version = "v1.0.6"
-
-[[projects]]
-  name = "github.com/davecgh/go-spew"
-  packages = ["spew"]
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
-  version = "v1.1.0"
-
-[[projects]]
-  name = "github.com/dgrijalva/jwt-go"
-  packages = ["."]
-  revision = "d2709f9f1f31ebcda9651b03077758c1f3a0018c"
-  version = "v3.0.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/docker/spdystream"
-  packages = [
-    ".",
-    "spdy"
-  ]
-  revision = "bc6354cbbc295e925e4c611ffe90c1f287ee54db"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/evanphx/json-patch"
-  packages = ["."]
-  revision = "944e07253867aacae43c04b2e6a239005443f33a"
-
-[[projects]]
-  name = "github.com/ghodss/yaml"
-  packages = ["."]
-  revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/go-ini/ini"
-  packages = ["."]
-  revision = "20b96f641a5ea98f2f8619ff4f3e061cff4833bd"
-  version = "v1.28.2"
-
-[[projects]]
-  name = "github.com/gogo/protobuf"
-  packages = [
-    "proto",
-    "sortkeys"
-  ]
-  revision = "100ba4e885062801d56799d78530b73b178a78f3"
-  version = "v0.4"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/golang/glog"
-  packages = ["."]
-  revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/golang/protobuf"
-  packages = [
-    "proto",
-    "protoc-gen-go/descriptor",
-    "ptypes",
-    "ptypes/any",
-    "ptypes/duration",
-    "ptypes/timestamp"
-  ]
-  revision = "ab9f9a6dab164b7d1246e0e688b0ab7b94d8553e"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/google/gofuzz"
-  packages = ["."]
-  revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/googleapis/gax-go"
-  packages = ["."]
-  revision = "84ed26760e7f6f80887a2fbfb50db3cc415d2cea"
-
-[[projects]]
-  name = "github.com/googleapis/gnostic"
-  packages = [
-    "OpenAPIv2",
-    "compiler",
-    "extensions"
-  ]
-  revision = "ee43cbb60db7bd22502942cccbc39059117352ab"
-  version = "v0.1.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/hashicorp/go-hclog"
-  packages = ["."]
-  revision = "ca137eb4b4389c9bc6f1a6d887f056bf16c00510"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/hashicorp/go-plugin"
-  packages = ["."]
-  revision = "e2fbc6864d18d3c37b6cde4297ec9fca266d28f1"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/hashicorp/golang-lru"
-  packages = [
-    ".",
-    "simplelru"
-  ]
-  revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/hashicorp/yamux"
-  packages = ["."]
-  revision = "f5742cb6b85602e7fa834e9d5d91a7d7fa850824"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/howeyc/gopass"
-  packages = ["."]
-  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
-
-[[projects]]
-  name = "github.com/imdario/mergo"
-  packages = ["."]
-  revision = "3e95a51e0639b4cf372f2ccf74c86749d747fbdc"
-  version = "0.2.2"
-
-[[projects]]
-  name = "github.com/inconshreveable/mousetrap"
-  packages = ["."]
-  revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
-  version = "v1.0"
-
-[[projects]]
-  name = "github.com/jmespath/go-jmespath"
-  packages = ["."]
-  revision = "0b12d6b5"
-
-[[projects]]
-  name = "github.com/json-iterator/go"
-  packages = ["."]
-  revision = "6240e1e7983a85228f7fd9c3e1b6932d46ec58e2"
-  version = "1.0.3"
-
-[[projects]]
-  name = "github.com/matttproud/golang_protobuf_extensions"
-  packages = ["pbutil"]
-  revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c"
-  version = "v1.0.1"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/mitchellh/go-testing-interface"
-  packages = ["."]
-  revision = "a61a99592b77c9ba629d254a693acffaeb4b7e28"
-
-[[projects]]
-  name = "github.com/pkg/errors"
-  packages = ["."]
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
-  version = "v0.8.0"
-
-[[projects]]
-  name = "github.com/pmezard/go-difflib"
-  packages = ["difflib"]
-  revision = "792786c7400a136282c1664665ae0a8db921c6c2"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/prometheus/client_golang"
-  packages = [
-    "prometheus",
-    "prometheus/promhttp"
-  ]
-  revision = "c5b7fccd204277076155f10851dad72b76a49317"
-  version = "v0.8.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/client_model"
-  packages = ["go"]
-  revision = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/common"
-  packages = [
-    "expfmt",
-    "internal/bitbucket.org/ww/goautoneg",
-    "model"
-  ]
-  revision = "7600349dcfe1abd18d72d3a1770870d9800a7801"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/procfs"
-  packages = [
-    ".",
-    "internal/util",
-    "nfs",
-    "xfs"
-  ]
-  revision = "94663424ae5ae9856b40a9f170762b4197024661"
-
-[[projects]]
-  name = "github.com/robfig/cron"
-  packages = ["."]
-  revision = "df38d32658d8788cd446ba74db4bb5375c4b0cb3"
-
-[[projects]]
-  name = "github.com/russross/blackfriday"
-  packages = ["."]
-  revision = "93622da34e54fb6529bfb7c57e710f37a8d9cbd8"
-
-[[projects]]
-  name = "github.com/satori/uuid"
-  packages = ["."]
-  revision = "879c5887cd475cd7864858769793b2ceb0d44feb"
-  version = "v1.1.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/shurcooL/sanitized_anchor_name"
-  packages = ["."]
-  revision = "541ff5ee47f1dddf6a5281af78307d921524bcb5"
-
-[[projects]]
-  name = "github.com/sirupsen/logrus"
-  packages = ["."]
-  revision = "f006c2ac4710855cf0f916dd6b77acf6b048dc6e"
-  version = "v1.0.3"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/spf13/afero"
-  packages = [
-    ".",
-    "mem"
-  ]
-  revision = "9be650865eab0c12963d8753212f4f9c66cdcf12"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/spf13/cobra"
-  packages = [
-    ".",
-    "doc"
-  ]
-  revision = "cb731b898346822cc0c225c28550a8a29d93c732"
-
-[[projects]]
-  name = "github.com/spf13/pflag"
-  packages = ["."]
-  revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66"
-  version = "v1.0.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/stretchr/objx"
-  packages = ["."]
-  revision = "1a9d0bb9f541897e62256577b352fdbc1fb4fd94"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/stretchr/testify"
-  packages = [
-    "assert",
-    "mock",
-    "require"
-  ]
-  revision = "890a5c3458b43e6104ff5da8dfa139d013d77544"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/crypto"
-  packages = ["ssh/terminal"]
-  revision = "eb71ad9bd329b5ac0fd0148dd99bd62e8be8e035"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/net"
-  packages = [
-    "context",
-    "context/ctxhttp",
-    "http2",
-    "http2/hpack",
-    "idna",
-    "internal/timeseries",
-    "lex/httplex",
-    "trace"
-  ]
-  revision = "1c05540f6879653db88113bc4a2b70aec4bd491f"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/oauth2"
-  packages = [
-    ".",
-    "google",
-    "internal",
-    "jws",
-    "jwt"
-  ]
-  revision = "9a379c6b3e95a790ffc43293c2a78dee0d7b6e20"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/sys"
-  packages = [
-    "unix",
-    "windows"
-  ]
-  revision = "43e60d72a8e2bd92ee98319ba9a384a0e9837c08"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/text"
-  packages = [
-    "internal/gen",
-    "internal/triegen",
-    "internal/ucd",
-    "secure/bidirule",
-    "transform",
-    "unicode/bidi",
-    "unicode/cldr",
-    "unicode/norm",
-    "unicode/rangetable"
-  ]
-  revision = "e56139fd9c5bc7244c76116c68e500765bb6db6b"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/time"
-  packages = ["rate"]
-  revision = "26559e0f760e39c24d730d3224364aef164ee23f"
-
-[[projects]]
-  branch = "master"
-  name = "google.golang.org/api"
-  packages = [
-    "compute/v1",
-    "gensupport",
-    "googleapi",
-    "googleapi/internal/uritemplates",
-    "googleapi/transport",
-    "internal",
-    "iterator",
-    "option",
-    "storage/v1",
-    "transport/http"
-  ]
-  revision = "ed10e890a8366167a7ce33fac2b12447987bcb1c"
-
-[[projects]]
-  name = "google.golang.org/appengine"
-  packages = [
-    ".",
-    "internal",
-    "internal/app_identity",
-    "internal/base",
-    "internal/datastore",
-    "internal/log",
-    "internal/modules",
-    "internal/remote_api",
-    "internal/urlfetch",
-    "urlfetch"
-  ]
-  revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a"
-  version = "v1.0.0"
-
-[[projects]]
-  branch = "master"
-  name = "google.golang.org/genproto"
-  packages = [
-    "googleapis/api/annotations",
-    "googleapis/iam/v1",
-    "googleapis/rpc/status"
-  ]
-  revision = "ee236bd376b077c7a89f260c026c4735b195e459"
-
-[[projects]]
-  name = "google.golang.org/grpc"
-  packages = [
-    ".",
-    "codes",
-    "connectivity",
-    "credentials",
-    "grpclb/grpc_lb_v1",
-    "grpclog",
-    "health",
-    "health/grpc_health_v1",
-    "internal",
-    "keepalive",
-    "metadata",
-    "naming",
-    "peer",
-    "stats",
-    "status",
-    "tap",
-    "transport"
-  ]
-  revision = "b3ddf786825de56a4178401b7e174ee332173b66"
-  version = "v1.5.2"
-
-[[projects]]
-  name = "gopkg.in/inf.v0"
-  packages = ["."]
-  revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4"
-  version = "v0.9.0"
-
-[[projects]]
-  branch = "v2"
-  name = "gopkg.in/yaml.v2"
-  packages = ["."]
-  revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f"
-
-[[projects]]
-  name = "k8s.io/api"
-  packages = [
-    "admissionregistration/v1alpha1",
-    "admissionregistration/v1beta1",
-    "apps/v1",
-    "apps/v1beta1",
-    "apps/v1beta2",
-    "authentication/v1",
-    "authentication/v1beta1",
-    "authorization/v1",
-    "authorization/v1beta1",
-    "autoscaling/v1",
-    "autoscaling/v2beta1",
-    "batch/v1",
-    "batch/v1beta1",
-    "batch/v2alpha1",
-    "certificates/v1beta1",
-    "core/v1",
-    "events/v1beta1",
-    "extensions/v1beta1",
-    "networking/v1",
-    "policy/v1beta1",
-    "rbac/v1",
-    "rbac/v1alpha1",
-    "rbac/v1beta1",
-    "scheduling/v1alpha1",
-    "settings/v1alpha1",
-    "storage/v1",
-    "storage/v1alpha1",
-    "storage/v1beta1"
-  ]
-  revision = "73d903622b7391f3312dcbac6483fed484e185f8"
-  version = "kubernetes-1.10.0"
-
-[[projects]]
-  branch = "master"
-  name = "k8s.io/apiextensions-apiserver"
-  packages = [
-    "pkg/apis/apiextensions",
-    "pkg/apis/apiextensions/v1beta1"
-  ]
-  revision = "07bbbb7a28a34c56bf9d1b192a88cc9b2350095e"
-
-[[projects]]
-  name = "k8s.io/apimachinery"
-  packages = [
-    "pkg/api/equality",
-    "pkg/api/errors",
-    "pkg/api/meta",
-    "pkg/api/resource",
-    "pkg/apis/meta/internalversion",
-    "pkg/apis/meta/v1",
-    "pkg/apis/meta/v1/unstructured",
-    "pkg/apis/meta/v1beta1",
-    "pkg/conversion",
-    "pkg/conversion/queryparams",
-    "pkg/fields",
-    "pkg/labels",
-    "pkg/runtime",
-    "pkg/runtime/schema",
-    "pkg/runtime/serializer",
-    "pkg/runtime/serializer/json",
-    "pkg/runtime/serializer/protobuf",
-    "pkg/runtime/serializer/recognizer",
-    "pkg/runtime/serializer/streaming",
-    "pkg/runtime/serializer/versioning",
-    "pkg/selection",
-    "pkg/types",
-    "pkg/util/cache",
-    "pkg/util/clock",
-    "pkg/util/diff",
-    "pkg/util/duration",
-    "pkg/util/errors",
-    "pkg/util/framer",
-    "pkg/util/httpstream",
-    "pkg/util/httpstream/spdy",
-    "pkg/util/intstr",
-    "pkg/util/json",
-    "pkg/util/net",
-    "pkg/util/remotecommand",
-    "pkg/util/runtime",
-    "pkg/util/sets",
-    "pkg/util/validation",
-    "pkg/util/validation/field",
-    "pkg/util/wait",
-    "pkg/util/yaml",
-    "pkg/version",
-    "pkg/watch",
-    "third_party/forked/golang/netutil",
-    "third_party/forked/golang/reflect"
-  ]
-  revision = "302974c03f7e50f16561ba237db776ab93594ef6"
-  version = "kubernetes-1.10.0"
-
-[[projects]]
-  name = "k8s.io/client-go"
-  packages = [
-    "discovery",
-    "discovery/fake",
-    "dynamic",
-    "informers",
-    "informers/admissionregistration",
-    "informers/admissionregistration/v1alpha1",
-    "informers/admissionregistration/v1beta1",
-    "informers/apps",
-    "informers/apps/v1",
-    "informers/apps/v1beta1",
-    "informers/apps/v1beta2",
-    "informers/autoscaling",
-    "informers/autoscaling/v1",
-    "informers/autoscaling/v2beta1",
-    "informers/batch",
-    "informers/batch/v1",
-    "informers/batch/v1beta1",
-    "informers/batch/v2alpha1",
-    "informers/certificates",
-    "informers/certificates/v1beta1",
-    "informers/core",
-    "informers/core/v1",
-    "informers/events",
-    "informers/events/v1beta1",
-    "informers/extensions",
-    "informers/extensions/v1beta1",
-    "informers/internalinterfaces",
-    "informers/networking",
-    "informers/networking/v1",
-    "informers/policy",
-    "informers/policy/v1beta1",
-    "informers/rbac",
-    "informers/rbac/v1",
-    "informers/rbac/v1alpha1",
-    "informers/rbac/v1beta1",
-    "informers/scheduling",
-    "informers/scheduling/v1alpha1",
-    "informers/settings",
-    "informers/settings/v1alpha1",
-    "informers/storage",
-    "informers/storage/v1",
-    "informers/storage/v1alpha1",
-    "informers/storage/v1beta1",
-    "kubernetes",
-    "kubernetes/scheme",
-    "kubernetes/typed/admissionregistration/v1alpha1",
-    "kubernetes/typed/admissionregistration/v1beta1",
-    "kubernetes/typed/apps/v1",
-    "kubernetes/typed/apps/v1beta1",
-    "kubernetes/typed/apps/v1beta2",
-    "kubernetes/typed/authentication/v1",
-    "kubernetes/typed/authentication/v1beta1",
-    "kubernetes/typed/authorization/v1",
-    "kubernetes/typed/authorization/v1beta1",
-    "kubernetes/typed/autoscaling/v1",
-    "kubernetes/typed/autoscaling/v2beta1",
-    "kubernetes/typed/batch/v1",
-    "kubernetes/typed/batch/v1beta1",
-    "kubernetes/typed/batch/v2alpha1",
-    "kubernetes/typed/certificates/v1beta1",
-    "kubernetes/typed/core/v1",
-    "kubernetes/typed/events/v1beta1",
-    "kubernetes/typed/extensions/v1beta1",
-    "kubernetes/typed/networking/v1",
-    "kubernetes/typed/policy/v1beta1",
-    "kubernetes/typed/rbac/v1",
-    "kubernetes/typed/rbac/v1alpha1",
-    "kubernetes/typed/rbac/v1beta1",
-    "kubernetes/typed/scheduling/v1alpha1",
-    "kubernetes/typed/settings/v1alpha1",
-    "kubernetes/typed/storage/v1",
-    "kubernetes/typed/storage/v1alpha1",
-    "kubernetes/typed/storage/v1beta1",
-    "listers/admissionregistration/v1alpha1",
-    "listers/admissionregistration/v1beta1",
-    "listers/apps/v1",
-    "listers/apps/v1beta1",
-    "listers/apps/v1beta2",
-    "listers/autoscaling/v1",
-    "listers/autoscaling/v2beta1",
-    "listers/batch/v1",
-    "listers/batch/v1beta1",
-    "listers/batch/v2alpha1",
-    "listers/certificates/v1beta1",
-    "listers/core/v1",
-    "listers/events/v1beta1",
-    "listers/extensions/v1beta1",
-    "listers/networking/v1",
-    "listers/policy/v1beta1",
-    "listers/rbac/v1",
-    "listers/rbac/v1alpha1",
-    "listers/rbac/v1beta1",
-    "listers/scheduling/v1alpha1",
-    "listers/settings/v1alpha1",
-    "listers/storage/v1",
-    "listers/storage/v1alpha1",
-    "listers/storage/v1beta1",
-    "pkg/apis/clientauthentication",
-    "pkg/apis/clientauthentication/v1alpha1",
-    "pkg/version",
-    "plugin/pkg/client/auth/azure",
-    "plugin/pkg/client/auth/exec",
-    "plugin/pkg/client/auth/gcp",
-    "plugin/pkg/client/auth/oidc",
-    "rest",
-    "rest/watch",
-    "testing",
-    "third_party/forked/golang/template",
-    "tools/auth",
-    "tools/cache",
-    "tools/clientcmd",
-    "tools/clientcmd/api",
-    "tools/clientcmd/api/latest",
-    "tools/clientcmd/api/v1",
-    "tools/metrics",
-    "tools/pager",
-    "tools/reference",
-    "tools/remotecommand",
-    "transport",
-    "transport/spdy",
-    "util/buffer",
-    "util/cert",
-    "util/exec",
-    "util/flowcontrol",
-    "util/homedir",
-    "util/integer",
-    "util/jsonpath",
-    "util/retry",
-    "util/workqueue"
-  ]
-  revision = "23781f4d6632d88e869066eaebb743857aa1ef9b"
-  version = "v7.0.0"
-
-[[projects]]
-  name = "k8s.io/kubernetes"
-  packages = ["pkg/printers"]
-  revision = "fc32d2f3698e36b93322a3465f63a14e9f0eaead"
-  version = "v1.10.0"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  inputs-digest = "a8e66580a3332bbe5ce086af0530dbab49bc5018f0d44b156e61bc404456a0ab"
-  solver-name = "gps-cdcl"
-  solver-version = 1

Gopkg.toml

@@ -1,114 +0,0 @@
-
-# Gopkg.toml example
-#
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#  name = "github.com/x/y"
-#  version = "2.4.0"
-
-[prune]
-  unused-packages = true
-  non-go = true
-  go-tests = true
-
-#
-# Kubernetes packages
-#
-[[constraint]]
-  name = "k8s.io/kubernetes"
-  version = "~1.10"
-
-[[constraint]]
-  name = "k8s.io/client-go"
-  version = "~7.0"
-
-[[constraint]]
-  name = "k8s.io/apimachinery"
-  version = "kubernetes-1.10.0"
-
-[[constraint]]
-  name = "k8s.io/api"
-  version = "kubernetes-1.10.0"
-
-#
-# Cloud provider packages
-#
-[[constraint]]
-  name = "github.com/aws/aws-sdk-go"
-  version = "1.13.12"
-
-[[constraint]]
-  name = "github.com/Azure/azure-sdk-for-go"
-  version = "~10.2.1-beta"
-
-[[constraint]]
-  name = "github.com/Azure/go-autorest"
-  version = "~8.1.x"
-
-
-[[constraint]]
-  name = "cloud.google.com/go"
-  version = "0.11.0"
-
-[[constraint]]
-  name = "google.golang.org/api"
-  branch = "master"
-
-[[constraint]]
-  name = "golang.org/x/oauth2"
-  branch = "master"
-
-#
-# Third party packages
-#
-[[constraint]]
-  name = "github.com/golang/glog"
-  branch = "master"
-
-[[constraint]]
-  name = "github.com/robfig/cron"
-  revision = "df38d32658d8788cd446ba74db4bb5375c4b0cb3"
-
-# TODO(1.0) this repo is a redirect to github.com/satori/go.uuid. Our
-# current version of azure-sdk-for-go references this redirect, so
-# use it so we don't get a duplicate copy of this dependency. 
-# Once our azure-sdk-for-go is updated to a newer version (where
-# their dependency has changed to .../go.uuid), switch this to 
-# github.com/satori/go.uuid
-[[constraint]]
-  name = "github.com/satori/uuid"
-  version = "1.1.0"
-
-[[constraint]]
-  name = "github.com/spf13/afero"
-  branch = "master"
-  
-[[constraint]]
-  name = "github.com/spf13/cobra"
-  branch = "master"
-  
-[[constraint]]
-  name = "github.com/spf13/pflag"
-  version = "1.0.0"
-
-[[constraint]]
-  name = "github.com/stretchr/testify"
-  branch = "master"
-
-[[constraint]]
-  name = "github.com/hashicorp/go-plugin"
-  branch = "master"

Makefile

@@ -1,6 +1,6 @@
 # Copyright 2016 The Kubernetes Authors.
 #
-# Modifications Copyright 2017 the Heptio Ark contributors.
+# Modifications Copyright 2017 the Velero contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,69 +15,112 @@
 # limitations under the License.
 
 # The binary to build (just the basename).
-BIN ?= ark
+BIN ?= velero
 
 # This repo's root import path (under GOPATH).
-PKG := github.com/heptio/ark
+PKG := github.com/vmware-tanzu/velero
 
 # Where to push the docker image.
-REGISTRY ?= gcr.io/heptio-images
+REGISTRY ?= velero
 
 # Which architecture to build - see $(ALL_ARCH) for options.
+# if the 'local' rule is being run, detect the ARCH from 'go env'
+# if it wasn't specified by the caller.
+local : ARCH ?= $(shell go env GOOS)-$(shell go env GOARCH)
 ARCH ?= linux-amd64
 
 VERSION ?= master
 
 TAG_LATEST ?= false
 
+# The version of restic binary to be downloaded for power architecture
+RESTIC_VERSION ?= 0.9.6
+
+CLI_PLATFORMS ?= linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64 linux-ppc64le
+CONTAINER_PLATFORMS ?= linux-amd64 linux-ppc64le linux-arm linux-arm64
+MANIFEST_PLATFORMS ?= amd64 ppc64le arm arm64
+
+# set git sha and tree state
+GIT_SHA = $(shell git rev-parse HEAD)
+GIT_DIRTY = $(shell git status --porcelain 2> /dev/null)
+
 ###
 ### These variables should not need tweaking.
 ###
 
-SRC_DIRS := cmd pkg # directories which hold app source (not vendored)
-
-CLI_PLATFORMS := linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64
-CONTAINER_PLATFORMS := linux-amd64 linux-arm linux-arm64
-
 platform_temp = $(subst -, ,$(ARCH))
 GOOS = $(word 1, $(platform_temp))
 GOARCH = $(word 2, $(platform_temp))
 
-# TODO(ncdc): support multiple image architectures once gcr.io supports manifest lists
 # Set default base image dynamically for each arch
 ifeq ($(GOARCH),amd64)
-		DOCKERFILE ?= Dockerfile-$(BIN).alpine
+		DOCKERFILE ?= Dockerfile-$(BIN)
+local-arch:
+	@echo "local environment for amd64 is up-to-date"
+endif
+ifeq ($(GOARCH),arm)
+		DOCKERFILE ?= Dockerfile-$(BIN)-arm
+local-arch:
+	@mkdir -p _output/bin/linux/arm/
+	@wget -q -O - https://github.com/restic/restic/releases/download/v$(RESTIC_VERSION)/restic_$(RESTIC_VERSION)_linux_arm.bz2 | bunzip2 > _output/bin/linux/arm/restic
+	@chmod a+x _output/bin/linux/arm/restic
+endif
+ifeq ($(GOARCH),arm64)
+		DOCKERFILE ?= Dockerfile-$(BIN)-arm64
+local-arch:
+	@mkdir -p _output/bin/linux/arm64/
+	@wget -q -O - https://github.com/restic/restic/releases/download/v$(RESTIC_VERSION)/restic_$(RESTIC_VERSION)_linux_arm64.bz2 | bunzip2 > _output/bin/linux/arm64/restic
+	@chmod a+x _output/bin/linux/arm64/restic
+endif
+ifeq ($(GOARCH),ppc64le)
+                DOCKERFILE ?= Dockerfile-$(BIN)-ppc64le
+local-arch:
+	RESTIC_VERSION=$(RESTIC_VERSION) \
+        ./hack/get-restic-ppc64le.sh
 endif
-#ifeq ($(GOARCH),arm)
-#		DOCKERFILE ?= Dockerfile.arm #armel/busybox
-#endif
-#ifeq ($(GOARCH),arm64)
-#		DOCKERFILE ?= Dockerfile.arm64 #aarch64/busybox
-#endif
 
-IMAGE := $(REGISTRY)/$(BIN)
+MULTIARCH_IMAGE = $(REGISTRY)/$(BIN)
+IMAGE ?= $(REGISTRY)/$(BIN)-$(GOARCH)
 
 # If you want to build all binaries, see the 'all-build' rule.
-# If you want to build all containers, see the 'all-container' rule.
+# If you want to build all containers, see the 'all-containers' rule.
 # If you want to build AND push all containers, see the 'all-push' rule.
-all: 
+all:
 	@$(MAKE) build
-	@$(MAKE) build BIN=ark-restic-restore-helper
+	@$(MAKE) build BIN=velero-restic-restore-helper
 
 build-%:
 	@$(MAKE) --no-print-directory ARCH=$* build
+	@$(MAKE) --no-print-directory ARCH=$* build BIN=velero-restic-restore-helper
 
-#container-%:
-#	@$(MAKE) --no-print-directory ARCH=$* container
+container-%:
+	@$(MAKE) --no-print-directory ARCH=$* container
+	@$(MAKE) --no-print-directory ARCH=$* container BIN=velero-restic-restore-helper
 
-#push-%:
-#	@$(MAKE) --no-print-directory ARCH=$* push
+push-%:
+	@$(MAKE) --no-print-directory ARCH=$* push
+	@$(MAKE) --no-print-directory ARCH=$* push BIN=velero-restic-restore-helper
 
 all-build: $(addprefix build-, $(CLI_PLATFORMS))
 
-#all-container: $(addprefix container-, $(CONTAINER_PLATFORMS))
+all-containers: $(addprefix container-, $(CONTAINER_PLATFORMS))
 
-#all-push: $(addprefix push-, $(CONTAINER_PLATFORMS))
+all-push: $(addprefix push-, $(CONTAINER_PLATFORMS))
+
+all-manifests:
+	@$(MAKE) manifest
+	@$(MAKE) manifest BIN=velero-restic-restore-helper
+
+local: build-dirs
+	GOOS=$(GOOS) \
+	GOARCH=$(GOARCH) \
+	VERSION=$(VERSION) \
+	PKG=$(PKG) \
+	BIN=$(BIN) \
+	GIT_SHA=$(GIT_SHA) \
+	GIT_DIRTY="$(GIT_DIRTY)" \
+	OUTPUT_DIR=$$(pwd)/_output/bin/$(GOOS)/$(GOARCH) \
+	./hack/build.sh
 
 build: _output/bin/$(GOOS)/$(GOARCH)/$(BIN)
 
@@ -89,29 +132,33 @@ _output/bin/$(GOOS)/$(GOARCH)/$(BIN): build-dirs
 		VERSION=$(VERSION) \
 		PKG=$(PKG) \
 		BIN=$(BIN) \
+		GIT_SHA=$(GIT_SHA) \
+		GIT_DIRTY=\"$(GIT_DIRTY)\" \
 		OUTPUT_DIR=/output/$(GOOS)/$(GOARCH) \
 		./hack/build.sh'"
 
 TTY := $(shell tty -s && echo "-t")
 
-BUILDER_IMAGE := ark-builder
+BUILDER_IMAGE := velero-builder
 
 # Example: make shell CMD="date > datefile"
 shell: build-dirs build-image
-	@# the volume bind-mount of $PWD/vendor/k8s.io/api is needed for code-gen to
-	@# function correctly (ref. https://github.com/kubernetes/kubernetes/pull/64567)
+	@# bind-mount the Velero root dir in at /github.com/vmware-tanzu/velero
+	@# because the Kubernetes code-generator tools require the project to
+	@# exist in a directory hierarchy ending like this (but *NOT* necessarily
+	@# under $GOPATH).
 	@docker run \
+		-e GOFLAGS \
 		-i $(TTY) \
 		--rm \
 		-u $$(id -u):$$(id -g) \
-		-v "$$(pwd)/vendor/k8s.io/api:/go/src/k8s.io/api:delegated" \
+		-v "$$(pwd):/github.com/vmware-tanzu/velero:delegated" \
+		-v "$$(pwd)/_output/bin:/output:delegated" \
 		-v "$$(pwd)/.go/pkg:/go/pkg:delegated" \
 		-v "$$(pwd)/.go/std:/go/std:delegated" \
-		-v "$$(pwd):/go/src/$(PKG):delegated" \
-		-v "$$(pwd)/_output/bin:/output:delegated" \
 		-v "$$(pwd)/.go/std/$(GOOS)/$(GOARCH):/usr/local/go/pkg/$(GOOS)_$(GOARCH)_static:delegated" \
 		-v "$$(pwd)/.go/go-build:/.cache/go-build:delegated" \
-		-w /go/src/$(PKG) \
+		-w /github.com/vmware-tanzu/velero \
 		$(BUILDER_IMAGE) \
 		/bin/sh $(CMD)
 
@@ -119,22 +166,17 @@ DOTFILE_IMAGE = $(subst :,_,$(subst /,_,$(IMAGE))-$(VERSION))
 
 all-containers:
 	$(MAKE) container
-	$(MAKE) container BIN=ark-restic-restore-helper
+	$(MAKE) container BIN=velero-restic-restore-helper
 
-container: verify test .container-$(DOTFILE_IMAGE) container-name
+container: local-arch .container-$(DOTFILE_IMAGE) container-name
 .container-$(DOTFILE_IMAGE): _output/bin/$(GOOS)/$(GOARCH)/$(BIN) $(DOCKERFILE)
 	@cp $(DOCKERFILE) _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH)
-	@docker build -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output
+	@docker build --pull -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output
 	@docker images -q $(IMAGE):$(VERSION) > $@
 
 container-name:
 	@echo "container: $(IMAGE):$(VERSION)"
 
-all-push:
-	$(MAKE) push
-	$(MAKE) push BIN=ark-restic-restore-helper
-
-
 push: .push-$(DOTFILE_IMAGE) push-name
 .push-$(DOTFILE_IMAGE): .container-$(DOTFILE_IMAGE)
 	@docker push $(IMAGE):$(VERSION)
@@ -147,10 +189,29 @@ endif
 push-name:
 	@echo "pushed: $(IMAGE):$(VERSION)"
 
+manifest: .manifest-$(MULTIARCH_IMAGE) manifest-name
+.manifest-$(MULTIARCH_IMAGE):
+	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create $(MULTIARCH_IMAGE):$(VERSION) \
+		$(foreach arch, $(MANIFEST_PLATFORMS), $(MULTIARCH_IMAGE)-$(arch):$(VERSION))
+	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push --purge $(MULTIARCH_IMAGE):$(VERSION)
+ifeq ($(TAG_LATEST), true)
+	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create $(MULTIARCH_IMAGE):latest \
+		$(foreach arch, $(MANIFEST_PLATFORMS), $(MULTIARCH_IMAGE)-$(arch):latest)
+	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push --purge $(MULTIARCH_IMAGE):latest
+endif
+
+manifest-name:
+	@echo "pushed: $(MULTIARCH_IMAGE):$(VERSION)"
+
 SKIP_TESTS ?=
 test: build-dirs
 ifneq ($(SKIP_TESTS), 1)
-	@$(MAKE) shell CMD="-c 'hack/test.sh $(SRC_DIRS)'"
+	@$(MAKE) shell CMD="-c 'hack/test.sh $(WHAT)'"
+endif
+
+test-local: build-dirs
+ifneq ($(SKIP_TESTS), 1)
+	hack/test.sh $(WHAT)
 endif
 
 verify:
@@ -161,40 +222,85 @@ endif
 update:
 	@$(MAKE) shell CMD="-c 'hack/update-all.sh'"
 
-release: all-tar-bin checksum
-
-checksum:
-	@cd _output/release; \
-	sha256sum *.tar.gz > CHECKSUM; \
-	cat CHECKSUM; \
-	sha256sum CHECKSUM
-
-all-tar-bin: $(addprefix tar-bin-, $(CLI_PLATFORMS))
-
-tar-bin-%:
-	$(MAKE) ARCH=$* VERSION=$(VERSION) tar-bin
-
-GIT_DESCRIBE = $(shell git describe --tags --always --dirty)
-tar-bin: build
-	mkdir -p _output/release
-
-# We do the subshell & wildcard ls so we can pick up $(BIN).exe for windows
-	(cd _output/bin/$(GOOS)/$(GOARCH) && ls $(BIN)*) | \
-		tar \
-			-C _output/bin/$(GOOS)/$(GOARCH) \
-			--files-from=- \
-			-zcf _output/release/$(BIN)-$(GIT_DESCRIBE)-$(GOOS)-$(GOARCH).tar.gz
-
 build-dirs:
 	@mkdir -p _output/bin/$(GOOS)/$(GOARCH)
 	@mkdir -p .go/src/$(PKG) .go/pkg .go/bin .go/std/$(GOOS)/$(GOARCH) .go/go-build
 
 build-image:
-	cd hack/build-image && docker build -t $(BUILDER_IMAGE) .
+	cd hack/build-image && docker build --pull -t $(BUILDER_IMAGE) .
 
 clean:
 	rm -rf .container-* _output/.dockerfile-* .push-*
 	rm -rf .go _output
 	docker rmi $(BUILDER_IMAGE)
 
-ci: all verify test
+.PHONY: modules
+modules:
+	go mod tidy
+
+.PHONY: verify-modules
+verify-modules: modules
+	@if !(git diff --quiet HEAD -- go.sum go.mod); then \
+		echo "go module files are out of date, please commit the changes to go.mod and go.sum"; exit 1; \
+	fi
+
+ci: verify-modules verify all test
+
+changelog:
+	hack/changelog.sh
+
+# release builds a GitHub release using goreleaser within the build container.
+#
+# To dry-run the release, which will build the binaries/artifacts locally but
+# will *not* create a GitHub release:
+#		GITHUB_TOKEN=an-invalid-token-so-you-dont-accidentally-push-release \
+#		RELEASE_NOTES_FILE=changelogs/CHANGELOG-1.2.md \
+#		PUBLISH=false \
+#		make release
+#
+# To run the release, which will publish a *DRAFT* GitHub release in github.com/vmware-tanzu/velero 
+# (you still need to review/publish the GitHub release manually):
+#		GITHUB_TOKEN=your-github-token \ 
+#		RELEASE_NOTES_FILE=changelogs/CHANGELOG-1.2.md \
+#		PUBLISH=true \
+#		make release
+release:
+	$(MAKE) shell CMD="-c '\
+		GITHUB_TOKEN=$(GITHUB_TOKEN) \
+		RELEASE_NOTES_FILE=$(RELEASE_NOTES_FILE) \
+		PUBLISH=$(PUBLISH) \
+		./hack/goreleaser.sh'"
+
+serve-docs:
+	docker run \
+	--rm \
+	-v "$$(pwd)/site:/srv/jekyll" \
+	-it -p 4000:4000 \
+	jekyll/jekyll \
+	jekyll serve --livereload --incremental
+
+# gen-docs generates a new versioned docs directory under site/docs. It follows
+# the following process:
+#   1. Copies the contents of the most recently tagged docs directory into the new
+#      directory, to establish a useful baseline to diff against.
+#   2. Adds all copied content from step 1 to git's staging area via 'git add'.
+#   3. Replaces the contents of the new docs directory with the contents of the
+#      'master' docs directory, updating any version-specific links (e.g. to a
+#      specific branch of the GitHub repository) to use the new version
+#   4. Copies the previous version's ToC file and runs 'git add' to establish
+#      a useful baseline to diff against.
+#   5. Replaces the content of the new ToC file with the master ToC.
+#   6. Update site/_config.yml and site/_data/toc-mapping.yml to include entries
+#      for the new version.
+#
+# The unstaged changes in the working directory can now easily be diff'ed against the
+# staged changes using 'git diff' to review all docs changes made since the previous 
+# tagged version. Once the unstaged changes are ready, they can be added to the
+# staging area using 'git add' and then committed.
+#
+# To run gen-docs: "NEW_DOCS_VERSION=v1.4 VELERO_VERSION=v1.4.0 make gen-docs"
+#
+# **NOTE**: there are additional manual steps required to finalize the process of generating
+# a new versioned docs site. The full process is documented in site/README-JEKYLL.md.
+gen-docs:
+	@hack/gen-docs.sh

README.md

@@ -1,68 +1,50 @@
-# Heptio Ark
-
-**Maintainers:** [Heptio][0]
+![100]
 
 [![Build Status][1]][2]
 
 ## Overview
 
-Ark gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. Ark lets you:
+Velero (formerly Heptio Ark) gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a public cloud platform or on-premises. Velero lets you:
 
 * Take backups of your cluster and restore in case of loss.
-* Copy cluster resources across cloud providers. NOTE: Cloud volume migrations are not yet supported.
-* Replicate your production environment for development and testing environments.
+* Migrate cluster resources to other clusters.
+* Replicate your production cluster to development and testing clusters.
 
-Ark consists of:
+Velero consists of:
 
 * A server that runs on your cluster
 * A command-line client that runs locally
 
-## More information
+## Documentation
 
-[The documentation][29] provides a getting started guide, plus information about building from source, architecture, extending Ark, and more.
+[The documentation][29] provides a getting started guide and information about building from source, architecture, extending Velero, and more.
+
+Please use the version selector at the top of the site to ensure you are using the appropriate documentation for your version of Velero.
 
 ## Troubleshooting
 
-If you encounter issues, review the [troubleshooting docs][30], [file an issue][4], or talk to us on the [#ark-dr channel][25] on the Kubernetes Slack server. 
+If you encounter issues, review the [troubleshooting docs][30], [file an issue][4], or talk to us on the [#velero channel][25] on the Kubernetes Slack server.
 
 ## Contributing
 
-Thanks for taking the time to join our community and start contributing!
-
-Feedback and discussions are available on [the mailing list][24].
-
-### Before you start
-
-* Please familiarize yourself with the [Code of Conduct][8] before contributing.
-* See [CONTRIBUTING.md][5] for instructions on the developer certificate of origin that we require.
-
-### Pull requests
-
-* We welcome pull requests. Feel free to dig through the [issues][4] and jump in.
+If you are ready to jump in and test, add code, or help with documentation, follow the instructions on our [Start contributing][31] documentation for guidance on how to setup Velero for development.
 
 ## Changelog
 
 See [the list of releases][6] to find out about feature changes.
 
-[0]: https://github.com/heptio
-[1]: https://travis-ci.org/heptio/ark.svg?branch=master
-[2]: https://travis-ci.org/heptio/ark
-
-[4]: https://github.com/heptio/ark/issues
-[5]: https://github.com/heptio/ark/blob/master/CONTRIBUTING.md
-[6]: https://github.com/heptio/ark/releases
-
-[8]: https://github.com/heptio/ark/blob/master/CODE_OF_CONDUCT.md
+[1]: https://github.com/vmware-tanzu/velero/workflows/Master%20CI/badge.svg
+[2]: https://github.com/vmware-tanzu/velero/actions?query=workflow%3A"Master+CI"
+[4]: https://github.com/vmware-tanzu/velero/issues
+[6]: https://github.com/vmware-tanzu/velero/releases
 [9]: https://kubernetes.io/docs/setup/
 [10]: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-with-homebrew-on-macos
 [11]: https://kubernetes.io/docs/tasks/tools/install-kubectl/#tabset-1
 [12]: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/README.md
 [14]: https://github.com/kubernetes/kubernetes
-
-
-[24]: http://j.hept.io/ark-list
-[25]: https://kubernetes.slack.com/messages/ark-dr
-
-
-[29]: https://heptio.github.io/ark/
-[30]: /docs/troubleshooting.md
+[24]: https://groups.google.com/forum/#!forum/projectvelero
+[25]: https://kubernetes.slack.com/messages/velero
+[29]: https://velero.io/docs/
+[30]: https://velero.io/docs/troubleshooting
+[31]: https://velero.io/docs/start-contributing
+[100]: https://velero.io/docs/master/img/velero.png

ROADMAP.md

@@ -1,40 +0,0 @@
-# Heptio Ark Roadmap
-
-## Upcoming Versions
-
-The following versions, dates, and features are approximate and are subject to change.
-
-### v0.9.0 - ~ 2018-06-14
-- Backup targets
-- Snapshot & restore non-cloud volumes - [#19](https://github.com/heptio/ark/issues/19)
-- Backup & restore across multiple regions and zones - [#103](https://github.com/heptio/ark/issues/103)
-- Ability to clone PVs - [#192](https://github.com/heptio/ark/issues/192)
-- Ark install command - [#52](https://github.com/heptio/ark/issues/52)
-- Backup & restore progress reporting - [#20](https://github.com/heptio/ark/issues/20) [#21](https://github.com/heptio/ark/issues/21)
-
-
-## Released Versions
-
-### v0.8.0 - 2018-04-19
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v080---2018-04-19).
-
-### v0.7.0 - 2018-02-15
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v070---2018-02-15).
-
-### v0.6.0 - 2017-11-30
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v060---2017-11-30).
-
-### v0.5.0 - 2017-10-26
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v050---2017-10-26).
-
-### v0.4.0 - 2017-09-14
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v040---2017-09-14).
-
-### v0.3.0 - 2017-08-03
-
-[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v030---2017-08-03).

SUPPORT.md

@@ -1,5 +1,7 @@
-# Ark Support
+# Velero Support
 
-Thanks for trying out Ark! We welcome all feedback, please consider joining our mailing list: 
+Thanks for trying out Velero! We welcome all feedback, find all the ways to connect with us on our Community page:
 
-- [Mailing List](http://j.hept.io/ark-list)
+- [Velero Community](https://velero.io/community/)
+
+You can find details on the Velero maintainers' support process [here](https://velero.io/docs/master/support-process/).

changelogs/CHANGELOG-0.10.md

@@ -0,0 +1,261 @@
+  - [v0.10.2](#v0102)
+  - [v0.10.1](#v0101)
+  - [v0.10.0](#v0100)
+
+## v0.10.2
+#### 2019-02-28
+
+### Download
+- https://github.com/heptio/ark/releases/tag/v0.10.2
+
+### Changes
+  * upgrade restic to v0.9.4 & replace --hostname flag with --host (#1156, @skriss)
+  * use 'restic stats' instead of 'restic check' to determine if repo exists (#1171, @skriss)
+  * Fix concurrency bug in code ensuring restic repository exists (#1235, @skriss)
+
+## v0.10.1
+#### 2019-01-10
+
+### Download
+- https://github.com/heptio/ark/releases/tag/v0.10.1
+
+### Changes
+  * Fix minio setup job command (#1118, @acbramley)
+  * Add debugging-install link in doc get-started.md (#1131, @hex108)
+  * `ark version`: show full git SHA & combine git tree state indicator with git SHA line (#1124, @skriss)
+  * Delete spec.priority in pod restore action (#879, @mwieczorek)
+  * Allow to use AWS Signature v1 for creating signed AWS urls (#811, @bashofmann)
+  * add multizone/regional support to gcp (#765, @wwitzel3)
+  * Fixed the newline output when deleting a schedule. (#1120, @jwhitcraft)
+  * Remove obsolete make targets and rename 'make goreleaser' to 'make release' (#1114, @skriss)
+  * Update to go 1.11 (#1069, @gliptak)
+  * Update CHANGELOGs (#1063, @wwitzel3)
+  * Initialize empty schedule metrics on server init (#1054, @cbeneke)
+  * Added brew reference (#1051, @omerlh)
+  * Remove default token from all service accounts (#1048, @ncdc)
+  * Add pprof support to the Ark server (#234, @ncdc)
+
+## v0.10.0
+#### 2018-11-15
+
+### Download
+- https://github.com/heptio/ark/releases/tag/v0.10.0
+
+### Highlights
+- We've introduced two new custom resource definitions, `BackupStorageLocation` and `VolumeSnapshotLocation`, that replace the `Config` CRD from
+previous versions. As part of this, you may now configure more than one possible location for where backups and snapshots are stored, and when you
+create a `Backup` you can select the location where you'd like that particular backup to be stored. See the [Locations documentation][2] for an overview
+of this feature.
+- Ark's plugin system has been significantly refactored to improve robustness and ease of development. Plugin processes are now automatically restarted
+if they unexpectedly terminate. Additionally, plugin binaries can now contain more than one plugin implementation (e.g. and object store *and* a block store,
+or many backup item actions).
+- The sync process, which ensures that Backup custom resources exist for each backup in object storage, has been revamped to run much more frequently (once
+per minute rather than once per hour), to use significantly fewer cloud provider API calls, and to not generate spurious Kubernetes API errors.
+- Ark can now be configured to store all data under a prefix within an object storage bucket. This means that you no longer need a separate bucket per Ark
+instance; you can now have all of your clusters' Ark backups go into a single bucket, with each cluster having its own prefix/subdirectory
+within that bucket.
+- Restic backup data is now automatically stored within the same bucket/prefix as the rest of the Ark data. A separate bucket is no longer required (or allowed).
+- Ark resources (backups, restores, schedules) can now be bulk-deleted through the `ark` CLI, using the `--all` or `--selector` flags, or by specifying 
+multiple resource names as arguments to the `delete` commands.
+- The `ark` CLI now supports waiting for backups and restores to complete with the `--wait` flag for `ark backup create` and `ark restore create`
+- Restores can be created directly from the most recent backup for a schedule, using `ark restore create --from-schedule SCHEDULE_NAME`
+
+### Breaking Changes
+
+Heptio Ark v0.10 contains a number of breaking changes.  Upgrading will require some additional steps beyond just updating your client binary and your
+container image tag. We've provided a [detailed set of instructions][1] to help you with the upgrade process. **Please read and follow these instructions 
+carefully to ensure a successful upgrade!**
+
+- The `Config` CRD has been replaced by `BackupStorageLocation` and `VolumeSnapshotLocation` CRDs. 
+- The interface for external plugins (object/block stores, backup/restore item actions) has changed. If you have authored any custom plugins, they'll 
+need to be updated for v0.10.
+    - The [`ObjectStore.ListCommonPrefixes`](https://github.com/heptio/ark/blob/master/pkg/cloudprovider/object_store.go#L50) signature has changed to add a `prefix` parameter.
+    - Registering plugins has changed. Create a new plugin server with the `NewServer` function, and register plugins with the appropriate functions. See the [`Server`](https://github.com/heptio/ark/blob/master/pkg/plugin/server.go#L37) interface for details.
+- The organization of Ark data in object storage has changed. Existing data will need to be moved around to conform to the new layout.
+
+### All Changes
+-   [b9de44ff](https://github.com/heptio/ark/commit/b9de44ff)	update docs to reference config/ dir within release tarballs
+-   [eace0255](https://github.com/heptio/ark/commit/eace0255)	goreleaser: update example image tags to match version being released
+-   [cff02159](https://github.com/heptio/ark/commit/cff02159)	add rbac content, rework get-started for NodePort and publicUrl, add versioning information
+-   [fa14255e](https://github.com/heptio/ark/commit/fa14255e)	add content for docs issue 819
+-   [22959071](https://github.com/heptio/ark/commit/22959071)	add doc explaining locations
+-   [e5556fe6](https://github.com/heptio/ark/commit/e5556fe6)	Added qps and burst to server's client
+-   [9ae861c9](https://github.com/heptio/ark/commit/9ae861c9)	Support a separate URL base for pre-signed URLs
+-   [698420b6](https://github.com/heptio/ark/commit/698420b6)	Update storage-layout-reorg-v0.10.md
+-   [6c9e1f18](https://github.com/heptio/ark/commit/6c9e1f18)	lower some noisy logs to debug level
+-   [318fd8a8](https://github.com/heptio/ark/commit/318fd8a8)	add troubleshooting for loadbalancer restores
+-   [defb8aa8](https://github.com/heptio/ark/commit/defb8aa8)	remove code that checks directly for a backup from restore controller
+-   [7abe1156](https://github.com/heptio/ark/commit/7abe1156)	Move clearing up of metadata before plugin's actions
+-   [ec013e6f](https://github.com/heptio/ark/commit/ec013e6f)	Document upgrading plugins in the deployment
+-   [d6162e94](https://github.com/heptio/ark/commit/d6162e94)	fix goreleaser bugs
+-   [a15df276](https://github.com/heptio/ark/commit/a15df276)	Add correct link and change role
+-   [46bed015](https://github.com/heptio/ark/commit/46bed015)	add 0.10 breaking changes warning to readme in master
+-   [e3a7d6a2](https://github.com/heptio/ark/commit/e3a7d6a2)	add content for issue 994
+-   [400911e9](https://github.com/heptio/ark/commit/400911e9)	address docs issue #978
+-   [b818cc27](https://github.com/heptio/ark/commit/b818cc27)	don't require a default provider VSL if there's only 1
+-   [90638086](https://github.com/heptio/ark/commit/90638086)	v0.10 changelog
+-   [6e2166c4](https://github.com/heptio/ark/commit/6e2166c4)	add docs page on versions and upgrading
+-   [18b434cb](https://github.com/heptio/ark/commit/18b434cb)	goreleaser scripts for building/creating a release on a workstation
+-   [bb65d67a](https://github.com/heptio/ark/commit/bb65d67a)	update restic prerequisite with min k8s version
+-   [b5a2ccd5](https://github.com/heptio/ark/commit/b5a2ccd5)	Silence git detached HEAD advice in build container
+-   [67749141](https://github.com/heptio/ark/commit/67749141)	instructions for upgrading to v0.10
+-   [516422c2](https://github.com/heptio/ark/commit/516422c2)	sync controller: fill in missing .spec.storageLocation
+- 	[195e6aaf](https://github.com/heptio/ark/commit/195e6aaf)	fix bug preventing PV snapshots from v0.10 backups from restoring
+- 	[bca58516](https://github.com/heptio/ark/commit/bca58516)	Run 'make update' to update formatting
+- 	[573ce7d0](https://github.com/heptio/ark/commit/573ce7d0)	Update formatting script
+- 	[90d9be59](https://github.com/heptio/ark/commit/90d9be59)	support restoring/deleting legacy backups with .status.volumeBackups
+- 	[ef194972](https://github.com/heptio/ark/commit/ef194972)	rename variables #967
+- 	[6d4e702c](https://github.com/heptio/ark/commit/6d4e702c)	fix broken link
+- 	[596eea1b](https://github.com/heptio/ark/commit/596eea1b)	restore storageclasses before pvs and pvcs
+- 	[f014cab1](https://github.com/heptio/ark/commit/f014cab1)	backup describer: show snapshot summary by default, details optionally
+- 	[8acc66d0](https://github.com/heptio/ark/commit/8acc66d0)	remove pvProviderExists param from NewRestoreController
+- 	[57ce590f](https://github.com/heptio/ark/commit/57ce590f)	create a struct for multiple return of same type in restore_contoroller #967
+- 	[028fafb6](https://github.com/heptio/ark/commit/028fafb6)	Corrected grammatical  error
+- 	[db856aff](https://github.com/heptio/ark/commit/db856aff)	Specify return arguments
+- 	[9952dfb0](https://github.com/heptio/ark/commit/9952dfb0)	Address #424: Add CRDs to list of prioritized resources
+- 	[cf2c2714](https://github.com/heptio/ark/commit/cf2c2714)	fix bugs in GetBackupVolumeSnapshots and add test
+- 	[ec124673](https://github.com/heptio/ark/commit/ec124673)	remove all references to Config from docs/examples
+- 	[c36131a0](https://github.com/heptio/ark/commit/c36131a0)	remove Config-related code
+- 	[406b50a7](https://github.com/heptio/ark/commit/406b50a7)	update restore process using snapshot locations
+- 	[268080ad](https://github.com/heptio/ark/commit/268080ad)	avoid panics if can't get block store during deletion
+- 	[4a03370f](https://github.com/heptio/ark/commit/4a03370f)	update backup deletion controller for snapshot locations
+- 	[38c72b8c](https://github.com/heptio/ark/commit/38c72b8c)	include snapshot locations in created schedule's backup spec
+- 	[0ec2de55](https://github.com/heptio/ark/commit/0ec2de55)	azure: update blockstore to allow storing snaps in different resource group
+- 	[35bb533c](https://github.com/heptio/ark/commit/35bb533c)	close gzip writer before uploading volumesnapshots file
+- 	[da9ed38c](https://github.com/heptio/ark/commit/da9ed38c)	store volume snapshot info as JSON in backup storage
+- 	[e24248e0](https://github.com/heptio/ark/commit/e24248e0)	add --volume-snapshot-locations flag to ark backup create
+- 	[df07b7dc](https://github.com/heptio/ark/commit/df07b7dc)	update backup code to work with volume snapshot locations
+- 	[4af89fa8](https://github.com/heptio/ark/commit/4af89fa8)	add unit test for getDefaultVolumeSnapshotLocations
+- 	[02f50b9c](https://github.com/heptio/ark/commit/02f50b9c)	add default-volume-snapshot-locations to server cmd
+- 	[1aa712d2](https://github.com/heptio/ark/commit/1aa712d2)	Default and validate VolumeSnapshotLocations
+- 	[bbf76985](https://github.com/heptio/ark/commit/bbf76985)	add create CLI command for snapshot locations
+- 	[aeb221ea](https://github.com/heptio/ark/commit/aeb221ea)	Add printer for snapshot locations
+- 	[ffc612ac](https://github.com/heptio/ark/commit/ffc612ac)	Add volume snapshot CLI get command
+- 	[f20342aa](https://github.com/heptio/ark/commit/f20342aa)	Add VolumeLocation and Snapshot.
+- 	[7172db8a](https://github.com/heptio/ark/commit/7172db8a)	upgrade to restic v0.9.3
+- 	[99adc4fa](https://github.com/heptio/ark/commit/99adc4fa)	Remove broken references to docs that are not existing
+- 	[474efde6](https://github.com/heptio/ark/commit/474efde6)	Fixed relative link for image
+- 	[41735154](https://github.com/heptio/ark/commit/41735154)	don't require a default backup storage location to exist
+- 	[0612c5de](https://github.com/heptio/ark/commit/0612c5de)	templatize error message in DeleteOptions
+- 	[66bcbc05](https://github.com/heptio/ark/commit/66bcbc05)	add support for bulk deletion to ark schedule delete
+- 	[3af43b49](https://github.com/heptio/ark/commit/3af43b49)	add azure-specific code to support multi-location restic
+- 	[d009163b](https://github.com/heptio/ark/commit/d009163b)	update restic to support multiple backup storage locations
+- 	[f4c99c77](https://github.com/heptio/ark/commit/f4c99c77)	Change link for the support matrix
+- 	[91e45d56](https://github.com/heptio/ark/commit/91e45d56)	Fix broken storage providers link
+- 	[ed0eb865](https://github.com/heptio/ark/commit/ed0eb865)	fix backup storage location example YAMLs
+- 	[eb709b8f](https://github.com/heptio/ark/commit/eb709b8f)	only sync a backup location if it's changed since last sync
+- 	[af3af1b5](https://github.com/heptio/ark/commit/af3af1b5)	clarify Azure resource group usage in docs
+- 	[9fdf8513](https://github.com/heptio/ark/commit/9fdf8513)	Minor code cleanup
+- 	[2073e15a](https://github.com/heptio/ark/commit/2073e15a)	Fix formatting for live site
+- 	[0fc3e8d8](https://github.com/heptio/ark/commit/0fc3e8d8)	add documentation on running Ark on-premises
+- 	[e46e89cb](https://github.com/heptio/ark/commit/e46e89cb)	have restic share main Ark bucket
+- 	[42b54586](https://github.com/heptio/ark/commit/42b54586)	refactor to make valid dirs part of an object store layout
+- 	[8bc7e4f6](https://github.com/heptio/ark/commit/8bc7e4f6)	store backups & restores in backups/, restores/ subdirs in obj storage
+- 	[e3232b7e](https://github.com/heptio/ark/commit/e3232b7e)	add support for bulk deletion to ark restore delete
+- 	[17be71e1](https://github.com/heptio/ark/commit/17be71e1)	remove deps used for docs gen
+- 	[20635106](https://github.com/heptio/ark/commit/20635106)	remove script for generating docs
+- 	[6fd9ea9d](https://github.com/heptio/ark/commit/6fd9ea9d)	remove cli reference docs and related scripts
+- 	[4833607a](https://github.com/heptio/ark/commit/4833607a)	Fix infinite sleep in fsfreeze container
+- 	[7668bfd4](https://github.com/heptio/ark/commit/7668bfd4)	Add links for Portworx plugin support
+- 	[468006e6](https://github.com/heptio/ark/commit/468006e6)	Fix Portworx name in doc
+- 	[e6b44539](https://github.com/heptio/ark/commit/e6b44539)	Make fsfreeze image building consistent
+- 	[fcd27a13](https://github.com/heptio/ark/commit/fcd27a13)	get a new metadata accessor after calling backup item actions
+- 	[ffef86e3](https://github.com/heptio/ark/commit/ffef86e3)	Adding support for the AWS_CLUSTER_NAME env variable allowing to claim volumes ownership
+- 	[cda3dff8](https://github.com/heptio/ark/commit/cda3dff8)	Document single binary plugins
+- 	[f049e078](https://github.com/heptio/ark/commit/f049e078)	Remove ROADMAP.md, update ZenHub link to Ark board
+- 	[94617b30](https://github.com/heptio/ark/commit/94617b30)	convert all controllers to use genericController, logContext -> log
+- 	[779cb428](https://github.com/heptio/ark/commit/779cb428)	Document SignatureDoesNotMatch error and triaging
+- 	[7d8813a9](https://github.com/heptio/ark/commit/7d8813a9)	move ObjectStore mock into pkg/cloudprovider/mocks
+- 	[f0edf733](https://github.com/heptio/ark/commit/f0edf733)	add a BackupStore to pkg/persistence that supports prefixes
+- 	[af64069d](https://github.com/heptio/ark/commit/af64069d)	create pkg/persistence and move relevant code from pkg/cloudprovider into it
+- 	[29d75d72](https://github.com/heptio/ark/commit/29d75d72)	move object and block store interfaces to their own files
+- 	[211aa7b7](https://github.com/heptio/ark/commit/211aa7b7)	Set schedule labels to subsequent backups
+- 	[d34994cb](https://github.com/heptio/ark/commit/d34994cb)	set azure restic env vars based on default backup location's config
+- 	[a50367f1](https://github.com/heptio/ark/commit/a50367f1)	Regenerate CLI docs
+- 	[7bc27bbb](https://github.com/heptio/ark/commit/7bc27bbb)	Pin cobra version
+- 	[e94277ac](https://github.com/heptio/ark/commit/e94277ac)	Update pflag version
+- 	[df69b274](https://github.com/heptio/ark/commit/df69b274)	azure: update documentation and examples
+- 	[cb321db2](https://github.com/heptio/ark/commit/cb321db2)	azure: refactor to not use helpers/ pkg, validate all env/config inputs
+- 	[9d7ea748](https://github.com/heptio/ark/commit/9d7ea748)	azure: support different RGs/storage accounts per backup location
+- 	[cd4e9f53](https://github.com/heptio/ark/commit/cd4e9f53)	azure: fix for breaking change in blob.GetSASURI
+- 	[a440029c](https://github.com/heptio/ark/commit/a440029c)	bump Azure SDK version and include storage mgmt package
+- 	[b31e25bf](https://github.com/heptio/ark/commit/b31e25bf)	server: remove unused code, replace deprecated func
+- 	[729d7339](https://github.com/heptio/ark/commit/729d7339)	controllers: take a newPluginManager func in constructors
+- 	[6445dbf1](https://github.com/heptio/ark/commit/6445dbf1)	Update examples and docs for backup locations
+- 	[133dc185](https://github.com/heptio/ark/commit/133dc185)	backup sync: process the default location first
+- 	[7a1e6d16](https://github.com/heptio/ark/commit/7a1e6d16)	generic controller: allow controllers with only a resync func
+- 	[6f7bfe54](https://github.com/heptio/ark/commit/6f7bfe54)	remove Config CRD's BackupStorageProvider & other obsolete code
+- 	[bd4d97b9](https://github.com/heptio/ark/commit/bd4d97b9)	move server's defaultBackupLocation into config struct
+- 	[0e94fa37](https://github.com/heptio/ark/commit/0e94fa37)	update sync controller for backup locations
+- 	[2750aa71](https://github.com/heptio/ark/commit/2750aa71)	Use backup storage location during restore
+- 	[20f89fbc](https://github.com/heptio/ark/commit/20f89fbc)	use the default backup storage location for restic
+- 	[833a6307](https://github.com/heptio/ark/commit/833a6307)	Add storage location to backup get/describe
+- 	[cf7c8587](https://github.com/heptio/ark/commit/cf7c8587)	download request: fix setting of log level for plugin manager
+- 	[3234124a](https://github.com/heptio/ark/commit/3234124a)	backup deletion: fix setting of log level in plugin manager
+- 	[74043ab4](https://github.com/heptio/ark/commit/74043ab4)	download request controller: fix bug in determining expiration
+- 	[7007f198](https://github.com/heptio/ark/commit/7007f198)	refactor download request controller test and add test cases
+- 	[8f534615](https://github.com/heptio/ark/commit/8f534615)	download request controller: use backup location for object store
+- 	[bab08ed1](https://github.com/heptio/ark/commit/bab08ed1)	backup deletion controller: use backup location for object store
+- 	[c6f488f7](https://github.com/heptio/ark/commit/c6f488f7)	Use backup location in the backup controller
+- 	[06b5af44](https://github.com/heptio/ark/commit/06b5af44)	add create and get CLI commands for backup locations
+- 	[adbcd370](https://github.com/heptio/ark/commit/adbcd370)	add --default-backup-storage-location flag to server cmd
+- 	[2a34772e](https://github.com/heptio/ark/commit/2a34772e)	Add --storage-location argument to create commands
+- 	[56f16170](https://github.com/heptio/ark/commit/56f16170)	Correct metadata for BackupStorageLocationList
+- 	[345c3c39](https://github.com/heptio/ark/commit/345c3c39)	Generate clients for BackupStorageLocation
+- 	[a25eb032](https://github.com/heptio/ark/commit/a25eb032)	Add BackupStorageLocation API type
+- 	[575c4ddc](https://github.com/heptio/ark/commit/575c4ddc)	apply annotations on single line, no restore mode
+- 	[030ea6c0](https://github.com/heptio/ark/commit/030ea6c0)	minor word updates and command wrapping
+- 	[d32f8dbb](https://github.com/heptio/ark/commit/d32f8dbb)	Update hooks/fsfreeze example
+- 	[342a1c64](https://github.com/heptio/ark/commit/342a1c64)	add an ark bug command
+- 	[9c11ba90](https://github.com/heptio/ark/commit/9c11ba90)	Add DigitalOcean to S3-compatible backup providers
+- 	[ea50ebf2](https://github.com/heptio/ark/commit/ea50ebf2)	Fix map merging logic
+- 	[9508e4a2](https://github.com/heptio/ark/commit/9508e4a2)	Switch Config CRD elements to server flags
+- 	[0c3ac67b](https://github.com/heptio/ark/commit/0c3ac67b)	start using a namespaced label on restored objects, deprecate old label
+- 	[6e53aa03](https://github.com/heptio/ark/commit/6e53aa03)	Bring back 'make local'
+- 	[5acccaa7](https://github.com/heptio/ark/commit/5acccaa7)	add bulk deletion support to ark backup delete
+- 	[3aa241a7](https://github.com/heptio/ark/commit/3aa241a7)	Preserve node ports during restore when annotations hold specification.
+- 	[c5f5862c](https://github.com/heptio/ark/commit/c5f5862c)	Add --wait support to ark backup create
+- 	[eb6f742b](https://github.com/heptio/ark/commit/eb6f742b)	Document CRD not found errors
+- 	[fb4d507c](https://github.com/heptio/ark/commit/fb4d507c)	Extend doc about synchronization
+- 	[e7bb5926](https://github.com/heptio/ark/commit/e7bb5926)	Add --wait support to `ark restore create`
+- 	[8ce513ac](https://github.com/heptio/ark/commit/8ce513ac)	Only delete unused backup if they are complete
+- 	[1c26fbde](https://github.com/heptio/ark/commit/1c26fbde)	remove SnapshotService, replace with direct BlockStore usage
+- 	[13051218](https://github.com/heptio/ark/commit/13051218)	Refactor plugin management
+- 	[74dbf387](https://github.com/heptio/ark/commit/74dbf387)	Add restore failed phase and metrics
+- 	[8789ae5c](https://github.com/heptio/ark/commit/8789ae5c)	update testify to latest released version
+- 	[fe9d61a9](https://github.com/heptio/ark/commit/fe9d61a9)	Add schedule command info to quickstart
+- 	[ca5656c2](https://github.com/heptio/ark/commit/ca5656c2)	fix bug preventing backup item action item updates from saving
+- 	[d2e629f5](https://github.com/heptio/ark/commit/d2e629f5)	Delete backups from etcd if they're not in storage
+- 	[625ba481](https://github.com/heptio/ark/commit/625ba481)	Fix ZenHub link on Readme.md
+- 	[dcae6eb0](https://github.com/heptio/ark/commit/dcae6eb0)	Update gcp-config.md
+- 	[06d6665a](https://github.com/heptio/ark/commit/06d6665a)	check s3URL scheme upon AWS ObjectStore Init()
+- 	[cc359f6e](https://github.com/heptio/ark/commit/cc359f6e)	Add contributor docs for our ZenHub usage
+- 	[f6204562](https://github.com/heptio/ark/commit/f6204562)	cleanup service account action log statement
+- 	[450fa72f](https://github.com/heptio/ark/commit/450fa72f)	Initialize schedule Prometheus metrics to have them created beforehand (see https://prometheus.io/docs/practices/instrumentation/#avoid-missing-metrics)
+- 	[39c4267a](https://github.com/heptio/ark/commit/39c4267a)	Clarify that object storage should per-cluster
+- 	[78cbdf95](https://github.com/heptio/ark/commit/78cbdf95)	delete old deletion requests for backup when processing a new one
+- 	[85a61b8e](https://github.com/heptio/ark/commit/85a61b8e)	return nil error if 404 encountered when deleting snapshots
+- 	[a2a7dbda](https://github.com/heptio/ark/commit/a2a7dbda)	fix tagging latest by using make's ifeq
+- 	[b4a52e45](https://github.com/heptio/ark/commit/b4a52e45)	Add commands for context to the bug template
+- 	[3efe6770](https://github.com/heptio/ark/commit/3efe6770)	Update Ark library code to work with Kubernetes 1.11
+- 	[7e8c8c69](https://github.com/heptio/ark/commit/7e8c8c69)	Add some basic troubleshooting commands
+- 	[d1955120](https://github.com/heptio/ark/commit/d1955120)	require namespace for backups/etc. to exist at server startup
+- 	[683f7afc](https://github.com/heptio/ark/commit/683f7afc)	switch to using .status.startTimestamp for sorting backups
+- 	[b71a37db](https://github.com/heptio/ark/commit/b71a37db)	Record backup completion time before uploading
+- 	[217084cd](https://github.com/heptio/ark/commit/217084cd)	Add example ark version command to issue templates
+- 	[040788bb](https://github.com/heptio/ark/commit/040788bb)	Add minor improvements and aws example<Plug>delimitMateCR
+- 	[5b89f7b6](https://github.com/heptio/ark/commit/5b89f7b6)	Skip backup sync if it already exists in k8s
+- 	[c6050845](https://github.com/heptio/ark/commit/c6050845)	restore controller: switch to 'c' for receiver name
+- 	[706ae07d](https://github.com/heptio/ark/commit/706ae07d)	enable a schedule to be provided as the source for a restore
+- 	[aea68414](https://github.com/heptio/ark/commit/aea68414)	fix up Slack link in troubleshooting on master branch
+- 	[bb8e2e91](https://github.com/heptio/ark/commit/bb8e2e91)	Document how to run the Ark server locally
+- 	[dc84e591](https://github.com/heptio/ark/commit/dc84e591)	Remove outdated namespace deletion content
+- 	[23abbc9a](https://github.com/heptio/ark/commit/23abbc9a)	fix paths
+- 	[f0426538](https://github.com/heptio/ark/commit/f0426538)	use posix-compliant conditional for checking TAG_LATEST
+- 	[cf336d80](https://github.com/heptio/ark/commit/cf336d80)	Added new templates
+- 	[795dc262](https://github.com/heptio/ark/commit/795dc262)	replace pkg/restore's osFileSystem with pkg/util/filesystem's
+- 	[eabef085](https://github.com/heptio/ark/commit/eabef085)	Update generated Ark code based on the 1.11 k8s.io/code-generator script
+- 	[f5eac0b4](https://github.com/heptio/ark/commit/f5eac0b4)	Update vendored library code for Kubernetes 1.11
+
+[1]: https://heptio.github.io/velero/v0.10.0/upgrading-to-v0.10
+[2]: locations.md

changelogs/CHANGELOG-0.11.md

@@ -0,0 +1,32 @@
+## v0.11.1
+#### 2019-05-17
+
+### Download
+- https://github.com/heptio/velero/releases/tag/v0.11.1
+
+### Highlights
+* Added the `velero migrate-backups` command to migrate legacy Ark backup metadata to the current Velero format in object storage. This command needs to be run in preparation for upgrading to v1.0, **if** you have backups that were originally created prior to v0.11 (i.e. when the project was named Ark).
+
+## v0.11.0
+#### 2019-02-28
+
+### Download
+- https://github.com/heptio/velero/releases/tag/v0.11.0
+
+### Highlights
+* Heptio Ark is now Velero! This release is the first one to use the new name. For details on the changes and how to migrate to v0.11, see the [migration instructions][1]. **Please follow the instructions to ensure a successful upgrade to v0.11.**
+* Restic has been upgraded to v0.9.4, which brings significantly faster restores thanks to a new multi-threaded restorer.
+* Velero now waits for terminating namespaces and persistent volumes to delete before attempting to restore them, rather than trying and failing to restore them while they're being deleted.
+
+### All Changes
+* Fix concurrency bug in code ensuring restic repository exists (#1235, @skriss)
+* Wait for PVs and namespaces to delete before attempting to restore them. (#826, @nrb)
+* Set the zones for GCP regional disks on restore. This requires the `compute.zones.get` permission on the GCP serviceaccount in order to work correctly. (#1200, @nrb)
+* Renamed Heptio Ark to Velero. Changed internal imports, environment variables, and binary name. (#1184, @nrb)
+* use 'restic stats' instead of 'restic check' to determine if repo exists (#1171, @skriss)
+* upgrade restic to v0.9.4 & replace --hostname flag with --host (#1156, @skriss)
+* Clarify restore log when object unchanged (#1153, @daved)
+* Add backup-version file in backup tarball. (#1117, @wwitzel3)
+* add ServerStatusRequest CRD and show server version in `ark version` output (#1116, @skriss)
+
+[1]: https://heptio.github.io/velero/v0.11.0/migrating-to-velero

changelogs/CHANGELOG-0.3.md

@@ -0,0 +1,39 @@
+- [v0.3.3](#v033)
+- [v0.3.2](#v032)
+- [v0.3.1](#v031)
+- [v0.3.0](#v030)
+
+## v0.3.3
+#### 2017-08-10
+### Download
+  - https://github.com/heptio/ark/tree/v0.3.3
+
+### Bug Fixes
+  * Treat the first field in a schedule's cron expression as minutes, not seconds
+
+
+## v0.3.2
+#### 2017-08-07
+### Download
+  - https://github.com/heptio/ark/tree/v0.3.2
+
+### New Features
+  * Add client-go auth provider plugins for Azure, GCP, OIDC
+
+
+## v0.3.1
+#### 2017-08-03
+### Download
+  - https://github.com/heptio/ark/tree/v0.3.1
+
+### Bug Fixes
+  * Fix Makefile VERSION
+
+
+## v0.3.0
+#### 2017-08-03
+### Download
+  - https://github.com/heptio/ark/tree/v0.3.0
+
+### All New Features
+  *  Initial Release

changelogs/CHANGELOG-0.4.md

@@ -0,0 +1,29 @@
+- [v0.4.0](#v040)
+
+## v0.4.0
+#### 2017-09-14
+### Download
+  - https://github.com/heptio/ark/tree/v0.4.0
+
+### Breaking changes
+  * Snapshotting and restoring volumes is now enabled by default
+  * The --namespaces flag for 'ark restore create' has been replaced by --include-namespaces and
+    --exclude-namespaces
+
+### New features
+  * Support for S3 SSE with KMS
+  * Cloud provider configurations are validated at startup
+  * The persistentVolumeProvider is now optional
+  * Restore objects are garbage collected
+  * Each backup now has an associated log file, viewable via 'ark backup logs'
+  * Each restore now has an associated log file, viewable via 'ark restore logs'
+  * Add --include-resources/--exclude-resources for restores
+
+### Bug fixes
+  * Only save/use iops for io1 volumes on AWS
+  * When restoring, try to retrieve the Backup directly from object storage if it's not found
+  * When syncing Backups from object storage to Kubernetes, don't return at the first error
+    encountered
+  * More closely match how kubectl performs kubeconfig resolution
+  * Increase default Azure API request timeout to 2 minutes
+  * Update Azure diskURI to match diskName

changelogs/CHANGELOG-0.5.md

@@ -0,0 +1,41 @@
+- [v0.5.1](#v051)
+- [v0.5.0](#v050)
+
+## v0.5.1
+#### 2017-11-06
+### Download
+  - https://github.com/heptio/ark/tree/v0.5.1
+
+### Bug fixes
+  * If a Service is headless, retain ClusterIP = None when backing up and restoring.
+  * Use the specifed --label-selector when listing backups, schedules, and restores.
+  * Restore namespace mapping functionality that was accidentally broken in 0.5.0.
+  * Always include namespaces in the backup, regardless of the --include-cluster-resources setting.
+
+
+## v0.5.0
+#### 2017-10-26
+### Download
+  - https://github.com/heptio/ark/tree/v0.5.0
+
+### Breaking changes
+  * The backup tar file format has changed. Backups created using previous versions of Ark cannot be restored using v0.5.0.
+  * When backing up one or more specific namespaces, cluster-scoped resources are no longer backed up by default, with the exception of PVs that are used within the target namespace(s). Cluster-scoped resources can still be included by explicitly specifying `--include-cluster-resources`.
+
+### New features
+  * Add customized user-agent string for Ark CLI
+  * Switch from glog to logrus
+  * Exclude nodes from restoration
+  * Add a FAQ
+  * Record PV availability zone and use it when restoring volumes from snapshots
+  * Back up the PV associated with a PVC
+  * Add `--include-cluster-resources` flag to `ark backup create`
+  * Add `--include-cluster-resources` flag to `ark restore create`
+  * Properly support resource restore priorities across cluster-scoped and namespace-scoped resources
+  * Support `ark create ...` and `ark get ...`
+  * Make ark run as cluster-admin
+  * Add pod exec backup hooks
+  * Support cross-compilation & upgrade to go 1.9
+  
+### Bug fixes
+  * Make config change detection more robust

changelogs/CHANGELOG-0.6.md

@@ -0,0 +1,31 @@
+- [v0.6.0](#v060)
+
+## v0.6.0
+#### 2017-11-30
+### Download
+  - https://github.com/heptio/ark/tree/v0.6.0
+
+### Highlights
+  * **Plugins** - We now support user-defined plugins that can extend Ark functionality to meet your custom backup/restore needs without needing to be compiled into the core binary. We support pluggable block and object stores as well as per-item backup and restore actions that can execute arbitrary logic, including modifying the items being backed up or restored. For more information see the [documentation](docs/plugins.md), which includes a reference to a fully-functional sample plugin repository. (#174 #188 #206 #213 #215 #217 #223 #226)
+  * **Describers** - The Ark CLI now includes `describe` commands for `backups`, `restores`, and `schedules` that provide human-friendly representations of the relevant API objects.
+
+### Breaking Changes
+  * The config object format has changed. In order to upgrade to v0.6.0, the config object will have to be updated to match the new format. See the [examples](examples) and [documentation](docs/config-definition.md) for more information.
+  * The restore object format has changed. The `warnings` and `errors` fields are now ints containing the counts, while full warnings and errors are now stored in the object store instead of etcd. Restore objects created prior to v.0.6.0 should be deleted, or a new bucket used, and the old restore objects deleted from Kubernetes (`kubectl -n heptio-ark delete restore --all`).
+
+### All New Features
+  * Add `ark plugin add` and `ark plugin remove` commands #217, @skriss
+  * Add plugin support for block/object stores, backup/restore item actions #174 #188 #206 #213 #215 #223 #226, @skriss @ncdc
+  * Improve Azure deployment instructions #216, @ncdc
+  * Change default TTL for backups to 30 days #204, @nrb
+  * Improve logging for backups and restores #199, @ncdc
+  * Add `ark backup describe`, `ark schedule describe` #196, @ncdc
+  * Add `ark restore describe` and move restore warnings/errors to object storage #173 #201 #202, @ncdc
+  * Upgrade to client-go v5.0.1, kubernetes v1.8.2 #157, @ncdc
+  * Add Travis CI support #165 #166, @ncdc
+
+### Bug Fixes
+  * Fix log location hook prefix stripping #222, @ncdc
+  * When running `ark backup download`, remove file if there's an error #154, @ncdc
+  * Update documentation for AWS KMS Key alias support #163, @lli-hiya
+  * Remove clock from `volume_snapshot_action` #137, @athampy

changelogs/CHANGELOG-0.7.md

@@ -0,0 +1,30 @@
+- [v0.7.1](#v071)
+- [v0.7.0](#v070)
+
+## v0.7.1
+#### 2018-02-22
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.7.1
+
+### Bug Fixes:
+  * Run the Ark server in its own namespace, separate from backups/schedules/restores/config (#322, @ncdc)
+
+
+## v0.7.0
+#### 2018-02-15
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.7.0
+
+### New Features:
+  * Run the Ark server in any namespace (#272, @ncdc)
+  * Add ability to delete backups and their associated data (#252, @skriss)
+  * Support both pre and post backup hooks (#243, @ncdc)
+
+### Bug Fixes / Other Changes:
+  * Switch from Update() to Patch() when updating Ark resources (#241, @skriss)
+  * Don't fail the backup if a PVC is not bound to a PV (#256, @skriss)
+  * Restore serviceaccounts prior to workload controllers (#258, @ncdc)
+  * Stop removing annotations from PVs when restoring them (#263, @skriss)
+  * Update GCP client libraries (#249, @skriss)
+  * Clarify backup and restore creation messages (#270, @nrb)
+  * Update S3 bucket creation docs for us-east-1 (#285, @lypht)

changelogs/CHANGELOG-0.8.md

@@ -0,0 +1,100 @@
+- [v0.8.3](#v083)
+- [v0.8.2](#v082)
+- [v0.8.1](#v081)
+- [v0.8.0](#v080)
+
+## v0.8.3
+#### 2018-06-29
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.8.3
+
+### Bug Fixes:
+  * Don't restore backup and restore resources to avoid possible data corruption (#622, @ncdc)
+
+
+## v0.8.2
+#### 2018-06-01
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.8.2
+
+### Bug Fixes:
+  * Don't crash when a persistent volume claim is missing spec.volumeName (#520, @ncdc)
+
+
+## v0.8.1
+#### 2018-04-23
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.8.1
+
+### Bug Fixes:
+  * Azure: allow pre-v0.8.0 backups with disk snapshots to be restored and deleted (#446 #449, @skriss)
+
+
+## v0.8.0
+#### 2018-04-19
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.8.0
+
+### Highlights:
+  * Backup deletion has been completely revamped to make it simpler and less error-prone. As a user, you still use the `ark backup delete` command to request deletion of a backup and its associated cloud
+  resources; behind the scenes, we've switched to using a new `DeleteBackupRequest` Custom Resource and associated controller for processing deletion requests.
+  * We've reduced the number of required fields in the Ark config. For Azure, `location` is no longer required, and for GCP, `project` is not needed.
+  * Ark now copies tags from volumes to snapshots during backup, and from snapshots to new volumes during restore. 
+
+### Breaking Changes:
+  * Ark has moved back to a single namespace (`heptio-ark` by default) as part of #383.
+
+### All New Features:
+  * Add global `--kubecontext` flag to Ark CLI (#296, @blakebarnett)
+  * Azure: support cross-resource group restores of volumes (#356 #378, @skriss)
+  * AWS/Azure/GCP: copy tags from volumes to snapshots, and from snapshots to volumes (#341, @skriss)
+  * Replace finalizer for backup deletion with `DeleteBackupRequest` custom resource & controller (#383 #431, @ncdc @nrb)
+  * Don't log warnings during restore if an identical object already exists in the cluster (#405, @nrb)
+  * Add bash & zsh completion support (#384, @containscafeine)
+  
+### Bug Fixes / Other Changes:
+  * Error from the Ark CLI if attempting to restore a non-existent backup (#302, @ncdc)
+  * Enable running the Ark server locally for development purposes (#334, @ncdc)
+  * Add examples to `ark schedule create` documentation (#331, @lypht)
+  * GCP: Remove `project` requirement from Ark config (#345, @skriss)
+  * Add `--from-backup` flag to `ark restore create` and allow custom restore names (#342 #409, @skriss)
+  * Azure: remove `location` requirement from Ark config (#344, @skriss)
+  * Add documentation/examples for storing backups in IBM Cloud Object Storage (#321, @roytman)
+  * Reduce verbosity of hooks logging (#362, @skriss)
+  * AWS: Add minimal IAM policy to documentation (#363 #419, @hopkinsth)
+  * Don't restore events (#374, @sanketjpatel)
+  * Azure: reduce API polling interval from 60s to 5s (#359, @skriss)
+  * Switch from hostPath to emptyDir volume type for minio example (#386, @containscafeine)
+  * Add limit ranges as a prioritized resource for restores (#392, @containscafeine)
+  * AWS: Add documentation on using Ark with kube2iam (#402, @domderen)
+  * Azure: add node selector so Ark pod is scheduled on a linux node (#415, @ffd2subroutine)
+  * Error from the Ark CLI if attempting to get logs for a non-existent restore (#391, @containscafeine)
+  * GCP: Add minimal IAM policy to documentation (#429, @skriss @jody-frankowski)
+
+### Upgrading from v0.7.1:
+  Ark v0.7.1 moved the Ark server deployment into a separate namespace, `heptio-ark-server`. As of v0.8.0 we've
+  returned to a single namespace, `heptio-ark`, for all Ark-related resources. If you're currently running v0.7.1,
+  here are the steps you can take to upgrade:
+
+1. Execute the steps from the **Credentials and configuration** section for your cloud:
+    * [AWS](https://heptio.github.io/velero/v0.8.0/aws-config#credentials-and-configuration)
+    * [Azure](https://heptio.github.io/velero/v0.8.0/azure-config#credentials-and-configuration)
+    * [GCP](https://heptio.github.io/velero/v0.8.0/gcp-config#credentials-and-configuration)
+
+    When you get to the secret creation step, if you don't have your `credentials-ark` file handy, 
+    you can copy the existing secret from your `heptio-ark-server` namespace into the `heptio-ark` namespace:
+    ```bash
+    kubectl get secret/cloud-credentials -n heptio-ark-server --export -o json | \
+      jq '.metadata.namespace="heptio-ark"' | \
+      kubectl apply -f -
+    ```
+
+2. You can now safely delete the `heptio-ark-server` namespace:
+    ```bash
+    kubectl delete namespace heptio-ark-server
+    ```
+
+3. Execute the commands from the **Start the server** section for your cloud:
+    * [AWS](https://heptio.github.io/velero/v0.8.0/aws-config#start-the-server)
+    * [Azure](https://heptio.github.io/velero/v0.8.0/azure-config#start-the-server)
+    * [GCP](https://heptio.github.io/velero/v0.8.0/gcp-config#start-the-server)

changelogs/CHANGELOG-0.9.md

@@ -0,0 +1,181 @@
+  - [v0.9.11](#v0911)
+  - [v0.9.10](#v0910)
+  - [v0.9.9](#v099)
+  - [v0.9.8](#v098)
+  - [v0.9.7](#v097)
+  - [v0.9.6](#v096)
+  - [v0.9.5](#v095)
+  - [v0.9.4](#v094)
+  - [v0.9.3](#v093)
+  - [v0.9.2](#v092)
+  - [v0.9.1](#v091)
+  - [v0.9.0](#v090)
+
+## v0.9.11
+#### 2018-11-08
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.11
+
+### Bug Fixes
+  * Fix bug preventing PV snapshots from being restored (#1040, @ncdc)
+
+
+## v0.9.10
+#### 2018-11-01
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.10
+
+### Bug Fixes
+  * restore storageclasses before pvs and pvcs (#594, @shubheksha)
+  * AWS: Ensure that the order returned by ListObjects is consistent (#999, @bashofmann)
+  * Add CRDs to list of prioritized resources (#424, @domenicrosati)
+  * Verify PV doesn't exist before creating new volume (#609, @nrb)
+  * Update README.md - Grammar mistake corrected (#1018, @midhunbiju)
+
+
+## v0.9.9
+#### 2018-10-24
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.9
+
+### Bug Fixes
+  * Check if initContainers key exists before attempting to remove volume mounts. (#927, @skriss)
+
+
+## v0.9.8
+#### 2018-10-18
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.8
+
+### Bug Fixes
+  * Discard service account token volume mounts from init containers on restore (#910, @james-powis)
+  * Support --include-cluster-resources flag when creating schedule (#942, @captjt)
+  * Remove logic to get a GCP project (#926, @shubheksha)
+  * Only try to back up PVCs linked PV if the PVC's phase is Bound (#920, @skriss)
+  * Claim ownership of new AWS volumes on Kubernetes cluster being restored into (#801, @ljakimczuk)
+  * Remove timeout check when taking snapshots (#928, @carlisia)
+
+
+## v0.9.7
+#### 2018-10-04
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.7
+
+### Bug Fixes
+  * Preserve explicitly-specified node ports during restore (#712, @timoreimann)
+  * Enable restoring resources with ownerReference set (#837, @mwieczorek)
+  * Fix error when restoring ExternalName services (#869, @shubheksha)
+  * remove restore log helper for accurate line numbers (#891, @skriss)
+  * Display backup StartTimestamp in `ark backup get` output (#894, @marctc)
+  * Fix restic restores when using namespace mappings (#900, @skriss)
+
+
+## v0.9.6
+#### 2018-09-21
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.6
+
+### Bug Fixes
+  * Discard service account tokens from non-default service accounts on restore (#843, @james-powis)
+  * Update Docker images to use `alpine:3.8` (#852, @nrb)
+
+
+## v0.9.5
+#### 2018-09-17
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.5
+
+### Bug Fixes
+  * Fix issue causing restic restores not to work (#834, @skriss)
+
+
+## v0.9.4
+#### 20180-09-05
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.4
+
+### Bug Fixes
+  * Terminate plugin clients to resolve memory leaks (#797, @skriss)
+  * Fix nil map errors when merging annotations (#812, @nrb)
+
+
+## v0.9.3
+#### 2018-08-10
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.3
+### Bug Fixes
+  * Initalize Prometheus metrics when creating a new schedule (#689, @lemaral)
+
+
+## v0.9.2
+#### 2018-07-26
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.2) - 2018-07-26
+
+### Bug Fixes:
+  * Fix issue where modifications made by backup item actions were not being saved to backup tarball (#704, @skriss)
+
+
+## v0.9.1
+#### 2018-07-23
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.1
+
+### Bug Fixes:
+  * Require namespace for Ark's CRDs to already exist at server startup (#676, @skriss)
+  * Require all Ark CRDs to exist at server startup (#683, @skriss)
+  * Fix `latest` tagging in Makefile (#690, @skriss)
+  * Make Ark compatible with clusters that don't have the `rbac.authorization.k8s.io/v1` API group (#682, @nrb)
+  * Don't consider missing snapshots an error during backup deletion, limit backup deletion requests per backup to 1 (#687, @skriss)
+
+
+## v0.9.0
+#### 2018-07-06
+### Download
+  - https://github.com/heptio/ark/releases/tag/v0.9.0
+
+### Highlights:
+  * Ark now has support for backing up and restoring Kubernetes volumes using a free open-source backup tool called [restic](https://github.com/restic/restic).
+    This provides users an out-of-the-box solution for backing up and restoring almost any type of Kubernetes volume, whether or not it has snapshot support
+    integrated with Ark. For more information, see the [documentation](https://github.com/heptio/ark/blob/master/docs/restic.md).
+  * Support for Prometheus metrics has been added! View total number of backup attempts (including success or failure), total backup size in bytes, and backup
+    durations. More metrics coming in future releases!
+
+### All New Features:
+  * Add restic support (#508 #532 #533 #534 #535 #537 #540 #541 #545 #546 #547 #548 #555 #557 #561 #563 #569 #570 #571 #606 #608 #610 #621 #631 #636, @skriss)
+  * Add prometheus metrics (#531 #551 #564, @ashish-amarnath @nrb)
+  * When backing up a service account, include cluster roles/cluster role bindings that reference it (#470, @skriss)
+  * When restoring service accounts, copy secrets/image pull secrets into the target cluster even if the service account already exists (#403, @nrb)
+
+### Bug Fixes / Other Changes:
+  * Upgrade to Kubernetes 1.10 dependencies (#417, @skriss)
+  * Upgrade to go 1.10 and alpine 3.7 (#456, @skriss)
+  * Display no excluded resources/namespaces as `<none>` rather than `*` (#453, @nrb)
+  * Skip completed jobs and pods when restoring (#463, @nrb)
+  * Set namespace correctly when syncing backups from object storage (#472, @skriss)
+  * When building on macOS, bind-mount volumes with delegated config (#478, @skriss)
+  * Add replica sets and daemonsets to cohabitating resources so they're not backed up twice (#482 #485, @skriss)
+  * Shut down the Ark server gracefully on SIGINT/SIGTERM (#483, @skriss)
+  * Only back up resources that support GET and DELETE in addition to LIST and CREATE (#486, @nrb)
+  * Show a better error message when trying to get an incomplete restore's logs (#496, @nrb)
+  * Stop processing when setting a backup deletion request's phase to `Deleting` fails (#500, @nrb)
+  * Add library code to install Ark's server components (#437 #506, @marpaia)
+  * Properly handle errors when backing up additional items (#512, @carlpett)
+  * Run post hooks even if backup actions fail (#514, @carlpett)
+  * GCP: fail backup if upload to object storage fails (#510, @nrb)
+  * AWS: don't require `region` as part of backup storage provider config (#455, @skriss)
+  * Ignore terminating resources while doing a backup (#526, @yastij)
+  * Log to stdout instead of stderr (#553, @ncdc)
+  * Move sample minio deployment's config to an emptyDir (#566, @runyontr)
+  * Add `omitempty` tag to optional API fields (@580, @nikhita)
+  * Don't restore PVs with a reclaim policy of `Delete` and no snapshot (#613, @ncdc)
+  * Don't restore mirror pods (#619, @ncdc)
+
+### Docs Contributors:
+  * @gianrubio
+  * @castrojo
+  * @dhananjaysathe
+  * @c-knowles
+  * @mattkelly
+  * @ae-v
+  * @hamidzr

changelogs/CHANGELOG-1.0.md

@@ -0,0 +1,139 @@
+## v1.0.0
+#### 2019-05-20
+
+### Highlights
+- We've added a new command, `velero install`, to make it easier to get up and running with Velero. This CLI command replaces the static YAML installation files that were previously part of release tarballs. See the updated [install instructions][3] for more information.
+- We've made a number of improvements to the plugin framework:
+    - we've reorganized the relevant packages to minimize the import surface for plugin authors
+    - all plugins are now wrapped in panic handlers that will report information on panics back to Velero
+    - Velero's `--log-level` flag is now passed to plugin implementations
+    - Errors logged within plugins are now annotated with the file/line of where the error occurred
+    - Restore item actions can now optionally return a list of additional related items that should be restored
+    - Restore item actions can now indicate that an item *should not* be restored
+- For Azure installation, the `cloud-credentials` secret can now be created from a file containing a list of environment variables. Note that `velero install` always uses this method of providing credentials for Azure. For more details, see [Run on Azure][0].
+- We've added a new phase, `PartiallyFailed`, for both backups and restores. This new phase is used for backups/restores that successfully process some but not all of their items.
+- We removed all legacy Ark references, including API types, prometheus metrics, restic & hook annotations, etc.
+- The restic integration remains a **beta feature**. Please continue to try it out and provide feedback, and we'll be working over the next couple of releases to bring it to GA.
+
+### Breaking Changes
+
+#### API
+* All legacy Ark data types and pre-1.0 compatibility code has been removed. Users should migrate any backups created pre-v0.11.0 with the `velero migrate-backups` command, available in [v0.11.1][2].
+
+#### Image
+* The base container image has been switched to `ubuntu:bionic`
+
+#### Labels/Annotations/Metrics
+* The "ark" annotations for specifying hooks are no longer supported, and have been replaced with "velero"-based equivalents.
+* The "ark" annotation for specifying restic backups is no longer supported, and has been replaced with a "velero"-based equivalent.
+* The "ark" prometheus metrics no longer exist, and have been replaced with "velero"-based equivalents.
+
+#### Plugin Development
+* `BlockStore` plugins are now named `VolumeSnapshotter` plugins
+* Plugin APIs have moved to reduce the import surface:
+    * Plugin gRPC servers live in `github.com/heptio/velero/pkg/plugin/framework`
+    * Plugin interface types live in `github.com/heptio/velero/pkg/plugin/velero`
+* RestoreItemAction interface now takes the original item from the backup as a parameter
+* RestoreItemAction plugins can now return additional items to restore
+* RestoreItemAction plugins can now skip restoring an item
+* Plugins may now send stack traces with errors to the Velero server, so that the errors may be put into the server log
+* Plugins must now be "namespaced," using `example.domain.com/plugin-name` format
+    * For external ObjectStore and VolumeSnapshotter plugins. this name will also be the provider name in BackupStorageLoction and VolumeSnapshotLocation objects
+* `--log-level` flag is now passed to all plugins
+
+#### Validation
+* Configs for Azure, AWS, and GCP are now checked for invalid or extra keys, and the server is halted if any are found
+
+### Download
+- https://github.com/heptio/velero/releases/tag/v1.0.0
+
+### Container Image
+`gcr.io/heptio-images/velero:v1.0.0`
+
+### Documentation
+https://velero.io/docs/v1.0.0/
+
+### Upgrading
+To upgrade from a previous version of Velero, see our [upgrade instructions][1].
+
+### All Changes
+* Change base images to ubuntu:bionic (#1488, @skriss)
+* Expose the timestamp of the last successful backup in a gauge (#1448, @fabito)
+* check backup existence before download (#1447, @fabito)
+* Use `latest` image tag if no version information is provided at build time (#1439, @nrb)
+* switch from `restic stats` to `restic snapshots` for checking restic repository existence (#1416, @skriss)
+* GCP: add optional 'project' config to volume snapshot location for if snapshots are in a different project than the IAM account (#1405, @skriss)
+* Disallow bucket names starting with '-' (#1407, @nrb)
+* Shorten label values when they're longer than 63 characters (#1392, @anshulc)
+* Fail backup if it already exists in object storage. (#1390, @ncdc,carlisia)
+* Add PartiallyFailed phase for backups, log + continue on errors during backup process (#1386, @skriss)
+* Remove deprecated "hooks" for backups (they've been replaced by "pre hooks") (#1384, @skriss)
+* Restic repo ensurer: return error if new repository does not become ready within a minute, and fix channel closing/deletion (#1367, @skriss)
+* Support non-namespaced names for built-in plugins (#1366, @nrb)
+* Change container base images to debian:stretch-slim and upgrade to go 1.12 (#1365, @skriss)
+* Azure: allow credentials to be provided in a .env file (path specified by $AZURE_CREDENTIALS_FILE), formatted like (#1364, @skriss):
+    ```
+    AZURE_TENANT_ID=${AZURE_TENANT_ID}
+    AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
+    AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
+    AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
+    AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} 
+    ```
+* Instantiate the plugin manager with the per-restore logger so plugin logs are captured in the per-restore log (#1358, @skriss)
+* Add gauge metrics for number of existing backups and restores (#1353, @fabito)
+* Set default TTL for backups (#1352, @vorar)
+* Validate that there can't be any duplicate plugin name, and that the name format is `example.io/name`. (#1339, @carlisia)
+* AWS/Azure/GCP: fail fast if unsupported keys are provided in BackupStorageLocation/VolumeSnapshotLocation config (#1338, @skriss)
+* `velero backup logs` & `velero restore logs`: show helpful error message if backup/restore does not exist or is not finished processing (#1337, @skriss)
+* Add support for allowing a RestoreItemAction to skip item restore. (#1336, @sseago)
+* Improve error message around invalid S3 URLs, and gracefully handle trailing backslashes. (#1331, @skriss)
+* Set backup's start timestamp before patching it to InProgress so start times display in `velero backup get` while in progress (#1330, @skriss)
+* Added ability to dynamically disable controllers (#1326, @amanw)
+* Remove deprecated code in preparation for v1.0 release (#1323, @skriss):
+    - remove ark.heptio.com API group
+    - remove support for reading ark-backup.json files from object storage
+    - remove Ark field from RestoreResult type
+    - remove support for "hook.backup.ark.heptio.com/..." annotations for specifying hooks
+    - remove support for $HOME/.config/ark/ client config directory
+    - remove support for restoring Azure snapshots using short snapshot ID formats in backup metadata
+    - stop applying "velero-restore" label to restored resources and remove it from the API pkg
+    - remove code that strips the "gc.ark.heptio.com" finalizer from backups
+    - remove support for "backup.ark.heptio.com/..." annotations for requesting restic backups
+    - remove "ark"-prefixed prometheus metrics
+    - remove VolumeBackups field and related code from Backup's status
+* Rename BlockStore plugin to VolumeSnapshotter (#1321, @skriss)
+* Bump plugin ProtocolVersion to version 2 (#1319, @carlisia)
+* Remove Warning field from restore item action output (#1318, @skriss)
+* Fix for #1312, use describe to determine if AWS EBS snapshot is encrypted and explicitly pass that value in EC2 CreateVolume call. (#1316, @mstump)
+* Allow restic restore helper image name to be optionally specified via ConfigMap (#1311, @skriss)
+* Compile only once to lower the initialization cost for regexp.MustCompile. (#1306, @pei0804)
+* Enable restore item actions to return additional related items to be restored; have pods return PVCs and PVCs return PVs (#1304, @skriss)
+* Log error locations from plugin logger, and don't overwrite them in the client logger if they exist already (#1301, @skriss)
+* Send stack traces from plugin errors to Velero via gRPC so error location info can be logged (#1300, @skriss)
+* Azure: restore volumes in the original region's zone (#1298, @sylr)
+* Check for and exclude hostPath-based persistent volumes from restic backup (#1297, @skriss)
+* Make resticrepositories non-restorable resources (#1296, @skriss)
+* Gracefully handle failed API groups from the discovery API (#1293, @fabito)
+* Add `velero install` command for basic use cases. (#1287, @nrb)
+* Collect 3 new metrics: backup_deletion_{attempt|failure|success}_total (#1280, @fabito)
+* Pass --log-level flag to internal/external plugins, matching Velero server's log level (#1278, @skriss)
+* AWS EBS Volume IDs now contain AZ (#1274, @tsturzl)
+* Add panic handlers to all server-side plugin methods (#1270, @skriss)
+* Move all the interfaces and associated types necessary to implement all of the Velero plugins to under the new package `velero`. (#1264, @carlisia)
+* Update `velero restore` to not open every single file open during extraction of the data (#1261, @asaf)
+* Remove restore code that waits for a PV to become Available (#1254, @skriss)
+* Improve `describe` output
+* Move Phase to right under Metadata(name/namespace/label/annotations)
+* Move Validation errors: section right after Phase: section and only show it if the item has a phase of FailedValidation
+* For restores move Warnings and Errors under Validation errors. Leave their display as is. (#1248, @DheerajSShetty)
+* Don't remove storage class from a persistent volume when restoring it (#1246, @skriss)
+* Need to defer closing the the ReadCloser in ObjectStoreGRPCServer.GetObject (#1236, @DheerajSShetty)
+* Update Kubernetes dependencies to match v1.12, and update Azure SDK to v19.0.0 (GA) (#1231, @skriss)
+* Remove pkg/util/collections/map_utils.go, replace with structured API types and apimachinery's unstructured helpers (#1146, @skriss)
+* Add original resource (from backup) to restore item action interface (#1123, @mwieczorek)
+
+
+[0]: https://velero.io/docs/v1.0.0/azure-config
+[1]: https://velero.io/docs/v1.0.0/upgrade-to-1.0
+[2]: https://github.com/heptio/velero/releases/tag/v0.11.1
+[3]: https://velero.io/docs/v1.0.0/install-overview

changelogs/CHANGELOG-1.1.md

@@ -0,0 +1,100 @@
+## v1.1.0
+#### 2019-08-22
+
+### Download
+- https://github.com/heptio/velero/releases/tag/v1.1.0
+
+### Container Image
+`gcr.io/heptio-images/velero:v1.1.0`
+
+### Documentation
+https://velero.io/docs/v1.1.0/
+
+### Upgrading
+
+**If you are running Velero in a non-default namespace**, i.e. any namespace other than `velero`, manual intervention is required when upgrading to v1.1. See [upgrading to v1.1](https://velero.io/docs/v1.1.0/upgrade-to-1.1/) for details.
+
+### Highlights
+
+#### Improved Restic Support
+
+A big focus of our work this cycle was continuing to improve support for restic. To that end, we’ve fixed the following bugs:
+
+
+- Prior to version 1.1, restic backups could be delayed or failed due to long-lived locks on the repository. Now, Velero removes stale locks from restic repositories every 5 minutes, ensuring they do not interrupt normal operations.  
+- Previously, the PodVolumeBackup custom resources that represented a restic backup within a cluster were not synchronized between clusters, making it unclear what restic volumes were available to restore into a new cluster. In version 1.1, these resources are synced into clusters, so they are more visible to you when you are trying to restore volumes.  
+- Originally, Velero would not validate the host path in which volumes were mounted on a given node. If a node did not expose the filesystem correctly, you wouldn’t know about it until a backup failed. Now, Velero’s restic server will validate that the directory structure is correct on startup, providing earlier feedback when it’s not.  
+- Velero’s restic support is intended to work on a broad range of volume types. With the general release of the [Container Storage Interface API](https://kubernetes.io/blog/2019/01/15/container-storage-interface-ga/), Velero can now use restic to back up CSI volumes.  
+
+Along with our bug fixes, we’ve provided an easier way to move restic backups between storage providers. Different providers often have different StorageClasses, requiring user intervention to make restores successfully complete.
+
+To make cross-provider moves simpler, we’ve introduced a StorageClass remapping plug-in. It allows you to automatically translate one StorageClass on PersistentVolumeClaims and PersistentVolumes to another. You can read more about it in our [documentation](https://velero.io/docs/v1.1.0/restore-reference/#changing-pv-pvc-storage-classes).
+
+#### Quality-of-Life Improvements
+
+We’ve also made several other enhancements to Velero that should benefit all users.
+
+Users sometimes ask about recommendations for Velero’s resource allocation within their cluster. To help with this concern, we’ve added default resource requirements to the Velero Deployment and restic init containers, along with configurable requests and limits for the restic DaemonSet. All these values can be adjusted if your environment requires it.
+
+We’ve also taken some time to improve Velero for the future by updating the Deployment and DaemonSet to use the apps/v1 API group, which will be the [default in Kubernetes 1.16](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.16.md#action-required-3). This change means that `velero install` and the `velero plugin` commands will require Kubernetes 1.9 or later to work. Existing Velero installs will continue to work without needing changes, however.
+
+In order to help you better understand what resources have been backed up, we’ve added a list of resources in the `velero backup describe --details` command. This change makes it easier to inspect a backup without having to download and extract it.
+
+In the same vein, we’ve added the ability to put custom tags on cloud-provider snapshots. This approach should provide a better way to keep track of the resources being created in your cloud account. To add a label to a snapshot at backup time, use the `--labels` argument in the `velero backup create` command.
+
+Our final change for increasing visibility into your Velero installation is the `velero plugin get` command. This command will report all the plug-ins within the Velero deployment..
+
+Velero has previously used a restore-only flag on the server to control whether a cluster could write backups to object storage. With Velero 1.1, we’ve now moved the restore-only behavior into read-only BackupStorageLocations. This move means that the Velero server can use a BackupStorageLocation as a source to restore from, but not for backups, while still retaining the ability to back up to other configured locations. In the future, the `--restore-only` flag will be removed in favor of configuring read-only BackupStorageLocations.
+
+#### Community Contributions
+
+We appreciate all community contributions, whether they be pull requests, bug reports, feature requests, or just questions. With this release, we wanted to draw attention to a few contributions in particular:
+
+For users of node-based IAM authentication systems such as kube2iam, `velero install` now supports the `--pod-annotations` argument for applying necessary annotations at install time. This support should make `velero install` more flexible for scenarios that do not use Secrets for access to their cloud buckets and volumes. You can read more about how to use this new argument in our [AWS documentation](https://velero.io/docs/v1.1.0/aws-config/#alternative-setup-permissions-using-kube2iam). Huge thanks to [Traci Kamp](https://github.com/tlkamp) for this contribution.
+
+Structured logging is important for any application, and Velero is no different. Starting with version 1.1, the Velero server can now output its logs in a JSON format, allowing easier parsing and ingestion. Thank you to [Donovan Carthew](https://github.com/carthewd) for this feature.
+
+AWS supports multiple profiles for accessing object storage, but in the past Velero only used the default. With v.1.1, you can set the `profile` key on yourBackupStorageLocation to specify an alternate profile. If no profile is set, the default one is used, making this change backward compatible. Thanks [Pranav Gaikwad](https://github.com/pranavgaikwad) for this change.
+
+Finally, thanks to testing by [Dylan Murray](https://github.com/dymurray) and [Scott Seago](https://github.com/sseago), an issue with running Velero in non-default namespaces was found in our beta version for this release. If you’re running Velero in a namespace other than `velero`, please follow the [upgrade instructions](https://velero.io/docs/v1.1.0/upgrade-to-1.1/).
+
+### All Changes
+  * Add the prefix to BSL config map so that object stores can use it when initializing (#1767, @betta1)
+  * Use `VELERO_NAMESPACE` to determine what namespace Velero server is running in. For any v1.0 installations using a different namespace, the `VELERO_NAMESPACE` environment variable will need to be set to the correct namespace. (#1748, @nrb)
+  * support setting CPU/memory requests with unbounded limits using velero install (#1745, @prydonius)
+  * sort output of resource list in `velero backup describe --details` (#1741, @prydonius)
+  * adds the ability to define custom tags to be added to snapshots by specifying custom labels on the Backup CR with the velero backup create --labels flag (#1729, @prydonius)
+  * Restore restic volumes from PodVolumeBackups CRs (#1723, @carlisia)
+  * properly restore PVs backed up with restic and a reclaim policy of "Retain" (#1713, @skriss)
+  * Make `--secret-file` flag on `velero install` optional, add `--no-secret` flag for explicit confirmation (#1699, @nrb)
+  * Add low cpu/memory limits to the restic init container. This allows for restoration into namespaces with quotas defined. (#1677, @nrb)
+  * Adds configurable CPU/memory requests and limits to the restic DaemonSet generated by velero install. (#1710, @prydonius)
+  * remove any stale locks from restic repositories every 5m (#1708, @skriss)
+  * error if backup storage location's Bucket field also contains a prefix, and gracefully handle leading/trailing slashes on Bucket and Prefix fields. (#1694, @skriss)
+  * enhancement: allow option to choose JSON log output  (#1654, @carthewd)
+  * Adds configurable CPU/memory requests and limits to the Velero Deployment generated by velero install. (#1678, @prydonius)
+  * Store restic PodVolumeBackups in obj storage & use that as source of truth like regular backups. (#1577, @carlisia)
+  * Update Velero Deployment to use apps/v1 API group. `velero install` and `velero plugin add/remove` commands will now require Kubernetes 1.9+ (#1673, @nrb)
+  * Respect the --kubecontext and --kubeconfig arugments for `velero install`. (#1656, @nrb)
+  * add plugin for updating PV & PVC storage classes on restore based on a config map (#1621, @skriss)
+  * Add restic support for CSI volumes (#1615, @nrb)
+  * bug fix: Fixed namespace usage with cli command 'version' (#1630, @jwmatthews)
+  * enhancement: allow users to specify additional Velero/Restic pod annotations on the command line with the pod-annotations flag. (#1626, @tlkamp)
+  * adds validation for pod volumes hostPath mount on restic server startup (#1616, @prydonius)
+  * enable support for ppc64le architecture (#1605, @prajyot)
+  * bug fix: only restore additional items returned from restore item actions if they match the restore's namespace/resource selectors (#1612, @skriss)
+  * add startTimestamp and completionTimestamp to PodVolumeBackup and PodVolumeRestore status fields (#1609, @prydonius)
+  * bug fix: respect namespace selector when determining which restore item actions to run (#1607, @skriss)
+  * ensure correct backup item actions run with namespace selector (#1601, @prydonius)
+  * allows excluding resources from backups with the `velero.io/exclude-from-backup=true` label (#1588, @prydonius)
+  * ensures backup item action modifications to an item's namespace/name are saved in the file path in the tarball (#1587, @prydonius)
+  * Hides `velero server` and `velero restic server` commands from the list of available commands as these are not intended for use by the velero CLI user. (#1561, @prydonius)
+  * remove dependency on glog, update to klog (#1559, @skriss)
+  * move issue-template-gen from docs/ to hack/ (#1558, @skriss)
+  * fix panic when processing DeleteBackupRequest objects without labels (#1556, @prydonius)
+  * support for multiple AWS profiles (#1548, @pranavgaikwad)
+  * Add CLI command to list (get) all Velero plugins (#1535, @carlisia)
+  * Added author as a tag on blog post.  Should fix 404 error when trying to follow link as specified in issue #1522. (#1522, @coonsd)
+  * Allow individual backup storage locations to be read-only (#1517, @skriss)
+  * Stop returning an error when a restic volume is empty since it is a valid scenario. (#1480, @carlisia)
+  * add ability to use wildcard in includes/excludes (#1428, @guilhem)

changelogs/CHANGELOG-1.2.md

@@ -0,0 +1,83 @@
+## v1.2.0
+#### 2019-11-07
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.2.0
+
+### Container Image
+`velero/velero:v1.2.0`
+
+Please note that as of this release we are no longer publishing new container images to `gcr.io/heptio-images`. The existing ones will remain there for the foreseeable future.
+
+### Documentation
+https://velero.io/docs/v1.2.0/
+
+### Upgrading
+https://velero.io/docs/v1.2.0/upgrade-to-1.2/
+
+### Highlights
+## Moving Cloud Provider Plugins Out of Tree
+
+Velero has had built-in support for AWS, Microsoft Azure, and Google Cloud Platform (GCP)  since day 1. When Velero moved to a plugin architecture for object store providers and volume snapshotters in version 0.6, the code for these three providers was converted to use the plugin interface provided by this new architecture, but the cloud provider code still remained inside the Velero codebase. This put the AWS, Azure, and GCP plugins in a different position compared with other providers’ plugins, since they automatically shipped with the Velero binary and could include documentation in-tree.
+
+With version 1.2, we’ve extracted the AWS, Azure, and GCP plugins into their own repositories, one per provider. We now also publish one plugin image per provider. This change brings these providers to parity with other providers’ plugin implementations, reduces the size of the core Velero binary by not requiring each provider’s SDK to be included, and opens the door for the plugins to be maintained and released independently of core Velero.
+
+## Restic Integration Improvements
+
+We’ve continued to work on improving Velero’s restic integration. With this release, we’ve made the following enhancements:
+
+- Restic backup and restore progress is now captured during execution and visible to the user through the `velero backup/restore describe --details` command. The details are updated every 10 seconds. This provides a new level of visibility into restic operations for users.
+- Restic backups of persistent volume claims (PVCs) now remain incremental across the rescheduling of a pod. Previously, if the pod using a PVC was rescheduled, the next restic backup would require a full rescan of the volume’s contents. This improvement potentially makes such backups significantly faster.
+- Read-write-many volumes are no longer backed up once for every pod using the volume, but instead just once per Velero backup. This improvement speeds up backups and prevents potential restore issues due to multiple copies of the backup being processed simultaneously.
+
+
+## Clone PVs When Cloning a Namespace
+
+Before version 1.2, you could clone a Kubernetes namespace by backing it up and then restoring it to a different namespace in the same cluster by using the `--namespace-mappings` flag with the `velero restore create` command. However, in this scenario, Velero was unable to clone persistent volumes used by the namespace, leading to errors for users.
+
+In version 1.2, Velero automatically detects when you are trying to clone an existing namespace, and clones the persistent volumes used by the namespace as well. This doesn’t require the user to specify any additional flags for the `velero restore create` command.  This change lets you fully achieve your goal of cloning namespaces using persistent storage within a cluster.
+
+## Improved Server-Side Encryption Support
+
+To help you secure your important backup data, we’ve added support for more forms of server-side encryption of backup data on both AWS and GCP. Specifically:
+- On AWS, Velero now supports Amazon S3-managed encryption keys (SSE-S3), which uses AES256 encryption, by specifying `serverSideEncryption: AES256` in a backup storage location’s config.
+- On GCP, Velero now supports using a specific Cloud KMS key for server-side encryption by specifying `kmsKeyName: <key name>` in a backup storage location’s config.
+
+## CRD Structural Schema
+
+In Kubernetes 1.16, custom resource definitions (CRDs) reached general availability. Structural schemas are required for CRDs created in the `apiextensions.k8s.io/v1` API group. Velero now defines a structural schema for each of its CRDs and automatically applies it the user runs the `velero install` command.  The structural schemas enable the user to get quicker feedback when their backup, restore, or schedule request is invalid, so they can immediately remediate their request.
+
+### All Changes
+  * Ensure object store plugin processes are cleaned up after restore and after BSL validation during server start up (#2041, @betta1)
+  * bug fix: don't try to restore pod volume backups that don't have a snapshot ID (#2031, @skriss)
+  * Restore Documentation: Updated Restore Documentation with Clarification implications of removing restore object. (#1957, @nainav)
+  * add `--allow-partially-failed` flag to `velero restore create` for use with `--from-schedule` to allow partially-failed backups to be restored (#1994, @skriss)
+  * Allow backup storage locations to specify backup sync period or toggle off sync (#1936, @betta1)
+  * Remove cloud provider code (#1985, @carlisia)
+  * Restore action for cluster/namespace role bindings (#1974, @alexander-demichev)
+  * Add `--no-default-backup-location` flag to `velero install` (#1931, @Frank51)
+  * If includeClusterResources is nil/auto, pull in necessary CRDs in backupResource (#1831, @sseago)
+  * Azure: add support for Azure China/German clouds (#1938, @andyzhangx)
+  * Add a new required `--plugins` flag for `velero install` command. `--plugins` takes a list of container images to add as initcontainers. (#1930, @nrb)
+  * restic: only backup read-write-many PVCs at most once, even if they're annotated for backup from multiple pods. (#1896, @skriss)
+  * Azure: add support for cross-subscription backups (#1895, @boxcee)
+  * adds `insecureSkipTLSVerify` server config for AWS storage and `--insecure-skip-tls-verify` flag on client for self-signed certs (#1793, @s12chung)
+  * Add check to update resource field during backupItem (#1904, @spiffcs)
+  * Add `LD_LIBRARY_PATH` (=/plugins) to the env variables of velero deployment. (#1893, @lintongj)
+  * backup sync controller: stop using `metadata/revision` file, do a full diff of bucket contents vs. cluster contents each sync interval (#1892, @skriss)
+  * bug fix: during restore, check item's original namespace, not the remapped one, for inclusion/exclusion (#1909, @skriss)
+  * adds structural schema to Velero CRDs created on Velero install, enabling validation of Velero API fields (#1898, @prydonius)
+  * GCP: add support for specifying a Cloud KMS key name to use for encrypting backups in a storage location. (#1879, @skriss)
+  * AWS: add support for SSE-S3 AES256 encryption via `serverSideEncryption` config field in BackupStorageLocation (#1869, @skriss)
+  * change default `restic prune` interval to 7 days, add `velero server/install` flags for specifying an alternate default value. (#1864, @skriss)
+  * velero install: if `--use-restic` and `--wait` are specified, wait up to a minute for restic daemonset to be ready (#1859, @skriss)
+  * report restore progress in PodVolumeRestores and expose progress in the velero restore describe --details command (#1854, @prydonius)
+  * Jekyll Site updates - modifies documentation to use a wider layout; adds better markdown table formatting (#1848, @ccbayer)
+  * fix excluding additional items with the velero.io/exclude-from-backup=true label (#1843, @prydonius)
+  * report backup progress in PodVolumeBackups and expose progress in the velero backup describe --details command. Also upgrades restic to v0.9.5 (#1821, @prydonius)
+  * Add `--features` argument to all velero commands to provide feature flags that can control enablement of pre-release features. (#1798, @nrb)
+  * when backing up PVCs with restic, specify `--parent` flag to prevent full volume rescans after pod reschedules (#1807, @skriss)
+  * remove 'restic check' calls from before/after 'restic prune' since they're redundant (#1794, @skriss)
+  * fix error formatting due interpreting % as printf formatted strings (#1781, @s12chung)
+  * when using `velero restore create --namespace-mappings ...` to create a second copy of a namespace in a cluster, create copies of the PVs used (#1779, @skriss)
+  * adds --from-schedule flag to the `velero create backup` command to create a Backup from an existing Schedule (#1734, @prydonius)

changelogs/CHANGELOG-1.3.md

@@ -0,0 +1,116 @@
+## v1.3.2
+### 2020-04-03
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.3.2
+
+### Container Image
+`velero/velero:v1.3.2`
+
+### Documentation
+https://velero.io/docs/v1.3.2/
+
+### Upgrading
+https://velero.io/docs/v1.3.2/upgrade-to-1.3/
+
+### All Changes
+* Allow `plugins/` as a valid top-level directory within backup storage locations. This directory is a place for plugin authors to store arbitrary data as needed. It is recommended to create an additional subdirectory under `plugins/` specifically for your plugin, e.g. `plugins/my-plugin-data/`. (#2350, @skriss)
+* bug fix: don't panic in `velero restic repo get` when last maintenance time is `nil` (#2315, @skriss)
+
+## v1.3.1
+### 2020-03-10
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.3.1
+
+### Container Image
+`velero/velero:v1.3.1`
+
+### Documentation
+https://velero.io/docs/v1.3.1/
+
+### Upgrading
+https://velero.io/docs/v1.3.1/upgrade-to-1.3/
+
+### Highlights
+
+Fixed a bug that caused failures when backing up CustomResourceDefinitions with whole numbers in numeric fields.
+
+### All Changes
+ * Fix CRD backup failures when fields contained a whole number. (#2322, @nrb)
+
+
+## v1.3.0
+#### 2020-03-02
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.3.0
+
+### Container Image
+`velero/velero:v1.3.0`
+
+### Documentation
+https://velero.io/docs/v1.3.0/
+
+### Upgrading
+https://velero.io/docs/v1.3.0/upgrade-to-1.3/
+
+### Highlights
+
+#### Custom Resource Definition Backup and Restore Improvements
+
+This release includes a number of related bug fixes and improvements to how Velero backs up and restores custom resource definitions (CRDs) and instances of those CRDs.
+
+We found and fixed three issues around restoring CRDs that were originally created via the `v1beta1` CRD API.  The first issue affected CRDs that  had the `PreserveUnknownFields` field set to `true`.  These CRDs could not be restored into 1.16+ Kubernetes clusters, because the `v1` CRD API does not allow this field to be set to `true`. We added code to the restore process to check for this scenario, to set the `PreserveUnknownFields` field to `false`, and to instead set `x-kubernetes-preserve-unknown-fields` to `true` in the OpenAPIv3 structural schema, per Kubernetes guidance. For more information on this, see the [Kubernetes documentation](https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields). The second issue affected CRDs without structural schemas. These CRDs need to be backed up/restored through the `v1beta1` API, since all CRDs created through the `v1` API must have structural schemas. We added code to detect these CRDs and always back them up/restore them through the `v1beta1` API. Finally, related to the previous issue, we found that our restore code was unable to handle backups with multiple API versions for a given resource type, and we’ve remediated this as well.
+
+We also improved the CRD restore process to enable users to properly restore CRDs and instances of those CRDs in a single restore operation. Previously, users found that they needed to run two separate restores: one to restore the CRD(s), and another to restore instances of the CRD(s).  This was due to two deficiencies in the Velero code. First, Velero did not wait for a CRD to be fully accepted by the Kubernetes API server and ready for serving before moving on; and second, Velero did not refresh its cached list of available APIs in the target cluster after restoring CRDs, so it was not aware that it could restore instances of those CRDs.
+
+We fixed both of these issues by (1) adding code to wait for CRDs to be “ready” after restore before moving on, and (2) refreshing the cached list of APIs after restoring CRDs, so any instances of newly-restored CRDs could subsequently be restored.
+
+With all of these fixes and improvements in place, we hope that the CRD backup and restore experience is now seamless across all supported versions of Kubernetes.
+
+
+#### Multi-Arch Docker Images
+
+Thanks to community members [@Prajyot-Parab](https://github.com/Prajyot-Parab) and [@shaneutt](https://github.com/shaneutt), Velero now provides multi-arch container images by using Docker manifest lists.  We are currently publishing images for `linux/amd64`, `linux/arm64`, `linux/arm`, and `linux/ppc64le` in [our Docker repository](https://hub.docker.com/r/velero/velero/tags?page=1&name=v1.3&ordering=last_updated).
+
+Users don’t need to change anything other than updating their version tag - the v1.3 image is `velero/velero:v1.3.0`, and Docker will automatically pull the proper architecture for the host.
+
+For more information on manifest lists, see [Docker’s documentation](https://docs.docker.com/registry/spec/manifest-v2-2/). 
+
+
+#### Bug Fixes, Usability Enhancements, and More
+
+We fixed a large number of bugs and made some smaller usability improvements in this release. Here are a few highlights:
+
+- Support private registries with custom ports for the restic restore helper image ([PR #1999](https://github.com/vmware-tanzu/velero/pull/1999), [@cognoz](https://github.com/cognoz))
+- Use AWS profile from BackupStorageLocation when invoking restic ([PR #2096](https://github.com/vmware-tanzu/velero/pull/2096), [@dinesh](https://github.com/dinesh))
+- Allow restores from schedules in other clusters ([PR #2218](https://github.com/vmware-tanzu/velero/pull/2218), [@cpanato](https://github.com/cpanato))
+- Fix memory leak & race condition in restore code ([PR #2201](https://github.com/vmware-tanzu/velero/pull/2201), [@skriss](https://github.com/skriss))
+
+
+### All Changes
+  * Corrected the selfLink for Backup CR in site/docs/master/output-file-format.md (#2292, @RushinthJohn)
+  * Back up schema-less CustomResourceDefinitions as v1beta1, even if they are retrieved via the v1 endpoint. (#2264, @nrb)
+  * Bug fix: restic backup volume snapshot to the second location failed (#2244, @jenting)
+  * Added support of using PV name from volumesnapshotter('SetVolumeID') in case of PV renaming during the restore (#2216, @mynktl)
+  * Replaced deprecated helm repo url at all it appearance at docs. (#2209, @markrity)
+  * added support for arm and arm64 images (#2227, @shaneutt)
+  * when restoring from a schedule, validate by checking for backup(s) labeled with the schedule name rather than existence of the schedule itself, to allow for restoring from deleted schedules and schedules in other clusters (#2218, @cpanato)
+  * bug fix: back up server-preferred version of CRDs rather than always the `v1beta1` version (#2230, @skriss)
+  * Wait for CustomResourceDefinitions to be ready before restoring CustomResources. Also refresh the resource list from the Kubernetes API server after restoring CRDs in order to properly restore CRs. (#1937, @nrb)
+  * When restoring a v1 CRD with PreserveUnknownFields = True, make sure that the preservation behavior is maintained by copying the flag into the Open API V3 schema, but update the flag so as to allow the Kubernetes API server to accept the CRD without error. (#2197, @nrb)
+  * Enable pruning unknown CRD fields (#2187, @jenting)
+  * bump restic to 0.9.6 to fix some issues with non AWS standard regions (#2210, @Sh4d1)
+  * bug fix: fix race condition resulting in restores sometimes succeeding despite restic restore failures (#2201, @skriss)
+  * Bug fix: Check for nil LastMaintenanceTime in ResticRepository dueForMaintenance (#2200, @sseago)
+  * repopulate backup_last_successful_timestamp metrics for each schedule after server restart (#2196, @skriss)
+  * added support for ppc64le images and manifest lists (#1768, @prajyot)
+  * bug fix: only prioritize restoring `replicasets.apps`, not `replicasets.extensions` (#2157, @skriss)
+  * bug fix: restore both `replicasets.apps` *and* `replicasets.extensions` before `deployments` (#2120, @skriss)
+  * bug fix: don't restore cluster-scoped resources when restoring specific namespaces and IncludeClusterResources is nil (#2118, @skriss)
+  * Enableing Velero to switch credentials (`AWS_PROFILE`) if multiple s3-compatible backupLocations are present (#2096, @dinesh)
+  * bug fix: deep-copy backup's labels when constructing snapshot tags, so the PV name isn't added as a label to the backup (#2075, @skriss)
+  * remove the `fsfreeze-pause` image being published from this repo; replace it with `ubuntu:bionic` in the nginx example app (#2068, @skriss)
+  * add support for a private registry with a custom port in a restic-helper image (#1999, @cognoz)
+  * return better error message to user when cluster config can't be found via `--kubeconfig`, `$KUBECONFIG`, or in-cluster config (#2057, @skriss)

changelogs/CHANGELOG-1.4.md

@@ -0,0 +1,99 @@
+## v1.4.3
+### 2020-10-20
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.4.3
+
+### Container Image
+`velero/velero:v1.4.3`
+
+### Documentation
+https://velero.io/docs/v1.4/
+
+### Upgrading
+https://velero.io/docs/v1.4/upgrade-to-1.4/
+
+### All Changes
+  * Restore CRD Resource name to fix CRD wait functionality. (#2949, @sseago)
+  * rename the PV if VolumeSnapshotter has modified the PV name (#2835, @pawanpraka1)
+  * Ensure that bound PVCs and PVs remain bound on restore. (#3007, @nrb)
+
+## v1.4.2
+### 2020-07-13
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.4.2
+
+### Container Image
+`velero/velero:v1.4.2`
+
+### Documentation
+https://velero.io/docs/v1.4/
+
+### Upgrading
+https://velero.io/docs/v1.4/upgrade-to-1.4/
+
+### All Changes
+  * log a warning instead of erroring if an additional item returned from a plugin can't be found in the Kubernetes API (#2595, @skriss)
+  * Adjust restic default time out to 4 hours and base pod resource requests to 500m CPU/512Mi memory. (#2696, @nrb)
+  * capture version of the CRD prior before invoking the remap_crd_version backup item action (#2683, @ashish-amarnath)
+
+
+## v1.4.1
+
+This tag was created in code, but has no associated docker image due to misconfigured building infrastructure. v1.4.2 fixes this.
+
+## v1.4.0
+### 2020-05-26
+
+### Download
+https://github.com/vmware-tanzu/velero/releases/tag/v1.4.0
+
+### Container Image
+`velero/velero:v1.4.0`
+
+### Documentation
+https://velero.io/docs/v1.4/
+
+### Upgrading
+https://velero.io/docs/v1.4/upgrade-to-1.4/
+
+### Highlights
+
+ * Added beta-level CSI support!
+ * Added custom CA certificate support
+ * Backup progress reporting
+ * Changed backup tarball format to support all versions of a given resource
+
+### All Changes
+  * increment restic volumesnapshot count after successful pvb create (#2542, @ashish-amarnath)
+  * Add details of CSI volumesnapshotcontents associated with a backup to `velero backup describe` when the `EnableCSI` feature flag is given on the velero client. (#2448, @nrb)
+  * Allow users the option to retrieve all versions of a given resource (instead of just the preferred version) from the API server with the `EnableAPIGroupVersions` feature flag. (#2373, @brito-rafa)
+  * Changed backup tarball format to store all versions of a given resource, updated backup tarball format to 1.1.0. (#2373, @brito-rafa)
+  * allow feature flags to be passed from install CLI (#2503, @ashish-amarnath)
+  * sync backups' CSI API objects into the cluster as part of the backup sync controller (#2496, @ashish-amarnath)
+  * bug fix: in error location logging hook, if the item logged under the `error` key doesn't implement the `error` interface, don't return an error since this is a valid scenario (#2487, @skriss)
+  * bug fix: in CRD restore plugin, don't use runtime.DefaultUnstructuredConverter.FromUnstructured(...) to avoid conversion issues when float64 fields contain int values (#2484, @skriss)
+  * during backup deletion also delete CSI volumesnapshotcontents that were created as a part of the backup but the associated volumesnapshot object does not exist (#2480, @ashish-amarnath)
+  * If plugins don't support the `--features` flag, don't pass it to them. Also, update the standard plugin server to ignore unknown flags. (#2479, @skriss)
+  * At backup time, if a CustomResourceDefinition appears to have been created via the v1beta1 endpoint, retrieve it from the v1beta1 endpoint instead of simply changing the APIVersion. (#2478, @nrb)
+  * update container base images from ubuntu:bionic to ubuntu:focal (#2471, @skriss)
+  * bug fix: when a resource includes/excludes list contains unresolvable items, don't remove them from the list, so that the list doesn't inadvertently end up matching *all* resources. (#2462, @skriss)
+  * Azure: add support for getting storage account key for restic directly from an environment variable (#2455, @jaygridley)
+  * Support to skip VSL validation for the backup having SnapshotVolumes set to false or created with `--snapshot-volumes=false` (#2450, @mynktl)
+  * report backup progress (number of items backed up so far out of an estimated total number of items) during backup in the logs and as status fields on the Backup custom resource (#2440, @skriss)
+  * bug fix: populate namespace in logs for backup errors (#2438, @skriss)
+  * during backup deletion also delete CSI volumesnapshots that were created as a part of the backup (#2411, @ashish-amarnath)
+  * bump Kubernetes module dependencies to v0.17.4 to get fix for https://github.com/kubernetes/kubernetes/issues/86149 (#2407, @skriss)
+  * bug fix: save PodVolumeBackup manifests to object storage even if the volume was empty, so that on restore, the PV is dynamically reprovisioned if applicable (#2390, @skriss)
+  * Adding new restoreItemAction for PVC to update the selected-node annotation (#2377, @mynktl)
+  * Added a --cacert flag to the install command to provide the CA bundle to use when verifying TLS connections to object storage (#2368, @mansam)
+  * Added a `--cacert` flag to the velero client describe, download, and logs commands to allow passing a path to a certificate to use when verifying TLS connections to object storage. Also added a corresponding client config option called `cacert` which takes a path to a certificate bundle to use as a default when `--cacert` is not specified. (#2364, @mansam)
+  * support setting a custom CA certificate on a BSL to use when verifying TLS connections (#2353, @mansam)
+  * adding annotations on backup CRD for k8s major, minor and git versions (#2346, @brito-rafa)
+  * When the EnableCSI feature flag is provided, upload CSI VolumeSnapshots and VolumeSnapshotContents to object storage as gzipped JSON. (#2323, @nrb)
+  * add CSI snapshot API types into default restore priorities (#2318, @ashish-amarnath)
+  * refactoring: wait for all informer caches to sync before running controllers (#2299, @skriss)
+  * refactor restore code to lazily resolve resources via discovery and eliminate second restore loop for instances of restored CRDs (#2248, @skriss)
+  * upgrade to go 1.14 and migrate from `dep` to go modules (#2214, @skriss)
+  * clarify the wording for restore describe for namespaces included

cmd/ark-restic-restore-helper/main.go

@@ -1,77 +0,0 @@
-/*
-Copyright 2018 the Heptio Ark contributors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"time"
-)
-
-func main() {
-	if len(os.Args) != 2 {
-		fmt.Fprintln(os.Stderr, "ERROR: exactly one argument must be provided, the restore's UID")
-		os.Exit(1)
-	}
-
-	ticker := time.NewTicker(time.Second)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-ticker.C:
-			if done() {
-				fmt.Println("All restic restores are done")
-				return
-			}
-		}
-	}
-}
-
-// done returns true if for each directory under /restores, a file exists
-// within the .ark/ subdirectory whose name is equal to os.Args[1], or
-// false otherwise
-func done() bool {
-	children, err := ioutil.ReadDir("/restores")
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "ERROR reading /restores directory: %s\n", err)
-		return false
-	}
-
-	for _, child := range children {
-		if !child.IsDir() {
-			fmt.Printf("%s is not a directory, skipping.\n", child.Name())
-			continue
-		}
-
-		doneFile := filepath.Join("/restores", child.Name(), ".ark", os.Args[1])
-
-		if _, err := os.Stat(doneFile); os.IsNotExist(err) {
-			fmt.Printf("Not found: %s\n", doneFile)
-			return false
-		} else if err != nil {
-			fmt.Fprintf(os.Stderr, "ERROR looking for %s: %s\n", doneFile, err)
-			return false
-		}
-
-		fmt.Printf("Found %s", doneFile)
-	}
-
-	return true
-}

cmd/ark/main.go

@@ -1,36 +0,0 @@
-/*
-Copyright 2017 the Heptio Ark contributors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/golang/glog"
-
-	"github.com/heptio/ark/pkg/cmd"
-	"github.com/heptio/ark/pkg/cmd/ark"
-)
-
-func main() {
-	defer glog.Flush()
-
-	baseName := filepath.Base(os.Args[0])
-
-	err := ark.NewCommand(baseName).Execute()
-	cmd.CheckError(err)
-}

cmd/velero-restic-restore-helper/main.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2018 the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Fprintln(os.Stderr, "ERROR: exactly one argument must be provided, the restore's UID")
+		os.Exit(1)
+	}
+
+	ticker := time.NewTicker(time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			if done() {
+				fmt.Println("All restic restores are done")
+				return
+			}
+		}
+	}
+}
+
+// done returns true if for each directory under /restores, a file exists
+// within the .velero/ subdirectory whose name is equal to os.Args[1], or
+// false otherwise
+func done() bool {
+	children, err := ioutil.ReadDir("/restores")
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "ERROR reading /restores directory: %s\n", err)
+		return false
+	}
+
+	for _, child := range children {
+		if !child.IsDir() {
+			fmt.Printf("%s is not a directory, skipping.\n", child.Name())
+			continue
+		}
+
+		doneFile := filepath.Join("/restores", child.Name(), ".velero", os.Args[1])
+
+		if _, err := os.Stat(doneFile); os.IsNotExist(err) {
+			fmt.Printf("Not found: %s\n", doneFile)
+			return false
+		} else if err != nil {
+			fmt.Fprintf(os.Stderr, "ERROR looking for %s: %s\n", doneFile, err)
+			return false
+		}
+
+		fmt.Printf("Found %s", doneFile)
+	}
+
+	return true
+}

cmd/velero/main.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2017, 2019 the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+	"path/filepath"
+
+	"k8s.io/klog"
+
+	"github.com/vmware-tanzu/velero/pkg/cmd"
+	"github.com/vmware-tanzu/velero/pkg/cmd/velero"
+)
+
+func main() {
+	defer klog.Flush()
+
+	baseName := filepath.Base(os.Args[0])
+
+	err := velero.NewCommand(baseName).Execute()
+	cmd.CheckError(err)
+}

design/CLI/PoC/base/backupstoragelocations.yaml

@@ -0,0 +1,131 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (unknown)
+  labels:
+    component: velero
+  name: backupstoragelocations.velero.io
+spec:
+  group: velero.io
+  names:
+    kind: BackupStorageLocation
+    listKind: BackupStorageLocationList
+    plural: backupstoragelocations
+    singular: backupstoragelocation
+  scope: ""
+  validation:
+    openAPIV3Schema:
+      description: BackupStorageLocation is a location where Velero stores backup
+        objects.
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: BackupStorageLocationSpec defines the specification for a
+            Velero BackupStorageLocation.
+          properties:
+            accessMode:
+              description: AccessMode defines the permissions for the backup storage
+                location.
+              enum:
+              - ReadOnly
+              - ReadWrite
+              type: string
+            backupSyncPeriod:
+              description: BackupSyncPeriod defines how frequently to sync backup
+                API objects from object storage. A value of 0 disables sync.
+              nullable: true
+              type: string
+            config:
+              additionalProperties:
+                type: string
+              description: Config is for provider-specific configuration fields.
+              type: object
+            objectStorage:
+              description: ObjectStorageLocation specifies the settings necessary
+                to connect to a provider's object storage.
+              properties:
+                bucket:
+                  description: Bucket is the bucket to use for object storage.
+                  type: string
+                prefix:
+                  description: Prefix is the path inside a bucket to use for Velero
+                    storage. Optional.
+                  type: string
+              required:
+              - bucket
+              type: object
+            provider:
+              description: Provider is the provider of the backup storage.
+              type: string
+          required:
+          - objectStorage
+          - provider
+          type: object
+        status:
+          description: BackupStorageLocationStatus describes the current status
+            of a Velero BackupStorageLocation.
+          properties:
+            accessMode:
+              description: "AccessMode is an unused field. \n Deprecated: there
+                is now an AccessMode field on the Spec and this field will be removed
+                entirely as of v2.0."
+              enum:
+              - ReadOnly
+              - ReadWrite
+              type: string
+            lastSyncedRevision:
+              description: "LastSyncedRevision is the value of the `metadata/revision`
+                file in the backup storage location the last time the BSL's contents
+                were synced into the cluster. \n Deprecated: this field is no longer
+                updated or used for detecting changes to the location's contents
+                and will be removed entirely in v2.0."
+              type: string
+            lastSyncedTime:
+              description: LastSyncedTime is the last time the contents of the location
+                were synced into the cluster.
+              format: date-time
+              nullable: true
+              type: string
+            phase:
+              description: Phase is the current state of the BackupStorageLocation.
+              enum:
+              - Available
+              - Unavailable
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+---
+apiVersion: velero.io/v1
+kind: BackupStorageLocation
+metadata:
+  creationTimestamp: null
+  labels:
+    component: velero
+  name: default
+  namespace: velero
+spec:
+  config:
+    region: minio
+    s3ForcePathStyle: "true"
+    s3Url: http://minio.velero.svc:9000
+  objectStorage:
+    bucket: velero
+  provider: aws

design/CLI/PoC/base/deployment.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: velero
+  name: velero
+  namespace: velero
+spec:
+  selector:
+    matchLabels:
+      deploy: velero
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8085"
+        prometheus.io/scrape: "true"
+      labels:
+        component: velero
+        deploy: velero
+    spec:
+      containers:
+        - args:
+            - server 
+          command:
+            - /velero
+          env:
+            - name: VELERO_SCRATCH_DIR
+              value: /scratch
+            - name: VELERO_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: LD_LIBRARY_PATH
+              value: /plugins
+          name: velero
+          image: velero/velero:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8085
+              name: metrics
+          resources:
+            limits:
+              cpu: "1"
+              memory: 256Mi
+            requests:
+              cpu: 500m
+              memory: 128Mi
+          volumeMounts:
+            - mountPath: /scratch
+              name: scratch
+      restartPolicy: Always
+      serviceAccountName: velero
+      volumes:
+        - emptyDir: {}
+          name: scratch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    component: velero
+  name: velero
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: velero
+    namespace: velero
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    component: velero
+  name: velero
+  namespace: velero
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    component: velero
+  name: velero
+spec: {}

design/CLI/PoC/base/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - CRDs.yaml
+  - backupstoragelocations.yaml
+  - volumesnapshotlocations.yaml # including so the velero server can run
+  - resticrepository.yaml # including so the velero server can runl
+  - podvolumes.yaml # including so the velero server can runl
+  - minio.yaml
+

design/CLI/PoC/base/minio.yaml

@@ -0,0 +1,107 @@
+# Copyright 2017 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: velero
+  name: minio
+  labels:
+    component: minio
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      component: minio
+  template:
+    metadata:
+      labels:
+        component: minio
+    spec:
+      volumes:
+      - name: storage
+        emptyDir: {}
+      - name: config
+        emptyDir: {}
+      containers:
+      - name: minio
+        image: minio/minio:latest
+        imagePullPolicy: IfNotPresent
+        args:
+        - server
+        - /storage
+        - --config-dir=/config
+        env:
+        - name: MINIO_ACCESS_KEY
+          value: "minio"
+        - name: MINIO_SECRET_KEY
+          value: "minio123"
+        ports:
+        - containerPort: 9000
+        volumeMounts:
+        - name: storage
+          mountPath: "/storage"
+        - name: config
+          mountPath: "/config"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: velero
+  name: minio
+  labels:
+    component: minio
+spec:
+  # ClusterIP is recommended for production environments.
+  # Change to NodePort if needed per documentation,
+  # but only if you run Minio in a test/trial environment, for example with Minikube.
+  type: ClusterIP
+  ports:
+    - port: 9000
+      targetPort: 9000
+      protocol: TCP
+  selector:
+    component: minio
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: velero
+  name: minio-setup
+  labels:
+    component: minio
+spec:
+  template:
+    metadata:
+      name: minio-setup
+    spec:
+      restartPolicy: OnFailure
+      volumes:
+      - name: config
+        emptyDir: {}
+      containers:
+      - name: mc
+        image: minio/mc:latest
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/sh
+        - -c
+        - "mc --config-dir=/config config host add velero http://minio:9000 minio minio123 && mc --config-dir=/config mb -p velero/velero"
+        volumeMounts:
+        - name: config
+          mountPath: "/config"

design/CLI/PoC/base/podvolumes.yaml

@@ -0,0 +1,297 @@
+---
+  apiVersion: apiextensions.k8s.io/v1beta1
+  kind: CustomResourceDefinition
+  metadata:
+    annotations:
+      controller-gen.kubebuilder.io/version: (unknown)
+    creationTimestamp: null
+    labels:
+      component: velero
+    name: podvolumebackups.velero.io
+  spec:
+    group: velero.io
+    names:
+      kind: PodVolumeBackup
+      listKind: PodVolumeBackupList
+      plural: podvolumebackups
+      singular: podvolumebackup
+    scope: ""
+    validation:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PodVolumeBackupSpec is the specification for a PodVolumeBackup.
+            properties:
+              backupStorageLocation:
+                description: BackupStorageLocation is the name of the backup storage
+                  location where the restic repository is stored.
+                type: string
+              node:
+                description: Node is the name of the node that the Pod is running
+                  on.
+                type: string
+              pod:
+                description: Pod is a reference to the pod containing the volume to
+                  be backed up.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+              repoIdentifier:
+                description: RepoIdentifier is the restic repository identifier.
+                type: string
+              tags:
+                additionalProperties:
+                  type: string
+                description: Tags are a map of key-value pairs that should be applied
+                  to the volume backup as tags.
+                type: object
+              volume:
+                description: Volume is the name of the volume within the Pod to be
+                  backed up.
+                type: string
+            required:
+              - backupStorageLocation
+              - node
+              - pod
+              - repoIdentifier
+              - volume
+            type: object
+          status:
+            description: PodVolumeBackupStatus is the current status of a PodVolumeBackup.
+            properties:
+              completionTimestamp:
+                description: CompletionTimestamp records the time a backup was completed.
+                  Completion time is recorded even on failed backups. Completion time
+                  is recorded before uploading the backup object. The server's time
+                  is used for CompletionTimestamps
+                format: date-time
+                nullable: true
+                type: string
+              message:
+                description: Message is a message about the pod volume backup's status.
+                type: string
+              path:
+                description: Path is the full path within the controller pod being
+                  backed up.
+                type: string
+              phase:
+                description: Phase is the current state of the PodVolumeBackup.
+                enum:
+                  - New
+                  - InProgress
+                  - Completed
+                  - Failed
+                type: string
+              progress:
+                description: Progress holds the total number of bytes of the volume
+                  and the current number of backed up bytes. This can be used to display
+                  progress information about the backup operation.
+                properties:
+                  bytesDone:
+                    format: int64
+                    type: integer
+                  totalBytes:
+                    format: int64
+                    type: integer
+                type: object
+              snapshotID:
+                description: SnapshotID is the identifier for the snapshot of the
+                  pod volume.
+                type: string
+              startTimestamp:
+                description: StartTimestamp records the time a backup was started.
+                  Separate from CreationTimestamp, since that value changes on restores.
+                  The server's time is used for StartTimestamps
+                format: date-time
+                nullable: true
+                type: string
+            type: object
+        type: object
+    version: v1
+    versions:
+      - name: v1
+        served: true
+        storage: true
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (unknown)
+  creationTimestamp: null
+  labels:
+    component: velero
+  name: podvolumerestores.velero.io
+spec:
+  group: velero.io
+  names:
+    kind: PodVolumeRestore
+    listKind: PodVolumeRestoreList
+    plural: podvolumerestores
+    singular: podvolumerestore
+  scope: ""
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore.
+          properties:
+            backupStorageLocation:
+              description: BackupStorageLocation is the name of the backup storage
+                location where the restic repository is stored.
+              type: string
+            pod:
+              description: Pod is a reference to the pod containing the volume to
+                be restored.
+              properties:
+                apiVersion:
+                  description: API version of the referent.
+                  type: string
+                fieldPath:
+                  description: 'If referring to a piece of an object instead of
+                    an entire object, this string should contain a valid JSON/Go
+                    field access statement, such as desiredState.manifest.containers[2].
+                    For example, if the object reference is to a container within
+                    a pod, this would take on a value like: "spec.containers{name}"
+                    (where "name" refers to the name of the container that triggered
+                    the event) or if no container name is specified "spec.containers[2]"
+                    (container with index 2 in this pod). This syntax is chosen
+                    only to have some well-defined way of referencing a part of
+                    an object. TODO: this design is not final and this field is
+                    subject to change in the future.'
+                  type: string
+                kind:
+                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+                  type: string
+                name:
+                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                  type: string
+                namespace:
+                  description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                  type: string
+                resourceVersion:
+                  description: 'Specific resourceVersion to which this reference
+                    is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
+                  type: string
+                uid:
+                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                  type: string
+              type: object
+            repoIdentifier:
+              description: RepoIdentifier is the restic repository identifier.
+              type: string
+            snapshotID:
+              description: SnapshotID is the ID of the volume snapshot to be restored.
+              type: string
+            volume:
+              description: Volume is the name of the volume within the Pod to be
+                restored.
+              type: string
+          required:
+            - backupStorageLocation
+            - pod
+            - repoIdentifier
+            - snapshotID
+            - volume
+          type: object
+        status:
+          description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore.
+          properties:
+            completionTimestamp:
+              description: CompletionTimestamp records the time a restore was completed.
+                Completion time is recorded even on failed restores. The server's
+                time is used for CompletionTimestamps
+              format: date-time
+              nullable: true
+              type: string
+            message:
+              description: Message is a message about the pod volume restore's status.
+              type: string
+            phase:
+              description: Phase is the current state of the PodVolumeRestore.
+              enum:
+                - New
+                - InProgress
+                - Completed
+                - Failed
+              type: string
+            progress:
+              description: Progress holds the total number of bytes of the snapshot
+                and the current number of restored bytes. This can be used to display
+                progress information about the restore operation.
+              properties:
+                bytesDone:
+                  format: int64
+                  type: integer
+                totalBytes:
+                  format: int64
+                  type: integer
+              type: object
+            startTimestamp:
+              description: StartTimestamp records the time a restore was started.
+                The server's time is used for StartTimestamps
+              format: date-time
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+    - name: v1
+      served: true
+      storage: true

design/CLI/PoC/base/resticrepository.yaml

@@ -0,0 +1,85 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (unknown)
+  creationTimestamp: null
+  labels:
+    component: velero
+  name: resticrepositories.velero.io
+spec:
+  group: velero.io
+  names:
+    kind: ResticRepository
+    listKind: ResticRepositoryList
+    plural: resticrepositories
+    singular: resticrepository
+  scope: ""
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: ResticRepositorySpec is the specification for a ResticRepository.
+          properties:
+            backupStorageLocation:
+              description: BackupStorageLocation is the name of the BackupStorageLocation
+                that should contain this repository.
+              type: string
+            maintenanceFrequency:
+              description: MaintenanceFrequency is how often maintenance should
+                be run.
+              type: string
+            resticIdentifier:
+              description: ResticIdentifier is the full restic-compatible string
+                for identifying this repository.
+              type: string
+            volumeNamespace:
+              description: VolumeNamespace is the namespace this restic repository
+                contains pod volume backups for.
+              type: string
+          required:
+            - backupStorageLocation
+            - maintenanceFrequency
+            - resticIdentifier
+            - volumeNamespace
+          type: object
+        status:
+          description: ResticRepositoryStatus is the current status of a ResticRepository.
+          properties:
+            lastMaintenanceTime:
+              description: LastMaintenanceTime is the last time maintenance was
+                run.
+              format: date-time
+              nullable: true
+              type: string
+            message:
+              description: Message is a message about the current status of the
+                ResticRepository.
+              type: string
+            phase:
+              description: Phase is the current state of the ResticRepository.
+              enum:
+                - New
+                - Ready
+                - NotReady
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+    - name: v1
+      served: true
+      storage: true

design/CLI/PoC/base/volumesnapshotlocations.yaml

@@ -0,0 +1,80 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (unknown)
+  labels:
+    component: velero
+  name: volumesnapshotlocations.velero.io
+spec:
+  group: velero.io
+  names:
+    kind: VolumeSnapshotLocation
+    listKind: VolumeSnapshotLocationList
+    plural: volumesnapshotlocations
+    singular: volumesnapshotlocation
+  scope: ""
+  validation:
+    openAPIV3Schema:
+      description: VolumeSnapshotLocation is a location where Velero stores volume
+        snapshots.
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: VolumeSnapshotLocationSpec defines the specification for
+            a Velero VolumeSnapshotLocation.
+          properties:
+            config:
+              additionalProperties:
+                type: string
+              description: Config is for provider-specific configuration fields.
+              type: object
+            provider:
+              description: Provider is the provider of the volume storage.
+              type: string
+          required:
+            - provider
+          type: object
+        status:
+          description: VolumeSnapshotLocationStatus describes the current status
+            of a Velero VolumeSnapshotLocation.
+          properties:
+            phase:
+              description: VolumeSnapshotLocationPhase is the lifecyle phase of
+                a Velero VolumeSnapshotLocation.
+              enum:
+                - Available
+                - Unavailable
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+---
+apiVersion: velero.io/v1
+kind: VolumeSnapshotLocation
+metadata:
+  creationTimestamp: null
+  labels:
+    component: velero
+  name: default
+  namespace: velero
+spec:
+  config:
+    region: us-east-2
+  provider: aws

design/CLI/PoC/overlays/plugins/aws-plugin.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: velero
+spec:
+  selector:
+    matchLabels:
+      deploy: velero
+  template:
+    metadata:
+      labels:
+        component: velero
+        deploy: velero
+    spec:
+      containers:
+        - args:
+          - server
+          name: velero
+          env:
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: /credentials/cloud
+          volumeMounts:
+            - mountPath: /plugins
+              name: plugins
+            - mountPath: /credentials
+              name: cloud-credential-aws
+      initContainers:
+        - image: velero/velero-plugin-for-aws:v1.0.1
+          imagePullPolicy: Always
+          name: velero-plugin-for-aws
+          volumeMounts:
+          - mountPath: /target
+            name: plugins
+      volumes:
+        - emptyDir: {}
+          name: plugins
+        - name: cloud-credential-aws
+          secret:
+            secretName: cloud-credential-aws

design/CLI/PoC/overlays/plugins/azure-plugin.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: velero
+spec:
+  selector:
+    matchLabels:
+      deploy: velero
+  template:
+    metadata:
+      labels:
+        component: velero
+        deploy: velero
+    spec:
+      containers:
+        - args:
+          - server
+          name: velero
+          env:
+            - name: AZURE_SHARED_CREDENTIALS_FILE
+              value: /credentials/cloud
+          volumeMounts:
+            - mountPath: /plugins
+              name: plugins
+            - mountPath: /credentials
+              name: cloud-credential-azure
+      initContainers:
+        - image: velero/velero-plugin-for-microsoft-azure:v1.0.1
+          imagePullPolicy: Always
+          name: velero-plugin-for-microsoft-azure
+          volumeMounts:
+          - mountPath: /target
+            name: plugins
+      volumes:
+        - emptyDir: {}
+          name: plugins
+        - name: cloud-credential-azure
+          secret:
+            secretName: cloud-credential-azure

design/CLI/PoC/overlays/plugins/cloud

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = minio
+aws_secret_access_key = minio123

design/CLI/PoC/overlays/plugins/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+bases:
+  - ../../base
+
+patchesStrategicMerge:
+  - aws-plugin.yaml # this patches the Velero deployment
+  # - azure-plugin.yaml # this patches the Velero deployment
+
+generatorOptions:
+  disableNameSuffixHash: true
+  labels: 
+    component: velero
+
+secretGenerator:
+- name: cloud-credentials
+  files:
+  - "cloud"
+
+
+
+
+

design/CLI/PoC/overlays/plugins/restic.yaml

@@ -0,0 +1,68 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    component: velero
+  name: restic
+  namespace: velero
+spec:
+  selector:
+    matchLabels:
+      name: restic
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        component: velero
+        name: restic
+    spec:
+      containers:
+        - args:
+            - restic
+            - server
+          command:
+            - /velero
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: VELERO_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VELERO_SCRATCH_DIR
+              value: /scratch
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /credentials/cloud
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: /credentials/cloud
+            - name: AZURE_CREDENTIALS_FILE
+              value: /credentials/cloud
+          image: velero/velero:latest
+          imagePullPolicy: Always
+          name: restic
+          resources: {}
+          volumeMounts:
+            - mountPath: /host_pods
+              mountPropagation: HostToContainer
+              name: host-pods
+            - mountPath: /scratch
+              name: scratch
+            - mountPath: /credentials
+              name: cloud-credentials
+      securityContext:
+        runAsUser: 0
+      serviceAccountName: velero
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/pods
+          name: host-pods
+        - emptyDir: {}
+          name: scratch
+        - name: cloud-credentials
+          secret:
+            secretName: cloud-credentials
+  updateStrategy: {}

design/_template.md

@@ -0,0 +1,46 @@
+# Design proposal template (replace with your proposal's title)
+
+One to two sentences that describes the goal of this proposal.
+The reader should be able to tell by the title, and the opening paragraph, if this document is relevant to them.
+
+_Note_: The preferred style for design documents is one sentence per line.
+*Do not wrap lines*.
+This aids in review of the document as changes to a line are not obscured by the reflowing those changes caused and has a side effect of avoiding debate about one or two space after a period.
+
+## Goals
+
+- A short list of things which will be accomplished by implementing this proposal.
+- Two things is ok.
+- Three is pushing it.
+- More than three goals suggests that the proposal's scope is too large.
+
+## Non Goals
+
+- A short list of items which are:
+- a. out of scope
+- b. follow on items which are deliberately excluded from this proposal.
+
+## Background
+
+One to two paragraphs of exposition to set the context for this proposal.
+
+## High-Level Design
+
+One to two paragraphs that describe the high level changes that will be made to implement this proposal.
+
+## Detailed Design
+
+A detailed design describing how the changes to the product should be made.
+
+The names of types, fields, interfaces, and methods should be agreed on here, not debated in code review.
+The same applies to changes in CRDs, YAML examples, and so on.
+
+Ideally the changes should be made in sequence so that the work required to implement this design can be done incrementally, possibly in parallel.
+
+## Alternatives Considered
+
+If there are alternative high level or detailed designs that were not pursued they should be called out here with a brief explanation of why they were not pursued.
+
+## Security Considerations
+
+If this proposal has an impact to the security of the product, its users, or data stored or transmitted via the product, they must be addressed here.

design/backup-resource-list.md

@@ -0,0 +1,96 @@
+# Expose list of backed up resources in backup details
+
+Status: Accepted
+
+To increase the visibility of what a backup might contain, this document proposes storing metadata about backed up resources in object storage and adding a new section to the detailed backup description output to list them.
+
+## Goals
+
+- Include a list of backed up resources as metadata in the bucket
+- Enable users to get a view of what resources are included in a backup using the Velero CLI
+
+## Non Goals
+
+- Expose the full manifests of the backed up resources
+
+## Background
+
+As reported in [#396](https://github.com/heptio/velero/issues/396), the information reported in a `velero backup describe <name> --details` command is fairly limited, and does not easily describe what resources a backup contains.
+In order to see what a backup might contain, a user would have to download the backup tarball and extract it.
+This makes it difficult to keep track of different backups in a cluster.
+
+## High-Level Design
+
+After performing a backup, a new file will be created that contains the list of the resources that have been included in the backup.
+This file will be persisted in object storage alongside the backup contents and existing metadata.
+
+A section will be added to the output of `velero backup describe <name> --details` command to view this metadata.
+
+## Detailed Design
+
+### Metadata file
+
+This metadata will be in JSON (or YAML) format so that it can be easily inspected from the bucket outside of Velero tooling, and will contain the API resource and group, namespaces and names of the resources:
+
+```
+apps/v1/Deployment:
+- default/database
+- default/wordpress
+v1/Service:
+- default/database
+- default/wordpress
+v1/Secret:
+- default/database-root-password
+- default/database-user-password
+v1/ConfigMap:
+- default/database
+v1/PersistentVolume:
+- my-pv
+```
+
+The filename for this metadata will be `<backup name>-resource-list.json.gz`.
+The top-level key is the string form of the `schema.GroupResource` type that we currently keep track of in the backup controller code path.
+
+### Changes in Backup controller
+
+The Backupper currently initialises a map to track the `backedUpItems` (https://github.com/heptio/velero/blob/1594bdc8d0132f548e18ffcc1db8c4cd2b042726/pkg/backup/backup.go#L269), this is passed down through GroupBackupper, ResourceBackupper and ItemBackupper where ItemBackupper records each backed up item.
+This property will be moved to the [Backup request struct](https://github.com/heptio/velero/blob/16910a6215cbd8f0bde385dba9879629ebcbcc28/pkg/backup/request.go#L11), allowing the BackupController to access it after a successful backup.
+
+`backedUpItems` currently uses the `schema.GroupResource` as a key for the resource.
+In order to record the API group, version and kind for the resource, this key will be constructed from the object's `schema.GroupVersionKind` in the format `{group}/{version}/{kind}` (e.g. `apps/v1/Deployment`).
+
+The `backedUpItems` map is kept as a flat structure internally for quick lookup.
+When the backup is ready to upload, `backedUpItems` will be converted to a nested structure representing the metadata file above, grouped by `schema.GroupVersionKind`.
+After converting to the right format, it can be passed to the `persistBackup` function to persist the file in object storage.
+
+### Changes to DownloadRequest CRD and processing
+
+A new `DownloadTargetKind` "BackupResourceList" will be added to the DownloadRequest CR.
+
+The `GetDownloadURL` function in the `persistence` package will be updated to handle this new DownloadTargetKind to enable the Velero client to fetch the metadata from the bucket.
+
+### Changes to `velero backup describe <name> --details`
+
+This command will need to be updated to fetch the metadata from the bucket using the `Stream` method used in other commands.
+The file will be read in memory and displayed in the output of the command.
+Depending on the format the metadata is stored in, it may need processing to print in a more human-readable format.
+If we choose to store the metadata in YAML, it can likely be directly printed out.
+
+If the metadata file does not exist, this is an older backup and we cannot display the list of resources that were backed up.
+
+## Open Questions
+
+## Alternatives Considered
+
+### Fetch backup contents archive and walkthrough to list contents
+
+Instead of recording new metadata about what resources have been backed up, we could simply download the backup contents archive and walkthrough it to list the contents everytime `velero backup describe <name> --details` is run.
+
+The advantage of this approach is that we don't need to change any backup procedures as we already have this content, and we will also be able to list resources for older backups.
+Additionally, if we wanted to expose more information about the backed up resources, we can do so without having to update what we store in the metadata.
+
+The disadvantages are:
+- downloading the whole backup archive will be larger than just downloading a smaller file with metadata
+- reduces the metadata available in the bucket that users might want to inspect outside of Velero tooling (though this is not an explicit requirement)
+
+## Security Considerations

design/cli-install-changes.md

@@ -0,0 +1,373 @@
+# Proposal for a more intuitive CLI to install and configure Velero
+
+Currently, the Velero CLI tool has a `install` command that configures numerous major and minor aspects of Velero. As a result, the combined set of flags for this `install` command makes it hard to intuit and reason about the different Velero components. This document proposes changes to improve the UX for installation and configuration in a way that would make it easier for the user to discover what needs to be configured by looking at what is available in the CLI rather then having to rely heavily on our documentation for the usage. At the same time, it is expected that the documentation update to reflect these changes will also make the documentation flow easier to follow.
+
+This proposal prioritizes discoverability and self-documentation over minimizing length or number of commands and flags.
+
+## Goals
+
+- Split flags currently under the `velero install` command into multiple commands, and group flags under commands in a way that allows a good level of discovery and self-documentation
+- Maintain compatibility with gitops practices (i.e. ability to generate a full set of yaml for install that can be stored in source control)
+- Have a clear path for deprecating commands
+
+## Non Goals
+
+- Introduce new CLI features 
+- Propose changes to the CLI that go beyond the functionality of install and configure
+- Optimize for shorter length or number of commands/flags
+
+## Background
+
+This document proposes users could benefit from a more intuitive and self-documenting CLI setup as compared to our existing CLI UX. Ultimately, it is proposed that a recipe-style CLI flow for installation, configuration and use would greatly contribute to this purpose.
+
+Also, the `install` command currently can be reused to update Velero deployment configurations. For server and restic related install and configurations, settings will be moved to under `velero config`.
+
+## High-Level Design
+
+The naming and organization of the proposed new CLI commands below have been inspired on the `kubectl` commands, particularly `kubectl set` and `kubectl config`.
+
+#### General CLI improvements
+
+These are improvements that are part of this proposal:
+- Go over all flags and document what is optional, what is required, and default values.
+- Capitalize all help messages
+
+#### Commands
+
+The organization of the commands follows this format:
+
+```
+velero [resource] [operation] [flags]
+```
+
+To conform with Velero's current practice: 
+- commands will also work by swapping the operation/resource.
+- the "object" of a command is an argument, and flags are strictly for modifiers (example: `backup get my-backup` and not `backup get --name my-backup`)
+
+All commands will include the `--dry-run` flag, which can be used to output yaml files containing the commands' configuration for resource creation or patching.
+
+`--dry-run                                    generate resources, but don't send them to the cluster. Use with -o. Optional.`
+
+The `--help` and `--output` flags will also be included for all commands, omitted below for brevity.
+
+Below is the proposed set of new commands to setup and configure Velero.
+
+1) `velero config`
+
+```
+      server                                         Configure up the namespace, RBAC, deployment, etc., but does not add any external plugins, BSL/VSL definitions. This would be the minimum set of commands to get the Velero server up and running and ready to accept other configurations.
+        --label-columns stringArray                  a comma-separated list of labels to be displayed as columns
+        --show-labels                                show labels in the last column
+        --image string                               image to use for the Velero and restic server pods. Optional. (default "velero/velero:latest")
+        --pod-annotations mapStringString            annotations to add to the Velero and restic pods. Optional. Format is key1=value1,key2=value2
+        --restore-only                               run the server in restore-only mode. Optional.
+        --pod-cpu-limit string                       CPU limit for Velero pod. A value of "0" is treated as unbounded. Optional. (default "1000m")
+        --pod-cpu-request string                     CPU request for Velero pod. A value of "0" is treated as unbounded. Optional. (default "500m")
+        --pod-mem-limit string                       memory limit for Velero pod. A value of "0" is treated as unbounded. Optional. (default "256Mi")
+        --pod-mem-request string                     memory request for Velero pod. A value of "0" is treated as unbounded. Optional. (default "128Mi")
+        --client-burst int                           maximum number of requests by the server to the Kubernetes API in a short period of time (default 30)
+        --client-qps float32                         maximum number of requests per second by the server to the Kubernetes API once the burst limit has been reached (default 20)
+        --default-backup-ttl duration                how long to wait by default before backups can be garbage collected (default 720h0m0s)
+        --disable-controllers strings                list of controllers to disable on startup. Valid values are backup,backup-sync,schedule,gc,backup-deletion,restore,download-request,restic-repo,server-status-request
+        --log-format                                 the format for log output. Valid values are text, json. (default text)
+        --log-level                                  the level at which to log. Valid values are debug, info, warning, error, fatal, panic. (default info)
+        --metrics-address string                     the address to expose prometheus metrics (default ":8085")
+        --plugin-dir string                          directory containing Velero plugins (default "/plugins")
+        --profiler-address string                    the address to expose the pprof profiler (default "localhost:6060")
+        --restore-only                               run in a mode where only restores are allowed; backups, schedules, and garbage-collection are all disabled. DEPRECATED: this flag will be removed in v2.0. Use read-only backup storage locations instead.
+        --restore-resource-priorities strings        desired order of resource restores; any resource not in the list will be restored alphabetically after the prioritized resources (default [namespaces,storageclasses,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods,replicaset,customresourcedefinitions])
+        --terminating-resource-timeout duration      how long to wait on persistent volumes and namespaces to terminate during a restore before timing out (default 10m0s)
+
+      restic                                        Configuration for restic operations.
+        --default-prune-frequency duration          how often 'restic prune' is run for restic repositories by default. Optional.
+        --pod-annotations mapStringString           annotations to add to the Velero and restic pods. Optional. Format is key1=value1,key2=value2
+        --pod-cpu-limit string                      CPU limit for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+        --pod-cpu-request string                    CPU request for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+        --pod-mem-limit string                      memory limit for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+        --pod-mem-request string                    memory request for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+        --timeout duration                          how long backups/restores of pod volumes should be allowed to run before timing out (default 1h0m0s)
+        repo  
+          get                                         Get restic repositories
+```
+The `velero config server` command will create the following resources:
+
+```
+Namespace
+Deployment
+backups.velero.io
+backupstoragelocations.velero.io
+deletebackuprequests.velero.io
+downloadrequests.velero.io
+podvolumebackups.velero.io
+podvolumerestores.velero.io
+resticrepositories.velero.io
+restores.velero.io
+schedules.velero.io
+serverstatusrequests.velero.io
+volumesnapshotlocations.velero.io
+```
+
+Note: Velero will maintain the `velero server` command run by the Velero pod, which starts the Velero server deployment.
+
+2) `velero backup-location`
+Commands/flags for backup locations.
+
+```
+      set
+        --default string                                  sets the default backup storage location (default "default") (NEW, -- was `server --default-backup-storage-location; could be set as an annotation on the BSL)
+        --credentials mapStringString                     sets the name of the corresponding credentials secret for a provider. Format is provider:credentials-secret-name. (NEW)
+        --cacert-file mapStringString                     configuration to use for creating a secret containing a custom certificate for an S3 location of a plugin provider. Format is provider:path-to-file. (NEW)
+
+      create                                              NAME [flags]
+        --default                                         Sets this new location to be the new default backup location. Default is false. (NEW) 
+        --access-mode                                     access mode for the backup storage location. Valid values are ReadWrite,ReadOnly (default ReadWrite)
+        --backup-sync-period 0s                           how often to ensure all Velero backups in object storage exist as Backup API objects in the cluster. Optional. Set this to 0s to disable sync
+        --bucket string                                   name of the object storage bucket where backups should be stored. Required.
+        --config mapStringString                          configuration to use for creating a backup storage location. Format is key1=value1,key2=value2 (was also in `velero install --backup-location-config`). Required for Azure.
+        --provider string                                 provider name for backup storage. Required.
+        --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+        --labels mapStringString                          labels to apply to the backup storage location
+        --prefix string                                   prefix under which all Velero data should be stored within the bucket. Optional.
+        --provider string                                 name of the backup storage provider (e.g. aws, azure, gcp)
+        --show-labels                                     show labels in the last column
+        --credentials mapStringString                     sets the name of the corresponding credentials secret for a provider. Format is provider:credentials-secret-name. (NEW)
+        --cacert-file mapStringString                     configuration to use for creating a secret containing a custom certificate for an S3 location of a plugin provider. Format is provider:path-to-file. (NEW)
+
+      get                                                 Display backup storage locations
+        --default                                         displays the current default backup storage location (NEW)
+        --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+        -l, --selector string                             only show items matching this label selector
+        --show-labels                                     show labels in the last column
+
+```
+
+3) `velero snapshot-location`
+Commands/flags for snapshot locations.
+
+```
+     set
+        --default mapStringString                         sets the list of unique volume providers and default volume snapshot location (provider1:location-01,provider2:location-02,...) (NEW, -- was `server --default-volume-snapshot-locations; could be set as an annotation on the VSL)  
+        --credentials mapStringString                     sets the list of name of the corresponding credentials secret for providers. Format is (provider1:credentials-secret-name1,provider2:credentials-secret-name2,...) (NEW)
+
+      create                                              NAME [flags]
+        --default                                         Sets these new locations to be the new default snapshot locations. Default is false. (NEW)
+        --config  mapStringString                         configuration to use for creating a volume snapshot location. Format is key1=value1,key2=value2 (was also in `velero install --`snapshot-location-config`). Required.
+        --provider string                                 provider name for volume storage. Required.
+        --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+        --labels mapStringString                          labels to apply to the volume snapshot location
+        --provider string                                 name of the volume snapshot provider (e.g. aws, azure, gcp)
+        --show-labels                                     show labels in the last column
+        --credentials mapStringString                     sets the list of name of the corresponding credentials secret for providers. Format is (provider1:credentials-secret-name1,provider2:credentials-secret-name2,...) (NEW)
+
+      get                                                 Display snapshot locations
+        --default                                         list of unique volume providers and default volume snapshot location (provider1:location-01,provider2:location-02,...) (NEW -- was `server --default-volume-snapshot-locations`))
+```
+
+4) `velero plugin`
+Configuration for plugins.
+
+```
+      add stringArray                           IMAGES [flags] - add plugin container images to install into the Velero Deployment
+
+      get                                       get information for all plugins on the velero server (was `get`)
+        --timeout duration                      maximum time to wait for plugin information to be reported (default 5s)
+
+      remove                                    Remove a plugin [NAME | IMAGE] 
+
+      set
+        --credentials-file mapStringString      configuration to use for creating a secret containing the AIM credentials for a plugin provider. Format is provider:path-to-file. (was `secret-file`)
+        --no-secret                             flag indicating if a secret should be created. Must be used as confirmation if create --secret-file is not provided. Optional. (MOVED FROM install -- not sure we need it?)
+        --sa-annotations mapStringString        annotations to add to the Velero ServiceAccount for GKE. Add iam.gke.io/gcp-service-account=[GSA_NAME]@[PROJECT_NAME].iam.gserviceaccount.com for workload identity. Optional. Format is key1=value1,key2=value2
+```
+
+#### Example
+
+Considering this proposal, let's consider what a high-level documentation for getting Velero ready to do backups could look like for Velero users:
+
+After installing the Velero CLI:
+```
+velero config server [flags] (required)
+velero config restic [flags]
+velero plugin add IMAGES [flags] (add/config provider plugins)
+velero backup-location/snapshot-location create NAME [flags] (run `velero plugin --get` to see what kind of plugins are available; create locations)
+velero backup/restore/schedule create/get/delete NAME [flags]
+```
+
+The above recipe-style documentation should highlight 1) the main components of Velero, and, 2) the relationship/dependency between the main components
+
+### Deprecation
+
+#### Timeline
+
+In order to maintain compatibility with the current Velero version for a sufficient amount of time, and give users a chance to upgrade any install scripts they might have, we will keep the current `velero install` command in parallel with the new commands until the next major Velero version, which will be Velero 2.0. In the mean time, ia deprecation warning will be added to the `velero install` command. 
+
+#### Commands/flags deprecated or moved
+
+##### Velero Install 
+`velero install (DEPRECATED)`
+
+Flags moved to...
+
+...`velero config server`:
+```
+      --image string                               image to use for the Velero and restic server pods. Optional. (default "velero/velero:latest")
+      --label-columns stringArray                  a comma-separated list of labels to be displayed as columns
+      --pod-annotations mapStringString            annotations to add to the Velero and restic pods. Optional. Format is key1=value1,key2=value2
+      --show-labels                                show labels in the last column
+      --pod-cpu-limit string                CPU limit for Velero pod. A value of "0" is treated as unbounded. Optional. (default "1000m")
+      --pod-cpu-request string              CPU request for Velero pod. A value of "0" is treated as unbounded. Optional. (default "500m")
+      --pod-mem-limit string                memory limit for Velero pod. A value of "0" is treated as unbounded. Optional. (default "256Mi")
+      --pod-mem-request string              memory request for Velero pod. A value of "0" is treated as unbounded. Optional. (default "128Mi")
+```
+
+...`velero config restic`
+```
+      --default-prune-frequency duration    how often 'restic prune' is run for restic repositories by default. Optional.
+      --pod-cpu-limit string                CPU limit for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+      --pod-cpu-request string              CPU request for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+      --pod-mem-limit string                memory limit for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+      --pod-mem-request string              memory request for restic pod. A value of "0" is treated as unbounded. Optional. (default "0")
+```
+
+...`backup-location create`
+```
+      --backup-location-config mapStringString     configuration to use for the backup storage location. Format is key1=value1,key2=value2
+      --bucket string                              name of the object storage bucket where backups should be stored
+      --prefix string                              prefix under which all Velero data should be stored within the bucket. Optional.
+```
+
+...`snapshot-location create`
+```
+      --snapshot-location-config mapStringString   configuration to use for the volume snapshot location. Format is key1=value1,key2=value2
+```
+
+...both `backup-location create` and `snapshot-location create`
+```
+      --provider string                            provider name for backup and volume storage
+```
+
+...`plugin`
+```
+      --plugins stringArray                        Plugin container images to install into the Velero Deployment
+      --sa-annotations mapStringString             annotations to add to the Velero ServiceAccount. Add iam.gke.io/gcp-service-account=[GSA_NAME]@[PROJECT_NAME].iam.gserviceaccount.com for workload identity. Optional. Format is key1=value1,key2=value2
+      --no-secret                                  flag indicating if a secret should be created. Must be used as confirmation if --secret-file is not provided. Optional.
+      --secret-file string  (renamed `credentials-file`)   file containing credentials for backup and volume provider. If not specified, --no-secret must be used for confirmation. Optional.
+```
+
+Flags to deprecate:
+```
+      --no-default-backup-location                 flag indicating if a default backup location should be created. Must be used as confirmation if --bucket or --provider are not provided. Optional.
+      --use-volume-snapshots                       whether or not to create snapshot location automatically. Set to false if you do not plan to create volume snapshots via a storage provider. (default true)
+      --wait                                       wait for Velero deployment to be ready. Optional.
+      --use-restic                                 (obsolete since now we have `velero config restic`)
+```
+
+##### Velero Server
+
+These flags will be moved to under `velero config server`:
+
+`velero server --default-backup-storage-location (DEPRECATED)` changed to `velero backup-location set --default`
+
+`velero server --default-volume-snapshot-locations (DEPRECATED)` changed to `velero snapshot-location set --default`
+
+The value for these flags will be stored as annotations.
+
+## Detailed Design
+
+#### Handling CA certs
+
+In anticipation of a new configuration implementation to handle custom CA certs (as per design doc https://github.com/vmware-tanzu/velero/blob/master/design/custom-ca-support.md), a new flag `velero storage-location create/set --cacert-file mapStringString` is proposed. It sets the configuration to use for creating a secret containing a custom certificate for an S3 location of a plugin provider. Format is provider:path-to-file.
+
+See discussion https://github.com/vmware-tanzu/velero/pull/2259#discussion_r384700723 for more clarification.
+
+#### Renaming "provider" to "location-plugin"
+
+As part of this change, we should change to use the term `location-plugin` instead of `provider`. The reasoning: in practice, we usually have 1 plugin per provider, and if there is an implementation for both object store and volume snapshotter for that provider, it will all be contained in the same plugin. When we handle plugins, we follow this logic. In other words, there's a plugin name (ex: `velero.io/aws`) and it can contain implementations of kind `ObjectStore` and/or `VolumeSnapshotter`.
+
+But when we handle BSL or VSL (and the CLI commands/flags that configure them), we use the term `provider`, which can cause ambiguity as if that is a kind of thing different from a plugin. If the plugin is the "thing" that contains the implementation for the desired provider, we should make it easier for the user to guess that and change BackupStorageLocation/VolumeSnapshotLocation `Spec.Provider` field to be called `Spec.Location-Plugin` and all related CLI command flags to `location-plugin`, and update the docs accordingly.
+
+This change will require a CRD version bump and deprecation cycle.
+
+#### GitOps Compatibility
+
+To maintain compatibility with gitops practices, each of the new commands will generate `yaml` output that can be stored in source control.
+
+For content examples, please refer to the files here:
+
+https://github.com/carlisia/velero/tree/c-cli-design/design/CLI/PoC
+
+Note: actual `yaml` file names are defined by the user.
+
+`velero config server` - base/deployment.yaml
+
+`velero config restic` - overlays/plugins/restic.yaml
+
+`velero backup-location create` - base/backupstoragelocations.yaml
+
+`velero snapshot-location create` - base/volumasnapshotlocations.yaml
+
+`velero plugin add velero/velero-plugin-for-aws:v1.0.1` - overlays/plugins/aws-plugin.yaml
+
+`velero plugin add velero/velero-plugin-for-microsoft-azure:v1.0.1` - overlay/plugins/azure-plugin.yaml
+
+These resources can be deployed/deleted using the included kustomize setup and running:
+
+```
+kubectl apply -k design/CLI/PoC/overlays/plugins/
+
+kubectl delete -k design/CLI/PoC/overlays/plugins/
+```
+
+Note: All CRDs, including the `ResticRepository`, may continue to be deployed at startup as it is now, or together with their respective instantiation.
+
+
+#### Changes to startup behavior
+
+To recap, this proposal redesigns the Velero CLI to make `velero install` obsolete, and instead breaks down the installation and configuration into separate commands. These are the major highlights:
+
+- Plugins will only be installed separately via `velero plugin add`
+- BSL/VSL will be continue to be configured separately, and now each will have an associated secret
+
+Since each BSL/VSL will have its own association with a secret, the user will no longer need to upload a new secret whenever changing to, or adding, a BSL/VSL for a provider that is different from the one in use. This will be done at setup time. This will make it easier to support any number of BSL/VSL combinations, with different providers each.
+
+The user will start up the Velero server on a cluster by using the command `velero config server`. This will create the Velero deployment resource with default values or values overwritten with flags, create the Velero CRDs, and anything else that is not specific to plugins or BSL/VSL.
+
+The Velero server will start up, verify that the deployment is running, that all CRDs were found, and log a message that it is waiting for a BSL to be configured. at this point, other operations, such as configuring restic, will be allowed. Velero should keep track of its status, ie, if it is ready to create backups or not. This could be a field `ServerStatus` added to `ServerStatusRequest`. Possible values could be [ready|waiting]. "ready" would mean there is at least 1 valid BSL, and "waiting" would be anything but that.
+
+When adding/configuring a BSL or VSL, we will allow creating locations, and continuously verify if there is a corresponding, valid plugin. When a valid match is found, mark the BSL/VSL as "ready". This would require adding a field to the BSL/VSL, or using the existing `Phase` field, and keep track of its status, possibly: [ready|waiting].
+
+With the first approach: the server would transition into "ready" (to create backups) as soon as there is one BSL. It would require a set sequence of actions, ie, first install the plugin, only then the user can successfully configure a BSL.
+
+With the second approach, the Velero server would continue looping and checking all existing BSLs for at least 1 with a "ready" status. Once it found that, it would set itself to "ready" also.
+
+Another new behavior that must be added: the server needs to identify when there no longer exists a valid BSL. At this point, it should change its status from "ready" to one that indicates it is not ready, maybe "waiting". With the first approach above, this would mean checking if there is still at least one BSL. With the second approach, it would require checking the status of all BSLs to find at least one with the status of "ready".
+
+As it is today, a valid VSL would not be required to create backups, unless the backup included a PV.
+
+To make it easier for the user to identify if their Velero server is ready to create backups or not, a `velero status` command should be added. This issue has been created some time ago for this purpose: https://github.com/vmware-tanzu/velero/issues/1094.
+
+## Alternatives Considered
+
+It seems that the vast majority of tools document their usage with `kubectl` and `yaml` files to install and configure their Kubernetes resources. Many of them also make use of Helm, and to a lesser extent some of them have their own CLI tools. 
+
+Amongst the tools that have their own CLI, not enough examples were found to establish a clear pattern of usage. It seems the most relevant priority should be to have output in `yaml` format.
+
+Any set of `yaml` files can also be arranged to use with Kustomize by creating/updating resources, and patching them using Kustomize functionalities.
+
+The way the Velero commands were arranged in this proposal with the ability to output corresponding `yaml` files, and the included Kustomize examples, makes it in line with the widely used practices for installation and configuration.
+
+Some CLI tools do not document their usage with Kustomize, one could assume it is because anyone with knowledge of Kustomize and `yaml` files would know how to use it.
+
+Here are some examples:
+
+https://github.com/jetstack/kustomize-cert-manager-demo
+
+https://github.com/istio/installer/tree/master/kustomize
+
+https://github.com/weaveworks/flagger/tree/master/kustomize
+
+https://github.com/jpeach/contour/tree/1c575c772e9fd747fba72ae41ab99bdae7a01864/kustomize (RFC)
+
+## Security Considerations
+
+N/A

design/csi-snapshots.md

@@ -0,0 +1,324 @@
+# CSI Snapshot Support
+
+The Container Storage Interface (CSI) [introduced an alpha snapshot API in Kubernetes v1.12][1].
+It will reach beta support in Kubernetes v1.17, scheduled for release in December 2019.
+This proposal documents an approach for integrating support for this snapshot API within Velero, augmenting its existing capabilities.
+
+## Goals
+
+- Enable Velero to backup and restore CSI-backed volumes using the Kubernetes CSI CustomResourceDefinition API
+
+## Non Goals
+
+- Replacing Velero's existing [VolumeSnapshotter][7] API
+- Replacing Velero's Restic support
+
+## Background
+
+Velero has had support for performing persistent volume snapshots since its inception.
+However, support has been limited to a handful of providers.
+The plugin API introduced in Velero v0.7 enabled the community to expand the number of supported providers.
+In the meantime, the Kubernetes sig-storage advanced the CSI spec to allow for a generic storage interface, opening up the possibility of moving storage code out of the core Kubernetes code base.
+The CSI working group has also developed a generic snapshotting API that any CSI driver developer may implement, giving users the ability to snapshot volumes from a standard interface.
+
+By supporting the CSI snapshot API, Velero can extend its support to any CSI driver, without requiring a Velero-specific plugin be written, easing the development burden on providers while also reaching more end users.
+
+## High-Level Design
+
+In order to support CSI's snapshot API, Velero must interact with the [`VolumeSnapshot`][2] and [`VolumeSnapshotContent`][3] CRDs.
+These act as requests to the CSI driver to perform a snapshot on the underlying provider's volume.
+This can largely be accomplished with Velero `BackupItemAction` and `RestoreItemAction` plugins that operate on these CRDs.
+
+Additionally, changes to the Velero server and client code are necessary to track `VolumeSnapshot`s that are associated with a given backup, similarly to how Velero tracks its own [`volume.Snapshot`][4] type.
+Tracking these is important for allowing users to see what is in their backup, and provides parity for the existing `volume.Snapshot` and [`PodVolumeBackup`][5] types.
+This is also done to retain the object store as Velero's source of truth, without having to query the Kubernetes API server for associated `VolumeSnapshot`s.
+
+`velero backup describe --details` will use the stored VolumeSnapshots to list CSI snapshots included in the backup to the user.
+
+## Detailed Design
+
+### Resource Plugins
+
+A set of [prototype][6] plugins was developed that informed this design.
+
+The plugins will be as follows:
+
+
+#### A `BackupItemAction` for `PersistentVolumeClaim`s, named `velero.io/csi-pvc` 
+
+This plugin will act directly on PVCs, since an implementation of Velero's VolumeSnapshotter does not have enough information about the StorageClass to properly create the `VolumeSnapshot` objects.
+
+The associated PV will be queried and checked for the presence of `PersistentVolume.Spec.PersistentVolumeSource.CSI`. (See the "Snapshot Mechanism Selection" section below).
+If this field is `nil`, then the plugin will return early without taking action.
+If the `Backup.Spec.SnapshotVolumes` value is `false`, the plugin will return early without taking action.
+
+Additionally, to prevent creating CSI snapshots for volumes backed up by restic, the plugin will query for all pods in the `PersistentVolumeClaim`'s namespace.
+It will then filter out the pods that have the PVC mounted, and inspect the `backup.velero.io/backup-volumes` annotation for the associated volume's name.
+If the name is found in the list, then the plugin will return early without taking further action.
+
+Create a `VolumeSnapshot.snapshot.storage.k8s.io` object from the PVC.
+Label the `VolumeSnapshot` object with the [`velero.io/backup-name`][10] label for ease of lookup later.
+Also set an ownerRef on the `VolumeSnapshot` so that cascading deletion of the Velero `Backup` will delete associated `VolumeSnapshots`.
+
+The CSI controllers will create a `VolumeSnapshotContent.snapshot.storage.k8s.io` object associated with the `VolumeSnapshot`.
+
+Associated `VolumeSnapshotContent` objects will be retrieved and updated with the [`velero.io/backup-name`][10] label for ease of lookup later.
+`velero.io/volume-snapshot-name` will be applied as a label to the PVC so that the `VolumeSnapshot` can be found easily for restore.
+
+`VolumeSnapshot`, `VolumeSnapshotContent`, and `VolumeSnapshotClass` objects would be returned as additional items to be backed up. GitHub issue [1566][18] represents this work.
+
+The `VolumeSnapshotContent.Spec.VolumeSnapshotSource.SnapshotHandle` field is the link to the underlying platform's on-disk snapshot, and must be preserved for restoration.
+
+The plugin will _not_ wait for the `VolumeSnapshot.Status.readyToUse` field to be `true` before returning.
+This field indicates that the snapshot is ready to use for restoration, and for different vendors can indicate that the snapshot has been made durable.
+However, the applications can proceed as soon as `VolumeSnapshot.Status.CreationTime` is set.
+This also maintains current Velero behavior, which allows applications to quiesce and resume quickly, with minimal interruption.
+
+Any sort of monitoring or waiting for durable snapshots, either Velero-native or CSI snapshots, are not covered by this proposal.
+
+```
+K8s object relationships inside of the backup tarball
++-----------------------+               +-----------------------+
+| PersistentVolumeClaim +-------------->+ PersistentVolume      |
++-----------+-----------+               +-----------+-----------+
+            ^                                       ^
+            |                                       |
+            |                                       |
+            |                                       |
++-----------+-----------+               +-----------+-----------+
+| VolumeSnapshot        +<------------->+ VolumeSnapshotContent |
++-----------------------+               +-----------------------+
+```
+
+#### A `RestoreItemAction` for `VolumeSnapshotContent` objects, named `velero.io/csi-vsc`
+
+On restore, `VolumeSnapshotContent` objects are cleaned so that they may be properly associated with IDs assigned by the target cluster.
+
+Only `VolumeSnapshotContent` objects with the `velero.io/backup-name` label will be processed, using the plugin's `AppliesTo` function.
+
+The metadata (excluding labels), `PersistentVolumeClaim.UUID`, and `VolumeSnapshotRef.UUID` fields will be cleared.
+The reference fields are cleared because the associated objects will get new UUIDs in the cluster.
+This also maps to the "import" case of [the snapshot API][1].
+
+This means the relationship between the `VolumeSnapshot` and `VolumeSnapshotContent` is
+one way until the CSI controllers rebind them.
+
+
+```
+K8s objects after the velero.io/csi-vsc plugin has run
++-----------------------+               +-----------------------+
+| PersistentVolumeClaim +-------------->+ PersistentVolume      |
++-----------------------+               +-----------------------+
+                                                     
+                                                     
++-----------------------+               +-----------------------+
+| VolumeSnapshot        +-------------->+ VolumeSnapshotContent |
++-----------------------+               +-----------------------+
+```
+
+#### A `RestoreItemAction` for `VolumeSnapshot` objects, named `velero.io/csi-vs`
+
+`VolumeSnapshot` objects must be prepared for importing into the target cluster by removing IDs and metadata associated with their origin cluster.
+
+Only `VolumeSnapshot` objects with the `velero.io/backup-name` label will be processed, using the plugin's `AppliesTo` function.
+
+Metadata (excluding labels) and `Source` (that is, the pointer to the `PersistentVolumeClaim`) fields on the object will be cleared.
+The `VolumeSnapshot.Spec.SnapshotContentName` is the link back to the `VolumeSnapshotContent` object, and thus the actual snapshot.
+The `Source` field indicates that a new CSI snapshot operation should be performed, which isn't relevant on restore.
+This follows the "import" case of [the snapshot API][1].
+
+The `Backup` associated with the `VolumeSnapshot` will be queried, and set as an ownerRef on the `VolumeSnapshot` so that deletion can cascade.
+
+```
++-----------------------+               +-----------------------+
+| PersistentVolumeClaim +-------------->+ PersistentVolume      |
++-----------------------+               +-----------------------+
+                                                     
+                                                     
++-----------------------+               +-----------------------+
+| VolumeSnapshot        +-------------->+ VolumeSnapshotContent |
++-----------------------+               +-----------------------+
+```
+
+#### A `RestoreItemAction` for `PersistentVolumeClaim`s named `velero.io/csi-pvc`
+
+On restore, `PersistentVolumeClaims` will need to be created from the snapshot, and thus will require editing before submission.
+
+Only `PersistentVolumeClaim` objects with the `velero.io/volume-snapshot-name` label will be processed, using the plugin's `AppliesTo` function.
+Metadata (excluding labels) will be cleared, and the `velero.io/volume-snapshot-name` label will be used to find the relevant `VolumeSnapshot`.
+A reference to the `VolumeSnapshot` will be added to the `PersistentVolumeClaim.DataSource` field.
+
+```
++-----------------------+                                        
+| PersistentVolumeClaim |                                        
++-----------------------+                                        
+                                                                 
++-----------------------+               +-----------------------+
+| VolumeSnapshot        +-------------->+ VolumeSnapshotContent |
++-----------------------+               +-----------------------+
+```
+
+#### VolumeSnapshotClasses
+
+No special logic is required to restore `VolumeSnapshotClass` objects.
+
+These plugins should be provided with Velero, as there will also be some changes to core Velero code to enable association of a `Backup` to the included `VolumeSnapshot`s.
+
+
+
+### Velero server changes
+
+Any non-plugin code changes must be behind a `EnableCSI` feature flag and the behavior will be opt-in until it's exited beta status.
+This will allow the development to continue on the feature while it's in pre-production state, while also reducing the need for long-lived feature branches.
+
+[`persistBackup`][8] will be extended to query for all `VolumeSnapshot`s associated with the backup, and persist the list to JSON.
+
+[`BackupStore.PutBackup`][9] will receive an additional argument, `volumeSnapshots io.Reader`, that contains the JSON representation of `VolumeSnapshots`.
+This will be written to a file named `csi-snapshots.json.gz`.
+
+[`defaultRestorePriorities`][11] should be rewritten to the following to accomodate proper association between the CSI objects and PVCs. `CustomResourceDefinition`s are moved up because they're necessary for creating the CSI CRDs. The CSI CRDs are created before `PersistentVolume`s and `PersistentVolumeClaim`s so that they may be used as data sources.
+GitHub issue [1565][17] represents this work.
+
+```go
+var defaultRestorePriorities = []string{
+    "namespaces",
+    "storageclasses",
+    "customresourcedefinitions",
+    "volumesnapshotclass.snapshot.storage.k8s.io",
+    "volumesnapshotcontents.snapshot.storage.k8s.io",
+    "volumesnapshots.snapshot.storage.k8s.io",
+    "persistentvolumes",
+    "persistentvolumeclaims",
+    "secrets",
+    "configmaps",
+    "serviceaccounts",
+    "limitranges",
+    "pods",
+    "replicaset",
+}
+```
+### Restic and CSI interaction
+
+Volumes found in a `Pod`'s `backup.velero.io/backup-volumes` list will use Velero's current Restic code path.
+This also means Velero will continue to offer Restic as an option for CSI volumes.
+
+The `velero.io/csi-pvc` BackupItemAction plugin will inspect pods in the namespace to ensure that it does not act on PVCs already being backed up by restic.
+
+This is preferred to modifying the PVC due to the fact that Velero's current backup process backs up PVCs and PVs mounted to pods at the same time as the pod.
+
+A drawback to this approach is that we're querying all pods in the namespace per PVC, which could be a large number.
+In the future, the plugin interface could be improved to have some sort of context argument, so that additional data such as our existing `resticSnapshotTracker` could be passed to plugins and reduce work.
+
+### Garbage collection and deletion
+
+To ensure that all created resources are deleted when a backup expires or is deleted, `VolumeSnapshot`s will have an `ownerRef` defined pointing to the Velero backup that created them.
+
+In order to fully delete these objects, each `VolumeSnapshotContent`s object will need to be edited to ensure the associated provider snapshot is deleted.
+This will be done by editing the object and setting `VolumeSnapshotContent.Spec.DeletionPolicy` to `Delete`, regardless of whether or not the default policy for the class is `Retain`.
+See the Deletion Policies section below.
+The edit will happen before making Kubernetes API deletion calls to ensure that the cascade works as expected.
+
+Deleting a Velero `Backup` or any associated CSI object via `kubectl` is unsupported; data will be lost or orphaned if this is done.
+
+### Other snapshots included in the backup
+
+Since `VolumeSnapshot` and `VolumeSnapshotContent` objects are contained within a Velero backup tarball, it is possible that all CRDs and on-disk provider snapshots have been deleted, yet the CRDs are still within other Velero backup tarballs.
+Thus, when a Velero backup that contains these CRDs is restored, the `VolumeSnapshot` and `VolumeSnapshotContent` objects are restored into the cluster, the CSI controllers will attempt to reconcile their state, and there are two possible states when the on-disk snapshot has been deleted:
+
+    1) If the driver _does not_ support the `ListSnapshots` gRPC method, then the CSI controllers have no way of knowing how to find it, and sets the `VolumeSnapshot.Status.readyToUse` field to `true`.
+    2) If the driver _does_ support the `ListSnapshots` gRPC method, then the CSI controllers will query the state of the on-disk snapshot, see it is missing, and set `VolumeSnapshot.Status.readyToUse` and `VolumeSnapshotContent.Status.readyToUse` fields to `false`.
+
+## Velero client changes
+
+To use CSI features, the Velero client must use the `EnableCSI` feature flag.
+
+[`DescribeBackupStatus`][13] will be extended to download the `csi-snapshots.json.gz` file for processing. GitHub Issue [1568][19] captures this work.
+
+A new `describeCSIVolumeSnapshots` function should be added to the [output][12] package that knows how to render the included `VolumeSnapshot` names referenced in the `csi-snapshots.json.gz` file.
+
+### Snapshot selection mechanism
+
+The most accurate, reliable way to detect if a PersistentVolume is a CSI volume is to check for a non-`nil` [`PersistentVolume.Spec.PersistentVolumeSource.CSI`][16] field.
+Using the [`volume.beta.kubernetes.io/storage-provisioner`][14] is not viable, since the usage is for any PVC that should be dynamically provisioned, and is _not_ limited to CSI implementations.
+It was [introduced with dynamic provisioning support][15] in 2016, predating CSI.
+
+In the `BackupItemAction` for PVCs, the associated PV will be queried and checked for the presence of `PersistentVolume.Spec.PersistentVolumeSource.CSI`.
+Volumes with any other `PersistentVolumeSource` set will use Velero's current VolumeSnapshotter plugin code path.
+
+### VolumeSnapshotLocations and VolumeSnapshotClasses
+
+Velero uses its own `VolumeSnapshotLocation` CRDs to specify configuration options for a given storage system.
+In Velero, this often includes topology information such as regions or availibility zones, as well as credential information.
+
+CSI volume snapshotting has a `VolumeSnapshotClass` CRD which also contains configuration options for a given storage system, but these options are not the same as those that Velero would use.
+Since CSI volume snapshotting is operating within the same storage system that manages the volumes already, it does not need the same topology or credential information that Velero does.
+
+As such, when used with CSI volumes, Velero's `VolumeSnapshotLocation` CRDs are not relevant, and could be omitted.
+
+This will create a separate path in our documentation for the time being, and should be called out explicitly.
+
+## Alternatives Considered
+
+* Implementing similar logic in a Velero VolumeSnapshotter plugin was considered.
+However, this is inappropriate given CSI's data model, which requires a PVC/PV's StorageClass.
+Given the arguments to the VolumeSnapshotter interface, the plugin would have to instantiate its own client and do queries against the Kubernetes API server to get the necessary information.
+
+This is unnecessary given the fact that the `BackupItemAction` and `RestoreItemAction` APIs can act directly on the appropriate objects.
+
+Additionally, the VolumeSnapshotter plugins and CSI volume snapshot drivers overlap - both produce a snapshot on backup and a PersistentVolume on restore.
+Thus, there's not a logical place to fit the creation of VolumeSnapshot creation in the VolumeSnapshotter interface.
+
+* Implement CSI logic directly in Velero core code.
+The plugins could be packaged separately, but that doesn't necessarily make sense with server and client changes being made to accomodate CSI snapshot lookup.
+
+* Implementing the CSI logic entirely in external plugins.
+As mentioned above, the necessary plugins for `PersistentVolumeClaim`, `VolumeSnapshot`, and `VolumeSnapshotContent` could be hosted out-out-of-tree from Velero.
+In fact, much of the logic for creating the CSI objects will be driven entirely inside of the plugin implementation.
+
+However, Velero currently has no way for plugins to communicate that some arbitrary data should be stored in or retrieved from object storage, such as list of all `VolumeSnapshot` objects associated with a given `Backup`.
+This is important, because to display snapshots included in a backup, whether as native snapshots or Restic backups, separate JSON-encoded lists are stored within the backup on object storage.
+Snapshots are not listed directly on the `Backup` to fit within the etcd size limitations.
+Additionally, there are no client-side Velero plugin mechanisms, which means that the `velero describe backup --details` command would have no way of displaying the objects to the user, even if they were stored.
+
+## Deletion Policies
+
+In order for underlying, provider-level snapshots to be retained similarly to Velero's current functionality, the `VolumeSnapshotContent.Spec.DeletionPolicy` field must be set to `Retain`.
+
+This is most easily accomplished by setting the `VolumeSnapshotClass.DeletionPolicy` field to `Retain`, which will be inherited by all `VolumeSnapshotContent` objects associated with the `VolumeSnapshotClass`.
+
+The current default for dynamically provisioned `VolumeSnapshotContent` objects is `Delete`, which will delete the provider-level snapshot when the `VolumeSnapshotContent` object representing it is deleted.
+Additionally, the `Delete` policy will cascade a deletion of a `VolumeSnapshot`, removing the associated `VolumeSnapshotContent` object.
+
+It is not currently possible to define a deletion policy on a `VolumeSnapshot` that gets passed to a `VolumeSnapshotContent` object on an individual basis.
+
+## Security Considerations
+
+This proposal does not significantly change Velero's security implications within a cluster.
+
+If a deployment is using solely CSI volumes, Velero will no longer need privileges to interact with volumes or snapshots, as these will be handled by the CSI driver.
+This reduces the provider permissions footprint of Velero.
+
+Velero must still be able to access cluster-scoped resources in order to back up `VolumeSnapshotContent` objects.
+Without these objects, the provider-level snapshots cannot be located in order to re-associate them with volumes in the event of a restore.
+
+
+
+[1]: https://kubernetes.io/blog/2018/10/09/introducing-volume-snapshot-alpha-for-kubernetes/
+[2]: https://github.com/kubernetes-csi/external-snapshotter/blob/master/pkg/apis/volumesnapshot/v1alpha1/types.go#L41
+[3]: https://github.com/kubernetes-csi/external-snapshotter/blob/master/pkg/apis/volumesnapshot/v1alpha1/types.go#L161
+[4]: https://github.com/heptio/velero/blob/master/pkg/volume/snapshot.go#L21
+[5]: https://github.com/heptio/velero/blob/master/pkg/apis/velero/v1/pod_volume_backup.go#L88
+[6]: https://github.com/heptio/velero-csi-plugin/
+[7]: https://github.com/heptio/velero/blob/master/pkg/plugin/velero/volume_snapshotter.go#L26
+[8]: https://github.com/heptio/velero/blob/master/pkg/controller/backup_controller.go#L560
+[9]: https://github.com/heptio/velero/blob/master/pkg/persistence/object_store.go#L46
+[10]: https://github.com/heptio/velero/blob/master/pkg/apis/velero/v1/labels_annotations.go#L21
+[11]: https://github.com/heptio/velero/blob/master/pkg/cmd/server/server.go#L471
+[12]: https://github.com/heptio/velero/blob/master/pkg/cmd/util/output/backup_describer.go
+[13]: https://github.com/heptio/velero/blob/master/pkg/cmd/util/output/backup_describer.go#L214
+[14]: https://github.com/kubernetes/kubernetes/blob/8ea9edbb0290e9de1e6d274e816a4002892cca6f/pkg/controller/volume/persistentvolume/util/util.go#L69
+[15]: https://github.com/kubernetes/kubernetes/pull/30285
+[16]: https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L237
+[17]: https://github.com/heptio/velero/issues/1565
+[18]: https://github.com/heptio/velero/issues/1566
+[19]: https://github.com/heptio/velero/issues/1568

design/custom-ca-support.md

@@ -0,0 +1,132 @@
+# Custom CA Bundle Support for S3 Object Storage
+
+It is desired that Velero performs SSL verification on the Object Storage
+endpoint (BackupStorageLocation), but it is not guaranteed that the Velero
+container has the endpoints' CA bundle in it's system store. Velero needs to
+support the ability for a user to specify custom CA bundles at installation
+time and Velero needs to support a mechanism in the BackupStorageLocation
+Custom Resource to allow a user to specify a custom CA bundle. This mechanism
+needs to also allow Restic to access and use this custom CA bundle.
+
+## Goals
+
+- Enable Velero to be configured with a custom CA bundle at installation
+- Enable Velero support for custom CA bundles with S3 API BackupStorageLocations
+- Enable Restic to use the custom CA bundles whether it is configured at installation time or on the BackupStorageLocation
+- Enable Velero client to take a CA bundle as an argument
+
+## Non Goals
+
+- Support non-S3 providers
+
+## Background
+
+Currently, in order for Velero to perform SSL verification of the object
+storage endpoint the user must manually set the `AWS_CA_BUNDLE` environment
+variable on the Velero deployment. If the user is using Restic, the user has to
+either:
+1. Add the certs to the Restic container's system store
+1. Modify Velero to pass in the certs as a CLI parameter to Restic - requiring
+   a custom Velero deployment
+
+## High-Level Design
+
+There are really 2 methods of using Velero with custom certificates:
+1. Including a custom certificate at Velero installation
+1. Specifying a custom certificate to be used with a `BackupStorageLocation`
+
+### Specifying a custom cert at installation
+
+On the Velero deployment at install time, we can set the AWS environment variable
+`AWS_CA_BUNDLE` which will allow Velero to communicate over https with the
+proper certs when communicating with the S3 bucket. This means we will add the
+ability to specify a custom CA bundle at installation time. For more
+information, see "Install Command Changes".
+
+On the Restic daemonset, we will want to also mount this secret at a pre-defined
+location. In the `restic` pkg, the command to invoke restic will need to be
+updated to pass the path to the cert file that is mounted if it is specified in
+the config.
+
+This is good, but doesn't allow us to specify different certs when
+`BackupStorageLocation` resources are created.
+
+### Specifying a custom cert on BSL
+
+In order to support custom certs for object storage, Velero will add an
+additional field to the `BackupStorageLocation`'s provider `Config` resource to
+provide a secretRef which will contain the coordinates to a secret containing
+the relevant cert file for object storage. 
+
+In order for Restic to be able to consume and use this cert, Velero will need
+the ability to write the CA bundle somewhere in memory for the Restic pod to
+consume it.
+
+To accomplish this, we can look at the code for managing restic repository
+credentials. The way this works today is that the key is stored in a secret in
+the Velero namespace, and each time Velero executes a restic command, the
+contents of the secret are read and written out to a temp file. The path to
+this file is then passed to restic and removed afterwards. pass the path of the
+temp file to restic, and then remove the temp file afterwards. See ref #1 and #2.
+
+This same approach can be taken for CA bundles. The bundle can be stored in a
+secret which is referenced on the BSL and written to a temp file prior to
+invoking Restic.
+
+[1](https://github.com/vmware-tanzu/velero/blob/master/pkg/restic/repository_manager.go#L238-L245)
+[2](https://github.com/vmware-tanzu/velero/blob/master/pkg/restic/common.go#L168-L203)
+
+## Detailed Design
+
+The `AWS_CA_BUNDLE` environment variable works for the Velero deployment
+because this environment variable is passed into the AWS SDK which is used in
+the [plugin][1] to build up the config object. This means that a user can
+simply define the CA bundle in the deployment as an env var. This can be
+utilized for the installation of Velero with a custom cert by simply setting
+this env var to the contents of the CA bundle, or the env var can be mapped to
+a secret which is controlled at installation time. I recommend using a secret
+as it makes the Restic integration easier as well.
+
+At installation time, if a user has specified a custom cert then the Restic
+daemonset should be updated to include the secret mounted at a predefined path.
+We could optionally use the system store for all custom certs added at
+installation time. Restic supports using the custom certs [in addition][3] to
+the root certs.
+
+In the case of the BSL being created with a secret reference, then at runtime
+the secret will need to be consumed. This secret will be read and applied to
+the AWS `session` object. The `getSession()` function will need to be updated
+to take in the custom CA bundle so it can be passed [here][4].
+
+The Restic controller will need to be updated to write the contents of the CA
+bundle secret out to a temporary file inside of the restic pod.The restic
+[command invocation][2] will need to be updated to include the path to the file
+as an argument to the restic server using `--cacert`. For the path when a user
+defines a custom cert on the BSL, Velero will be responsible for updating the
+daemonset to include the secret mounted as a volume at a predefined path.
+
+Where we mount the secret is a fine detail, but I recommend mounting the certs
+to `/certs` to keep it in line with the other volume mount paths being used.
+
+### Install command changes
+
+The installation flags should be updated to include the ability to pass in a
+cert file. Then the install command would do the heavy lifting of creating a
+secret and updating the proper fields on the deployment and daemonset to mount
+the secret at a well defined path.
+
+### Velero client changes
+
+Since the Velero client is responsible for gathering logs and information about
+the Object Storage, this implementation should include a new flag `--cacert`
+which can be used when communicating with the Object Storage. Additionally, the
+user should be able to set this in their client configuration. The command
+would look like:
+```
+$ velero client config set cacert PATH
+```
+
+[1]: https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/master/velero-plugin-for-aws/object_store.go#L135
+[2]: https://github.com/vmware-tanzu/velero/blob/master/pkg/restic/command.go#L47
+[3]: https://github.com/restic/restic/blob/master/internal/backend/http_transport.go#L81
+[4]: https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/master/velero-plugin-for-aws/object_store.go#L154

design/feature-flags.md

@@ -0,0 +1,71 @@
+# Feature Flags
+
+Status: Accepted
+
+Some features may take a while to get fully implemented, and we don't necessarily want to have long-lived feature branches
+A simple feature flag implementation allows code to be merged into master, but not used unless a flag is set.
+
+## Goals
+
+- Allow unfinished features to be present in Velero releases, but only enabled when the associated flag is set.
+
+## Non Goals
+
+- A robust feature flag library.
+
+## Background
+
+When considering the [CSI integration work](https://github.com/heptio/velero/pull/1661), the timelines involved presented a problem in balancing a release and longer-running feature work.
+A simple implementation of feature flags can help protect unfinished code while allowing the rest of the changes to ship.
+
+## High-Level Design
+
+A new command line flag, `--features` will be added to the root `velero` command.
+
+`--features` will accept a comma-separated list of features, such as `--features EnableCSI,Replication`.
+Each feature listed will correspond to a key in a map in `pkg/features/features.go` defining whether a feature should be enabled.
+
+Any code implementing the feature would then import the map and look up the key's value.
+
+For the Velero client, a `features` key can be added to the `config.json` file for more convenient client invocations.
+
+## Detailed Design
+
+A new `features` package will be introduced with these basic structs:
+
+```go
+type FeatureFlagSet struct {
+    flags map[string]bool
+}
+
+type Flags interface {
+    // Enabled reports whether or not the specified flag is found.
+    Enabled(name string) bool
+
+    // Enable adds the specified flags to the list of enabled flags.
+    Enable(names ...string)
+
+    // All returns all enabled features
+    All() []string
+}
+
+// NewFeatureFlagSet initializes and populates a new FeatureFlagSet
+func NewFeatureFlagSet(flags ...string) FeatureFlagSet
+```
+
+When parsing the `--features` flag, the entire `[]string` will be passed to `NewFeatureFlagSet`.
+Additional features can be added with the `Enable` function.
+Parsed features will be printed as an `Info` level message on server start up.
+
+No verification of features will be done in order to keep the implementation minimal.
+
+On the client side, `--features` and the `features` key in `config.json` file will be additive, resulting in the union of both.
+
+To disable a feature, the server must be stopped and restarted with a modified `--features` list.
+Similarly, the client process must be stopped and restarted without features.
+
+## Alternatives Considered
+Omitted
+
+## Security Considerations
+Omitted

design/generating-velero-crds-with-structural-schema.md

@@ -0,0 +1,164 @@
+# Generating Velero CRDs with structural schema support
+
+As the apiextensions.k8s.io API moves to GA, structural schema in Custom Resource Definitions (CRDs) will become required.
+
+This document proposes updating the CRD generation logic as part of `velero install` to include structural schema for each Velero CRD.
+
+## Goals
+
+- Enable structural schema and validation for Velero Custom Resources.
+
+## Non Goals
+
+- Update Velero codebase to use Kubebuilder for controller/code generation.
+- Solve for keeping CRDs in the Velero Helm chart up-to-date.
+
+## Background
+
+Currently, Velero CRDs created by the `velero install` command do not contain any structural schema.
+The CRD is simply [generated at runtime](https://github.com/heptio/velero/blob/8b0cf3855c2b8aa631cf22e63da0955f7b1d06a8/pkg/install/crd.go#L39) using the name and plurals from the [`velerov1api.CustomResources()`](https://github.com/heptio/velero/blob/8b0cf3855c2b8aa631cf22e63da0955f7b1d06a8/pkg/apis/velero/v1/register.go#L60) info.
+
+Updating the info returned by that method would be one way to add support for structural schema when generating the CRDs, but this would require manually describing the schema and would duplicate information from the API structs (e.g. comments describing a field).
+
+Instead, the [controller-tools](https://github.com/kubernetes-sigs/controller-tools) project from Kubebuilder provides tooling for generating CRD manifests (YAML) from the Velero API types.
+This document proposes adding _controller-tools_ to the project to automatically generate CRDs, and use these generated CRDs as part of `velero install`.
+
+## High-Level Design
+
+_controller-tools_ works by reading the Go files that contain the API type definitions.
+It uses a combination of the struct fields, types, tags and comments to build the OpenAPIv3 schema for the CRDs. The tooling makes some assumptions based on conventions followed in upstream Kubernetes and the ecosystem, which involves some changes to the Velero API type definitions, especially around optional fields.
+
+In order for _controller-tools_ to read the Go files containing Velero API type defintiions, the CRDs need to be generated at build time, as these files are not available at runtime (i.e. the Go files are not accessible by the compiled binary).
+These generated CRD manifests (YAML) will then need to be available to the `pkg/install` package for it to include when installing Velero resources.
+
+## Detailed Design
+
+### Changes to Velero API type definitions
+
+API type definitions need to be updated to correctly identify optional and required fields for each API type.
+Upstream Kubernetes defines all optional fields using the `omitempty` tag as well as a `// +optional` annotation above the field (e.g. see [PodSpec definition](https://github.com/kubernetes/api/blob/master/core/v1/types.go#L2835-L2838)).
+_controller-tools_ will mark a field as optional if it sees either the tag or the annotation, but to keep consistent with upstream, optional fields will be updated to use both indicators (as [suggested](https://github.com/kubernetes-sigs/kubebuilder/issues/479) by the Kubebuilder project).
+Additionally, upstream Kubernetes defines the metav1.ObjectMeta, metav1.ListMeta, Spec and Status as [optional on all types](https://github.com/kubernetes/api/blob/master/core/v1/types.go#L3517-L3531).
+Some Velero API types set the `omitempty` tag on Status, but not on other fields - these will all need to be updated to be made optional.
+
+Below is a list of the Velero API type fields and what changes (if any) will be made.
+Note that this only includes fields used in the spec, all status fields will become optional.
+
+| Type                            | Field                   | Changes                                                     |
+|---------------------------------|-------------------------|-------------------------------------------------------------|
+| BackupSpec                      | IncludedNamespaces      | make optional                                               |
+|                                 | ExcludedNamespaces      | make optional                                               |
+|                                 | IncludedResources       | make optional                                               |
+|                                 | ExcludedResources       | make optional                                               |
+|                                 | LabelSelector           | make optional                                               |
+|                                 | SnapshotVolumes         | make optional                                               |
+|                                 | TTL                     | make optional                                               |
+|                                 | IncludeClusterResources | make optional                                               |
+|                                 | Hooks                   | make optional                                               |
+|                                 | StorageLocation         | make optional                                               |
+|                                 | VolumeSnapshotLocations | make optional                                               |
+| BackupHooks                     | Resources               | make optional                                               |
+| BackupResourceHookSpec          | Name                    | none (required)                                             |
+|                                 | IncludedNamespaces      | make optional                                               |
+|                                 | ExcludedNamespaces      | make optional                                               |
+|                                 | IncludedResources       | make optional                                               |
+|                                 | ExcludedResources       | make optional                                               |
+|                                 | LabelSelector           | make optional                                               |
+|                                 | PreHooks                | make optional                                               |
+|                                 | PostHooks               | make optional                                               |
+| BackupResourceHook              | Exec                    | none (required)                                             |
+| ExecHook                        | Container               | make optional                                               |
+|                                 | Command                 | required, validation: MinItems=1                            |
+|                                 | OnError                 | make optional                                               |
+|                                 | Timeout                 | make optional                                               |
+| HookErrorMode                   |                         | validation: Enum                                            |
+| BackupStorageLocationSpec       | Provider                | none (required)                                             |
+|                                 | Config                  | make optional                                               |
+|                                 | StorageType             | none (required)                                             |
+|                                 | AccessMode              | make optional                                               |
+| StorageType                     | ObjectStorage           | make required                                               |
+| ObjectStorageLocation           | Bucket                  | none (required)                                             |
+|                                 | Prefix                  | make optional                                               |
+| BackupStorageLocationAccessMode |                         | validation: Enum                                            |
+| DeleteBackupRequestSpec         | BackupName              | none (required)                                             |
+| DownloadRequestSpec             | Target                  | none (required)                                             |
+| DownloadTarget                  | Kind                    | none (required)                                             |
+|                                 | Name                    | none (required)                                             |
+| DownloadTargetKind              |                         | validation: Enum                                            |
+| PodVolumeBackupSpec             | Node                    | none (required)                                             |
+|                                 | Pod                     | none (required)                                             |
+|                                 | Volume                  | none (required)                                             |
+|                                 | BackupStorageLocation   | none (required)                                             |
+|                                 | RepoIdentifier          | none (required)                                             |
+|                                 | Tags                    | make optional                                               |
+| PodVolumeRestoreSpec            | Pod                     | none (required)                                             |
+|                                 | Volume                  | none (required)                                             |
+|                                 | BackupStorageLocation   | none (required)                                             |
+|                                 | RepoIdentifier          | none (required)                                             |
+|                                 | SnapshotID              | none (required)                                             |
+| ResticRepositorySpec            | VolumeNamespace         | none (required)                                             |
+|                                 | BackupStorageLocation   | none (required)                                             |
+|                                 | ResticIdentifier        | none (required)                                             |
+|                                 | MaintenanceFrequency    | none (required)                                             |
+| RestoreSpec                     | BackupName              | none (required) - should be set to "" if using ScheduleName |
+|                                 | ScheduleName            | make optional                                               |
+|                                 | IncludedNamespaces      | make optional                                               |
+|                                 | ExcludedNamespaces      | make optional                                               |
+|                                 | IncludedResources       | make optional                                               |
+|                                 | ExcludedResources       | make optional                                               |
+|                                 | NamespaceMapping        | make optional                                               |
+|                                 | LabelSelector           | make optional                                               |
+|                                 | RestorePVs              | make optional                                               |
+|                                 | IncludeClusterResources | make optional                                               |
+| ScheduleSpec                    | Template                | none (required)                                             |
+|                                 | Schedule                | none (required)                                             |
+| VolumeSnapshotLocationSpec      | Provider                | none (required)                                             |
+|                                 | Config                  | make optional                                               |
+
+### Build-time generation of CRD manifests
+
+The build image will be updated as follows to include the _controller-tool_ tooling:
+
+
+```diff
+diff --git a/hack/build-image/Dockerfile b/hack/build-image/Dockerfile
+index b69a8c8a..07eac9c6 100644
+--- a/hack/build-image/Dockerfile
++++ b/hack/build-image/Dockerfile
+@@ -21,6 +21,8 @@ RUN mkdir -p /go/src/k8s.io && \
+     git clone -b kubernetes-1.15.3 https://github.com/kubernetes/apimachinery && \
+     # vendor code-generator go modules to be compatible with pre-1.15
+     cd /go/src/k8s.io/code-generator && GO111MODULE=on go mod vendor && \
++    go get -d sigs.k8s.io/controller-tools/cmd/controller-gen && \
++    cd /go/src/sigs.k8s.io/controller-tools && GO111MODULE=on go mod vendor && \
+     go get golang.org/x/tools/cmd/goimports && \
+     cd /go/src/golang.org/x/tools && \
+     git checkout 40a48ad93fbe707101afb2099b738471f70594ec && \
+```
+
+To tie in the CRD manifest generation with existing scripts/workflows, the `hack/update-generated-crd-code.sh` script will be updated to use _controller-tools_ to generate CRDs manifests after it generates the client code.
+
+The generated CRD manifests will be placed in the `pkg/generated/crds/manifests` folder.
+Similarly to client code generation, these manifests will be checked-in to the git repo.
+Checking in these manifests allows including documentation and schema changes to API types as part of code review.
+
+### Updating `velero install` to include generated CRD manifests
+
+As described above, CRD generation using _controller-tools_ will happen at build time due to need to inspect Go files.
+To enable the `velero install` to access the generated CRD manifests at runtime, the `pkg/generated/crds/manifests` folder will be embedded as binary data in the Velero binary (e.g. using a tool like [vfsgen](https://github.com/shurcooL/vfsgen) - see [POC branch](https://github.com/prydonius/velero/commit/4aa7413f97ce9b23e071b6054f600dd0c283351e)).
+
+`velero install` will then unmarshal the binary data as `unstructured.Unstructured` types and append them to the [resources list](https://github.com/heptio/velero/blob/8b0cf3855c2b8aa631cf22e63da0955f7b1d06a8/pkg/install/resources.go#L217) in place of the existing CRD generation.
+
+## Alternatives Considered
+
+Instead of generating and bundling CRD manifests, it could be possible to instead embed the `pkg/apis` package in the Velero binary.
+With this, _controller-tools_ could be run at runtime during `velero install` to generate the CRD manifests.
+However, this would require including _controller-tools_ as a dependency in the project, which might not be desirable as it is a developer tool.
+
+Another option, to avoid embedding static files in the binary, would be to generate the CRD manifest as one YAML file in CI and upload it as a release artifact (e.g. using GitHub releases).
+`velero install` could then download this file for the current version and use it on install.
+The downside here is that `velero install` becomes dependent on the GitHub network, and we lose visibility on changes to the CRD manifests in the Git history.
+
+## Security Considerations
+
+n/a

design/move-gh-org.md

@@ -0,0 +1,90 @@
+# Plan for moving the Velero GitHub repo into the VMware GitHub organization
+
+Currently, the Velero repository sits under the Heptio GitHub organization. With the acquisition of Heptio by VMware, it is due time that this repo moves to one of the VMware GitHub organizations. This document outlines a plan to move this repo to the VMware Tanzu (https://github.com/vmware-tanzu) organization.
+
+## Goals
+
+- List all steps necessary to have this repo fully functional under the new org
+
+## Non Goals
+
+- Highlight any step necessary around setting up the new organization and its members
+
+## Action items
+
+### Todo list
+
+#### Pre move
+
+- [ ] PR: Blog post communicating the move. https://github.com/heptio/velero/issues/1841. Who: TBD.
+- [ ] PR: Find/replace in all Go, script, yaml, documentation, and website files: `github.com/heptio/velero -> github.com/vmware-tanzu/velero`. Who: a Velero developer; TBD
+- [ ] PR: Update website with the correct GH links. Who: a Velero developer; TBD
+- [ ] PR: Change deployment and grpc-push scripts with the new location path. Who: a Velero developer; TBD
+- [ ] Delete branches not to be carried over (https://github.com/heptio/velero/branches/all). Who: Any of the current repo owners; TBD
+
+#### Move
+
+- [ ] Use GH UI to transfer the repository to the VMW org; must be accepted within a day. Who: new org owner; TBD
+- [ ] Make owners of this repo owners of repo in the new org. Who: new org owner; TBD
+- [ ] Update Travis CI. Who: Any of the new repo owners; TBD
+- [ ] Add DCO for signoff check (https://probot.github.io/apps/dco/). Who: Any of the new repo owners; TBD
+
+
+#### Post move
+
+- [ ] Each individual developer should point their origin to the new location: `git remote set-url origin git@github.com:vmware-tanzu/velero.git`
+- [ ] Transfer ZenHub. Who: Any of the new repo owners; TBD
+- [ ] Update Netlify deploy settings. Any of the new repo owners; TBD
+- [ ] GH app: Netlify integration. Who: Any of the new repo owners; TBD
+- [ ] GH app: Slack integration. Who: Any of the new repo owners; TBD
+- [ ] Add webhook: travis CI. Who: Any of the new repo owners; TBD
+- [ ] Add webhook: zenhub. Who: Any of the new repo owners; TBD
+- [ ] Move all 3 native provider plugins into their own individual repo. https://github.com/heptio/velero/issues/1537. Who: @carlisia.
+- [ ] Merge PRs from the "pre move" section
+- [ ] Create a team for the Velero core members (https://github.com/orgs/vmware-tanzu/teams/). Who: Any of the new repo owners; TBD
+
+### Notes/How-Tos
+
+#### Transfering the GH repository
+
+All action items needed for the repo transfer are listed in the Todo list above. For details about what gets moved and other info, this is the GH documentation: https://help.github.com/en/articles/transferring-a-repository
+
+[Pending] We will find out this week who will be the organization owner(s) who will accept this transfer in the new GH org. This organization owner will make all current owners in this repo owners in the new org Velero repo.
+
+#### Updating Travis CI
+
+Someone with owner permission on the new repository needs to go to their Travis CI account and authorize Travis CI on the repo. Here are instructions: https://docs.travis-ci.com/user/tutorial/.
+
+After this, webhook notifications can be added following these instructions: https://docs.travis-ci.com/user/notifications/#configuring-webhook-notifications.
+
+#### Transfering ZenHub
+
+Pre-requisite: A new Zenhub account must exist for a vmware or vmware-tanzu organization.
+
+This page contains a pre-migration checklist for ensuring a repo migration goes well with Zenhub: https://help.zenhub.com/support/solutions/articles/43000010366-moving-a-repo-cross-organization-or-to-a-new-organization. After this, webhooks can be added by following these instructions: https://github.com/ZenHubIO/API#webhooks.
+
+#### Updating Netlify
+
+The settings for Netflify should remain the same, except that it now needs to be installed in the new repo. The instructions on how to install Netlify on the new repo are here: https://www.netlify.com/docs/github-permissions/.
+
+#### Communication strategy
+
+[Pending] We will find out this week how this move will be communicated to the community. In particular, the Velero repository move might be tied to the move of our provider plugins into their own repos, also in the new org: https://github.com/heptio/velero/issues/1814.
+
+#### TBD
+
+Many items on the todo list must be done by a repository member with owner permission. This doesn't all need to be done by the same person obviously, but we should specify if @skriss wants to split these tasks with any other owner(s).
+
+#### Other notes
+
+Might want to exclude updating documentation prior to v1.0.0.
+GH documentation does not specify if branches on the server are also moved.
+All links to the original repository location are automatically redirected to the new location.
+
+## Alternatives Considered
+
+Alternatives such as moving Velero to its own organization, or even not moving at all, were considered. Collectively, however, the open source leadership decided it would be best to move it so it lives alongside other VMware supported cloud native related repositories.
+
+## Security Considerations
+
+- Ensure that only the Velero core team has maintainer/owner privileges.

design/move-plugin-repos.md

@@ -0,0 +1,129 @@
+# Plan to extract the provider plugins out of (the Velero) tree
+
+Currently, the Velero project contains in-tree plugins for three cloud providers: AWS, Azure, and GCP. The Velero team has decided to extract each of those plugins into their own separate repository. This document details the steps necessary to create the new repositories, as well as a general design for what each plugin project will look like.
+
+## Goals
+
+- Have 3 new repositories for each cloud provider plugin currently supported by the Velero team: AWS, Azure, and GCP
+- Have the currently in-tree cloud provider plugins behave like any other plugin external to Velero
+
+## Non Goals
+
+- Extend the Velero plugin framework capability in any way
+- Create GH repositories for any plugin other then the currently 3 in-tree plugins
+- Extract out any plugin that is not a cloud provider plugin (ex: item action related plugins)
+
+## Background
+
+With more and more providers wanting to support Velero, it gets more difficult to justify excluding those from being in-tree just as with the three original ones. At the same time, if we were to include any more plugins in-tree, it would ultimately become the responsibility of the Velero team to maintain an increasing number of plugins. This move aims to equalize the field so all plugins are treated equally. We also hope that, with time, developers interested in getting involved in the upkeep of those plugins will become active enough to be promoted to maintainers. Lastly, having the plugins live in their own individual repositories allows for iteration on them separately from the core codebase.
+
+## Action items
+
+### Todo list
+
+#### Repository creation
+
+- [ ] Use GH UI to create each repository in the new VMW org. Who: new org owner; TBD
+- [ ] Make owners of the Velero repo owners of each repo in the new org. Who: new org owner; TBD
+- [ ] Add Travis CI. Who: Any of the new repo owners; TBD
+- [ ] Add webhook: travis CI. Who: Any of the new repo owners; TBD
+- [ ] Add DCO for signoff check (https://probot.github.io/apps/dco/). Who: Any of the new repo owners; TBD
+
+#### Plugin changes
+
+- [ ] Modify Velero so it can install any of the provider plugins. https://github.com/heptio/velero/issues/1740 - Who: @nrb
+- [ ] Extract each provider plugin into their own repo. https://github.com/heptio/velero/issues/1537
+- [ ] Create deployment and gcr-push scripts with the new location path. Who: @carlisia
+- [ ] Add documentation for how to use the plugin. Who: @carlisia
+- [ ] Update Helm chart to install Velero using any of the provider plugins. https://github.com/heptio/velero/issues/1819
+- [ ] Upgrade script. https://github.com/heptio/velero/issues/1889.
+
+### Notes/How-Tos
+
+#### Creating the GH repository
+
+[Pending] The organization owner will make all current owners in the Velero repo also owners in each of the new org plugin repos.
+
+#### Setting up Travis CI
+
+Someone with owner permission on the new repository needs to go to their Travis CI account and authorize Travis CI on the repo. Here are instructions: https://docs.travis-ci.com/user/tutorial/.
+
+After this, any webhook notifications can be added following these instructions: https://docs.travis-ci.com/user/notifications/#configuring-webhook-notifications.
+
+## High-Level Design
+
+Each provider plugin will be an independent project, using the Velero library to implement their specific functionalities.
+
+The way Velero is installed will be changed to accommodate installing these plugins at deploy time, namely the Velero `install` command, as well as the Helm chart.
+
+Each plugin repository will need to have their respective images built and pushed to the same registry as the Velero images.
+
+## Detailed Design
+
+### Projects
+
+Each provider plugin will be an independent GH repository, named: `velero-plugin-aws`, `velero-plugin-azure`, and `velero-plugin-gcp`.
+
+Build of the project will be done the same way as with Velero, using Travis.
+
+Images for all the plugins will be pushed to the same repository as the Velero image, also using Travis.
+
+Releases of each of these plugins will happen in sync with releases of Velero. This will consist of having a tag in the repo and a tagged image build with the same release version as Velero so it makes it easy to identify what versions are compatible, starting at v1.2.
+
+Documentation for how to install and use the plugins will be augmented in the existing Plugins section of the Velero documentation.
+
+Documentation for how to use each plugin will reside in their respective repos. The navigation on the Velero documentation will be modified for easy discovery of the docs/images for these plugins.
+
+#### Version compatibility
+
+We will keep the major and minor release points in sync, but the plugins can have multiple minor dot something releases as long as it remains compatible with the corresponding major/minor release of Velero. Ex:
+
+| Velero  | Plugin  | Compatible?   |
+|---|---|---|
+|  v1.2 |  v1.2 | ✅  |
+|  v1.2 |  v1.2.3 | ✅  |
+|  v1.2 |  v1.3 | 🚫  |
+|  v1.3 |  v1.2 | 🚫  |
+|  v1.3 |  v1.3.3 | ✅  |
+
+### Installation
+
+As per https://github.com/heptio/velero/issues/1740, we will add a `plugins` flag to the Velero install command which will accept an array of URLs pointing to +1 images of plugins to be installed. The `velero plugin add` command should continue working as is, in specific, it should also allow the installation of any of the new 3 provider plugins. @nrb will provide specifics about how this change will be tackled, as well as what will be documented. Part of the work of adding the `plugins` flag will be removing the logic that adds `velero.io` name spacing to plugins that are added without it.
+
+The Helm chart that allows the installation of Velero will be modified to accept the array of plugin images with an added `plugins` configuration item.
+
+### Design code changes and considerations
+
+The naming convention to use for name spacing each plugin will be `velero.io`, since they are currently maintained by the Velero team.
+
+Install dep
+
+Question: are there any places outside the plugins where we depend on the cloud-provider SDKs? can we eliminate those dependencies too? x
+
+- the `restic` package uses the `aws`. SDK to get the bucket region for the AWS object store (https://github.com/carlisia/velero/blob/32d46871ccbc6b03e415d1e3d4ad9ae2268b977b/pkg/restic/config.go#L41)
+- could not find usage of the cloud provider SDKs anywhere else.
+
+Plugins such as the pod -> pvc -> pv backupitemaction ones make sense to stay in the core repo as they provide some important logic that just happens to be implemented in a plugin.
+
+### Upgrade
+
+The documentation for how to fresh install the out-of-tree plugin with Velero v1.2 will be specified together with the documentation for the install changes on issue https://github.com/heptio/velero/issues/1740.
+
+For upgrades, we will provide a script that will:
+
+- change the tag on the Velero deployment yaml for both the main image and any of th three plugins installed.
+- rename existing aws, azure or gcp plugin names to have the `velero.io/` namespace preceding the name (ex: `velero.io/aws).
+
+Alternatively, we could add CLI `velero upgrade` command that would make these changes. Ex: `velero upgrade 1.3` would upgrade from `v1.2` to `v1.3`.
+
+For upgrading:
+
+- Edit the provider field in the backupstoragelocations and volumesnapshotlocations CRDs to include the new namespace.
+
+## Alternatives Considered
+
+We considered having the plugins all live in the same GH repository. The downside of that approach is ending up with a binary and image bigger than necessary, since they would contain the SDKs of all three providers.
+
+## Security Considerations
+
+- Ensure that only the Velero core team has maintainer/owner privileges.

design/pv-cloning.md

@@ -0,0 +1,54 @@
+# Cloning PVs While Remapping Namespaces
+
+Status: Approved
+
+Velero supports restoring resources into different namespaces than they were backed up from.
+This enables a user to, among other things, clone a namespace within a cluster.
+However, if the namespace being cloned uses persistent volume claims, Velero cannot currently create a second copy of the original persistent volume when restoring.
+This limitation is documented in detail in [issue #192](https://github.com/heptio/velero/issues/192).
+This document proposes a solution that allows new copies of persistent volumes to be created during a namespace clone.
+
+## Goals
+
+- Enable persistent volumes to be cloned when using `velero restore create --namespace-mappings ...` to create a second copy of a namespace within a cluster.
+
+## Non Goals
+
+- Cloning of persistent volumes in any scenario other than when using `velero restore create --namespace-mappings ...` flag.
+- [CSI-based cloning](https://kubernetes.io/docs/concepts/storage/volume-pvc-datasource/).
+
+## Background
+
+(Omitted, see introduction)
+
+## High-Level Design
+
+During a restore, Velero will detect that it needs to assign a new name to a persistent volume being restored if and only if both of the following conditions are met:
+- the persistent volume is claimed by a persistent volume claim in a namespace that's being remapped using `velero restore create --namespace-mappings ...`
+- a persistent volume already exists in the cluster with the original name
+
+If these conditions exist, Velero will give the persistent volume a new arbitrary name before restoring it.
+It will also update the `spec.volumeName` of the related persistent volume claim. 
+
+## Detailed Design
+
+In `pkg/restore/restore.go`, around [line 872](https://github.com/heptio/velero/blob/master/pkg/restore/restore.go#L872), Velero has special-case code for persistent volumes.
+This code will be updated to check for the two preconditions described in the previous section.
+If the preconditions are met, the object will be given a new name.
+The persistent volume will also be annotated with the original name, e.g. `velero.io/original-pv-name=NAME`.
+Importantly, the name change will occur **before** [line 890](https://github.com/heptio/velero/blob/master/pkg/restore/restore.go#L890), where Velero checks to see if it should restore the persistent volume.
+Additionally, the old and new persistent volume names will be recorded in a new field that will be added to the `context` struct, `renamedPVs map[string]string`.
+
+In the special-case code for persistent volume claims starting on [line 987](https://github.com/heptio/velero/blob/master/pkg/restore/restore.go#L987), Velero will check to see if the claimed persistent volume has been renamed by looking in `ctx.renamedPVs`.
+If so, Velero will update the persistent volume claim's `spec.volumeName` to the new name.
+
+## Alternatives Considered
+
+One alternative approach is to add a new CLI flag and API field for restores, e.g. `--clone-pvs`, that a user could provide to indicate they want to create copies of persistent volumes.
+This approach would work fine, but it does require the user to be aware of this flag/field and to properly specify it when needed.
+It seems like a better UX to detect the typical conditions where this behavior is needed, and to automatically apply it.
+Additionally, the design proposed here does not preclude such a flag/field from being added later, if it becomes necessary to cover other use cases.
+
+## Security Considerations
+
+N/A

design/restic-backup-and-restore-progress.md

@@ -0,0 +1,116 @@
+# Progress reporting for restic backups and restores
+
+Status: Accepted
+
+During long-running restic backups/restores, there is no visibility into what (if anything) is happening, making it hard to know if the backup/restore is making progress or hung, how long the operation might take, etc.
+We should capture progress during restic operations and make it user-visible so that it's easier to reason about.
+This document proposes an approach for capturing progress of backup and restore operations and exposing this information to users.
+
+## Goals
+
+- Provide basic visibility into restic operations to inform users about their progress.
+
+## Non Goals
+
+- Capturing progress for non-restic backups and restores.
+
+## Background
+
+(Omitted, see introduction)
+
+## High-Level Design
+
+### restic backup progress
+
+The `restic backup` command provides progress reporting to stdout in JSON format, which includes the completion percentage of the backup.
+This progress will be read on some interval and the PodVolumeBackup Custom Resource's (CR) status will be updated with this information.
+
+### restic restore progress
+
+The `restic stats` command returns the total size of a backup.
+This can be compared with the total size the volume periodically to calculate the completion percentage of the restore.
+The PodVolumeRestore CR's status will be updated with this information.
+
+## Detailed Design
+
+## Changes to PodVolumeBackup and PodVolumeRestore Status type
+
+A new `Progress` field will be added to PodVolumeBackupStatus and PodVolumeRestoreStatus of type `PodVolumeOperationProgress`:
+
+```
+type PodVolumeOperationProgress struct {
+  TotalBytes int64
+  BytesDone int64
+}
+```
+
+### restic backup progress
+
+restic added support for [streaming JSON output for the `restic backup` command](https://github.com/restic/restic/pull/1944) in 0.9.5.
+Our current images ship restic 0.9.4, and so the Dockerfile will be updated to pull the new version: https://github.com/heptio/velero/blob/af4b9373fc73047f843cd4bc3648603d780c8b74/Dockerfile-velero#L21.
+With the `--json` flag, `restic backup` outputs single lines of JSON reporting the status of the backup:
+
+```
+{"message_type":"status","percent_done":0,"total_files":1,"total_bytes":21424504832}
+{"message_type":"status","action":"scan_finished","item":"","duration":0.219241873,"data_size":49461329920,"metadata_size":0,"total_files":10}
+{"message_type":"status","percent_done":0,"total_files":10,"total_bytes":49461329920,"current_files":["/file3"]}
+{"message_type":"status","percent_done":0.0003815984736061056,"total_files":10,"total_bytes":49461329920,"bytes_done":18874368,"current_files":["/file1","/file3"]}
+{"message_type":"status","percent_done":0.0011765952936188255,"total_files":10,"total_bytes":49461329920,"bytes_done":58195968,"current_files":["/file1","/file3"]}
+{"message_type":"status","percent_done":0.0019503921984312064,"total_files":10,"total_bytes":49461329920,"bytes_done":96468992,"current_files":["/file1","/file3"]}
+{"message_type":"status","percent_done":0.0028089887640449437,"total_files":10,"total_bytes":49461329920,"bytes_done":138936320,"current_files":["/file1","/file3"]}
+```
+
+The [command factory for backup](https://github.com/heptio/velero/blob/af4b9373fc73047f843cd4bc3648603d780c8b74/pkg/restic/command_factory.go#L37) will be updated to include the `--json` flag.
+The code to run the `restic backup` command (https://github.com/heptio/velero/blob/af4b9373fc73047f843cd4bc3648603d780c8b74/pkg/controller/pod_volume_backup_controller.go#L241) will be changed to include a Goroutine that reads from the command's stdout stream.
+The implementation of this will largely follow [@jmontleon's PoC](https://github.com/fusor/velero/pull/4/files) of this.
+The Goroutine will periodically read the stream (every 10 seconds) and get the last printed status line, which will be convered to JSON.
+If `bytes_done` is empty, restic has not finished scanning the volume and hasn't calculated the `total_bytes`.
+In this case, we will not update the PodVolumeBackup and instead will wait for the next iteration.
+Once we get a non-zero value for `bytes_done`, the `bytes_done` and `total_bytes` properties will be read and the PodVolumeBackup will be patched to update `status.Progress.BytesDone` and `status.Progress.TotalBytes` respectively.
+
+Once the backup has completed successfully, the PodVolumeBackup will be patched to set `status.Progress.BytesDone = status.Progress.TotalBytes`.
+This is done since the main thread may cause early termination of the Goroutine once the operation has finished, preventing a final update to the `BytesDone` property.
+
+### restic restore progress
+
+The `restic stats <snapshot_id> --json` command provides information about the size of backups:
+
+```
+{"total_size":10558111744,"total_file_count":11}
+```
+
+Before beginning the restore operation, we can use the output of `restic stats` to get the total size of the backup.
+The PodVolumeRestore will be patched to set `status.Progress.TotalBytes` to the total size of the backup.
+
+The code to run the `restic restore` command will be changed to include a Goroutine that periodically (every 10 seconds) gets the current size of the volume.
+To get the current size of the volume, we will recursively walkthrough all files in the volume to accumulate the total size.
+The current total size is the number of bytes transferred so far and the PodVolumeRestore will be patched to update `status.Progress.BytesDone`.
+
+Once the restore has completed successfully, the PodVolumeRestore will be patched to set `status.Progress.BytesDone = status.Progress.TotalBytes`.
+This is done since the main thread may cause early termination of the Goroutine once the operation has finished, preventing a final update to the `BytesDone` property.
+
+### Velero CLI changes
+
+The output that describes detailed information about [PodVolumeBackups](https://github.com/heptio/velero/blob/559d62a2ec99f7a522924348fc4a173a0699813a/pkg/cmd/util/output/backup_describer.go#L349) and [PodVolumeRestores](https://github.com/heptio/velero/blob/559d62a2ec99f7a522924348fc4a173a0699813a/pkg/cmd/util/output/restore_describer.go#L160) will be updated to calculate and display a completion percentage from `status.Progress.TotalBytes` and `status.Progress.BytesDone` if available.
+
+## Open Questions
+
+- Can we assume that the volume we are restoring in will be empty? Can it contain other artefacts?
+  - Based on discussion in this PR, we are okay making the assumption that the PVC is empty and will proceed with the above proposed approach.
+
+## Alternatives Considered
+
+### restic restore progress
+
+If we cannot assume that the volume we are restoring into will be empty, we can instead use the output from `restic snapshot` to get the list of files in the backup.
+This can then be used to calculate the current total size of just those files in the volume, so that we avoid considering any other files unrelated to the backup.
+The above proposed approach is simpler than this one, as we don't need to keep track of each file in the backup, but this will be more robust if the volume could contain other files not included in the backup.
+It's possible that certain volume types may contain hidden files that could attribute to the total size of the volume, though these should be small enough that the BytesDone calculation will only be slightly inflated.
+
+Another option is to contribute progress reporting similar to `restic backup` for `restic restore` upstream.
+This may take more time, but would give us a more native view on the progress of a restore.
+There are several issues about this already in the restic repo (https://github.com/restic/restic/issues/426, https://github.com/restic/restic/issues/1154), and what looks like an abandoned attempt (https://github.com/restic/restic/pull/2003) which we may be able to pick up.
+
+## Security Considerations
+
+N/A

docs/about.md

@@ -1,71 +0,0 @@
-# How Ark Works
-
-Each Ark operation -- on-demand backup, scheduled backup, restore -- is a custom resource, defined with a Kubernetes [Custom Resource Definition (CRD)][20] and stored in [etcd][22]. The config custom resource specifies core information and options such as cloud provider settings. Ark also includes controllers that process the custom resources to perform backups, restores, and all related operations.
-
-You can back up or restore all objects in your cluster, or you can filter objects by type, namespace, and/or label.
-
-Ark is ideal for the disaster recovery use case, as well as for snapshotting your application state, prior to performing system operations on your cluster (e.g. upgrades).
-
-## On-demand backups
-
-The **backup** operation:
-
-1. Uploads a tarball of copied Kubernetes objects into cloud object storage.
-
-1. Calls the cloud provider API to make disk snapshots of persistent volumes, if specified.
-
-You can optionally specify hooks to be executed during the backup. For example, you might
-need to tell a database to flush its in-memory buffers to disk before taking a snapshot. [More about hooks][10].
-
-Note that cluster backups are not strictly atomic. If Kubernetes objects are being created or edited at the time of backup, they might not be included in the backup. The odds of capturing inconsistent information are low, but it is possible.
-
-## Scheduled backups
-
-The **schedule** operation allows you to back up your data at recurring intervals. The first backup is performed when the schedule is first created, and subsequent backups happen at the schedule's specified interval. These intervals are specified by a Cron expression.
-
-Scheduled backups are saved with the name `<SCHEDULE NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*.
-
-## Restores
-
-The **restore** operation allows you to restore all of the objects and persistent volumes from a previously created backup. You can also restore only a filtered subset of objects and persistent volumes. Ark supports multiple namespace remapping--for example, in a single restore, objects in namespace "abc" can be recreated under namespace "def", and the objects in namespace "123" under "456".
-
-The default name of a restore is `<BACKUP NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*. You can also specify a custom name. A restored object also includes a label with key `ark-restore` and value `<RESTORE NAME>`.
-
-You can also run the Ark server in restore-only mode, which disables backup, schedule, and garbage collection functionality during disaster recovery.
-
-## Backup workflow
-
-When you run `ark backup create test-backup`:
-
-1. The Ark client makes a call to the Kubernetes API server to create a `Backup` object.
-
-1. The `BackupController` notices the new `Backup` object and performs validation.
-
-1. The `BackupController` begins the backup process. It collects the data to back up by querying the API server for resources.
-
-1. The `BackupController` makes a call to the object storage service -- for example, AWS S3 -- to upload the backup file.
-
-By default, `ark backup create` makes disk snapshots of any persistent volumes. You can adjust the snapshots by specifying additional flags. See [the CLI help][30] for more information. Snapshots can be disabled with the option `--snapshot-volumes=false`.
-
-![19]
-
-## Set a backup to expire
-
-When you create a backup, you can specify a TTL by adding the flag `--ttl <DURATION>`. If Ark sees that an existing backup resource is expired, it removes:
-
-* The backup resource
-* The backup file from cloud object storage
-* All PersistentVolume snapshots
-* All associated Restores
-
-## Object storage sync
-
-Heptio Ark treats object storage as the source of truth. It continuously checks to see that the correct backup resources are always present. If there is a properly formatted backup file in the storage bucket, but no corresponding backup resource in the Kubernetes API, Ark synchronizes the information from object storage to Kubernetes.
-
-This allows restore functionality to work in a cluster migration scenario, where the original backup objects do not exist in the new cluster.
-
-[19]: /img/backup-process.png
-[20]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#customresourcedefinitions
-[21]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#custom-controllers
-[22]: https://github.com/coreos/etcd
-[30]: https://github.com/heptio/ark/blob/master/docs/cli-reference/ark_create_backup.md

docs/aws-config.md

@@ -1,299 +0,0 @@
-# Run Ark on AWS
-
-To set up Ark on AWS, you:
-
-* Create your S3 bucket
-* Create an AWS IAM user for Ark
-* Configure the server
-* Create a Secret for your credentials
-
-If you do not have the `aws` CLI locally installed, follow the [user guide][5] to set it up.
-
-## Create S3 bucket
-
-Heptio Ark requires an object storage bucket to store backups in. Create an S3 bucket, replacing placeholders appropriately:
-
-```bash
-aws s3api create-bucket \
-    --bucket <YOUR_BUCKET> \
-    --region <YOUR_REGION> \
-    --create-bucket-configuration LocationConstraint=<YOUR_REGION>
-```
-NOTE: us-east-1 does not support a `LocationConstraint`.  If your region is `us-east-1`, omit the bucket configuration:
-
-```bash
-aws s3api create-bucket \
-    --bucket <YOUR_BUCKET> \
-    --region us-east-1
-```
-
-## Create IAM user
-
-For more information, see [the AWS documentation on IAM users][14].
-
-1. Create the IAM user:
-
-    ```bash
-    aws iam create-user --user-name heptio-ark
-    ```
-
-2. Attach policies to give `heptio-ark` the necessary permissions:
-
-    ```bash
-    BUCKET=<YOUR_BUCKET>
-    cat > heptio-ark-policy.json <<EOF
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:DescribeVolumes",
-                    "ec2:DescribeSnapshots",
-                    "ec2:CreateTags",
-                    "ec2:CreateVolume",
-                    "ec2:CreateSnapshot",
-                    "ec2:DeleteSnapshot"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:GetObject",
-                    "s3:DeleteObject",
-                    "s3:PutObject",
-                    "s3:AbortMultipartUpload",
-                    "s3:ListMultipartUploadParts"
-                ],
-                "Resource": [
-                    "arn:aws:s3:::${BUCKET}/*"
-                ]
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:ListBucket"
-                ],
-                "Resource": [
-                    "arn:aws:s3:::${BUCKET}"
-                ]
-            }
-        ]
-    }
-    EOF
-
-    aws iam put-user-policy \
-      --user-name heptio-ark \
-      --policy-name heptio-ark \
-      --policy-document file://heptio-ark-policy.json
-    ```
-
-3. Create an access key for the user:
-
-    ```bash
-    aws iam create-access-key --user-name heptio-ark
-    ```
-
-    The result should look like:
-
-    ```json
-     {
-        "AccessKey": {
-              "UserName": "heptio-ark",
-              "Status": "Active",
-              "CreateDate": "2017-07-31T22:24:41.576Z",
-              "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
-              "AccessKeyId": <AWS_ACCESS_KEY_ID>
-          }
-     }
-    ```
-
-4. Create an Ark-specific credentials file (`credentials-ark`) in your local directory:
-
-    ```
-    [default]
-    aws_access_key_id=<AWS_ACCESS_KEY_ID>
-    aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
-    ```
-
-    where the access key id and secret are the values returned from the `create-access-key` request.
-
-## Credentials and configuration
-
-In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
-
-```bash
-kubectl apply -f examples/common/00-prereqs.yaml
-```
-
-Create a Secret. In the directory of the credentials file you just created, run:
-
-```bash
-kubectl create secret generic cloud-credentials \
-    --namespace <ARK_NAMESPACE> \
-    --from-file cloud=credentials-ark
-```
-
-Specify the following values in the example files:
-
-* In `examples/aws/00-ark-config.yaml`:
-
-  * Replace `<YOUR_BUCKET>` and `<YOUR_REGION>` (for S3, region is optional and will be queried from the AWS S3 API if not provided). See the [Config definition][6] for details.
-
-* (Optional) If you run the nginx example, in file `examples/nginx-app/with-pv.yaml`:
-
-    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `gp2`. This is AWS's default `StorageClass` name.
-
-* (Optional) If you have multiple clusters and you want to support migration of resources between them, in file `examples/aws/10-deployment.yaml`:
-
-    * Uncomment the environment variable `AWS_CLUSTER_NAME` and replace `<YOUR_CLUSTER_NAME>` with the current cluster's name. When restoring backup, it will make Ark (and cluster it's running on) claim ownership of AWS volumes created from snapshots taken on different cluster.
-    The best way to get the current cluster's name is to either check it with used deployment tool or to read it directly from the EC2 instances tags. 
-    
-      The following listing shows how to get the cluster's nodes EC2 Tags. First, get the nodes external IDs (EC2 IDs):
-
-        ```bash
-        kubectl get nodes -o jsonpath='{.items[*].spec.externalID}'
-        ```
-    
-      Copy one of the returned IDs `<ID>` and use it with the `aws` CLI tool to search for one of the following:
-
-      * The `kubernetes.io/cluster/<AWS_CLUSTER_NAME>` tag of the value `owned`. The `<AWS_CLUSTER_NAME>` is then your cluster's name:
-
-          ```bash
-          aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=value,Values=owned"
-          ```
-    
-      * If the first output returns nothing, then check for the legacy Tag `KubernetesCluster` of the value `<AWS_CLUSTER_NAME>`:
-
-          ```bash
-          aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=key,Values=KubernetesCluster"
-        ```
-
-## Start the server
-
-In the root of your Ark directory, run:
-
-  ```bash
-  kubectl apply -f examples/aws/00-ark-config.yaml
-  kubectl apply -f examples/aws/10-deployment.yaml
-  ```
-
-## ALTERNATIVE: Setup permissions using kube2iam
-
-[Kube2iam](https://github.com/jtblin/kube2iam) is a Kubernetes application that allows managing AWS IAM permissions for pod via annotations rather than operating on API keys.
-
-> This path assumes you have `kube2iam` already running in your Kubernetes cluster. If that is not the case, please install it first, following the docs here: https://github.com/jtblin/kube2iam
-
-It can be set up for Ark by creating a role that will have required permissions, and later by adding the permissions annotation on the ark deployment to define which role it should use internally.
-
-1. Create a Trust Policy document to allow the role being used for EC2 management & assume kube2iam role:
-
-    ```bash
-    cat > heptio-ark-trust-policy.json <<EOF
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": "ec2.amazonaws.com"
-                },
-                "Action": "sts:AssumeRole"
-            },
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<ROLE_CREATED_WHEN_INITIALIZING_KUBE2IAM>"
-                },
-                "Action": "sts:AssumeRole"
-            }
-        ]
-    }
-    EOF
-    ```
-
-2. Create the IAM role:
-
-    ```bash
-    aws iam create-role --role-name heptio-ark --assume-role-policy-document file://./heptio-ark-trust-policy.json
-    ```
-
-3. Attach policies to give `heptio-ark` the necessary permissions:
-
-    ```bash
-    BUCKET=<YOUR_BUCKET>
-    cat > heptio-ark-policy.json <<EOF
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:DescribeVolumes",
-                    "ec2:DescribeSnapshots",
-                    "ec2:CreateTags",
-                    "ec2:CreateVolume",
-                    "ec2:CreateSnapshot",
-                    "ec2:DeleteSnapshot"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:GetObject",
-                    "s3:DeleteObject",
-                    "s3:PutObject",
-                    "s3:AbortMultipartUpload",
-                    "s3:ListMultipartUploadParts"
-                ],
-                "Resource": [
-                    "arn:aws:s3:::${BUCKET}/*"
-                ]
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:ListBucket"
-                ],
-                "Resource": [
-                    "arn:aws:s3:::${BUCKET}"
-                ]
-            }
-        ]
-    }
-    EOF
-
-    aws iam put-role-policy \
-      --role-name heptio-ark \
-      --policy-name heptio-ark-policy \
-      --policy-document file://./heptio-ark-policy.json
-    ```
-4. Update AWS_ACCOUNT_ID & HEPTIO_ARK_ROLE_NAME in the file `examples/aws/10-deployment-kube2iam.yaml`:
-
-    ```
-    ---
-    apiVersion: apps/v1beta1
-    kind: Deployment
-    metadata:
-        namespace: heptio-ark
-        name: ark
-    spec:
-        replicas: 1
-        template:
-            metadata:
-                labels:
-                    component: ark
-                annotations:
-                    iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_ID>:role/heptio-ark
-    ...
-    ```
-
-5. Run Ark deployment using the file `examples/aws/10-deployment-kube2iam.yaml`.
-
-[0]: namespace.md
-[5]: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
-[6]: config-definition.md#aws
-[14]: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
-[20]: faq.md

docs/cloud-common.md

@@ -1,82 +0,0 @@
-# Set up Ark with your cloud provider
-
-To run Ark with your cloud provider, you specify provider-specific settings for the Ark server. In version 0.7.0 and later, you can run Ark in any namespace, which requires additional customization. See [Run in custom namespace][3].
-
-The Ark repository includes a set of example YAML files that specify the settings for each cloud provider. For provider-specific instructions, see:
-
-* [Run Ark on AWS][0]
-* [Run Ark on GCP][1]
-* [Run Ark on Azure][2]
-* [Use IBM Cloud Object Store as Ark's storage destination][4]
-
-In version 0.9.0 and later, you can use Ark's integration with restic, which requires additional setup. See [Restic instructions][20].
-
-## Examples
-
-After you set up the Ark server, try these examples:
-
-### Basic example (without PersistentVolumes)
-
-1. Start the sample nginx app:
-
-    ```bash
-    kubectl apply -f examples/nginx-app/base.yaml
-    ```
-
-1. Create a backup:
-
-    ```bash
-    ark backup create nginx-backup --include-namespaces nginx-example
-    ```
-
-1. Simulate a disaster:
-
-    ```bash
-    kubectl delete namespaces nginx-example
-    ```
-
-    Wait for the namespace to be deleted.
-
-1. Restore your lost resources:
-
-    ```bash
-    ark restore create --from-backup nginx-backup
-    ```
-
-### Snapshot example (with PersistentVolumes)
-
-> NOTE: For Azure, your Kubernetes cluster needs to be version 1.7.2+ to support PV snapshotting of its managed disks.
-
-1. Start the sample nginx app:
-
-    ```bash
-    kubectl apply -f examples/nginx-app/with-pv.yaml
-    ```
-
-1. Create a backup with PV snapshotting:
-
-    ```bash
-    ark backup create nginx-backup --include-namespaces nginx-example
-    ```
-
-1. Simulate a disaster:
-
-    ```bash
-    kubectl delete namespaces nginx-example
-    ```
-
-    Because the default [reclaim policy][19] for dynamically-provisioned PVs is "Delete", these commands should trigger your cloud provider to delete the disk backing the PV. The deletion process is asynchronous so this may take some time. **Before continuing to the next step, check your cloud provider to confirm that the disk no longer exists.**
-
-1. Restore your lost resources:
-
-    ```bash
-    ark restore create --from-backup nginx-backup
-    ```
-
-[0]: aws-config.md
-[1]: gcp-config.md
-[2]: azure-config.md
-[3]: namespace.md
-[4]: ibm-config.md
-[19]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
-[20]: https://github.com/heptio/ark/blob/master/docs/restic.md

docs/faq.md

@@ -1,38 +0,0 @@
-# FAQ
-
-## When is it appropriate to use Ark instead of etcd's built in backup/restore?
-
-Etcd's backup/restore tooling is good for recovering from data loss in a single etcd cluster. For
-example, it is a good idea to take a backup of etcd prior to upgrading etcd itself. For more
-sophisticated management of your Kubernetes cluster backups and restores, we feel that Ark is
-generally a better approach. It gives you the ability to throw away an unstable cluster and restore
-your Kubernetes resources and data into a new cluster, which you can't do easily just by backing up
-and restoring etcd.
-
-Examples of cases where Ark is useful:
-
-* you don't have access to etcd (e.g. you're running on GKE)
-* backing up both Kubernetes resources and persistent volume state
-* cluster migrations
-* backing up a subset of your Kubernetes resources
-* backing up Kubernetes resources that are stored across multiple etcd clusters (for example if you
-  run a custom apiserver)
-
-## Will Ark restore my Kubernetes resources exactly the way they were before?
-
-Yes, with some exceptions. For example, when Ark restores pods it deletes the `nodeName` from the
-pod so that it can be scheduled onto a new node. You can see some more examples of the differences
-in [pod_action.go](https://github.com/heptio/ark/blob/master/pkg/restore/pod_action.go)
-
-## I'm using Ark in multiple clusters. Should I use the same bucket to store all of my backups?
-
-We **strongly** recommend that you use a separate bucket per cluster to store backups. Sharing a bucket
-across multiple Ark instances can lead to numerous problems - failed backups, overwritten backups,
-inadvertently deleted backups, etc., all of which can be avoided by using a separate bucket per Ark
-instance.
-
-Related to this, if you need to restore a backup from cluster A into cluster B, please use [restore-only][1]
-mode in cluster B's Ark instance while it's configured to use cluster A's bucket. This will ensure no 
-new backups are created, and no existing backups are deleted or overwritten.
-
-[1]: config-definition.md#main-config-parameters

docs/gcp-config.md

@@ -1,121 +0,0 @@
-# Run Ark on GCP
-
-You can run Kubernetes on Google Cloud Platform in either of: 
-
-* Kubernetes on Google Compute Engine virtual machines
-* Google Kubernetes Engine 
-
-If you do not have the `gcloud` and `gsutil` CLIs locally installed, follow the [user guide][16] to set them up.
-
-## Create GCS bucket
-
-Heptio Ark requires an object storage bucket in which to store backups. Create a GCS bucket, replacing placeholder appropriately:
-
-```bash
-gsutil mb gs://<YOUR_BUCKET>/
-```
-
-## Create service account
-
-To integrate Heptio Ark with GCP, create an Ark-specific [Service Account][15]:
-
-1. View your current config settings:
-
-    ```bash
-    gcloud config list
-    ```
-
-    Store the `project` value from the results in the environment variable `$PROJECT_ID`.
-
-2. Create a service account:
-
-    ```bash
-    gcloud iam service-accounts create heptio-ark \
-        --display-name "Heptio Ark service account"
-    ```
-
-    Then list all accounts and find the `heptio-ark` account you just created:
-    ```bash
-    gcloud iam service-accounts list
-    ```
-
-    Set the `$SERVICE_ACCOUNT_EMAIL` variable to match its `email` value.
-
-3. Attach policies to give `heptio-ark` the necessary permissions to function:
-
-    ```bash
-    BUCKET=<YOUR_BUCKET>
-    
-    ROLE_PERMISSIONS=(
-        compute.disks.get
-        compute.disks.create
-        compute.disks.createSnapshot
-        compute.snapshots.get
-        compute.snapshots.create
-        compute.snapshots.useReadOnly
-        compute.snapshots.delete
-    )
-
-    gcloud iam roles create heptio_ark.server \
-        --project $PROJECT_ID \
-        --title "Heptio Ark Server" \
-        --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"    
-
-    gcloud projects add-iam-policy-binding $PROJECT_ID \
-        --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
-        --role projects/$PROJECT_ID/roles/heptio_ark.server
-
-    gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
-    ```
-
-4. Create a service account key, specifying an output file (`credentials-ark`) in your local directory:
-
-    ```bash
-    gcloud iam service-accounts keys create credentials-ark \
-        --iam-account $SERVICE_ACCOUNT_EMAIL
-    ```
-
-## Credentials and configuration
-
-If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects.
-See [the GKE documentation][22] for more information.
-
-In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
-
-```bash
-kubectl apply -f examples/common/00-prereqs.yaml
-```
-
-Create a Secret. In the directory of the credentials file you just created, run:
-
-```bash
-kubectl create secret generic cloud-credentials \
-    --namespace <ARK_NAMESPACE> \
-    --from-file cloud=credentials-ark
-```
-
-Specify the following values in the example files:
-
-* In file `examples/gcp/00-ark-config.yaml`:
-
-  * Replace `<YOUR_BUCKET>`. See the [Config definition][7] for details.
-
-* (Optional) If you run the nginx example, in file `examples/nginx-app/with-pv.yaml`:
-
-    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `standard`. This is GCP's default `StorageClass` name.
-
-## Start the server
-
-In the root of your Ark directory, run:
-
-  ```bash
-  kubectl apply -f examples/gcp/00-ark-config.yaml
-  kubectl apply -f examples/gcp/10-deployment.yaml
-  ```
-
-  [0]: namespace.md
-  [7]: config-definition.md#gcp
-  [15]: https://cloud.google.com/compute/docs/access/service-accounts
-  [16]: https://cloud.google.com/sdk/docs/
-  [22]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#prerequisites_for_using_role-based_access_control
-

docs/generate/ark.go

@@ -1,39 +0,0 @@
-/*
-Copyright 2017 the Heptio Ark contributors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"log"
-	"os"
-
-	"github.com/heptio/ark/pkg/cmd/ark"
-	"github.com/spf13/cobra/doc"
-)
-
-func main() {
-	cmdName := os.Args[1]
-	outputDir := os.Args[2]
-
-	cmd := ark.NewCommand(cmdName)
-	// Remove auto-generated timestamps
-	cmd.DisableAutoGenTag = true
-
-	err := doc.GenMarkdownTree(cmd, outputDir)
-	if err != nil {
-		log.Fatal(err)
-	}
-}

docs/restic.md

@@ -1,267 +0,0 @@
-# Restic Integration
-
-As of version 0.9.0, Ark has support for backing up and restoring Kubernetes volumes using a free open-source backup tool called 
-[restic][1].
-
-Ark has always allowed you to take snapshots of persistent volumes as part of your backups if you’re using one of 
-the supported cloud providers’ block storage offerings (Amazon EBS Volumes, Azure Managed Disks, Google Persistent Disks). 
-Starting with version 0.6.0, we provide a plugin model that enables anyone to implement additional object and block storage 
-backends, outside the main Ark repository.
-
-We integrated restic with Ark so that users have an out-of-the-box solution for backing up and restoring almost any type of Kubernetes
-volume*. This is a new capability for Ark, not a replacement for existing functionality. If you're running on AWS, and
-taking EBS snapshots as part of your regular Ark backups, there's no need to switch to using restic. However, if you've
-been waiting for a snapshot plugin for your storage platform, or if you're using EFS, AzureFile, NFS, emptyDir, 
-local, or any other volume type that doesn't have a native snapshot concept, restic might be for you.
-
-Restic is not tied to a specific storage platform, which means that this integration also paves the way for future work to enable
-cross-volume-type data migrations. Stay tuned as this evolves!
-
-\* hostPath volumes are not supported, but the [new local volume type][4] is supported.
-
-## Setup
-
-### Prerequisites
-
-- A working install of Ark version 0.9.0 or later. See [Set up Ark][2]
-- A local clone of [the latest release tag of the Ark repository][3]
-
-#### Additional steps if upgrading from version 0.9 alpha
-
-- Manually delete all of the repositories/data from your existing restic bucket
-- Delete all Ark backups from your cluster using `ark backup delete`
-- Delete all secrets named `ark-restic-credentials` across all namespaces in your cluster
-
-### Instructions
-
-1. Download an updated Ark client from the [latest release][3], and move it to a location in your PATH.
-
-1. From the Ark root directory, run the following to create new custom resource definitions:
-
-    ```bash
-    kubectl apply -f examples/common/00-prereqs.yaml
-    ```
-
-1. Run one of the following for your platform to create the daemonset:
-
-    - AWS: `kubectl apply -f examples/aws/20-restic-daemonset.yaml`
-    - Azure: `kubectl apply -f examples/azure/20-restic-daemonset.yaml`
-    - GCP: `kubectl apply -f examples/gcp/20-restic-daemonset.yaml`
-    - Minio: `kubectl apply -f examples/minio/30-restic-daemonset.yaml`
-
-1. Create a new bucket for restic to store its data in, and give the `heptio-ark` IAM user access to it, similarly to
-the main Ark bucket you've already set up. Note that this must be a different bucket than the main Ark bucket.
-We plan to remove this limitation in a future release.
-
-1. Uncomment `resticLocation` in your Ark config and set the value appropriately, then apply:
-    
-    - AWS: `kubectl apply -f examples/aws/00-ark-config.yaml`
-    - Azure: `kubectl apply -f examples/azure/10-ark-config.yaml`
-    - GCP: `kubectl apply -f examples/gcp/00-ark-config.yaml`
-    - Minio: `kubectl apply -f examples/minio/10-ark-config.yaml`
-
-    Note that `resticLocation` may either be just a bucket name, e.g. `my-restic-bucket`, or a bucket name plus a prefix under
-    which you'd like the restic data to be stored, e.g. `my-restic-bucket/ark-repos`.
-
-You're now ready to use Ark with restic.
-
-## Back up
-
-1. Run the following for each pod that contains a volume to back up:
-
-    ```bash
-    kubectl -n YOUR_POD_NAMESPACE annotate pod/YOUR_POD_NAME backup.ark.heptio.com/backup-volumes=YOUR_VOLUME_NAME_1,YOUR_VOLUME_NAME_2,...
-    ```
-
-    where the volume names are the names of the volumes in the pod spec. 
-    
-    For example, for the following pod:
-
-    ```bash
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: sample
-      namespace: foo
-    spec:
-      containers:
-      - image: k8s.gcr.io/test-webserver
-        name: test-webserver
-        volumeMounts:
-        - name: pvc-volume
-          mountPath: /volume-1
-        - name: emptydir-volume
-          mountPath: /volume-2
-      volumes:
-      - name: pvc-volume
-        persistentVolumeClaim: 
-          claimName: test-volume-claim
-      - name: emptydir-volume
-        emptyDir: {}
-    ```
-
-    You'd run:
-    ```bash
-    kubectl -n foo annotate pod/sample backup.ark.heptio.com/backup-volumes=pvc-volume,emptydir-volume
-    ```
-
-    This annotation can also be provided in a pod template spec if you use a controller to manage your pods.
-
-1. Take an Ark backup:
-
-    ```bash
-    ark backup create NAME OPTIONS...
-    ```
-
-1. When the backup completes, view information about the backups:
-
-    ```bash
-    ark backup describe YOUR_BACKUP_NAME
-
-    kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=YOUR_BACKUP_NAME -o yaml
-    ```
-
-## Restore
-
-1. Restore from your Ark backup:
-
-    ```bash
-    ark restore create --from-backup BACKUP_NAME OPTIONS...
-    ```
-
-1. When the restore completes, view information about your pod volume restores:
-    
-    ```bash
-    ark restore describe YOUR_RESTORE_NAME
-
-    kubectl -n heptio-ark get podvolumerestores -l ark.heptio.com/restore-name=YOUR_RESTORE_NAME -o yaml
-    ```
-
-## Limitations
-
-- You cannot use the main Ark bucket for storing restic backups. We plan to address this issue
-in a future release.
-- `hostPath` volumes are not supported. [Local persistent volumes][4] are supported.
-- Those of you familiar with [restic][1] may know that it encrypts all of its data. We've decided to use a static, 
-common encryption key for all restic repositories created by Ark. **This means that anyone who has access to your
-bucket can decrypt your restic backup data**. Make sure that you limit access to the restic bucket
-appropriately. We plan to implement full Ark backup encryption, including securing the restic encryption keys, in 
-a future release.   
-
-## Troubleshooting
-
-Run the following checks:
-
-Are your Ark server and daemonset pods running?
-
-```bash
-kubectl get pods -n heptio-ark
-```
-
-Does your restic repository exist, and is it ready?
-
-```bash
-ark restic repo get
-
-ark restic repo get REPO_NAME -o yaml
-```
-
-Are there any errors in your Ark backup/restore?
-
-```bash
-ark backup describe BACKUP_NAME
-ark backup logs BACKUP_NAME
-
-ark restore describe RESTORE_NAME
-ark restore logs RESTORE_NAME
-```
-
-What is the status of your pod volume backups/restores?
-
-```bash
-kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=BACKUP_NAME -o yaml
-
-kubectl -n heptio-ark get podvolumerestores -l ark.heptio.com/restore-name=RESTORE_NAME -o yaml
-```
-
-Is there any useful information in the Ark server or daemon pod logs?
-
-```bash
-kubectl -n heptio-ark logs deploy/ark
-kubectl -n heptio-ark logs DAEMON_POD_NAME
-```
-
-**NOTE**: You can increase the verbosity of the pod logs by adding `--log-level=debug` as an argument
-to the container command in the deployment/daemonset pod template spec.
-
-## How backup and restore work with restic
-
-We introduced three custom resource definitions and associated controllers:
-
-- `ResticRepository` - represents/manages the lifecycle of Ark's [restic repositories][5]. Ark creates
-a restic repository per namespace when the first restic backup for a namespace is requested. The controller
-for this custom resource executes restic repository lifecycle commands -- `restic init`, `restic check`,
-and `restic prune`.
-
-    You can see information about your Ark restic repositories by running `ark restic repo get`.
-
-- `PodVolumeBackup` - represents a restic backup of a volume in a pod. The main Ark backup process creates
-one or more of these when it finds an annotated pod. Each node in the cluster runs a controller for this
-resource (in a daemonset) that handles the `PodVolumeBackups` for pods on that node. The controller executes
-`restic backup` commands to backup pod volume data. 
-
-- `PodVolumeRestore` - represents a restic restore of a pod volume. The main Ark restore process creates one
-or more of these when it encounters a pod that has associated restic backups. Each node in the cluster runs a 
-controller for this resource (in the same daemonset as above) that handles the `PodVolumeRestores` for pods 
-on that node. The controller executes `restic restore` commands to restore pod volume data.
-
-### Backup
-
-1. The main Ark backup process checks each pod that it's backing up for the annotation specifying a restic backup
-should be taken (`backup.ark.heptio.com/backup-volumes`)
-1. When found, Ark first ensures a restic repository exists for the pod's namespace, by:
-    - checking if a `ResticRepository` custom resource already exists
-    - if not, creating a new one, and waiting for the `ResticRepository` controller to init/check it
-1. Ark then creates a `PodVolumeBackup` custom resource per volume listed in the pod annotation
-1. The main Ark process now waits for the `PodVolumeBackup` resources to complete or fail
-1. Meanwhile, each `PodVolumeBackup` is handled by the controller on the appropriate node, which:
-    - has a hostPath volume mount of `/var/lib/kubelet/pods` to access the pod volume data
-    - finds the pod volume's subdirectory within the above volume
-    - runs `restic backup`
-    - updates the status of the custom resource to `Completed` or `Failed`
-1. As each `PodVolumeBackup` finishes, the main Ark process captures its restic snapshot ID and adds it as an annotation
-to the copy of the pod JSON that's stored in the Ark backup. This will be used for restores, as seen in the next section.
-
-### Restore
-
-1. The main Ark restore process checks each pod that it's restoring for annotations specifying a restic backup
-exists for a volume in the pod (`snapshot.ark.heptio.com/<volume-name>`)
-1. When found, Ark first ensures a restic repository exists for the pod's namespace, by:
-    - checking if a `ResticRepository` custom resource already exists
-    - if not, creating a new one, and waiting for the `ResticRepository` controller to init/check it (note that
-    in this case, the actual repository should already exist in object storage, so the Ark controller will simply
-    check it for integrity)
-1. Ark adds an init container to the pod, whose job is to wait for all restic restores for the pod to complete (more
-on this shortly)
-1. Ark creates the pod, with the added init container, by submitting it to the Kubernetes API
-1. Ark creates a `PodVolumeRestore` custom resource for each volume to be restored in the pod
-1. The main Ark process now waits for each `PodVolumeRestore` resource to complete or fail
-1. Meanwhile, each `PodVolumeRestore` is handled by the controller on the appropriate node, which:
-    - has a hostPath volume mount of `/var/lib/kubelet/pods` to access the pod volume data
-    - waits for the pod to be running the init container
-    - finds the pod volume's subdirectory within the above volume
-    - runs `restic restore`
-    - on success, writes a file into the pod volume, in an `.ark` subdirectory, whose name is the UID of the Ark restore
-    that this pod volume restore is for
-    - updates the status of the custom resource to `Completed` or `Failed`
-1. The init container that was added to the pod is running a process that waits until it finds a file
-within each restored volume, under `.ark`, whose name is the UID of the Ark restore being run
-1. Once all such files are found, the init container's process terminates successfully and the pod moves
-on to running other init containers/the main containers.
-
-
-[1]: https://github.com/restic/restic
-[2]: cloud-common.md
-[3]: https://github.com/heptio/ark/releases/
-[4]: https://kubernetes.io/docs/concepts/storage/volumes/#local
-[5]: http://restic.readthedocs.io/en/latest/100_references.html#terminology

docs/troubleshooting.md

@@ -1,15 +0,0 @@
-# Troubleshooting
-
-These tips can help you troubleshoot known issues. If they don't help, you can [file an issue][4], or talk to us on the [Kubernetes Slack team][25] channel `#ark-dr`.
-
-* [Debug installation/setup issues][2]
-
-* [Delete namespaces and backups][0]
-
-* [Debug restores][1]
-
-[0]: debugging-deletes.md
-[1]: debugging-restores.md
-[2]: debugging-install.md
-[4]: https://github.com/heptio/ark/issues
-[25]: http://slack.kubernetes.io/

examples/README.md

@@ -1,12 +1,11 @@
 # Examples
 
-The YAML config files in this directory can be used to quickly deploy a containerized Ark deployment.
+This directory contains sample YAML config files that can be used for exploring Velero.
 
-* `common/`: Contains manifests to set up Ark. Can be used across cloud provider platforms. (Note that Azure requires its own deployment file due to its unique way of loading credentials).
+* `minio/`: Used in the [Quickstart][0] to set up [Minio][1], a local S3-compatible object storage service. It provides a convenient way to test Velero without tying you to a specific cloud provider.
 
-* `minio/`: Used in the [Quickstart][1] to set up [Minio][0], a local S3-compatible object storage service. It provides a convenient way to test Ark without tying you to a specific cloud provider.
+* `nginx-app/`: A sample nginx app that can be used to test backups and restores.
 
-* `aws/`, `azure/`, `gcp/`, `ibm/`: Contains manifests specific to the given cloud provider's setup.
 
-[0]: https://github.com/minio/minio
-[1]: /README.md#quickstart
+[0]: /docs/contributions/minio.md
+[1]: https://github.com/minio/minio

examples/aws/00-ark-config.yaml

@@ -1,39 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: ark.heptio.com/v1
-kind: Config
-metadata:
-  namespace: heptio-ark
-  name: default
-persistentVolumeProvider:
-  name: aws
-  config:
-    region: <YOUR_REGION>
-backupStorageProvider:
-  name: aws
-  bucket: <YOUR_BUCKET>
-  # Uncomment the below line to enable restic integration.
-  # The format for resticLocation is <bucket>[/<prefix>],
-  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
-  # This MUST be a different bucket than the main Ark bucket
-  # specified just above.
-  # resticLocation: <YOUR_RESTIC_LOCATION>
-  config:
-    region: <YOUR_REGION>
-backupSyncPeriod: 30m
-gcSyncPeriod: 30m
-scheduleSyncPeriod: 1m
-restoreOnlyMode: false

examples/aws/10-deployment-kube2iam.yaml

@@ -1,50 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_ID>:role/<HEPTIO_ARK_ROLE_NAME>
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          ports:
-            - name: metrics
-              containerPort: 8085
-          command:
-            - /ark
-          args:
-            - server
-          volumeMounts:
-            - name: plugins
-              mountPath: /plugins
-      volumes:
-        - name: plugins
-          emptyDir: {}

examples/aws/10-deployment.yaml

@@ -1,62 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          command:
-            - /ark
-          args:
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: plugins
-              mountPath: /plugins
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: AWS_SHARED_CREDENTIALS_FILE
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch
-            #- name: AWS_CLUSTER_NAME
-            #  value: <YOUR_CLUSTER_NAME>
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: plugins
-          emptyDir: {}
-        - name: scratch
-          emptyDir: {}

examples/aws/20-restic-daemonset.yaml

@@ -1,69 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata: 
-  name: restic
-  namespace: heptio-ark
-spec:
-  selector:
-    matchLabels:
-      name: restic
-  template:
-    metadata:
-      labels:
-        name: restic
-    spec:
-      serviceAccountName: ark
-      securityContext:
-        runAsUser: 0
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: host-pods
-          hostPath:
-            path: /var/lib/kubelet/pods
-        - name: scratch
-          emptyDir: {}
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          command:
-            - /ark
-          args:
-            - restic 
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: host-pods
-              mountPath: /host_pods
-              mountPropagation: HostToContainer
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HEPTIO_ARK_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: AWS_SHARED_CREDENTIALS_FILE
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch

examples/azure/00-ark-deployment.yaml

@@ -1,61 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          ports:
-            - name: metrics
-              containerPort: 8085
-          command:
-            - /ark
-          args:
-            - server
-          envFrom:
-            - secretRef:
-                name: cloud-credentials
-          env:
-            - name: ARK_SCRATCH_DIR
-              value: /scratch
-          volumeMounts:
-          - name: plugins
-            mountPath: /plugins
-          - name: scratch
-            mountPath: /scratch
-      volumes:
-        - name: plugins
-          emptyDir: {}
-        - name: scratch
-          emptyDir: {}
-      nodeSelector:
-        beta.kubernetes.io/os: linux

examples/azure/10-ark-config.yaml

@@ -1,37 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: ark.heptio.com/v1
-kind: Config
-metadata:
-  namespace: heptio-ark
-  name: default
-persistentVolumeProvider:
-  name: azure
-  config:
-    apiTimeout: <YOUR_TIMEOUT>
-backupStorageProvider:
-  name: azure
-  bucket: <YOUR_BUCKET>
-  # Uncomment the below line to enable restic integration.
-  # The format for resticLocation is <bucket>[/<prefix>],
-  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
-  # This MUST be a different bucket than the main Ark bucket
-  # specified just above.
-  # resticLocation: <YOUR_RESTIC_LOCATION>
-backupSyncPeriod: 30m
-gcSyncPeriod: 30m
-scheduleSyncPeriod: 1m
-restoreOnlyMode: false

examples/azure/20-restic-daemonset.yaml

@@ -1,75 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata: 
-  name: restic
-  namespace: heptio-ark
-spec:
-  selector:
-    matchLabels:
-      name: restic
-  template:
-    metadata:
-      labels:
-        name: restic
-    spec:
-      serviceAccountName: ark
-      securityContext:
-        runAsUser: 0
-      volumes:
-        - name: host-pods
-          hostPath:
-            path: /var/lib/kubelet/pods
-        - name: scratch
-          emptyDir: {}
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          command:
-            - /ark
-          args:
-            - restic 
-            - server
-          volumeMounts:
-            - name: host-pods
-              mountPath: /host_pods
-              mountPropagation: HostToContainer
-            - name: scratch
-              mountPath: /scratch
-          envFrom:
-            - secretRef:
-                name: cloud-credentials
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HEPTIO_ARK_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: AZURE_ACCOUNT_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: cloud-credentials
-                  key: AZURE_STORAGE_ACCOUNT_ID
-            - name: AZURE_ACCOUNT_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: cloud-credentials
-                  key: AZURE_STORAGE_KEY
-            - name: ARK_SCRATCH_DIR
-              value: /scratch

examples/common/00-prereqs.yaml

@@ -1,179 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: backups.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: backups
-    kind: Backup
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: schedules.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: schedules
-    kind: Schedule
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: restores.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: restores
-    kind: Restore
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: configs.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: configs
-    kind: Config
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: downloadrequests.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: downloadrequests
-    kind: DownloadRequest
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: deletebackuprequests.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: deletebackuprequests
-    kind: DeleteBackupRequest
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: podvolumebackups.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: podvolumebackups
-    kind: PodVolumeBackup
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: podvolumerestores.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: podvolumerestores
-    kind: PodVolumeRestore
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: resticrepositories.ark.heptio.com
-  labels:
-    component: ark
-spec:
-  group: ark.heptio.com
-  version: v1
-  scope: Namespaced
-  names:
-    plural: resticrepositories
-    kind: ResticRepository
-
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: heptio-ark
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ark
-  namespace: heptio-ark
-  labels:
-    component: ark
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: ark
-  labels:
-    component: ark
-subjects:
-  - kind: ServiceAccount
-    namespace: heptio-ark
-    name: ark
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io

examples/common/README.md

@@ -1,10 +0,0 @@
-# File Structure
-
-## 00-prereqs.yaml
-
-This file contains the prerequisites necessary to run the Ark server:
-
-- `heptio-ark` namespace
-- `ark` service account
-- RBAC rules to grant permissions to the `ark` service account
-- CRDs for the Ark-specific resources (Backup, Schedule, Restore, Config)

examples/gcp/00-ark-config.yaml

@@ -1,35 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: ark.heptio.com/v1
-kind: Config
-metadata:
-  namespace: heptio-ark
-  name: default
-persistentVolumeProvider:
-  name: gcp
-backupStorageProvider:
-  name: gcp
-  bucket: <YOUR_BUCKET>
-  # Uncomment the below line to enable restic integration.
-  # The format for resticLocation is <bucket>[/<prefix>],
-  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
-  # This MUST be a different bucket than the main Ark bucket
-  # specified just above.
-  # resticLocation: <YOUR_RESTIC_LOCATION>
-backupSyncPeriod: 30m
-gcSyncPeriod: 30m
-scheduleSyncPeriod: 1m
-restoreOnlyMode: false

examples/gcp/10-deployment.yaml

@@ -1,63 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          ports:
-            - name: metrics
-              containerPort: 8085
-          command:
-            - /ark
-          args:
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: plugins
-              mountPath: /plugins
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: GOOGLE_APPLICATION_CREDENTIALS
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: plugins
-          emptyDir: {}
-        - name: scratch
-          emptyDir: {}

examples/gcp/20-restic-daemonset.yaml

@@ -1,69 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata: 
-  name: restic
-  namespace: heptio-ark
-spec:
-  selector:
-    matchLabels:
-      name: restic
-  template:
-    metadata:
-      labels:
-        name: restic
-    spec:
-      serviceAccountName: ark
-      securityContext:
-        runAsUser: 0
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: host-pods
-          hostPath:
-            path: /var/lib/kubelet/pods
-        - name: scratch
-          emptyDir: {}
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          command:
-            - /ark
-          args:
-            - restic 
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: host-pods
-              mountPath: /host_pods
-              mountPropagation: HostToContainer
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HEPTIO_ARK_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: GOOGLE_APPLICATION_CREDENTIALS
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch

examples/ibm/00-ark-config.yaml

@@ -1,37 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: ark.heptio.com/v1
-kind: Config
-metadata:
-  namespace: heptio-ark
-  name: default
-backupStorageProvider:
-  name: aws
-  bucket: <YOUR_BUCKET>
-  # Uncomment the below line to enable restic integration.
-  # The format for resticLocation is <bucket>[/<prefix>],
-  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
-  # This MUST be a different bucket than the main Ark bucket
-  # specified just above.
-  # resticLocation: <YOUR_RESTIC_LOCATION>
-  config:
-    region: <YOUR_REGION>
-    s3ForcePathStyle: "true"
-    s3Url:  <YOUR_URL_ACCESS_POINT>
-backupSyncPeriod: 30m
-gcSyncPeriod: 30m
-scheduleSyncPeriod: 1m
----

examples/ibm/10-deployment.yaml

@@ -1,63 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          ports:
-            - name: metrics
-              containerPort: 8085
-          command:
-            - /ark
-          args:
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: plugins
-              mountPath: /plugins
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: AWS_SHARED_CREDENTIALS_FILE
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: plugins
-          emptyDir: {}
-        - name: scratch
-          emptyDir: {}

examples/minio/00-minio-deployment.yaml

@@ -1,4 +1,4 @@
-# Copyright 2017 the Heptio Ark contributors.
+# Copyright 2017 the Velero contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,16 +13,25 @@
 # limitations under the License.
 
 ---
-apiVersion: apps/v1beta1
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: velero
+
+---
+apiVersion: apps/v1
 kind: Deployment
 metadata:
-  namespace: heptio-ark
+  namespace: velero
   name: minio
   labels:
     component: minio
 spec:
   strategy:
     type: Recreate
+  selector:
+    matchLabels:
+      component: minio
   template:
     metadata:
       labels:
@@ -58,11 +67,14 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  namespace: heptio-ark
+  namespace: velero
   name: minio
   labels:
     component: minio
 spec:
+  # ClusterIP is recommended for production environments.
+  # Change to NodePort if needed per documentation,
+  # but only if you run Minio in a test/trial environment, for example with Minikube.
   type: ClusterIP
   ports:
     - port: 9000
@@ -71,25 +83,11 @@ spec:
   selector:
     component: minio
 
----
-apiVersion: v1
-kind: Secret
-metadata:
-  namespace: heptio-ark
-  name: cloud-credentials
-  labels:
-    component: minio
-stringData:
-  cloud: |
-    [default]
-    aws_access_key_id = minio
-    aws_secret_access_key = minio123
-
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  namespace: heptio-ark
+  namespace: velero
   name: minio-setup
   labels:
     component: minio
@@ -109,7 +107,7 @@ spec:
         command:
         - /bin/sh
         - -c
-        - "mc --config-folder=/config config host add ark http://minio:9000 minio minio123 && mc --config-folder=/config mb -p ark/ark"
+        - "mc --config-dir=/config config host add velero http://minio:9000 minio minio123 && mc --config-dir=/config mb -p velero/velero"
         volumeMounts:
         - name: config
           mountPath: "/config"

examples/minio/10-ark-config.yaml

@@ -1,37 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: ark.heptio.com/v1
-kind: Config
-metadata:
-  namespace: heptio-ark
-  name: default
-backupStorageProvider:
-  name: aws
-  bucket: ark
-  # Uncomment the below line to enable restic integration.
-  # The format for resticLocation is <bucket>[/<prefix>],
-  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
-  # This MUST be a different bucket than the main Ark bucket
-  # specified just above.
-  # resticLocation: <YOUR_RESTIC_LOCATION>
-  config:
-    region: minio
-    s3ForcePathStyle: "true"
-    s3Url: http://minio.heptio-ark.svc:9000
-backupSyncPeriod: 1m
-gcSyncPeriod: 1m
-scheduleSyncPeriod: 1m
-restoreOnlyMode: false

examples/minio/20-ark-deployment.yaml

@@ -1,63 +0,0 @@
-# Copyright 2017 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  namespace: heptio-ark
-  name: ark
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        component: ark
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8085"
-        prometheus.io/path: "/metrics"
-    spec:
-      restartPolicy: Always
-      serviceAccountName: ark
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          ports:
-            - name: metrics
-              containerPort: 8085
-          command:
-            - /ark
-          args:
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: plugins
-              mountPath: /plugins
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: AWS_SHARED_CREDENTIALS_FILE
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: plugins
-          emptyDir: {}
-        - name: scratch
-          emptyDir: {}

examples/minio/30-restic-daemonset.yaml

@@ -1,69 +0,0 @@
-# Copyright 2018 the Heptio Ark contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata: 
-  name: restic
-  namespace: heptio-ark
-spec:
-  selector:
-    matchLabels:
-      name: restic
-  template:
-    metadata:
-      labels:
-        name: restic
-    spec:
-      serviceAccountName: ark
-      securityContext:
-        runAsUser: 0
-      volumes:
-        - name: cloud-credentials
-          secret:
-            secretName: cloud-credentials
-        - name: host-pods
-          hostPath:
-            path: /var/lib/kubelet/pods
-        - name: scratch
-          emptyDir: {}
-      containers:
-        - name: ark
-          image: gcr.io/heptio-images/ark:latest
-          command:
-            - /ark
-          args:
-            - restic
-            - server
-          volumeMounts:
-            - name: cloud-credentials
-              mountPath: /credentials
-            - name: host-pods
-              mountPath: /host_pods
-              mountPropagation: HostToContainer
-            - name: scratch
-              mountPath: /scratch
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HEPTIO_ARK_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: AWS_SHARED_CREDENTIALS_FILE
-              value: /credentials/cloud
-            - name: ARK_SCRATCH_DIR
-              value: /scratch

examples/nginx-app/README.md

@@ -4,12 +4,12 @@ This directory contains manifests for two versions of a sample Nginx app under t
 
 ## `base.yaml`
 
-This is the most basic version of the Nginx app, which can be used to test Ark's backup and restore functionality.
+This is the most basic version of the Nginx app, which can be used to test Velero's backup and restore functionality.
 
 *This can be deployed as is.*
 
 ## `with-pv.yaml`
 
-This sets up an Nginx app that logs to a persistent volume, so that Ark's PV snapshotting functionality can also be tested.
+This sets up an Nginx app that logs to a persistent volume, so that Velero's PV snapshotting functionality can also be tested.
 
 *This requires you to first replace the placeholder value `<YOUR_STORAGE_CLASS_NAME>`.*

examples/nginx-app/base.yaml

@@ -1,4 +1,4 @@
-# Copyright 2017 the Heptio Ark contributors.
+# Copyright 2017 the Velero contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,20 +21,23 @@ metadata:
     app: nginx
 
 ---
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-deployment
   namespace: nginx-example
 spec:
   replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
   template:
     metadata:
       labels:
         app: nginx
     spec:
       containers:
-      - image: nginx:1.7.9
+      - image: nginx:1.17.6
         name: nginx
         ports:
         - containerPort: 80

examples/nginx-app/with-pv.yaml

@@ -1,4 +1,4 @@
-# Copyright 2017 the Heptio Ark contributors.
+# Copyright 2017 the Velero contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,7 +29,8 @@ metadata:
   labels:
     app: nginx
 spec:
-  storageClassName: <YOUR_STORAGE_CLASS_NAME>
+  # Optional:
+  # storageClassName: <YOUR_STORAGE_CLASS_NAME>
   accessModes:
     - ReadWriteOnce
   resources:
@@ -37,24 +38,32 @@ spec:
       storage: 50Mi
 
 ---
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-deployment
   namespace: nginx-example
 spec:
   replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
   template:
     metadata:
       labels:
         app: nginx
+      annotations:
+        pre.hook.backup.velero.io/container: fsfreeze
+        pre.hook.backup.velero.io/command: '["/sbin/fsfreeze", "--freeze", "/var/log/nginx"]'
+        post.hook.backup.velero.io/container: fsfreeze
+        post.hook.backup.velero.io/command: '["/sbin/fsfreeze", "--unfreeze", "/var/log/nginx"]'
     spec:
       volumes:
         - name: nginx-logs
           persistentVolumeClaim:
            claimName: nginx-logs
       containers:
-      - image: nginx:1.7.9
+      - image: nginx:1.17.6
         name: nginx
         ports:
         - containerPort: 80
@@ -62,7 +71,20 @@ spec:
           - mountPath: "/var/log/nginx"
             name: nginx-logs
             readOnly: false
+      - image: ubuntu:bionic
+        name: fsfreeze
+        securityContext:
+          privileged: true
+        volumeMounts:
+          - mountPath: "/var/log/nginx"
+            name: nginx-logs
+            readOnly: false
+        command:
+          - "/bin/bash"
+          - "-c"
+          - "sleep infinity"
 
+  
 ---
 apiVersion: v1
 kind: Service

go.mod

@@ -0,0 +1,42 @@
+module github.com/vmware-tanzu/velero
+
+go 1.14
+
+require (
+	cloud.google.com/go v0.46.2 // indirect
+	github.com/Azure/azure-sdk-for-go v35.0.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.9.0
+	github.com/Azure/go-autorest/autorest/adal v0.5.0
+	github.com/Azure/go-autorest/autorest/to v0.3.0
+	github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
+	github.com/aws/aws-sdk-go v1.13.12
+	github.com/docker/spdystream v0.0.0-20170912183627-bc6354cbbc29 // indirect
+	github.com/evanphx/json-patch v4.5.0+incompatible
+	github.com/go-ini/ini v1.28.2 // indirect
+	github.com/gobwas/glob v0.2.3
+	github.com/gofrs/uuid v3.2.0+incompatible
+	github.com/golang/protobuf v1.3.2
+	github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd
+	github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1bc61569a26
+	github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 // indirect
+	github.com/joho/godotenv v1.3.0
+	github.com/kubernetes-csi/external-snapshotter/v2 v2.1.0
+	github.com/pkg/errors v0.8.1
+	github.com/prometheus/client_golang v1.0.0
+	github.com/robfig/cron v0.0.0-20170309132418-df38d32658d8
+	github.com/sirupsen/logrus v1.4.2
+	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/spf13/afero v1.2.2
+	github.com/spf13/cobra v0.0.5
+	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.4.0
+	golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
+	google.golang.org/grpc v1.26.0
+	k8s.io/api v0.17.4
+	k8s.io/apiextensions-apiserver v0.17.4
+	k8s.io/apimachinery v0.17.4
+	k8s.io/cli-runtime v0.17.4
+	k8s.io/client-go v0.17.4
+	k8s.io/klog v1.0.0
+	k8s.io/utils v0.0.0-20191218082557-f07c713de883 // indirect
+)