Merge pull request #760 from skriss/v0.9.3-cherrypicks

V0.9.3 cherrypicks

.gitignore

@@ -27,3 +27,14 @@ _testmain.go
 debug
 
 /ark
+.idea/
+
+.container-*
+.vimrc
+.go
+.DS_Store
+.push-*
+.vscode
+*.diff
+
+_site/

.travis.yml

@@ -0,0 +1,11 @@
+language: go
+
+go:
+  - 1.10.x
+
+sudo: required
+
+services:
+  - docker
+
+script: make ci

CHANGELOG.md

@@ -1,10 +1,265 @@
 # Changelog
 
-#### v0.3.2 - 2017-08-07
+#### [v0.9.3](https://github.com/heptio/ark/releases/tag/v0.9.3) - 2018-08-10
+
+#### Bug Fixes
+  * Initalize Prometheus metrics when creating a new schedule (#689, @lemaral)
+
+#### [v0.9.2](https://github.com/heptio/ark/releases/tag/v0.9.2) - 2018-07-26
+
+##### Bug Fixes:
+  * Fix issue where modifications made by backup item actions were not being saved to backup tarball (#704, @skriss)
+
+#### [v0.9.1](https://github.com/heptio/ark/releases/tag/v0.9.1) - 2018-07-23
+
+##### Bug Fixes:
+  * Require namespace for Ark's CRDs to already exist at server startup (#676, @skriss)
+  * Require all Ark CRDs to exist at server startup (#683, @skriss)
+  * Fix `latest` tagging in Makefile (#690, @skriss)
+  * Make Ark compatible with clusters that don't have the `rbac.authorization.k8s.io/v1` API group (#682, @nrb)
+  * Don't consider missing snapshots an error during backup deletion, limit backup deletion requests per backup to 1 (#687, @skriss)
+
+#### [v0.9.0](https://github.com/heptio/ark/releases/tag/v0.9.0) - 2018-07-06
+
+##### Highlights:
+  * Ark now has support for backing up and restoring Kubernetes volumes using a free open-source backup tool called [restic](https://github.com/restic/restic).
+    This provides users an out-of-the-box solution for backing up and restoring almost any type of Kubernetes volume, whether or not it has snapshot support
+    integrated with Ark. For more information, see the [documentation](https://github.com/heptio/ark/blob/master/docs/restic.md).
+  * Support for Prometheus metrics has been added! View total number of backup attempts (including success or failure), total backup size in bytes, and backup
+    durations. More metrics coming in future releases!
+
+##### All New Features:
+  * Add restic support (#508 #532 #533 #534 #535 #537 #540 #541 #545 #546 #547 #548 #555 #557 #561 #563 #569 #570 #571 #606 #608 #610 #621 #631 #636, @skriss)
+  * Add prometheus metrics (#531 #551 #564, @ashish-amarnath @nrb)
+  * When backing up a service account, include cluster roles/cluster role bindings that reference it (#470, @skriss)
+  * When restoring service accounts, copy secrets/image pull secrets into the target cluster even if the service account already exists (#403, @nrb)
+
+##### Bug Fixes / Other Changes:
+  * Upgrade to Kubernetes 1.10 dependencies (#417, @skriss)
+  * Upgrade to go 1.10 and alpine 3.7 (#456, @skriss)
+  * Display no excluded resources/namespaces as `<none>` rather than `*` (#453, @nrb)
+  * Skip completed jobs and pods when restoring (#463, @nrb)
+  * Set namespace correctly when syncing backups from object storage (#472, @skriss)
+  * When building on macOS, bind-mount volumes with delegated config (#478, @skriss)
+  * Add replica sets and daemonsets to cohabitating resources so they're not backed up twice (#482 #485, @skriss)
+  * Shut down the Ark server gracefully on SIGINT/SIGTERM (#483, @skriss)
+  * Only back up resources that support GET and DELETE in addition to LIST and CREATE (#486, @nrb)
+  * Show a better error message when trying to get an incomplete restore's logs (#496, @nrb)
+  * Stop processing when setting a backup deletion request's phase to `Deleting` fails (#500, @nrb)
+  * Add library code to install Ark's server components (#437 #506, @marpaia)
+  * Properly handle errors when backing up additional items (#512, @carlpett)
+  * Run post hooks even if backup actions fail (#514, @carlpett)
+  * GCP: fail backup if upload to object storage fails (#510, @nrb)
+  * AWS: don't require `region` as part of backup storage provider config (#455, @skriss)
+  * Ignore terminating resources while doing a backup (#526, @yastij)
+  * Log to stdout instead of stderr (#553, @ncdc)
+  * Move sample minio deployment's config to an emptyDir (#566, @runyontr)
+  * Add `omitempty` tag to optional API fields (@580, @nikhita)
+  * Don't restore PVs with a reclaim policy of `Delete` and no snapshot (#613, @ncdc)
+  * Don't restore mirror pods (#619, @ncdc)
+
+##### Docs Contributors:
+  * @gianrubio
+  * @castrojo
+  * @dhananjaysathe
+  * @c-knowles
+  * @mattkelly
+  * @ae-v
+  * @hamidzr
+
+
+#### [v0.8.3](https://github.com/heptio/ark/releases/tag/v0.8.3) - 2018-06-29
+
+##### Bug Fixes:
+  * Don't restore backup and restore resources to avoid possible data corruption (#622, @ncdc)
+
+#### [v0.8.2](https://github.com/heptio/ark/releases/tag/v0.8.2) - 2018-06-01
+
+##### Bug Fixes:
+  * Don't crash when a persistent volume claim is missing spec.volumeName (#520, @ncdc)
+
+#### [v0.8.1](https://github.com/heptio/ark/releases/tag/v0.8.1) - 2018-04-23
+
+##### Bug Fixes:
+  * Azure: allow pre-v0.8.0 backups with disk snapshots to be restored and deleted (#446 #449, @skriss)
+
+#### [v0.8.0](https://github.com/heptio/ark/releases/tag/v0.8.0) - 2018-04-19
+
+##### Highlights:
+  * Backup deletion has been completely revamped to make it simpler and less error-prone. As a user, you still use the `ark backup delete` command to request deletion of a backup and its associated cloud
+  resources; behind the scenes, we've switched to using a new `DeleteBackupRequest` Custom Resource and associated controller for processing deletion requests.
+  * We've reduced the number of required fields in the Ark config. For Azure, `location` is no longer required, and for GCP, `project` is not needed.
+  * Ark now copies tags from volumes to snapshots during backup, and from snapshots to new volumes during restore. 
+
+##### Breaking Changes:
+  * Ark has moved back to a single namespace (`heptio-ark` by default) as part of #383.
+
+##### All New Features:
+  * Add global `--kubecontext` flag to Ark CLI (#296, @blakebarnett)
+  * Azure: support cross-resource group restores of volumes (#356 #378, @skriss)
+  * AWS/Azure/GCP: copy tags from volumes to snapshots, and from snapshots to volumes (#341, @skriss)
+  * Replace finalizer for backup deletion with `DeleteBackupRequest` custom resource & controller (#383 #431, @ncdc @nrb)
+  * Don't log warnings during restore if an identical object already exists in the cluster (#405, @nrb)
+  * Add bash & zsh completion support (#384, @containscafeine)
+  
+##### Bug Fixes / Other Changes:
+  * Error from the Ark CLI if attempting to restore a non-existent backup (#302, @ncdc)
+  * Enable running the Ark server locally for development purposes (#334, @ncdc)
+  * Add examples to `ark schedule create` documentation (#331, @lypht)
+  * GCP: Remove `project` requirement from Ark config (#345, @skriss)
+  * Add `--from-backup` flag to `ark restore create` and allow custom restore names (#342 #409, @skriss)
+  * Azure: remove `location` requirement from Ark config (#344, @skriss)
+  * Add documentation/examples for storing backups in IBM Cloud Object Storage (#321, @roytman)
+  * Reduce verbosity of hooks logging (#362, @skriss)
+  * AWS: Add minimal IAM policy to documentation (#363 #419, @hopkinsth)
+  * Don't restore events (#374, @sanketjpatel)
+  * Azure: reduce API polling interval from 60s to 5s (#359, @skriss)
+  * Switch from hostPath to emptyDir volume type for minio example (#386, @containscafeine)
+  * Add limit ranges as a prioritized resource for restores (#392, @containscafeine)
+  * AWS: Add documentation on using Ark with kube2iam (#402, @domderen)
+  * Azure: add node selector so Ark pod is scheduled on a linux node (#415, @ffd2subroutine)
+  * Error from the Ark CLI if attempting to get logs for a non-existent restore (#391, @containscafeine)
+  * GCP: Add minimal IAM policy to documentation (#429, @skriss @jody-frankowski)
+
+##### Upgrading from v0.7.1:
+  Ark v0.7.1 moved the Ark server deployment into a separate namespace, `heptio-ark-server`. As of v0.8.0 we've
+  returned to a single namespace, `heptio-ark`, for all Ark-related resources. If you're currently running v0.7.1,
+  here are the steps you can take to upgrade:
+
+1. Execute the steps from the **Credentials and configuration** section for your cloud:
+    * [AWS](https://heptio.github.io/ark/v0.8.0/aws-config#credentials-and-configuration)
+    * [Azure](https://heptio.github.io/ark/v0.8.0/azure-config#credentials-and-configuration)
+    * [GCP](https://heptio.github.io/ark/v0.8.0/gcp-config#credentials-and-configuration)
+
+    When you get to the secret creation step, if you don't have your `credentials-ark` file handy, 
+    you can copy the existing secret from your `heptio-ark-server` namespace into the `heptio-ark` namespace:
+    ```bash
+    kubectl get secret/cloud-credentials -n heptio-ark-server --export -o json | \
+      jq '.metadata.namespace="heptio-ark"' | \
+      kubectl apply -f -
+    ```
+
+2. You can now safely delete the `heptio-ark-server` namespace:
+    ```bash
+    kubectl delete namespace heptio-ark-server
+    ```
+
+3. Execute the commands from the **Start the server** section for your cloud:
+    * [AWS](https://heptio.github.io/ark/v0.8.0/aws-config#start-the-server)
+    * [Azure](https://heptio.github.io/ark/v0.8.0/azure-config#start-the-server)
+    * [GCP](https://heptio.github.io/ark/v0.8.0/gcp-config#start-the-server)
+
+
+#### [v0.7.1](https://github.com/heptio/ark/releases/tag/v0.7.1) - 2018-02-22
+
+Bug Fixes:
+  * Run the Ark server in its own namespace, separate from backups/schedules/restores/config (#322, @ncdc)
+
+#### [v0.7.0](https://github.com/heptio/ark/releases/tag/v0.7.0) - 2018-02-15
+
+New Features:
+  * Run the Ark server in any namespace (#272, @ncdc)
+  * Add ability to delete backups and their associated data (#252, @skriss)
+  * Support both pre and post backup hooks (#243, @ncdc)
+
+Bug Fixes / Other Changes:
+  * Switch from Update() to Patch() when updating Ark resources (#241, @skriss)
+  * Don't fail the backup if a PVC is not bound to a PV (#256, @skriss)
+  * Restore serviceaccounts prior to workload controllers (#258, @ncdc)
+  * Stop removing annotations from PVs when restoring them (#263, @skriss)
+  * Update GCP client libraries (#249, @skriss)
+  * Clarify backup and restore creation messages (#270, @nrb)
+  * Update S3 bucket creation docs for us-east-1 (#285, @lypht)
+
+#### [v0.6.0](https://github.com/heptio/ark/tree/v0.6.0) - 2017-11-30
+
+Highlights:
+  * **Plugins** - We now support user-defined plugins that can extend Ark functionality to meet your custom backup/restore needs without needing to be compiled into the core binary. We support pluggable block and object stores as well as per-item backup and restore actions that can execute arbitrary logic, including modifying the items being backed up or restored. For more information see the [documentation](docs/plugins.md), which includes a reference to a fully-functional sample plugin repository. (#174 #188 #206 #213 #215 #217 #223 #226)
+  * **Describers** - The Ark CLI now includes `describe` commands for `backups`, `restores`, and `schedules` that provide human-friendly representations of the relevant API objects.
+
+Breaking Changes:
+  * The config object format has changed. In order to upgrade to v0.6.0, the config object will have to be updated to match the new format. See the [examples](examples) and [documentation](docs/config-definition.md) for more information.
+  * The restore object format has changed. The `warnings` and `errors` fields are now ints containing the counts, while full warnings and errors are now stored in the object store instead of etcd. Restore objects created prior to v.0.6.0 should be deleted, or a new bucket used, and the old restore objects deleted from Kubernetes (`kubectl -n heptio-ark delete restore --all`).
+
+All New Features:
+  * Add `ark plugin add` and `ark plugin remove` commands #217, @skriss
+  * Add plugin support for block/object stores, backup/restore item actions #174 #188 #206 #213 #215 #223 #226, @skriss @ncdc
+  * Improve Azure deployment instructions #216, @ncdc
+  * Change default TTL for backups to 30 days #204, @nrb
+  * Improve logging for backups and restores #199, @ncdc
+  * Add `ark backup describe`, `ark schedule describe` #196, @ncdc
+  * Add `ark restore describe` and move restore warnings/errors to object storage #173 #201 #202, @ncdc
+  * Upgrade to client-go v5.0.1, kubernetes v1.8.2 #157, @ncdc
+  * Add Travis CI support #165 #166, @ncdc
+
+Bug Fixes:
+  * Fix log location hook prefix stripping #222, @ncdc
+  * When running `ark backup download`, remove file if there's an error #154, @ncdc
+  * Update documentation for AWS KMS Key alias support #163, @lli-hiya
+  * Remove clock from `volume_snapshot_action` #137, @athampy
+
+#### [v0.5.1](https://github.com/heptio/ark/tree/v0.5.1) - 2017-11-06
+Bug fixes:
+  * If a Service is headless, retain ClusterIP = None when backing up and restoring.
+  * Use the specifed --label-selector when listing backups, schedules, and restores.
+  * Restore namespace mapping functionality that was accidentally broken in 0.5.0.
+  * Always include namespaces in the backup, regardless of the --include-cluster-resources setting.
+
+#### [v0.5.0](https://github.com/heptio/ark/tree/v0.5.0) - 2017-10-26
+Breaking changes:
+  * The backup tar file format has changed. Backups created using previous versions of Ark cannot be restored using v0.5.0.
+  * When backing up one or more specific namespaces, cluster-scoped resources are no longer backed up by default, with the exception of PVs that are used within the target namespace(s). Cluster-scoped resources can still be included by explicitly specifying `--include-cluster-resources`.
+
+New features:
+  * Add customized user-agent string for Ark CLI
+  * Switch from glog to logrus
+  * Exclude nodes from restoration
+  * Add a FAQ
+  * Record PV availability zone and use it when restoring volumes from snapshots
+  * Back up the PV associated with a PVC
+  * Add `--include-cluster-resources` flag to `ark backup create`
+  * Add `--include-cluster-resources` flag to `ark restore create`
+  * Properly support resource restore priorities across cluster-scoped and namespace-scoped resources
+  * Support `ark create ...` and `ark get ...`
+  * Make ark run as cluster-admin
+  * Add pod exec backup hooks
+  * Support cross-compilation & upgrade to go 1.9
+  
+Bug fixes:
+  * Make config change detection more robust
+
+#### [v0.4.0](https://github.com/heptio/ark/tree/v0.4.0) - 2017-09-14
+Breaking changes:
+  * Snapshotting and restoring volumes is now enabled by default
+  * The --namespaces flag for 'ark restore create' has been replaced by --include-namespaces and
+    --exclude-namespaces
+
+New features:
+  * Support for S3 SSE with KMS
+  * Cloud provider configurations are validated at startup
+  * The persistentVolumeProvider is now optional
+  * Restore objects are garbage collected
+  * Each backup now has an associated log file, viewable via 'ark backup logs'
+  * Each restore now has an associated log file, viewable via 'ark restore logs'
+  * Add --include-resources/--exclude-resources for restores
+
+Bug fixes:
+  * Only save/use iops for io1 volumes on AWS
+  * When restoring, try to retrieve the Backup directly from object storage if it's not found
+  * When syncing Backups from object storage to Kubernetes, don't return at the first error
+    encountered
+  * More closely match how kubectl performs kubeconfig resolution
+  * Increase default Azure API request timeout to 2 minutes
+  * Update Azure diskURI to match diskName
+
+#### [v0.3.3](https://github.com/heptio/ark/tree/v0.3.3) - 2017-08-10
+  * Treat the first field in a schedule's cron expression as minutes, not seconds
+
+#### [v0.3.2](https://github.com/heptio/ark/tree/v0.3.2) - 2017-08-07
   * Add client-go auth provider plugins for Azure, GCP, OIDC
 
-#### v0.3.1 - 2017-08-03
+#### [v0.3.1](https://github.com/heptio/ark/tree/v0.3.1) - 2017-08-03
   * Fix Makefile VERSION
 
-#### v0.3.0 - 2017-08-03
+#### [v0.3.0](https://github.com/heptio/ark/tree/v0.3.0) - 2017-08-03
   * Initial Release

CONTRIBUTING.md

@@ -3,10 +3,9 @@
 
 All authors to the project retain copyright to their work. However, to ensure
 that they are only submitting work that they have rights to, we are requiring
-everyone to acknowldge this by signing their work.
+everyone to acknowledge this by signing their work.
 
-Any copyright notices in this repos should specify the authors as "The
-heptio/aws-quickstart authors".
+Any copyright notices in this repo should specify the authors as "the Heptio Ark project contributors".
 
 To sign your work, just add a line like this at the end of your commit message:
 

Dockerfile

@@ -1,24 +0,0 @@
-# Copyright 2017 Heptio Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM alpine:3.6
-MAINTAINER Andy Goldstein "andy@heptio.com"
-
-RUN apk add --no-cache ca-certificates && \
-    adduser -S -D -H -u 1000 ark
-
-ADD _output/bin/ark /ark
-
-USER ark
-ENTRYPOINT ["/ark"]

Dockerfile-ark-restic-restore-helper.alpine

@@ -0,0 +1,23 @@
+# Copyright 2018 the Heptio Ark contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.7
+
+MAINTAINER Steve Kriss <steve@heptio.com>
+
+ADD /bin/linux/amd64/ark-restic-restore-helper .
+
+USER nobody:nobody
+
+ENTRYPOINT [ "/ark-restic-restore-helper" ]

Dockerfile-ark.alpine

@@ -0,0 +1,31 @@
+# Copyright 2017 the Heptio Ark contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.7
+
+MAINTAINER Andy Goldstein <andy@heptio.com>
+
+RUN apk add --no-cache ca-certificates
+
+RUN apk add --update --no-cache bzip2 && \
+    wget --quiet https://github.com/restic/restic/releases/download/v0.9.1/restic_0.9.1_linux_amd64.bz2 && \
+    bunzip2 restic_0.9.1_linux_amd64.bz2 && \
+    mv restic_0.9.1_linux_amd64 /usr/bin/restic && \
+    chmod +x /usr/bin/restic
+
+ADD /bin/linux/amd64/ark /ark
+
+USER nobody:nobody
+
+ENTRYPOINT ["/ark"]

Godeps/Readme

@@ -1,5 +0,0 @@
-This directory tree is generated automatically by godep.
-
-Please do not edit.
-
-See https://github.com/tools/godep for more information.

Gopkg.lock

@@ -0,0 +1,749 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  name = "cloud.google.com/go"
+  packages = [
+    "compute/metadata",
+    "iam",
+    "internal",
+    "internal/optional",
+    "internal/version",
+    "storage"
+  ]
+  revision = "44bcd0b2078ba5e7fedbeb36808d1ed893534750"
+  version = "v0.11.0"
+
+[[projects]]
+  name = "github.com/Azure/azure-sdk-for-go"
+  packages = [
+    "arm/disk",
+    "arm/examples/helpers",
+    "storage"
+  ]
+  revision = "2d49bb8f2cee530cc16f1f1a9f0aae763dee257d"
+  version = "v10.2.1-beta"
+
+[[projects]]
+  name = "github.com/Azure/go-autorest"
+  packages = [
+    "autorest",
+    "autorest/adal",
+    "autorest/azure",
+    "autorest/date",
+    "autorest/to",
+    "autorest/validation"
+  ]
+  revision = "f6e08fe5e4d45c9a66e40196d3fed5f37331d224"
+  version = "v8.1.1"
+
+[[projects]]
+  name = "github.com/aws/aws-sdk-go"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/stscreds",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/sdkio",
+    "internal/sdkrand",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/ec2query",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/ec2",
+    "service/s3",
+    "service/s3/s3iface",
+    "service/s3/s3manager",
+    "service/sts"
+  ]
+  revision = "1f8fb9d0919e5a58992207db9512a03f76ab0274"
+  version = "v1.13.12"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/beorn7/perks"
+  packages = ["quantile"]
+  revision = "3a771d992973f24aa725d07868b467d1ddfceafb"
+
+[[projects]]
+  name = "github.com/cpuguy83/go-md2man"
+  packages = ["md2man"]
+  revision = "a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa"
+  version = "v1.0.6"
+
+[[projects]]
+  name = "github.com/davecgh/go-spew"
+  packages = ["spew"]
+  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
+  version = "v1.1.0"
+
+[[projects]]
+  name = "github.com/dgrijalva/jwt-go"
+  packages = ["."]
+  revision = "d2709f9f1f31ebcda9651b03077758c1f3a0018c"
+  version = "v3.0.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/docker/spdystream"
+  packages = [
+    ".",
+    "spdy"
+  ]
+  revision = "bc6354cbbc295e925e4c611ffe90c1f287ee54db"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/evanphx/json-patch"
+  packages = ["."]
+  revision = "944e07253867aacae43c04b2e6a239005443f33a"
+
+[[projects]]
+  name = "github.com/ghodss/yaml"
+  packages = ["."]
+  revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
+  version = "v1.0.0"
+
+[[projects]]
+  name = "github.com/go-ini/ini"
+  packages = ["."]
+  revision = "20b96f641a5ea98f2f8619ff4f3e061cff4833bd"
+  version = "v1.28.2"
+
+[[projects]]
+  name = "github.com/gogo/protobuf"
+  packages = [
+    "proto",
+    "sortkeys"
+  ]
+  revision = "100ba4e885062801d56799d78530b73b178a78f3"
+  version = "v0.4"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/golang/glog"
+  packages = ["."]
+  revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/golang/protobuf"
+  packages = [
+    "proto",
+    "protoc-gen-go/descriptor",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/timestamp"
+  ]
+  revision = "ab9f9a6dab164b7d1246e0e688b0ab7b94d8553e"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/google/gofuzz"
+  packages = ["."]
+  revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/googleapis/gax-go"
+  packages = ["."]
+  revision = "84ed26760e7f6f80887a2fbfb50db3cc415d2cea"
+
+[[projects]]
+  name = "github.com/googleapis/gnostic"
+  packages = [
+    "OpenAPIv2",
+    "compiler",
+    "extensions"
+  ]
+  revision = "ee43cbb60db7bd22502942cccbc39059117352ab"
+  version = "v0.1.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-hclog"
+  packages = ["."]
+  revision = "ca137eb4b4389c9bc6f1a6d887f056bf16c00510"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-plugin"
+  packages = ["."]
+  revision = "e2fbc6864d18d3c37b6cde4297ec9fca266d28f1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/golang-lru"
+  packages = [
+    ".",
+    "simplelru"
+  ]
+  revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/yamux"
+  packages = ["."]
+  revision = "f5742cb6b85602e7fa834e9d5d91a7d7fa850824"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
+
+[[projects]]
+  name = "github.com/imdario/mergo"
+  packages = ["."]
+  revision = "3e95a51e0639b4cf372f2ccf74c86749d747fbdc"
+  version = "0.2.2"
+
+[[projects]]
+  name = "github.com/inconshreveable/mousetrap"
+  packages = ["."]
+  revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
+  version = "v1.0"
+
+[[projects]]
+  name = "github.com/jmespath/go-jmespath"
+  packages = ["."]
+  revision = "0b12d6b5"
+
+[[projects]]
+  name = "github.com/json-iterator/go"
+  packages = ["."]
+  revision = "6240e1e7983a85228f7fd9c3e1b6932d46ec58e2"
+  version = "1.0.3"
+
+[[projects]]
+  name = "github.com/matttproud/golang_protobuf_extensions"
+  packages = ["pbutil"]
+  revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c"
+  version = "v1.0.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/go-testing-interface"
+  packages = ["."]
+  revision = "a61a99592b77c9ba629d254a693acffaeb4b7e28"
+
+[[projects]]
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
+[[projects]]
+  name = "github.com/pmezard/go-difflib"
+  packages = ["difflib"]
+  revision = "792786c7400a136282c1664665ae0a8db921c6c2"
+  version = "v1.0.0"
+
+[[projects]]
+  name = "github.com/prometheus/client_golang"
+  packages = [
+    "prometheus",
+    "prometheus/promhttp"
+  ]
+  revision = "c5b7fccd204277076155f10851dad72b76a49317"
+  version = "v0.8.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/prometheus/client_model"
+  packages = ["go"]
+  revision = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/prometheus/common"
+  packages = [
+    "expfmt",
+    "internal/bitbucket.org/ww/goautoneg",
+    "model"
+  ]
+  revision = "7600349dcfe1abd18d72d3a1770870d9800a7801"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/prometheus/procfs"
+  packages = [
+    ".",
+    "internal/util",
+    "nfs",
+    "xfs"
+  ]
+  revision = "94663424ae5ae9856b40a9f170762b4197024661"
+
+[[projects]]
+  name = "github.com/robfig/cron"
+  packages = ["."]
+  revision = "df38d32658d8788cd446ba74db4bb5375c4b0cb3"
+
+[[projects]]
+  name = "github.com/russross/blackfriday"
+  packages = ["."]
+  revision = "93622da34e54fb6529bfb7c57e710f37a8d9cbd8"
+
+[[projects]]
+  name = "github.com/satori/uuid"
+  packages = ["."]
+  revision = "879c5887cd475cd7864858769793b2ceb0d44feb"
+  version = "v1.1.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/shurcooL/sanitized_anchor_name"
+  packages = ["."]
+  revision = "541ff5ee47f1dddf6a5281af78307d921524bcb5"
+
+[[projects]]
+  name = "github.com/sirupsen/logrus"
+  packages = ["."]
+  revision = "f006c2ac4710855cf0f916dd6b77acf6b048dc6e"
+  version = "v1.0.3"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/spf13/afero"
+  packages = [
+    ".",
+    "mem"
+  ]
+  revision = "9be650865eab0c12963d8753212f4f9c66cdcf12"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/spf13/cobra"
+  packages = [
+    ".",
+    "doc"
+  ]
+  revision = "cb731b898346822cc0c225c28550a8a29d93c732"
+
+[[projects]]
+  name = "github.com/spf13/pflag"
+  packages = ["."]
+  revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/stretchr/objx"
+  packages = ["."]
+  revision = "1a9d0bb9f541897e62256577b352fdbc1fb4fd94"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/stretchr/testify"
+  packages = [
+    "assert",
+    "mock",
+    "require"
+  ]
+  revision = "890a5c3458b43e6104ff5da8dfa139d013d77544"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+  packages = ["ssh/terminal"]
+  revision = "eb71ad9bd329b5ac0fd0148dd99bd62e8be8e035"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/net"
+  packages = [
+    "context",
+    "context/ctxhttp",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "internal/timeseries",
+    "lex/httplex",
+    "trace"
+  ]
+  revision = "1c05540f6879653db88113bc4a2b70aec4bd491f"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/oauth2"
+  packages = [
+    ".",
+    "google",
+    "internal",
+    "jws",
+    "jwt"
+  ]
+  revision = "9a379c6b3e95a790ffc43293c2a78dee0d7b6e20"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/sys"
+  packages = [
+    "unix",
+    "windows"
+  ]
+  revision = "43e60d72a8e2bd92ee98319ba9a384a0e9837c08"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/text"
+  packages = [
+    "internal/gen",
+    "internal/triegen",
+    "internal/ucd",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable"
+  ]
+  revision = "e56139fd9c5bc7244c76116c68e500765bb6db6b"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/time"
+  packages = ["rate"]
+  revision = "26559e0f760e39c24d730d3224364aef164ee23f"
+
+[[projects]]
+  branch = "master"
+  name = "google.golang.org/api"
+  packages = [
+    "compute/v1",
+    "gensupport",
+    "googleapi",
+    "googleapi/internal/uritemplates",
+    "googleapi/transport",
+    "internal",
+    "iterator",
+    "option",
+    "storage/v1",
+    "transport/http"
+  ]
+  revision = "ed10e890a8366167a7ce33fac2b12447987bcb1c"
+
+[[projects]]
+  name = "google.golang.org/appengine"
+  packages = [
+    ".",
+    "internal",
+    "internal/app_identity",
+    "internal/base",
+    "internal/datastore",
+    "internal/log",
+    "internal/modules",
+    "internal/remote_api",
+    "internal/urlfetch",
+    "urlfetch"
+  ]
+  revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  name = "google.golang.org/genproto"
+  packages = [
+    "googleapis/api/annotations",
+    "googleapis/iam/v1",
+    "googleapis/rpc/status"
+  ]
+  revision = "ee236bd376b077c7a89f260c026c4735b195e459"
+
+[[projects]]
+  name = "google.golang.org/grpc"
+  packages = [
+    ".",
+    "codes",
+    "connectivity",
+    "credentials",
+    "grpclb/grpc_lb_v1",
+    "grpclog",
+    "health",
+    "health/grpc_health_v1",
+    "internal",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "stats",
+    "status",
+    "tap",
+    "transport"
+  ]
+  revision = "b3ddf786825de56a4178401b7e174ee332173b66"
+  version = "v1.5.2"
+
+[[projects]]
+  name = "gopkg.in/inf.v0"
+  packages = ["."]
+  revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4"
+  version = "v0.9.0"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f"
+
+[[projects]]
+  name = "k8s.io/api"
+  packages = [
+    "admissionregistration/v1alpha1",
+    "admissionregistration/v1beta1",
+    "apps/v1",
+    "apps/v1beta1",
+    "apps/v1beta2",
+    "authentication/v1",
+    "authentication/v1beta1",
+    "authorization/v1",
+    "authorization/v1beta1",
+    "autoscaling/v1",
+    "autoscaling/v2beta1",
+    "batch/v1",
+    "batch/v1beta1",
+    "batch/v2alpha1",
+    "certificates/v1beta1",
+    "core/v1",
+    "events/v1beta1",
+    "extensions/v1beta1",
+    "networking/v1",
+    "policy/v1beta1",
+    "rbac/v1",
+    "rbac/v1alpha1",
+    "rbac/v1beta1",
+    "scheduling/v1alpha1",
+    "settings/v1alpha1",
+    "storage/v1",
+    "storage/v1alpha1",
+    "storage/v1beta1"
+  ]
+  revision = "73d903622b7391f3312dcbac6483fed484e185f8"
+  version = "kubernetes-1.10.0"
+
+[[projects]]
+  branch = "master"
+  name = "k8s.io/apiextensions-apiserver"
+  packages = [
+    "pkg/apis/apiextensions",
+    "pkg/apis/apiextensions/v1beta1"
+  ]
+  revision = "07bbbb7a28a34c56bf9d1b192a88cc9b2350095e"
+
+[[projects]]
+  name = "k8s.io/apimachinery"
+  packages = [
+    "pkg/api/equality",
+    "pkg/api/errors",
+    "pkg/api/meta",
+    "pkg/api/resource",
+    "pkg/apis/meta/internalversion",
+    "pkg/apis/meta/v1",
+    "pkg/apis/meta/v1/unstructured",
+    "pkg/apis/meta/v1beta1",
+    "pkg/conversion",
+    "pkg/conversion/queryparams",
+    "pkg/fields",
+    "pkg/labels",
+    "pkg/runtime",
+    "pkg/runtime/schema",
+    "pkg/runtime/serializer",
+    "pkg/runtime/serializer/json",
+    "pkg/runtime/serializer/protobuf",
+    "pkg/runtime/serializer/recognizer",
+    "pkg/runtime/serializer/streaming",
+    "pkg/runtime/serializer/versioning",
+    "pkg/selection",
+    "pkg/types",
+    "pkg/util/cache",
+    "pkg/util/clock",
+    "pkg/util/diff",
+    "pkg/util/duration",
+    "pkg/util/errors",
+    "pkg/util/framer",
+    "pkg/util/httpstream",
+    "pkg/util/httpstream/spdy",
+    "pkg/util/intstr",
+    "pkg/util/json",
+    "pkg/util/net",
+    "pkg/util/remotecommand",
+    "pkg/util/runtime",
+    "pkg/util/sets",
+    "pkg/util/validation",
+    "pkg/util/validation/field",
+    "pkg/util/wait",
+    "pkg/util/yaml",
+    "pkg/version",
+    "pkg/watch",
+    "third_party/forked/golang/netutil",
+    "third_party/forked/golang/reflect"
+  ]
+  revision = "302974c03f7e50f16561ba237db776ab93594ef6"
+  version = "kubernetes-1.10.0"
+
+[[projects]]
+  name = "k8s.io/client-go"
+  packages = [
+    "discovery",
+    "discovery/fake",
+    "dynamic",
+    "informers",
+    "informers/admissionregistration",
+    "informers/admissionregistration/v1alpha1",
+    "informers/admissionregistration/v1beta1",
+    "informers/apps",
+    "informers/apps/v1",
+    "informers/apps/v1beta1",
+    "informers/apps/v1beta2",
+    "informers/autoscaling",
+    "informers/autoscaling/v1",
+    "informers/autoscaling/v2beta1",
+    "informers/batch",
+    "informers/batch/v1",
+    "informers/batch/v1beta1",
+    "informers/batch/v2alpha1",
+    "informers/certificates",
+    "informers/certificates/v1beta1",
+    "informers/core",
+    "informers/core/v1",
+    "informers/events",
+    "informers/events/v1beta1",
+    "informers/extensions",
+    "informers/extensions/v1beta1",
+    "informers/internalinterfaces",
+    "informers/networking",
+    "informers/networking/v1",
+    "informers/policy",
+    "informers/policy/v1beta1",
+    "informers/rbac",
+    "informers/rbac/v1",
+    "informers/rbac/v1alpha1",
+    "informers/rbac/v1beta1",
+    "informers/scheduling",
+    "informers/scheduling/v1alpha1",
+    "informers/settings",
+    "informers/settings/v1alpha1",
+    "informers/storage",
+    "informers/storage/v1",
+    "informers/storage/v1alpha1",
+    "informers/storage/v1beta1",
+    "kubernetes",
+    "kubernetes/scheme",
+    "kubernetes/typed/admissionregistration/v1alpha1",
+    "kubernetes/typed/admissionregistration/v1beta1",
+    "kubernetes/typed/apps/v1",
+    "kubernetes/typed/apps/v1beta1",
+    "kubernetes/typed/apps/v1beta2",
+    "kubernetes/typed/authentication/v1",
+    "kubernetes/typed/authentication/v1beta1",
+    "kubernetes/typed/authorization/v1",
+    "kubernetes/typed/authorization/v1beta1",
+    "kubernetes/typed/autoscaling/v1",
+    "kubernetes/typed/autoscaling/v2beta1",
+    "kubernetes/typed/batch/v1",
+    "kubernetes/typed/batch/v1beta1",
+    "kubernetes/typed/batch/v2alpha1",
+    "kubernetes/typed/certificates/v1beta1",
+    "kubernetes/typed/core/v1",
+    "kubernetes/typed/events/v1beta1",
+    "kubernetes/typed/extensions/v1beta1",
+    "kubernetes/typed/networking/v1",
+    "kubernetes/typed/policy/v1beta1",
+    "kubernetes/typed/rbac/v1",
+    "kubernetes/typed/rbac/v1alpha1",
+    "kubernetes/typed/rbac/v1beta1",
+    "kubernetes/typed/scheduling/v1alpha1",
+    "kubernetes/typed/settings/v1alpha1",
+    "kubernetes/typed/storage/v1",
+    "kubernetes/typed/storage/v1alpha1",
+    "kubernetes/typed/storage/v1beta1",
+    "listers/admissionregistration/v1alpha1",
+    "listers/admissionregistration/v1beta1",
+    "listers/apps/v1",
+    "listers/apps/v1beta1",
+    "listers/apps/v1beta2",
+    "listers/autoscaling/v1",
+    "listers/autoscaling/v2beta1",
+    "listers/batch/v1",
+    "listers/batch/v1beta1",
+    "listers/batch/v2alpha1",
+    "listers/certificates/v1beta1",
+    "listers/core/v1",
+    "listers/events/v1beta1",
+    "listers/extensions/v1beta1",
+    "listers/networking/v1",
+    "listers/policy/v1beta1",
+    "listers/rbac/v1",
+    "listers/rbac/v1alpha1",
+    "listers/rbac/v1beta1",
+    "listers/scheduling/v1alpha1",
+    "listers/settings/v1alpha1",
+    "listers/storage/v1",
+    "listers/storage/v1alpha1",
+    "listers/storage/v1beta1",
+    "pkg/apis/clientauthentication",
+    "pkg/apis/clientauthentication/v1alpha1",
+    "pkg/version",
+    "plugin/pkg/client/auth/azure",
+    "plugin/pkg/client/auth/exec",
+    "plugin/pkg/client/auth/gcp",
+    "plugin/pkg/client/auth/oidc",
+    "rest",
+    "rest/watch",
+    "testing",
+    "third_party/forked/golang/template",
+    "tools/auth",
+    "tools/cache",
+    "tools/clientcmd",
+    "tools/clientcmd/api",
+    "tools/clientcmd/api/latest",
+    "tools/clientcmd/api/v1",
+    "tools/metrics",
+    "tools/pager",
+    "tools/reference",
+    "tools/remotecommand",
+    "transport",
+    "transport/spdy",
+    "util/buffer",
+    "util/cert",
+    "util/exec",
+    "util/flowcontrol",
+    "util/homedir",
+    "util/integer",
+    "util/jsonpath",
+    "util/retry",
+    "util/workqueue"
+  ]
+  revision = "23781f4d6632d88e869066eaebb743857aa1ef9b"
+  version = "v7.0.0"
+
+[[projects]]
+  name = "k8s.io/kubernetes"
+  packages = ["pkg/printers"]
+  revision = "fc32d2f3698e36b93322a3465f63a14e9f0eaead"
+  version = "v1.10.0"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  inputs-digest = "a8e66580a3332bbe5ce086af0530dbab49bc5018f0d44b156e61bc404456a0ab"
+  solver-name = "gps-cdcl"
+  solver-version = 1

Gopkg.toml

@@ -0,0 +1,114 @@
+
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#  name = "github.com/x/y"
+#  version = "2.4.0"
+
+[prune]
+  unused-packages = true
+  non-go = true
+  go-tests = true
+
+#
+# Kubernetes packages
+#
+[[constraint]]
+  name = "k8s.io/kubernetes"
+  version = "~1.10"
+
+[[constraint]]
+  name = "k8s.io/client-go"
+  version = "~7.0"
+
+[[constraint]]
+  name = "k8s.io/apimachinery"
+  version = "kubernetes-1.10.0"
+
+[[constraint]]
+  name = "k8s.io/api"
+  version = "kubernetes-1.10.0"
+
+#
+# Cloud provider packages
+#
+[[constraint]]
+  name = "github.com/aws/aws-sdk-go"
+  version = "1.13.12"
+
+[[constraint]]
+  name = "github.com/Azure/azure-sdk-for-go"
+  version = "~10.2.1-beta"
+
+[[constraint]]
+  name = "github.com/Azure/go-autorest"
+  version = "~8.1.x"
+
+
+[[constraint]]
+  name = "cloud.google.com/go"
+  version = "0.11.0"
+
+[[constraint]]
+  name = "google.golang.org/api"
+  branch = "master"
+
+[[constraint]]
+  name = "golang.org/x/oauth2"
+  branch = "master"
+
+#
+# Third party packages
+#
+[[constraint]]
+  name = "github.com/golang/glog"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/robfig/cron"
+  revision = "df38d32658d8788cd446ba74db4bb5375c4b0cb3"
+
+# TODO(1.0) this repo is a redirect to github.com/satori/go.uuid. Our
+# current version of azure-sdk-for-go references this redirect, so
+# use it so we don't get a duplicate copy of this dependency. 
+# Once our azure-sdk-for-go is updated to a newer version (where
+# their dependency has changed to .../go.uuid), switch this to 
+# github.com/satori/go.uuid
+[[constraint]]
+  name = "github.com/satori/uuid"
+  version = "1.1.0"
+
+[[constraint]]
+  name = "github.com/spf13/afero"
+  branch = "master"
+  
+[[constraint]]
+  name = "github.com/spf13/cobra"
+  branch = "master"
+  
+[[constraint]]
+  name = "github.com/spf13/pflag"
+  version = "1.0.0"
+
+[[constraint]]
+  name = "github.com/stretchr/testify"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/hashicorp/go-plugin"
+  branch = "master"

Makefile

@@ -1,4 +1,6 @@
-# Copyright 2017 Heptio Inc.
+# Copyright 2016 The Kubernetes Authors.
+#
+# Modifications Copyright 2017 the Heptio Ark contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,76 +14,187 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# project related vars
-ROOT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
-PROJECT = ark
-VERSION ?= v0.3.2
-GOTARGET = github.com/heptio/$(PROJECT)
-OUTPUT_DIR = $(ROOT_DIR)/_output
-BIN_DIR = $(OUTPUT_DIR)/bin
+# The binary to build (just the basename).
+BIN ?= ark
 
-# docker related vars
-DOCKER ?= docker
+# This repo's root import path (under GOPATH).
+PKG := github.com/heptio/ark
+
+# Where to push the docker image.
 REGISTRY ?= gcr.io/heptio-images
-BUILD_IMAGE ?= $(REGISTRY)/golang:1.8-alpine3.6
-# go build -i installs compiled packages so they can be reused later.
-# This speeds up recompiles.
-BUILDCMD = go build -i -v -ldflags "-X $(GOTARGET)/pkg/buildinfo.Version=$(VERSION) -X $(GOTARGET)/pkg/buildinfo.DockerImage=$(REGISTRY)/$(PROJECT)"
-BUILDMNT = /go/src/$(GOTARGET)
-EXTRA_MNTS ?=
 
-# test related vars
-TESTARGS ?= -timeout 60s
-TEST_PKGS ?= ./cmd/... ./pkg/...
+# Which architecture to build - see $(ALL_ARCH) for options.
+ARCH ?= linux-amd64
+
+VERSION ?= master
+
+TAG_LATEST ?= false
+
+###
+### These variables should not need tweaking.
+###
+
+SRC_DIRS := cmd pkg # directories which hold app source (not vendored)
+
+CLI_PLATFORMS := linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64
+CONTAINER_PLATFORMS := linux-amd64 linux-arm linux-arm64
+
+platform_temp = $(subst -, ,$(ARCH))
+GOOS = $(word 1, $(platform_temp))
+GOARCH = $(word 2, $(platform_temp))
+
+# TODO(ncdc): support multiple image architectures once gcr.io supports manifest lists
+# Set default base image dynamically for each arch
+ifeq ($(GOARCH),amd64)
+		DOCKERFILE ?= Dockerfile-$(BIN).alpine
+endif
+#ifeq ($(GOARCH),arm)
+#		DOCKERFILE ?= Dockerfile.arm #armel/busybox
+#endif
+#ifeq ($(GOARCH),arm64)
+#		DOCKERFILE ?= Dockerfile.arm64 #aarch64/busybox
+#endif
+
+IMAGE := $(REGISTRY)/$(BIN)
+
+# If you want to build all binaries, see the 'all-build' rule.
+# If you want to build all containers, see the 'all-container' rule.
+# If you want to build AND push all containers, see the 'all-push' rule.
+all: 
+	@$(MAKE) build
+	@$(MAKE) build BIN=ark-restic-restore-helper
+
+build-%:
+	@$(MAKE) --no-print-directory ARCH=$* build
+
+#container-%:
+#	@$(MAKE) --no-print-directory ARCH=$* container
+
+#push-%:
+#	@$(MAKE) --no-print-directory ARCH=$* push
+
+all-build: $(addprefix build-, $(CLI_PLATFORMS))
+
+#all-container: $(addprefix container-, $(CONTAINER_PLATFORMS))
+
+#all-push: $(addprefix push-, $(CONTAINER_PLATFORMS))
+
+build: _output/bin/$(GOOS)/$(GOARCH)/$(BIN)
+
+_output/bin/$(GOOS)/$(GOARCH)/$(BIN): build-dirs
+	@echo "building: $@"
+	$(MAKE) shell CMD="-c '\
+		GOOS=$(GOOS) \
+		GOARCH=$(GOARCH) \
+		VERSION=$(VERSION) \
+		PKG=$(PKG) \
+		BIN=$(BIN) \
+		OUTPUT_DIR=/output/$(GOOS)/$(GOARCH) \
+		./hack/build.sh'"
+
+TTY := $(shell tty -s && echo "-t")
+
+BUILDER_IMAGE := ark-builder
+
+# Example: make shell CMD="date > datefile"
+shell: build-dirs build-image
+	@# the volume bind-mount of $PWD/vendor/k8s.io/api is needed for code-gen to
+	@# function correctly (ref. https://github.com/kubernetes/kubernetes/pull/64567)
+	@docker run \
+		-i $(TTY) \
+		--rm \
+		-u $$(id -u):$$(id -g) \
+		-v "$$(pwd)/vendor/k8s.io/api:/go/src/k8s.io/api:delegated" \
+		-v "$$(pwd)/.go/pkg:/go/pkg:delegated" \
+		-v "$$(pwd)/.go/std:/go/std:delegated" \
+		-v "$$(pwd):/go/src/$(PKG):delegated" \
+		-v "$$(pwd)/_output/bin:/output:delegated" \
+		-v "$$(pwd)/.go/std/$(GOOS)/$(GOARCH):/usr/local/go/pkg/$(GOOS)_$(GOARCH)_static:delegated" \
+		-v "$$(pwd)/.go/go-build:/.cache/go-build:delegated" \
+		-w /go/src/$(PKG) \
+		$(BUILDER_IMAGE) \
+		/bin/sh $(CMD)
+
+DOTFILE_IMAGE = $(subst :,_,$(subst /,_,$(IMAGE))-$(VERSION))
+
+all-containers:
+	$(MAKE) container
+	$(MAKE) container BIN=ark-restic-restore-helper
+
+container: verify test .container-$(DOTFILE_IMAGE) container-name
+.container-$(DOTFILE_IMAGE): _output/bin/$(GOOS)/$(GOARCH)/$(BIN) $(DOCKERFILE)
+	@cp $(DOCKERFILE) _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH)
+	@docker build -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output
+	@docker images -q $(IMAGE):$(VERSION) > $@
+
+container-name:
+	@echo "container: $(IMAGE):$(VERSION)"
+
+all-push:
+	$(MAKE) push
+	$(MAKE) push BIN=ark-restic-restore-helper
+
+
+push: .push-$(DOTFILE_IMAGE) push-name
+.push-$(DOTFILE_IMAGE): .container-$(DOTFILE_IMAGE)
+	@docker push $(IMAGE):$(VERSION)
+ifeq ($(TAG_LATEST), true)
+	docker tag $(IMAGE):$(VERSION) $(IMAGE):latest
+	docker push $(IMAGE):latest
+endif
+	@docker images -q $(IMAGE):$(VERSION) > $@
+
+push-name:
+	@echo "pushed: $(IMAGE):$(VERSION)"
+
 SKIP_TESTS ?=
-
-# what we're building
-BINARIES = ark
-
-local: $(BINARIES)
-
-$(BINARIES):
-	mkdir -p $(BIN_DIR)
-	$(BUILDCMD) -o $(BIN_DIR)/$@ $(GOTARGET)/cmd/$@
-
-test:
+test: build-dirs
 ifneq ($(SKIP_TESTS), 1)
-# go test -i installs compiled packages so they can be reused later
-# This speeds up retests.
-	go test -i -v $(TEST_PKGS)
-	go test $(TEST_PKGS) $(TESTARGS)
+	@$(MAKE) shell CMD="-c 'hack/test.sh $(SRC_DIRS)'"
 endif
 
 verify:
 ifneq ($(SKIP_TESTS), 1)
-	${ROOT_DIR}/hack/verify-generated-docs.sh
-	${ROOT_DIR}/hack/verify-generated-clientsets.sh
-	${ROOT_DIR}/hack/verify-generated-listers.sh
-	${ROOT_DIR}/hack/verify-generated-informers.sh
+	@$(MAKE) shell CMD="-c 'hack/verify-all.sh'"
 endif
 
 update:
-	${ROOT_DIR}/hack/update-generated-docs.sh
-	${ROOT_DIR}/hack/update-generated-clientsets.sh
-	${ROOT_DIR}/hack/update-generated-listers.sh
-	${ROOT_DIR}/hack/update-generated-informers.sh
+	@$(MAKE) shell CMD="-c 'hack/update-all.sh'"
 
-all: cbuild container
+release: all-tar-bin checksum
 
-cbuild:
-	$(DOCKER) run --rm -v $(ROOT_DIR):$(BUILDMNT) $(EXTRA_MNTS) -w $(BUILDMNT) -e SKIP_TESTS=$(SKIP_TESTS) $(BUILD_IMAGE) /bin/sh -c 'make local verify test'
+checksum:
+	@cd _output/release; \
+	sha256sum *.tar.gz > CHECKSUM; \
+	cat CHECKSUM; \
+	sha256sum CHECKSUM
 
-container: cbuild
-	$(DOCKER) build -t $(REGISTRY)/$(PROJECT):latest -t $(REGISTRY)/$(PROJECT):$(VERSION) .
+all-tar-bin: $(addprefix tar-bin-, $(CLI_PLATFORMS))
 
-container-local: $(BINARIES)
-	$(DOCKER) build -t $(REGISTRY)/$(PROJECT):latest -t $(REGISTRY)/$(PROJECT):$(VERSION) .
+tar-bin-%:
+	$(MAKE) ARCH=$* VERSION=$(VERSION) tar-bin
 
-push:
-	docker -- push $(REGISTRY)/$(PROJECT):$(VERSION)
+GIT_DESCRIBE = $(shell git describe --tags --always --dirty)
+tar-bin: build
+	mkdir -p _output/release
 
-.PHONY: all local container cbuild push test verify update $(BINARIES)
+# We do the subshell & wildcard ls so we can pick up $(BIN).exe for windows
+	(cd _output/bin/$(GOOS)/$(GOARCH) && ls $(BIN)*) | \
+		tar \
+			-C _output/bin/$(GOOS)/$(GOARCH) \
+			--files-from=- \
+			-zcf _output/release/$(BIN)-$(GIT_DESCRIBE)-$(GOOS)-$(GOARCH).tar.gz
+
+build-dirs:
+	@mkdir -p _output/bin/$(GOOS)/$(GOARCH)
+	@mkdir -p .go/src/$(PKG) .go/pkg .go/bin .go/std/$(GOOS)/$(GOARCH) .go/go-build
+
+build-image:
+	cd hack/build-image && docker build -t $(BUILDER_IMAGE) .
 
 clean:
-	rm -rf $(OUTPUT_DIR)
-	$(DOCKER) rmi $(REGISTRY)/$(PROJECT):latest $(REGISTRY)/$(PROJECT):$(VERSION) 2>/dev/null || :
+	rm -rf .container-* _output/.dockerfile-* .push-*
+	rm -rf .go _output
+	docker rmi $(BUILDER_IMAGE)
+
+ci: all verify test

README.md

@@ -5,162 +5,25 @@
 [![Build Status][1]][2]
 
 ## Overview
-Heptio Ark is a utility for managing disaster recovery, specifically for your [Kubernetes][14] cluster resources and persistent volumes. It provides a simple, configurable, and operationally robust way to back up and restore applications and PVs from a series of checkpoints. This allows you to better automate in the following scenarios:
 
-* **Disaster recovery** with reduced TTR (time to respond), in the case of:
-    * Infrastructure loss
-    * Data corruption
-    * Service outages
+Ark gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. Ark lets you:
 
-* **Cross-cloud-provider migration** for Kubernetes API objects (cross-cloud-provider migration of persistent volume snapshots not yet supported)
+* Take backups of your cluster and restore in case of loss.
+* Copy cluster resources across cloud providers. NOTE: Cloud volume migrations are not yet supported.
+* Replicate your production environment for development and testing environments.
 
-* **Dev and testing environment setup (+ CI)**, via replication of prod environment
+Ark consists of:
 
-More concretely, Heptio Ark combines an in-cluster service with a CLI that allows you to record both:
-1. *Configurable subsets of Kubernetes API objects* -- as tarballs stored in object storage
-2. *Disk snapshots of Persistent Volumes* -- via the cloud provider APIs
+* A server that runs on your cluster
+* A command-line client that runs locally
 
-Heptio Ark currently supports the [AWS][15], [GCP][16], and [Azure][17] cloud provider platforms.
+## More information
 
-## Quickstart
-
-This guide gets Ark up and running on your cluster, and goes through an example using the following:
-* **Minio, an S3-compatible storage service** that runs locally on your cluster. This is the storage service where backup files are uploaded. *Note that Ark is intended to run on a cloud provider--we are using Minio here to keep the example convenient and self-contained.*
-
-* **A sample nginx app** under the `nginx-example` namespace, used to demonstrate Ark's backup and restore functionality.
-
-Note that this example *does not* include a demonstration of PV disk snapshots, because that feature requires integration with a cloud provider API. For snapshotting examples and instructions specific to AWS, GCP, and Azure, see [Cloud Provider Specifics][23].
-
-### 0. Prerequisites
-
-* *You should have access to an up-and-running Kubernetes cluster (minimum version 1.7).* If you do not have a cluster, [choose a setup solution][9] from the official Kubernetes docs.
-
-* *You will need to have a DNS server set up on your cluster for the example files to work.* You can check this with `kubectl get svc -l k8s-app=kube-dns --namespace=kube-system`. If said service does not exist, [these instructions][12] may help.
-
-* *You should have `kubectl` installed.* If not, follow the instructions for [installing via Homebrew (MacOS)][10] or [building the binary (Linux)][11].
-
-### 1. Download
-Clone or fork the Heptio Ark repo:
-```
-git clone git@github.com:heptio/ark.git
-```
-
-### 2. Setup
-
-There are two types of Ark instances that work in tandem:
-1. **Ark server**: Runs persistently on the cluster.
-2. **Ark client**: Launched by the user whenever they want to initiate an operation (e.g. a backup).
-
-To get the server started on your cluster (as well as the local storage service), execute the following commands in Ark's root directory:
-
-```
-kubectl apply -f examples/common/00-prereqs.yaml
-kubectl apply -f examples/minio/
-kubectl apply -f examples/common/10-deployment.yaml
-```
-
-*NOTE: If you encounter an error related to Config creation, wait for a minute and run the command again. (The Config CRD does not always finish registering in time.)*
-
-Now deploy the example nginx app:
-```
-kubectl apply -f examples/nginx-app/base.yaml
-```
-
-Check to see that both the Ark and nginx deployments have been successfully created:
-```
-kubectl get deployments -l component=ark --namespace=heptio-ark
-kubectl get deployments --namespace=nginx-example
-```
-
-Finally, create an alias for the Ark client's Docker executable. (Make sure that your `KUBECONFIG` environment variable is pointing at the proper config first). This will save a lot of future typing:
-
-```
-alias ark='docker run --rm -u $(id -u) -v $(dirname $KUBECONFIG):/kubeconfig -e KUBECONFIG=/kubeconfig/$(basename $KUBECONFIG) gcr.io/heptio-images/ark:latest'
-```
-*NOTE*: Depending on how your Kubeconfig is written--if it refers to the Kubernetes API server using the host machine's `localhost`, for instance--you may need to add an additional `--net="host"` flag to the `docker run` command.
-
-
-### 3. Back up and restore
-First, create a backup specifically for any object matching the `app=nginx` label selector:
-
-```
-ark backup create nginx-backup --selector app=nginx
-```
-
-Now you can mimic a disaster with the following:
-```
-kubectl delete namespace nginx-example
-```
-Oh no! The nginx deployment and service are both gone, as you can see (though you may have to wait a minute or two for the namespace be fully cleaned up):
-```
-kubectl get deployments --namespace=nginx-example
-kubectl get services --namespace=nginx-example
-```
-Neither commands should yield any results. However, because Ark has your back(up), you can run this command:
-```
-ark restore create nginx-backup
-```
-
-To check on the status of the Restore:
-```
-ark restore get
-```
-
-The output should look something like the table below:
-```
-NAME                          BACKUP         STATUS      WARNINGS   ERRORS    CREATED                         SELECTOR
-nginx-backup-20170727200524   nginx-backup   Completed   0          0         2017-07-27 20:05:24 +0000 UTC   <none>
-```
-
-If the Restore's `STATUS` column is "Completed", and `WARNINGS` and `ERRORS` are both zero, the restore is a success. All of the objects in the `nginx-example` namespace should be just as they were before.
-
-Otherwise, if there are warnings or errors indicated, you can run the following command to look at them in more detail:
-```
-ark restore get <RESTORE NAME> -o yaml
-```
-See the [debugging documentation][18] for more details.
-
-*NOTE*: In the example files, the `storage` volume is defined via `hostPath` for better visibility. If you're curious to see the [structure of the backup files][13] firsthand, you can find the compressed results in `/tmp/minio/ark/nginx-backup`.
-
-### 4. Tear Down
-Using the following command, you can remove all Kubernetes objects associated with this example:
-```
-kubectl delete -f examples/common/
-kubectl delete -f examples/minio/
-kubectl delete -f examples/nginx-app/base.yaml
-```
-
-## Architecture
-
-Each of Heptio Ark's operations (Backups, Schedules, and Restores) are custom resources themselves, defined using [CRDs][20]. Their accompanying [custom controllers][21] handle them when they are submitted to the Kubernetes API server.
-
-As mentioned before, Ark runs in two different modes:
-
-* **Ark client**: Allows you to query, create, and delete the Ark resources as desired.
-
-* **Ark server**: Runs all of the Ark controllers. Each controller watches its respective custom resource for API operations, performs validation, and handles the majority of the cloud API logic (e.g. interfacing with object storage and persistent volumes).
-
-Looking at a specific example--an `ark backup create test-backup --snapshot-volumes` command triggers the following operations:
-
-![19]
-
-1. The *ark client* makes a call to the Kubernetes API server, creating a `Backup` custom resource (which is stored in [etcd][22]).
-
-2. The `BackupController` sees that a new `Backup` has been created, and validates it.
-
-3. Once validation passes, the `BackupController` begins the backup process. It collects data by querying the Kubernetes API Server for resources.
-
-4. Once the data has been aggregated, the `BackupController` makes a call to the object storage service (e.g. Amazon S3) to upload the backup file.
-
-5. If the `--snapshot-volumes` flag is specified, Ark also makes disk snapshots of any persistent volumes, using the appropriate cloud service API.
-
-## Further documentation
-
- To learn more about Heptio Ark operations and their applications, see the [`/docs` directory][3].
+[The documentation][29] provides a getting started guide, plus information about building from source, architecture, extending Ark, and more.
 
 ## Troubleshooting
 
-If you encounter any problems that the documentation does not address, [file an issue][4].  
+If you encounter issues, review the [troubleshooting docs][30], [file an issue][4], or talk to us on the [#ark-dr channel][25] on the Kubernetes Slack server. 
 
 ## Contributing
 
@@ -168,42 +31,38 @@ Thanks for taking the time to join our community and start contributing!
 
 Feedback and discussion is available on [the mailing list][24].
 
-#### Before you start
+### Before you start
 
 * Please familiarize yourself with the [Code of Conduct][8] before contributing.
 * See [CONTRIBUTING.md][5] for instructions on the developer certificate of origin that we require.
 
-#### Pull requests
+### Pull requests
 
 * We welcome pull requests. Feel free to dig through the [issues][4] and jump in.
 
-
 ## Changelog
 
 See [the list of releases][6] to find out about feature changes.
 
 [0]: https://github.com/heptio
-[1]: https://jenkins.i.heptio.com/buildStatus/icon?job=ark-prbuilder
-[2]: https://jenkins.i.heptio.com/job/ark-prbuilder/
-[3]: /docs
+[1]: https://travis-ci.org/heptio/ark.svg?branch=master
+[2]: https://travis-ci.org/heptio/ark
+
 [4]: https://github.com/heptio/ark/issues
-[5]: /CONTRIBUTING.md
-[6]: /CHANGELOG.md
-[7]: /docs/build-from-scratch.md
-[8]: /CODE_OF_CONDUCT.md
+[5]: https://github.com/heptio/ark/blob/master/CONTRIBUTING.md
+[6]: https://github.com/heptio/ark/releases
+
+[8]: https://github.com/heptio/ark/blob/master/CODE_OF_CONDUCT.md
 [9]: https://kubernetes.io/docs/setup/
 [10]: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-with-homebrew-on-macos
 [11]: https://kubernetes.io/docs/tasks/tools/install-kubectl/#tabset-1
 [12]: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/README.md
-[13]: /docs/output-file-format.md
 [14]: https://github.com/kubernetes/kubernetes
-[15]: https://aws.amazon.com/
-[16]: https://cloud.google.com/
-[17]: https://azure.microsoft.com/
-[18]: /docs/debugging-restores.md
-[19]: /docs/img/backup-process.png
-[20]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#customresourcedefinitions
-[21]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#custom-controllers
-[22]: https://github.com/coreos/etcd
-[23]: /docs/cloud-provider-specifics.md
+
+
 [24]: http://j.hept.io/ark-list
+[25]: https://kubernetes.slack.com/messages/ark-dr
+
+
+[29]: https://heptio.github.io/ark/
+[30]: /docs/troubleshooting.md

ROADMAP.md

@@ -0,0 +1,40 @@
+# Heptio Ark Roadmap
+
+## Upcoming Versions
+
+The following versions, dates, and features are approximate and are subject to change.
+
+### v0.9.0 - ~ 2018-06-14
+- Backup targets
+- Snapshot & restore non-cloud volumes - [#19](https://github.com/heptio/ark/issues/19)
+- Backup & restore across multiple regions and zones - [#103](https://github.com/heptio/ark/issues/103)
+- Ability to clone PVs - [#192](https://github.com/heptio/ark/issues/192)
+- Ark install command - [#52](https://github.com/heptio/ark/issues/52)
+- Backup & restore progress reporting - [#20](https://github.com/heptio/ark/issues/20) [#21](https://github.com/heptio/ark/issues/21)
+
+
+## Released Versions
+
+### v0.8.0 - 2018-04-19
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v080---2018-04-19).
+
+### v0.7.0 - 2018-02-15
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v070---2018-02-15).
+
+### v0.6.0 - 2017-11-30
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v060---2017-11-30).
+
+### v0.5.0 - 2017-10-26
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v050---2017-10-26).
+
+### v0.4.0 - 2017-09-14
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v040---2017-09-14).
+
+### v0.3.0 - 2017-08-03
+
+[See release notes](https://github.com/heptio/ark/blob/master/CHANGELOG.md#v030---2017-08-03).

cmd/ark-restic-restore-helper/main.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2018 the Heptio Ark contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Fprintln(os.Stderr, "ERROR: exactly one argument must be provided, the restore's UID")
+		os.Exit(1)
+	}
+
+	ticker := time.NewTicker(time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			if done() {
+				fmt.Println("All restic restores are done")
+				return
+			}
+		}
+	}
+}
+
+// done returns true if for each directory under /restores, a file exists
+// within the .ark/ subdirectory whose name is equal to os.Args[1], or
+// false otherwise
+func done() bool {
+	children, err := ioutil.ReadDir("/restores")
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "ERROR reading /restores directory: %s\n", err)
+		return false
+	}
+
+	for _, child := range children {
+		if !child.IsDir() {
+			fmt.Printf("%s is not a directory, skipping.\n", child.Name())
+			continue
+		}
+
+		doneFile := filepath.Join("/restores", child.Name(), ".ark", os.Args[1])
+
+		if _, err := os.Stat(doneFile); os.IsNotExist(err) {
+			fmt.Printf("Not found: %s\n", doneFile)
+			return false
+		} else if err != nil {
+			fmt.Fprintf(os.Stderr, "ERROR looking for %s: %s\n", doneFile, err)
+			return false
+		}
+
+		fmt.Printf("Found %s", doneFile)
+	}
+
+	return true
+}

cmd/ark/main.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 Heptio Inc.
+Copyright 2017 the Heptio Ark contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

docs/README.md

@@ -1,29 +0,0 @@
-# Table of Contents
-
-## User Guide
-
-* [Concepts][1]
-* [Build from scratch][0]
-* [Cloud provider specifics][9]
-* [Debugging restores][4]
-
-## Reference
-* [CLI reference][2]
-* [Config definition][5]
-* [Output file format][6]
-* [Sample YAML files][3]
-
-## Scenarios
-* [Disaster recovery][7]
-* [Cluster migration][8]
-
-[0]: build-from-scratch.md
-[1]: concepts.md
-[2]: cli-reference
-[3]: /examples
-[4]: debugging-restores.md
-[5]: config-definition.md
-[6]: output-file-format.md
-[7]: use-cases.md#disaster-recovery
-[8]: use-cases.md#cluster-migration
-[9]: cloud-provider-specifics.md

docs/about.md

@@ -0,0 +1,71 @@
+# How Ark Works
+
+Each Ark operation -- on-demand backup, scheduled backup, restore -- is a custom resource, defined with a Kubernetes [Custom Resource Definition (CRD)][20] and stored in [etcd][22]. The config custom resource specifies core information and options such as cloud provider settings. Ark also includes controllers that process the custom resources to perform backups, restores, and all related operations.
+
+You can back up or restore all objects in your cluster, or you can filter objects by type, namespace, and/or label.
+
+Ark is ideal for the disaster recovery use case, as well as for snapshotting your application state, prior to performing system operations on your cluster (e.g. upgrades).
+
+## On-demand backups
+
+The **backup** operation:
+
+1. Uploads a tarball of copied Kubernetes objects into cloud object storage.
+
+1. Calls the cloud provider API to make disk snapshots of persistent volumes, if specified.
+
+You can optionally specify hooks to be executed during the backup. For example, you might
+need to tell a database to flush its in-memory buffers to disk before taking a snapshot. [More about hooks][10].
+
+Note that cluster backups are not strictly atomic. If Kubernetes objects are being created or edited at the time of backup, they might not be included in the backup. The odds of capturing inconsistent information are low, but it is possible.
+
+## Scheduled backups
+
+The **schedule** operation allows you to back up your data at recurring intervals. The first backup is performed when the schedule is first created, and subsequent backups happen at the schedule's specified interval. These intervals are specified by a Cron expression.
+
+Scheduled backups are saved with the name `<SCHEDULE NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*.
+
+## Restores
+
+The **restore** operation allows you to restore all of the objects and persistent volumes from a previously created backup. You can also restore only a filtered subset of objects and persistent volumes. Ark supports multiple namespace remapping--for example, in a single restore, objects in namespace "abc" can be recreated under namespace "def", and the objects in namespace "123" under "456".
+
+The default name of a restore is `<BACKUP NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*. You can also specify a custom name. A restored object also includes a label with key `ark-restore` and value `<RESTORE NAME>`.
+
+You can also run the Ark server in restore-only mode, which disables backup, schedule, and garbage collection functionality during disaster recovery.
+
+## Backup workflow
+
+When you run `ark backup create test-backup`:
+
+1. The Ark client makes a call to the Kubernetes API server to create a `Backup` object.
+
+1. The `BackupController` notices the new `Backup` object and performs validation.
+
+1. The `BackupController` begins the backup process. It collects the data to back up by querying the API server for resources.
+
+1. The `BackupController` makes a call to the object storage service -- for example, AWS S3 -- to upload the backup file.
+
+By default, `ark backup create` makes disk snapshots of any persistent volumes. You can adjust the snapshots by specifying additional flags. See [the CLI help][30] for more information. Snapshots can be disabled with the option `--snapshot-volumes=false`.
+
+![19]
+
+## Set a backup to expire
+
+When you create a backup, you can specify a TTL by adding the flag `--ttl <DURATION>`. If Ark sees that an existing backup resource is expired, it removes:
+
+* The backup resource
+* The backup file from cloud object storage
+* All PersistentVolume snapshots
+* All associated Restores
+
+## Object storage sync
+
+Heptio Ark treats object storage as the source of truth. It continuously checks to see that the correct backup resources are always present. If there is a properly formatted backup file in the storage bucket, but no corresponding backup resource in the Kubernetes API, Ark synchronizes the information from object storage to Kubernetes.
+
+This allows restore functionality to work in a cluster migration scenario, where the original backup objects do not exist in the new cluster.
+
+[19]: /img/backup-process.png
+[20]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#customresourcedefinitions
+[21]: https://kubernetes.io/docs/concepts/api-extension/custom-resources/#custom-controllers
+[22]: https://github.com/coreos/etcd
+[30]: https://github.com/heptio/ark/blob/master/docs/cli-reference/ark_create_backup.md

docs/api-types/README.md

@@ -0,0 +1,7 @@
+# Table of Contents
+
+## API types
+
+* [Backup][1]
+
+[1]: backup.md

docs/api-types/backup.md

@@ -0,0 +1,138 @@
+# Backup API Type
+
+## Use
+
+The `Backup` API type is used as a request for the Ark Server to perform a backup. Once created, the
+Ark Server immediately starts the backup process.
+
+## API GroupVersion
+
+Backup belongs to the API group version `ark.heptio.com/v1`.
+
+## Definition
+
+Here is a sample `Backup` object with each of the fields documented:
+
+```yaml
+# Standard Kubernetes API Version declaration. Required.
+apiVersion: ark.heptio.com/v1
+# Standard Kubernetes Kind declaration. Required.
+kind: Backup
+# Standard Kubernetes metadata. Required.
+metadata:
+  # Backup name. May be any valid Kubernetes object name. Required.
+  name: a
+  # Backup namespace. Required. In version 0.7.0 and later, can be any string. Must be the namespace of the Ark server.
+  namespace: heptio-ark
+# Parameters about the backup. Required.
+spec:
+  # Array of namespaces to include in the backup. If unspecified, all namespaces are included.
+  # Optional.
+  includedNamespaces:
+  - '*'
+  # Array of namespaces to exclude from the backup. Optional.
+  excludedNamespaces:
+  - some-namespace
+  # Array of resources to include in the backup. Resources may be shortcuts (e.g. 'po' for 'pods')
+  # or fully-qualified. If unspecified, all resources are included. Optional.
+  includedResources:
+  - '*'
+  # Array of resources to exclude from the backup. Resources may be shortcuts (e.g. 'po' for 'pods')
+  # or fully-qualified. Optional.
+  excludedResources:
+  - storageclasses.storage.k8s.io
+  # Whether or not to include cluster-scoped resources. Valid values are true, false, and
+  # null/unset. If true, all cluster-scoped resources are included (subject to included/excluded
+  # resources and the label selector). If false, no cluster-scoped resources are included. If unset,
+  # all cluster-scoped resources are included if and only if all namespaces are included and there are
+  # no excluded namespaces. Otherwise, if there is at least one namespace specified in either
+  # includedNamespaces or excludedNamespaces, then the only cluster-scoped resources that are backed
+  # up are those associated with namespace-scoped resources included in the backup. For example, if a
+  # PersistentVolumeClaim is included in the backup, its associated PersistentVolume (which is
+  # cluster-scoped) would also be backed up.
+  includeClusterResources: null
+  # Individual objects must match this label selector to be included in the backup. Optional.
+  labelSelector:
+    matchLabels:
+      app: ark
+      component: server
+  # Whether or not to snapshot volumes. This only applies to PersistentVolumes for Azure, GCE, and
+  # AWS. Valid values are true, false, and null/unset. If unset, Ark performs snapshots as long as
+  # a persistent volume provider is configured for Ark.
+  snapshotVolumes: null
+  # The amount of time before this backup is eligible for garbage collection.
+  ttl: 24h0m0s
+  # Actions to perform at different times during a backup. The only hook currently supported is
+  # executing a command in a container in a pod using the pod exec API. Optional.
+  hooks:
+    # Array of hooks that are applicable to specific resources. Optional.
+    resources:
+      -
+        # Name of the hook. Will be displayed in backup log.
+        name: my-hook
+        # Array of namespaces to which this hook applies. If unspecified, the hook applies to all
+        # namespaces. Optional.
+        includedNamespaces:
+        - '*'
+        # Array of namespaces to which this hook does not apply. Optional.
+        excludedNamespaces:
+        - some-namespace
+        # Array of resources to which this hook applies. The only resource supported at this time is
+        # pods.
+        includedResources:
+        - pods
+        # Array of resources to which this hook does not apply. Optional.
+        excludedResources: []
+        # This hook only applies to objects matching this label selector. Optional.
+        labelSelector:
+          matchLabels:
+            app: ark
+            component: server
+        # An array of hooks to run before executing custom actions. Currently only "exec" hooks are supported.
+        # DEPRECATED. Use pre instead.
+        hooks:
+          # Same content as pre below.
+        # An array of hooks to run before executing custom actions. Currently only "exec" hooks are supported.
+        pre:
+          - 
+            # The type of hook. This must be "exec".
+            exec:
+              # The name of the container where the command will be executed. If unspecified, the
+              # first container in the pod will be used. Optional.
+              container: my-container
+              # The command to execute, specified as an array. Required.
+              command:
+                - /bin/uname
+                - -a
+              # How to handle an error executing the command. Valid values are Fail and Continue.
+              # Defaults to Fail. Optional.
+              onError: Fail
+              # How long to wait for the command to finish executing. Defaults to 30 seconds. Optional.
+              timeout: 10s
+        # An array of hooks to run after all custom actions and additional items have been
+        # processed. Currently only "exec" hooks are supported.
+        post:
+          # Same content as pre above.
+# Status about the Backup. Users should not set any data here.
+status:
+  # The date and time when the Backup is eligible for garbage collection.
+  expiration: null
+  # The current phase. Valid values are New, FailedValidation, InProgress, Completed, Failed.
+  phase: ""
+  # An array of any validation errors encountered.
+  validationErrors: null
+  # The version of this Backup. The only version currently supported is 1.
+  version: 1
+  # Information about PersistentVolumes needed during restores.
+  volumeBackups:
+    # Each key is the name of a PersistentVolume.
+    some-pv-name:
+      # The ID used by the cloud provider for the snapshot created for this Backup.
+      snapshotID: snap-1234
+      # The type of the volume in the cloud provider API.
+      type: io1
+      # The availability zone where the volume resides in the cloud provider.
+      availabilityZone: my-zone
+      # The amount of provisioned IOPS for the volume. Optional.
+      iops: 10000
+```

docs/aws-config.md

@@ -0,0 +1,273 @@
+# Run Ark on AWS
+
+To set up Ark on AWS, you:
+
+* Create your S3 bucket
+* Create an AWS IAM user for Ark
+* Configure the server
+* Create a Secret for your credentials
+
+If you do not have the `aws` CLI locally installed, follow the [user guide][5] to set it up.
+
+## Create S3 bucket
+
+Heptio Ark requires an object storage bucket to store backups in. Create an S3 bucket, replacing placeholders appropriately:
+
+```bash
+aws s3api create-bucket \
+    --bucket <YOUR_BUCKET> \
+    --region <YOUR_REGION> \
+    --create-bucket-configuration LocationConstraint=<YOUR_REGION>
+```
+NOTE: us-east-1 does not support a `LocationConstraint`.  If your region is `us-east-1`, omit the bucket configuration:
+
+```bash
+aws s3api create-bucket \
+    --bucket <YOUR_BUCKET> \
+    --region us-east-1
+```
+
+## Create IAM user
+
+For more information, see [the AWS documentation on IAM users][14].
+
+1. Create the IAM user:
+
+    ```bash
+    aws iam create-user --user-name heptio-ark
+    ```
+
+2. Attach policies to give `heptio-ark` the necessary permissions:
+
+    ```bash
+    BUCKET=<YOUR_BUCKET>
+    cat > heptio-ark-policy.json <<EOF
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "ec2:DescribeVolumes",
+                    "ec2:DescribeSnapshots",
+                    "ec2:CreateTags",
+                    "ec2:CreateVolume",
+                    "ec2:CreateSnapshot",
+                    "ec2:DeleteSnapshot"
+                ],
+                "Resource": "*"
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetObject",
+                    "s3:DeleteObject",
+                    "s3:PutObject",
+                    "s3:AbortMultipartUpload",
+                    "s3:ListMultipartUploadParts"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::${BUCKET}/*"
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:ListBucket"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::${BUCKET}"
+                ]
+            }
+        ]
+    }
+    EOF
+
+    aws iam put-user-policy \
+      --user-name heptio-ark \
+      --policy-name heptio-ark \
+      --policy-document file://heptio-ark-policy.json
+    ```
+
+3. Create an access key for the user:
+
+    ```bash
+    aws iam create-access-key --user-name heptio-ark
+    ```
+
+    The result should look like:
+
+    ```json
+     {
+        "AccessKey": {
+              "UserName": "heptio-ark",
+              "Status": "Active",
+              "CreateDate": "2017-07-31T22:24:41.576Z",
+              "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
+              "AccessKeyId": <AWS_ACCESS_KEY_ID>
+          }
+     }
+    ```
+
+4. Create an Ark-specific credentials file (`credentials-ark`) in your local directory:
+
+    ```
+    [default]
+    aws_access_key_id=<AWS_ACCESS_KEY_ID>
+    aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
+    ```
+
+    where the access key id and secret are the values returned from the `create-access-key` request.
+
+## Credentials and configuration
+
+In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
+
+```bash
+kubectl apply -f examples/common/00-prereqs.yaml
+```
+
+Create a Secret. In the directory of the credentials file you just created, run:
+
+```bash
+kubectl create secret generic cloud-credentials \
+    --namespace <ARK_NAMESPACE> \
+    --from-file cloud=credentials-ark
+```
+
+Specify the following values in the example files:
+
+* In `examples/aws/00-ark-config.yaml`:
+
+  * Replace `<YOUR_BUCKET>` and `<YOUR_REGION>` (for S3, region is optional and will be queried from the AWS S3 API if not provided). See the [Config definition][6] for details.
+
+* (Optional) If you run the nginx example, in file `examples/nginx-app/with-pv.yaml`:
+
+    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `gp2`. This is AWS's default `StorageClass` name.
+
+## Start the server
+
+In the root of your Ark directory, run:
+
+  ```bash
+  kubectl apply -f examples/aws/00-ark-config.yaml
+  kubectl apply -f examples/aws/10-deployment.yaml
+  ```
+
+## ALTERNATIVE: Setup permissions using kube2iam
+
+[Kube2iam](https://github.com/jtblin/kube2iam) is a Kubernetes application that allows managing AWS IAM permissions for pod via annotations rather than operating on API keys.
+
+> This path assumes you have `kube2iam` already running in your Kubernetes cluster. If that is not the case, please install it first, following the docs here: https://github.com/jtblin/kube2iam
+
+It can be set up for Ark by creating a role that will have required permissions, and later by adding the permissions annotation on the ark deployment to define which role it should use internally.
+
+1. Create a Trust Policy document to allow the role being used for EC2 management & assume kube2iam role:
+
+    ```bash
+    cat > heptio-ark-trust-policy.json <<EOF
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Principal": {
+                    "Service": "ec2.amazonaws.com"
+                },
+                "Action": "sts:AssumeRole"
+            },
+            {
+                "Effect": "Allow",
+                "Principal": {
+                    "AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<ROLE_CREATED_WHEN_INITIALIZING_KUBE2IAM>"
+                },
+                "Action": "sts:AssumeRole"
+            }
+        ]
+    }
+    EOF
+    ```
+
+2. Create the IAM role:
+
+    ```bash
+    aws iam create-role --role-name heptio-ark --assume-role-policy-document file://./heptio-ark-trust-policy.json
+    ```
+
+3. Attach policies to give `heptio-ark` the necessary permissions:
+
+    ```bash
+    BUCKET=<YOUR_BUCKET>
+    cat > heptio-ark-policy.json <<EOF
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "ec2:DescribeVolumes",
+                    "ec2:DescribeSnapshots",
+                    "ec2:CreateTags",
+                    "ec2:CreateVolume",
+                    "ec2:CreateSnapshot",
+                    "ec2:DeleteSnapshot"
+                ],
+                "Resource": "*"
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetObject",
+                    "s3:DeleteObject",
+                    "s3:PutObject",
+                    "s3:AbortMultipartUpload",
+                    "s3:ListMultipartUploadParts"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::${BUCKET}/*"
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:ListBucket"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::${BUCKET}"
+                ]
+            }
+        ]
+    }
+    EOF
+
+    aws iam put-role-policy \
+      --role-name heptio-ark \
+      --policy-name heptio-ark-policy \
+      --policy-document file://./heptio-ark-policy.json
+    ```
+4. Update AWS_ACCOUNT_ID & HEPTIO_ARK_ROLE_NAME in the file `examples/aws/10-deployment-kube2iam.yaml`:
+
+    ```
+    ---
+    apiVersion: apps/v1beta1
+    kind: Deployment
+    metadata:
+        namespace: heptio-ark
+        name: ark
+    spec:
+        replicas: 1
+        template:
+            metadata:
+                labels:
+                    component: ark
+                annotations:
+                    iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_ID>:role/heptio-ark
+    ...
+    ```
+
+5. Run Ark deployment using the file `examples/aws/10-deployment-kube2iam.yaml`.
+
+[0]: namespace.md
+[5]: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
+[6]: config-definition.md#aws
+[14]: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

docs/azure-config.md

@@ -0,0 +1,168 @@
+# Run Ark on Azure
+
+To configure Ark on Azure, you:
+
+* Create your Azure storage account and blob container
+* Create Azure service principal for Ark
+* Configure the server
+* Create a Secret for your credentials
+
+If you do not have the `az` Azure CLI 2.0 installed locally, follow the [install guide][18] to set it up. 
+
+Run:
+
+```bash
+az login
+```
+
+## Kubernetes cluster prerequisites
+
+Ensure that the VMs for your agent pool allow Managed Disks. If I/O performance is critical,
+consider using Premium Managed Disks, which are SSD backed.
+
+## Create Azure storage account and blob container
+
+Heptio Ark requires a storage account and blob container in which to store backups.
+
+The storage account can be created in the same Resource Group as your Kubernetes cluster or
+separated into its own Resource Group. The example below shows the storage account created in a
+separate `Ark_Backups` Resource Group.
+
+The storage account needs to be created with a globally unique id since this is used for dns. In
+the sample script below, we're generating a random name using `uuidgen`, but you can come up with 
+this name however you'd like, following the [Azure naming rules for storage accounts][19]. The 
+storage account is created with encryption at rest capabilities (Microsoft managed keys) and is 
+configured to only allow access via https.
+
+```bash
+# Create a resource group for the backups storage account. Change the location as needed.
+AZURE_BACKUP_RESOURCE_GROUP=Ark_Backups
+az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location WestUS
+
+# Create the storage account
+AZURE_STORAGE_ACCOUNT_ID="ark$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')"
+az storage account create \
+    --name $AZURE_STORAGE_ACCOUNT_ID \
+    --resource-group $AZURE_BACKUP_RESOURCE_GROUP \
+    --sku Standard_GRS \
+    --encryption-services blob \
+    --https-only true \
+    --kind BlobStorage \
+    --access-tier Hot
+
+# Create the blob container named "ark". Feel free to use a different name; you'll need to
+# adjust the `bucket` field under `backupStorageProvider` in the Ark Config accordingly if you do.
+az storage container create -n ark --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID
+
+# Obtain the storage access key for the storage account just created
+AZURE_STORAGE_KEY=`az storage account keys list \
+    --account-name $AZURE_STORAGE_ACCOUNT_ID \
+    --resource-group $AZURE_BACKUP_RESOURCE_GROUP \
+    --query '[0].value' \
+    -o tsv`
+```
+
+## Create service principal
+
+To integrate Ark with Azure, you must create an Ark-specific [service principal][17]. Note that seven environment variables must be set for Ark to work properly.
+
+1. Obtain your Azure Account Subscription ID and Tenant ID:
+
+    ```bash
+    AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv`
+    AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv`
+    ```
+
+1. Set the name of the Resource Group that contains your Kubernetes cluster.
+
+    ```bash
+    # Make sure this is the name of the second resource group. See warning.
+    AZURE_RESOURCE_GROUP=<NAME_OF_RESOURCE_GROUP_2>
+    ```
+
+    WARNING: `AZURE_RESOURCE_GROUP` must be set to the name of the second resource group that is created when you provision your cluster in Azure. Your cluster is provisioned in the resource group that you specified when you created the cluster. Your disks, however, are provisioned in the second resource group.
+
+    If you are unsure of the Resource Group name, run the following command to get a list that you can select from. Then set the `AZURE_RESOURCE_GROUP` environment variable to the appropriate value.
+
+    ```bash
+    az group list --query '[].{ ResourceGroup: name, Location:location }'
+    ```
+
+    Get your cluster's Resource Group name from the `ResourceGroup` value in the response, and use it to set `$AZURE_RESOURCE_GROUP`.
+
+1. Create a service principal with `Contributor` role. This will have subscription-wide access, so protect this credential. You can specify a password or let the `az ad sp create-for-rbac` command create one for you.
+
+    ```bash
+    # Create service principal and specify your own password
+    AZURE_CLIENT_SECRET=super_secret_and_high_entropy_password_replace_me_with_your_own
+    az ad sp create-for-rbac --name "heptio-ark" --role "Contributor" --password $AZURE_CLIENT_SECRET
+
+    # Or create service principal and let the CLI generate a password for you. Make sure to capture the password.
+    AZURE_CLIENT_SECRET=`az ad sp create-for-rbac --name "heptio-ark" --role "Contributor" --query 'password' -o tsv`
+
+    # After creating the service principal, obtain the client id
+    AZURE_CLIENT_ID=`az ad sp list --display-name "heptio-ark" --query '[0].appId' -o tsv`
+    ```
+
+## Credentials and configuration
+
+In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML file to specify the namespace. See [Run in custom namespace][0].
+
+```bash
+kubectl apply -f examples/common/00-prereqs.yaml
+```
+
+Now you need to create a Secret that contains all the seven environment variables you just set. The command looks like the following:
+
+```bash
+kubectl create secret generic cloud-credentials \
+    --namespace <ARK_NAMESPACE> \
+    --from-literal AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \
+    --from-literal AZURE_TENANT_ID=${AZURE_TENANT_ID} \
+    --from-literal AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} \
+    --from-literal AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
+    --from-literal AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
+    --from-literal AZURE_STORAGE_ACCOUNT_ID=${AZURE_STORAGE_ACCOUNT_ID} \
+    --from-literal AZURE_STORAGE_KEY=${AZURE_STORAGE_KEY}
+```
+
+Now that you have your Azure credentials stored in a Secret, you need to replace some placeholder values in the template files. Specifically, you need to change the following:
+
+* In file `examples/azure/10-ark-config.yaml`:
+
+  * Replace `<YOUR_BUCKET>` and `<YOUR_TIMEOUT>`. See the [Config definition][8] for details.
+
+Here is an example of a completed file.
+
+```yaml
+apiVersion: ark.heptio.com/v1
+kind: Config
+metadata:
+  namespace: heptio-ark
+  name: default
+persistentVolumeProvider:
+  name: azure
+  config:
+    apiTimeout: 15m
+backupStorageProvider:
+  name: azure
+  bucket: ark
+backupSyncPeriod: 30m
+gcSyncPeriod: 30m
+scheduleSyncPeriod: 1m
+restoreOnlyMode: false
+```
+
+## Start the server
+
+In the root of your Ark directory, run:
+
+  ```bash
+  kubectl apply -f examples/azure/
+  ```
+
+  [0]: namespace.md
+  [8]: config-definition.md#azure
+  [17]: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects
+  [18]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
+  [19]: https://docs.microsoft.com/en-us/azure/architecture/best-practices/naming-conventions#storage

docs/build-from-scratch.md

@@ -1,17 +1,20 @@
-# Build From Scratch
+# Build from source
 
-While the [README][0] pulls from the Heptio image registry, you can also build your own Heptio Ark container with the following steps:
+* [Prerequisites][1]
+* [Download][2]
+* [Build][3]
+* [Test][12]
+* [Run][7]
+* [Vendoring dependencies][10]
 
-* [0. Prerequisites][1]
-* [1. Download][2]
-* [2. Build][3]
-* [3. Run][7]
+## Prerequisites
 
-## 0. Prerequisites
+* Access to a Kubernetes cluster, version 1.7 or later. Version 1.7.5 or later is required to run `ark backup delete`.
+* A DNS server on the cluster
+* `kubectl` installed
+* [Go][5] installed (minimum version 1.8)
 
-In addition to the handling the prerequisites mentioned in the [Quickstart][4], you should have [Go][5] installed (minimum version 1.8).
-
-## 1. Download
+## Download
 
 Install with go:
 ```
@@ -19,38 +22,99 @@ go get github.com/heptio/ark
 ```
 The files are installed in `$GOPATH/src/github.com/heptio/ark`.
 
-## 2. Build
+## Build
 
-Set the `$REGISTRY` environment variable (used in the `Makefile`) if you want to push the Heptio Ark images to your own registry. This allows any node in your cluster to pull your locally built image.
+You can build your Ark image locally on the machine where you run your cluster, or you can push it to a private registry. This section covers both workflows.
 
-`$PROJECT` and `$VERSION` environment variables are also specified in the `Makefile`, and can be similarly modified as desired.
+Set the `$REGISTRY` environment variable (used in the `Makefile`) to push the Heptio Ark images to your own registry. This allows any node in your cluster to pull your locally built image.
+
+In the Ark root directory, to build your container with the tag `$REGISTRY/ark:$VERSION`, run:
 
-Run the following in the Ark root directory to build your container with the tag `$REGISTRY/$PROJECT:$VERSION`:
 ```
-sudo make all
+make container
 ```
 
 To push your image to a registry, use `make push`.
 
-## 3. Run
+### Update generated files
+
+The following files are automatically generated from the source code:
+
+* The clientset
+* Listers
+* Shared informers
+* Documentation
+* Protobuf/gRPC types
+
+If you make any of the following changes, you must run `make update` to regenerate
+the files:
+
+* Add/edit/remove command line flags and/or their help text
+* Add/edit/remove commands or subcommands
+* Add new API types
+
+If you make the following change, you must run [generate-proto.sh][13] to regenerate files:
+
+* Add/edit/remove protobuf message or service definitions. These changes require the [proto compiler][14]. 
+
+### Cross compiling
+
+By default, `make` builds an `ark` binary that runs on your host operating system and architecture. 
+To build for another platform, run `make build-<GOOS>-<GOARCH`.
+For example, to build for the Mac, run `make build-darwin-amd64`.
+All binaries are placed in `_output/bin/<GOOS>/<GOARCH>`-- for example, `_output/bin/darwin/amd64/ark`.
+
+Ark's `Makefile` has a convenience target, `all-build`, that builds the following platforms:
+* linux-amd64
+* linux-arm
+* linux-arm64
+* darwin-amd64
+* windows-amd64
+
+## 3. Test
+
+To run unit tests, use `make test`. You can also run `make verify` to ensure that all generated
+files (clientset, listers, shared informers, docs) are up to date.
+
+## 4. Run
+
 When running Heptio Ark, you will need to account for the following (all of which are handled in the [`/examples`][6] manifests):
+
 * Appropriate RBAC permissions in the cluster
-  * *Read access* for all data from the source cluster and namespaces
-  * *Write access* to the target cluster and namespaces
+  * Read access for all data from the source cluster and namespaces
+  * Write access to the target cluster and namespaces
 * Cloud provider credentials
-  * *Read/write access* to volumes
-  * *Read/write access* to object storage for backup data
+  * Read/write access to volumes
+  * Read/write access to object storage for backup data
 * A [Config object][8] definition for the Ark server
 
-See [Cloud Provider Specifics][9] for a more detailed guide.
+See [Cloud Provider Specifics][9] for more details.
+
+### Specifying your image
+
+When your Ark deployment is up and running, you must replace the Heptio-provided Ark image with the image that you built. Run:
+
+```
+kubectl set image deployment/ark ark=$REGISTRY/ark:$VERSION
+```
+where `$REGISTRY` and `$VERSION` are the values that you built with.
+
+## 5. Vendoring dependencies
+
+If you need to add or update the vendored dependencies, see [Vendoring dependencies][11].
 
 [0]: ../README.md
-[1]: #0-prerequisites
-[2]: #1-download
-[3]: #2-build
+[1]: #prerequisites
+[2]: #download
+[3]: #build
 [4]: ../README.md#quickstart
 [5]: https://golang.org/doc/install
-[6]: /examples
-[7]: #3-run
-[8]: reference.md#ark-config-definition
-[9]: cloud-provider-specifics.md
+[6]: https://github.com/heptio/ark/tree/master/examples
+[7]: #run
+[8]: config-definition.md
+[9]: cloud-common.md
+[10]: #vendoring-dependencies
+[11]: vendoring-dependencies.md
+[12]: #test
+[13]: https://github.com/heptio/ark/blob/master/hack/generate-proto.sh
+[14]: https://grpc.io/docs/quickstart/go.html#install-protocol-buffers-v3

docs/cli-reference/README.md

@@ -2,20 +2,19 @@
 
 The Ark client provides a CLI that allows you to initiate ad-hoc backups, scheduled backups, or restores.
 
-*The files in this directory enumerate each of the possible `ark` commands and their flags. Note that you can also find this info with the CLI itself, using the `--help` flag.*
+[The files in the CLI reference directory][1] in the repository enumerate each of the possible `ark` commands and their flags. 
+This information is available in the CLI, using the `--help` flag.
 
 ## Running the client
 
-While it is possible to build and run the `ark` executable yourself, it is recommended to use the containerized version. Use the alias described in the quickstart:
-
-```
-alias ark='docker run --rm -u $(id -u) -v $(dirname $KUBECONFIG):/kubeconfig -e KUBECONFIG=/kubeconfig/$(basename $KUBECONFIG) gcr.io/heptio-images/ark:latest'
-```
-
-Assuming that your `KUBECONFIG` variable is set, this alias takes care of specifying the appropriate Kubernetes cluster credentials for you.
+We recommend that you [download a pre-built release][26], but you can also build and run the `ark` executable. 
 
 ## Kubernetes cluster credentials
+
 In general, Ark will search for your cluster credentials in the following order:
 * `--kubeconfig` command line flag
 * `$KUBECONFIG` environment variable
 * In-cluster credentials--this only works when you are running Ark in a pod
+
+[1]: https://github.com/heptio/ark/tree/master/docs/cli-reference
+[26]: https://github.com/heptio/ark/releases

docs/cli-reference/ark.md

@@ -5,19 +5,25 @@ Back up and restore Kubernetes cluster resources.
 ### Synopsis
 
 
-Heptio Ark is a tool for managing disaster recovery, specifically for
-Kubernetes cluster resources. It provides a simple, configurable,
-and operationally robust way to back up your application state and
-associated data.
+Heptio Ark is a tool for managing disaster recovery, specifically for Kubernetes
+cluster resources. It provides a simple, configurable, and operationally robust
+way to back up your application state and associated data.
+
+If you're familiar with kubectl, Ark supports a similar model, allowing you to
+execute commands such as 'ark get backup' and 'ark create schedule'. The same
+operations can also be performed as 'ark backup get' and 'ark schedule create'.
 
 ### Options
 
 ```
       --alsologtostderr                  log to standard error as well as files
+  -h, --help                             help for ark
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
@@ -25,6 +31,14 @@ associated data.
 
 ### SEE ALSO
 * [ark backup](ark_backup.md)	 - Work with backups
+* [ark client](ark_client.md)	 - Ark client related commands
+* [ark completion](ark_completion.md)	 - Output shell completion code for the specified shell (bash or zsh)
+* [ark create](ark_create.md)	 - Create ark resources
+* [ark delete](ark_delete.md)	 - Delete ark resources
+* [ark describe](ark_describe.md)	 - Describe ark resources
+* [ark get](ark_get.md)	 - Get ark resources
+* [ark plugin](ark_plugin.md)	 - Work with plugins
+* [ark restic](ark_restic.md)	 - Work with restic
 * [ark restore](ark_restore.md)	 - Work with restores
 * [ark schedule](ark_schedule.md)	 - Work with schedules
 * [ark server](ark_server.md)	 - Run the ark server

docs/cli-reference/ark_backup.md

@@ -7,14 +7,22 @@ Work with backups
 
 Work with backups
 
+### Options
+
+```
+  -h, --help   help for backup
+```
+
 ### Options inherited from parent commands
 
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
@@ -23,5 +31,9 @@ Work with backups
 ### SEE ALSO
 * [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
 * [ark backup create](ark_backup_create.md)	 - Create a backup
+* [ark backup delete](ark_backup_delete.md)	 - Delete a backup
+* [ark backup describe](ark_backup_describe.md)	 - Describe backups
+* [ark backup download](ark_backup_download.md)	 - Download a backup
 * [ark backup get](ark_backup_get.md)	 - Get backups
+* [ark backup logs](ark_backup_logs.md)	 - Get backup logs
 

docs/cli-reference/ark_backup_create.md

@@ -8,23 +8,25 @@ Create a backup
 Create a backup
 
 ```
-ark backup create NAME
+ark backup create NAME [flags]
 ```
 
 ### Options
 
 ```
-      --exclude-namespaces stringArray   namespaces to exclude from the backup
-      --exclude-resources stringArray    resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
-      --include-namespaces stringArray   namespaces to include in the backup (use '*' for all namespaces) (default *)
-      --include-resources stringArray    resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
-      --label-columns stringArray        a comma-separated list of labels to be displayed as columns
-      --labels mapStringString           labels to apply to the backup
-  -o, --output string                    Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
-  -l, --selector labelSelector           only back up resources matching this label selector (default <none>)
-      --show-labels                      show labels in the last column
-      --snapshot-volumes                 take snapshots of PersistentVolumes as part of the backup
-      --ttl duration                     how long before the backup can be garbage collected (default 24h0m0s)
+      --exclude-namespaces stringArray                  namespaces to exclude from the backup
+      --exclude-resources stringArray                   resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
+  -h, --help                                            help for create
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the backup
+      --include-namespaces stringArray                  namespaces to include in the backup (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the backup
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+  -l, --selector labelSelector                          only back up resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
+      --snapshot-volumes optionalBool[=true]            take snapshots of PersistentVolumes as part of the backup
+      --ttl duration                                    how long before the backup can be garbage collected (default 720h0m0s)
 ```
 
 ### Options inherited from parent commands
@@ -32,9 +34,11 @@ ark backup create NAME
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_backup_delete.md

@@ -0,0 +1,38 @@
+## ark backup delete
+
+Delete a backup
+
+### Synopsis
+
+
+Delete a backup
+
+```
+ark backup delete NAME [flags]
+```
+
+### Options
+
+```
+      --confirm   Confirm deletion
+  -h, --help      help for delete
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark backup](ark_backup.md)	 - Work with backups
+

docs/cli-reference/ark_backup_describe.md

@@ -0,0 +1,39 @@
+## ark backup describe
+
+Describe backups
+
+### Synopsis
+
+
+Describe backups
+
+```
+ark backup describe [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for describe
+  -l, --selector string   only show items matching this label selector
+      --volume-details    display details of restic volume backups
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark backup](ark_backup.md)	 - Work with backups
+

docs/cli-reference/ark_backup_download.md

@@ -0,0 +1,40 @@
+## ark backup download
+
+Download a backup
+
+### Synopsis
+
+
+Download a backup
+
+```
+ark backup download NAME [flags]
+```
+
+### Options
+
+```
+      --force              forces the download and will overwrite file if it exists already
+  -h, --help               help for download
+  -o, --output string      path to output file. Defaults to <NAME>-data.tar.gz in the current directory
+      --timeout duration   maximum time to wait to process download request (default 1m0s)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark backup](ark_backup.md)	 - Work with backups
+

docs/cli-reference/ark_backup_get.md

@@ -8,12 +8,13 @@ Get backups
 Get backups
 
 ```
-ark backup get
+ark backup get [flags]
 ```
 
 ### Options
 
 ```
+  -h, --help                        help for get
       --label-columns stringArray   a comma-separated list of labels to be displayed as columns
   -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
   -l, --selector string             only show items matching this label selector
@@ -25,9 +26,11 @@ ark backup get
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_backup_logs.md

@@ -0,0 +1,38 @@
+## ark backup logs
+
+Get backup logs
+
+### Synopsis
+
+
+Get backup logs
+
+```
+ark backup logs BACKUP [flags]
+```
+
+### Options
+
+```
+  -h, --help               help for logs
+      --timeout duration   how long to wait to receive logs (default 1m0s)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark backup](ark_backup.md)	 - Work with backups
+

docs/cli-reference/ark_client.md

@@ -0,0 +1,34 @@
+## ark client
+
+Ark client related commands
+
+### Synopsis
+
+
+Ark client related commands
+
+### Options
+
+```
+  -h, --help   help for client
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark client config](ark_client_config.md)	 - Get and set client configuration file values
+

docs/cli-reference/ark_client_config.md

@@ -0,0 +1,35 @@
+## ark client config
+
+Get and set client configuration file values
+
+### Synopsis
+
+
+Get and set client configuration file values
+
+### Options
+
+```
+  -h, --help   help for config
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark client](ark_client.md)	 - Ark client related commands
+* [ark client config get](ark_client_config_get.md)	 - Get client configuration file values
+* [ark client config set](ark_client_config_set.md)	 - Set client configuration file values
+

docs/cli-reference/ark_client_config_get.md

@@ -0,0 +1,37 @@
+## ark client config get
+
+Get client configuration file values
+
+### Synopsis
+
+
+Get client configuration file values
+
+```
+ark client config get [KEY 1] [KEY 2] [...] [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for get
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark client config](ark_client_config.md)	 - Get and set client configuration file values
+

docs/cli-reference/ark_client_config_set.md

@@ -0,0 +1,37 @@
+## ark client config set
+
+Set client configuration file values
+
+### Synopsis
+
+
+Set client configuration file values
+
+```
+ark client config set KEY=VALUE [KEY=VALUE]... [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for set
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark client config](ark_client_config.md)	 - Get and set client configuration file values
+

docs/cli-reference/ark_completion.md

@@ -0,0 +1,46 @@
+## ark completion
+
+Output shell completion code for the specified shell (bash or zsh)
+
+### Synopsis
+
+
+Generate shell completion code.
+
+Auto completion supports both bash and zsh. Output is to STDOUT.
+
+Load the ark completion code for bash into the current shell -
+source <(ark completion bash)
+
+Load the ark completion code for zsh into the current shell -
+source <(ark completion zsh)
+
+
+```
+ark completion SHELL [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for completion
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+

docs/cli-reference/ark_create.md

@@ -0,0 +1,36 @@
+## ark create
+
+Create ark resources
+
+### Synopsis
+
+
+Create ark resources
+
+### Options
+
+```
+  -h, --help   help for create
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark create backup](ark_create_backup.md)	 - Create a backup
+* [ark create restore](ark_create_restore.md)	 - Create a restore
+* [ark create schedule](ark_create_schedule.md)	 - Create a schedule
+

docs/cli-reference/ark_create_backup.md

@@ -0,0 +1,49 @@
+## ark create backup
+
+Create a backup
+
+### Synopsis
+
+
+Create a backup
+
+```
+ark create backup NAME [flags]
+```
+
+### Options
+
+```
+      --exclude-namespaces stringArray                  namespaces to exclude from the backup
+      --exclude-resources stringArray                   resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
+  -h, --help                                            help for backup
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the backup
+      --include-namespaces stringArray                  namespaces to include in the backup (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the backup
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+  -l, --selector labelSelector                          only back up resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
+      --snapshot-volumes optionalBool[=true]            take snapshots of PersistentVolumes as part of the backup
+      --ttl duration                                    how long before the backup can be garbage collected (default 720h0m0s)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark create](ark_create.md)	 - Create ark resources
+

docs/cli-reference/ark_create_restore.md

@@ -0,0 +1,60 @@
+## ark create restore
+
+Create a restore
+
+### Synopsis
+
+
+Create a restore
+
+```
+ark create restore [RESTORE_NAME] --from-backup BACKUP_NAME [flags]
+```
+
+### Examples
+
+```
+  # create a restore named "restore-1" from backup "backup-1"
+  ark restore create restore-1 --from-backup backup-1
+
+  # create a restore with a default name ("backup-1-<timestamp>") from backup "backup-1"
+  ark restore create --from-backup backup-1
+```
+
+### Options
+
+```
+      --exclude-namespaces stringArray                  namespaces to exclude from the restore
+      --exclude-resources stringArray                   resources to exclude from the restore, formatted as resource.group, such as storageclasses.storage.k8s.io
+      --from-backup string                              backup to restore from
+  -h, --help                                            help for restore
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the restore
+      --include-namespaces stringArray                  namespaces to include in the restore (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the restore, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the restore
+      --namespace-mappings mapStringString              namespace mappings from name in the backup to desired restored name in the form src1:dst1,src2:dst2,...
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+      --restore-volumes optionalBool[=true]             whether to restore volumes from snapshots
+  -l, --selector labelSelector                          only restore resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark create](ark_create.md)	 - Create ark resources
+

docs/cli-reference/ark_create_schedule.md

@@ -0,0 +1,64 @@
+## ark create schedule
+
+Create a schedule
+
+### Synopsis
+
+
+The --schedule flag is required, in cron notation:
+
+| Character Position | Character Period | Acceptable Values |
+| -------------------|:----------------:| -----------------:|
+| 1                  | Minute           | 0-59,*            |
+| 2                  | Hour             | 0-23,*            |
+| 3                  | Day of Month     | 1-31,*            |
+| 4                  | Month            | 1-12,*            |
+| 5                  | Day of Week      | 0-7,*             |
+
+```
+ark create schedule NAME --schedule [flags]
+```
+
+### Examples
+
+```
+ark create schedule NAME --schedule="0 */6 * * *"
+```
+
+### Options
+
+```
+      --exclude-namespaces stringArray                  namespaces to exclude from the backup
+      --exclude-resources stringArray                   resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
+  -h, --help                                            help for schedule
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the backup
+      --include-namespaces stringArray                  namespaces to include in the backup (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the backup
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+      --schedule string                                 a cron expression specifying a recurring schedule for this backup to run
+  -l, --selector labelSelector                          only back up resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
+      --snapshot-volumes optionalBool[=true]            take snapshots of PersistentVolumes as part of the backup
+      --ttl duration                                    how long before the backup can be garbage collected (default 720h0m0s)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark create](ark_create.md)	 - Create ark resources
+

docs/cli-reference/ark_delete.md

@@ -0,0 +1,36 @@
+## ark delete
+
+Delete ark resources
+
+### Synopsis
+
+
+Delete ark resources
+
+### Options
+
+```
+  -h, --help   help for delete
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark delete backup](ark_delete_backup.md)	 - Delete a backup
+* [ark delete restore](ark_delete_restore.md)	 - Delete a restore
+* [ark delete schedule](ark_delete_schedule.md)	 - Delete a schedule
+

docs/cli-reference/ark_delete_backup.md

@@ -0,0 +1,38 @@
+## ark delete backup
+
+Delete a backup
+
+### Synopsis
+
+
+Delete a backup
+
+```
+ark delete backup NAME [flags]
+```
+
+### Options
+
+```
+      --confirm   Confirm deletion
+  -h, --help      help for backup
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark delete](ark_delete.md)	 - Delete ark resources
+

docs/cli-reference/ark_delete_restore.md

@@ -0,0 +1,37 @@
+## ark delete restore
+
+Delete a restore
+
+### Synopsis
+
+
+Delete a restore
+
+```
+ark delete restore NAME [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for restore
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark delete](ark_delete.md)	 - Delete ark resources
+

docs/cli-reference/ark_delete_schedule.md

@@ -0,0 +1,37 @@
+## ark delete schedule
+
+Delete a schedule
+
+### Synopsis
+
+
+Delete a schedule
+
+```
+ark delete schedule NAME [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for schedule
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark delete](ark_delete.md)	 - Delete ark resources
+

docs/cli-reference/ark_describe.md

@@ -0,0 +1,36 @@
+## ark describe
+
+Describe ark resources
+
+### Synopsis
+
+
+Describe ark resources
+
+### Options
+
+```
+  -h, --help   help for describe
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark describe backups](ark_describe_backups.md)	 - Describe backups
+* [ark describe restores](ark_describe_restores.md)	 - Describe restores
+* [ark describe schedules](ark_describe_schedules.md)	 - Describe schedules
+

docs/cli-reference/ark_describe_backups.md

@@ -0,0 +1,39 @@
+## ark describe backups
+
+Describe backups
+
+### Synopsis
+
+
+Describe backups
+
+```
+ark describe backups [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for backups
+  -l, --selector string   only show items matching this label selector
+      --volume-details    display details of restic volume backups
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark describe](ark_describe.md)	 - Describe ark resources
+

docs/cli-reference/ark_describe_restores.md

@@ -0,0 +1,39 @@
+## ark describe restores
+
+Describe restores
+
+### Synopsis
+
+
+Describe restores
+
+```
+ark describe restores [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for restores
+  -l, --selector string   only show items matching this label selector
+      --volume-details    display details of restic volume restores
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark describe](ark_describe.md)	 - Describe ark resources
+

docs/cli-reference/ark_describe_schedules.md

@@ -0,0 +1,38 @@
+## ark describe schedules
+
+Describe schedules
+
+### Synopsis
+
+
+Describe schedules
+
+```
+ark describe schedules [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for schedules
+  -l, --selector string   only show items matching this label selector
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark describe](ark_describe.md)	 - Describe ark resources
+

docs/cli-reference/ark_get.md

@@ -0,0 +1,36 @@
+## ark get
+
+Get ark resources
+
+### Synopsis
+
+
+Get ark resources
+
+### Options
+
+```
+  -h, --help   help for get
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark get backups](ark_get_backups.md)	 - Get backups
+* [ark get restores](ark_get_restores.md)	 - Get restores
+* [ark get schedules](ark_get_schedules.md)	 - Get schedules
+

docs/cli-reference/ark_get_backups.md

@@ -0,0 +1,41 @@
+## ark get backups
+
+Get backups
+
+### Synopsis
+
+
+Get backups
+
+```
+ark get backups [flags]
+```
+
+### Options
+
+```
+  -h, --help                        help for backups
+      --label-columns stringArray   a comma-separated list of labels to be displayed as columns
+  -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
+  -l, --selector string             only show items matching this label selector
+      --show-labels                 show labels in the last column
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark get](ark_get.md)	 - Get ark resources
+

docs/cli-reference/ark_get_restores.md

@@ -0,0 +1,41 @@
+## ark get restores
+
+Get restores
+
+### Synopsis
+
+
+Get restores
+
+```
+ark get restores [flags]
+```
+
+### Options
+
+```
+  -h, --help                        help for restores
+      --label-columns stringArray   a comma-separated list of labels to be displayed as columns
+  -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
+  -l, --selector string             only show items matching this label selector
+      --show-labels                 show labels in the last column
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark get](ark_get.md)	 - Get ark resources
+

docs/cli-reference/ark_get_schedules.md

@@ -0,0 +1,41 @@
+## ark get schedules
+
+Get schedules
+
+### Synopsis
+
+
+Get schedules
+
+```
+ark get schedules [flags]
+```
+
+### Options
+
+```
+  -h, --help                        help for schedules
+      --label-columns stringArray   a comma-separated list of labels to be displayed as columns
+  -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
+  -l, --selector string             only show items matching this label selector
+      --show-labels                 show labels in the last column
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark get](ark_get.md)	 - Get ark resources
+

docs/cli-reference/ark_plugin.md

@@ -0,0 +1,35 @@
+## ark plugin
+
+Work with plugins
+
+### Synopsis
+
+
+Work with plugins
+
+### Options
+
+```
+  -h, --help   help for plugin
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark plugin add](ark_plugin_add.md)	 - Add a plugin
+* [ark plugin remove](ark_plugin_remove.md)	 - Remove a plugin
+

docs/cli-reference/ark_plugin_add.md

@@ -0,0 +1,38 @@
+## ark plugin add
+
+Add a plugin
+
+### Synopsis
+
+
+Add a plugin
+
+```
+ark plugin add IMAGE [flags]
+```
+
+### Options
+
+```
+  -h, --help                help for add
+      --image-pull-policy   the imagePullPolicy for the plugin container. Valid values are Always, IfNotPresent, Never. (default IfNotPresent)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark plugin](ark_plugin.md)	 - Work with plugins
+

docs/cli-reference/ark_plugin_remove.md

@@ -0,0 +1,37 @@
+## ark plugin remove
+
+Remove a plugin
+
+### Synopsis
+
+
+Remove a plugin
+
+```
+ark plugin remove [NAME | IMAGE] [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for remove
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark plugin](ark_plugin.md)	 - Work with plugins
+

docs/cli-reference/ark_restic.md

@@ -0,0 +1,35 @@
+## ark restic
+
+Work with restic
+
+### Synopsis
+
+
+Work with restic
+
+### Options
+
+```
+  -h, --help   help for restic
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
+* [ark restic repo](ark_restic_repo.md)	 - Work with restic repositories
+* [ark restic server](ark_restic_server.md)	 - Run the ark restic server
+

docs/cli-reference/ark_restic_repo.md

@@ -0,0 +1,34 @@
+## ark restic repo
+
+Work with restic repositories
+
+### Synopsis
+
+
+Work with restic repositories
+
+### Options
+
+```
+  -h, --help   help for repo
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark restic](ark_restic.md)	 - Work with restic
+* [ark restic repo get](ark_restic_repo_get.md)	 - Get restic repositories
+

docs/cli-reference/ark_restic_repo_get.md

@@ -0,0 +1,41 @@
+## ark restic repo get
+
+Get restic repositories
+
+### Synopsis
+
+
+Get restic repositories
+
+```
+ark restic repo get [flags]
+```
+
+### Options
+
+```
+  -h, --help                        help for get
+      --label-columns stringArray   a comma-separated list of labels to be displayed as columns
+  -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
+  -l, --selector string             only show items matching this label selector
+      --show-labels                 show labels in the last column
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark restic repo](ark_restic_repo.md)	 - Work with restic repositories
+

docs/cli-reference/ark_restic_server.md

@@ -0,0 +1,38 @@
+## ark restic server
+
+Run the ark restic server
+
+### Synopsis
+
+
+Run the ark restic server
+
+```
+ark restic server [flags]
+```
+
+### Options
+
+```
+  -h, --help        help for server
+      --log-level   the level at which to log. Valid values are debug, info, warning, error, fatal, panic. (default info)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark restic](ark_restic.md)	 - Work with restic
+

docs/cli-reference/ark_restore.md

@@ -7,14 +7,22 @@ Work with restores
 
 Work with restores
 
+### Options
+
+```
+  -h, --help   help for restore
+```
+
 ### Options inherited from parent commands
 
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
@@ -24,5 +32,7 @@ Work with restores
 * [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
 * [ark restore create](ark_restore_create.md)	 - Create a restore
 * [ark restore delete](ark_restore_delete.md)	 - Delete a restore
-* [ark restore get](ark_restore_get.md)	 - get restores
+* [ark restore describe](ark_restore_describe.md)	 - Describe restores
+* [ark restore get](ark_restore_get.md)	 - Get restores
+* [ark restore logs](ark_restore_logs.md)	 - Get restore logs
 

docs/cli-reference/ark_restore_create.md

@@ -8,20 +8,36 @@ Create a restore
 Create a restore
 
 ```
-ark restore create BACKUP
+ark restore create [RESTORE_NAME] --from-backup BACKUP_NAME [flags]
+```
+
+### Examples
+
+```
+  # create a restore named "restore-1" from backup "backup-1"
+  ark restore create restore-1 --from-backup backup-1
+
+  # create a restore with a default name ("backup-1-<timestamp>") from backup "backup-1"
+  ark restore create --from-backup backup-1
 ```
 
 ### Options
 
 ```
-      --label-columns stringArray            a comma-separated list of labels to be displayed as columns
-      --labels mapStringString               labels to apply to the restore
-      --namespace-mappings mapStringString   namespace mappings from name in the backup to desired restored name in the form src1:dst1,src2:dst2,...
-      --namespaces stringArray               comma-separated list of namespaces to restore
-  -o, --output string                        Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
-      --restore-volumes                      whether to restore volumes from snapshots
-  -l, --selector labelSelector               only restore resources matching this label selector (default <none>)
-      --show-labels                          show labels in the last column
+      --exclude-namespaces stringArray                  namespaces to exclude from the restore
+      --exclude-resources stringArray                   resources to exclude from the restore, formatted as resource.group, such as storageclasses.storage.k8s.io
+      --from-backup string                              backup to restore from
+  -h, --help                                            help for create
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the restore
+      --include-namespaces stringArray                  namespaces to include in the restore (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the restore, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the restore
+      --namespace-mappings mapStringString              namespace mappings from name in the backup to desired restored name in the form src1:dst1,src2:dst2,...
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+      --restore-volumes optionalBool[=true]             whether to restore volumes from snapshots
+  -l, --selector labelSelector                          only restore resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
 ```
 
 ### Options inherited from parent commands
@@ -29,9 +45,11 @@ ark restore create BACKUP
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_restore_delete.md

@@ -8,7 +8,13 @@ Delete a restore
 Delete a restore
 
 ```
-ark restore delete NAME
+ark restore delete NAME [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for delete
 ```
 
 ### Options inherited from parent commands
@@ -16,9 +22,11 @@ ark restore delete NAME
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_restore_describe.md

@@ -0,0 +1,39 @@
+## ark restore describe
+
+Describe restores
+
+### Synopsis
+
+
+Describe restores
+
+```
+ark restore describe [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for describe
+  -l, --selector string   only show items matching this label selector
+      --volume-details    display details of restic volume restores
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark restore](ark_restore.md)	 - Work with restores
+

docs/cli-reference/ark_restore_get.md

@@ -1,19 +1,20 @@
 ## ark restore get
 
-get restores
+Get restores
 
 ### Synopsis
 
 
-get restores
+Get restores
 
 ```
-ark restore get
+ark restore get [flags]
 ```
 
 ### Options
 
 ```
+  -h, --help                        help for get
       --label-columns stringArray   a comma-separated list of labels to be displayed as columns
   -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
   -l, --selector string             only show items matching this label selector
@@ -25,9 +26,11 @@ ark restore get
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_restore_logs.md

@@ -0,0 +1,38 @@
+## ark restore logs
+
+Get restore logs
+
+### Synopsis
+
+
+Get restore logs
+
+```
+ark restore logs RESTORE [flags]
+```
+
+### Options
+
+```
+  -h, --help               help for logs
+      --timeout duration   how long to wait to receive logs (default 1m0s)
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark restore](ark_restore.md)	 - Work with restores
+

docs/cli-reference/ark_schedule.md

@@ -7,14 +7,22 @@ Work with schedules
 
 Work with schedules
 
+### Options
+
+```
+  -h, --help   help for schedule
+```
+
 ### Options inherited from parent commands
 
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
@@ -24,5 +32,6 @@ Work with schedules
 * [ark](ark.md)	 - Back up and restore Kubernetes cluster resources.
 * [ark schedule create](ark_schedule_create.md)	 - Create a schedule
 * [ark schedule delete](ark_schedule_delete.md)	 - Delete a schedule
+* [ark schedule describe](ark_schedule_describe.md)	 - Describe schedules
 * [ark schedule get](ark_schedule_get.md)	 - Get schedules
 

docs/cli-reference/ark_schedule_create.md

@@ -5,27 +5,43 @@ Create a schedule
 ### Synopsis
 
 
-Create a schedule
+The --schedule flag is required, in cron notation:
+
+| Character Position | Character Period | Acceptable Values |
+| -------------------|:----------------:| -----------------:|
+| 1                  | Minute           | 0-59,*            |
+| 2                  | Hour             | 0-23,*            |
+| 3                  | Day of Month     | 1-31,*            |
+| 4                  | Month            | 1-12,*            |
+| 5                  | Day of Week      | 0-7,*             |
 
 ```
-ark schedule create NAME
+ark schedule create NAME --schedule [flags]
+```
+
+### Examples
+
+```
+ark create schedule NAME --schedule="0 */6 * * *"
 ```
 
 ### Options
 
 ```
-      --exclude-namespaces stringArray   namespaces to exclude from the backup
-      --exclude-resources stringArray    resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
-      --include-namespaces stringArray   namespaces to include in the backup (use '*' for all namespaces) (default *)
-      --include-resources stringArray    resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
-      --label-columns stringArray        a comma-separated list of labels to be displayed as columns
-      --labels mapStringString           labels to apply to the backup
-  -o, --output string                    Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
-      --schedule string                  a cron expression specifying a recurring schedule for this backup to run
-  -l, --selector labelSelector           only back up resources matching this label selector (default <none>)
-      --show-labels                      show labels in the last column
-      --snapshot-volumes                 take snapshots of PersistentVolumes as part of the backup
-      --ttl duration                     how long before the backup can be garbage collected (default 24h0m0s)
+      --exclude-namespaces stringArray                  namespaces to exclude from the backup
+      --exclude-resources stringArray                   resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io
+  -h, --help                                            help for create
+      --include-cluster-resources optionalBool[=true]   include cluster-scoped resources in the backup
+      --include-namespaces stringArray                  namespaces to include in the backup (use '*' for all namespaces) (default *)
+      --include-resources stringArray                   resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources)
+      --label-columns stringArray                       a comma-separated list of labels to be displayed as columns
+      --labels mapStringString                          labels to apply to the backup
+  -o, --output string                                   Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'.
+      --schedule string                                 a cron expression specifying a recurring schedule for this backup to run
+  -l, --selector labelSelector                          only back up resources matching this label selector (default <none>)
+      --show-labels                                     show labels in the last column
+      --snapshot-volumes optionalBool[=true]            take snapshots of PersistentVolumes as part of the backup
+      --ttl duration                                    how long before the backup can be garbage collected (default 720h0m0s)
 ```
 
 ### Options inherited from parent commands
@@ -33,9 +49,11 @@ ark schedule create NAME
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_schedule_delete.md

@@ -8,7 +8,13 @@ Delete a schedule
 Delete a schedule
 
 ```
-ark schedule delete NAME
+ark schedule delete NAME [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for delete
 ```
 
 ### Options inherited from parent commands
@@ -16,9 +22,11 @@ ark schedule delete NAME
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_schedule_describe.md

@@ -0,0 +1,38 @@
+## ark schedule describe
+
+Describe schedules
+
+### Synopsis
+
+
+Describe schedules
+
+```
+ark schedule describe [NAME1] [NAME2] [NAME...] [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for describe
+  -l, --selector string   only show items matching this label selector
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          log level for V logs
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+* [ark schedule](ark_schedule.md)	 - Work with schedules
+

docs/cli-reference/ark_schedule_get.md

@@ -8,12 +8,13 @@ Get schedules
 Get schedules
 
 ```
-ark schedule get
+ark schedule get [flags]
 ```
 
 ### Options
 
 ```
+  -h, --help                        help for get
       --label-columns stringArray   a comma-separated list of labels to be displayed as columns
   -o, --output string               Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. (default "table")
   -l, --selector string             only show items matching this label selector
@@ -25,9 +26,11 @@ ark schedule get
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_server.md

@@ -8,22 +8,28 @@ Run the ark server
 Run the ark server
 
 ```
-ark server
+ark server [flags]
 ```
 
 ### Options
 
 ```
-      --kubeconfig string   Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+  -h, --help                     help for server
+      --log-level                the level at which to log. Valid values are debug, info, warning, error, fatal, panic. (default info)
+      --metrics-address string   the address to expose prometheus metrics (default ":8085")
+      --plugin-dir string        directory containing Ark plugins (default "/plugins")
 ```
 
 ### Options inherited from parent commands
 
 ```
       --alsologtostderr                  log to standard error as well as files
+      --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cli-reference/ark_version.md

@@ -8,7 +8,13 @@ Print the ark version and associated image
 Print the ark version and associated image
 
 ```
-ark version
+ark version [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for version
 ```
 
 ### Options inherited from parent commands
@@ -16,9 +22,11 @@ ark version
 ```
       --alsologtostderr                  log to standard error as well as files
       --kubeconfig string                Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
+      --kubecontext string               The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
       --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
       --log_dir string                   If non-empty, write log files in this directory
       --logtostderr                      log to standard error instead of files
+  -n, --namespace string                 The namespace in which Ark should operate (default "heptio-ark")
       --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
   -v, --v Level                          log level for V logs
       --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

docs/cloud-common.md

@@ -0,0 +1,82 @@
+# Set up Ark with your cloud provider
+
+To run Ark with your cloud provider, you specify provider-specific settings for the Ark server. In version 0.7.0 and later, you can run Ark in any namespace, which requires additional customization. See [Run in custom namespace][3].
+
+The Ark repository includes a set of example YAML files that specify the settings for each cloud provider. For provider-specific instructions, see:
+
+* [Run Ark on AWS][0]
+* [Run Ark on GCP][1]
+* [Run Ark on Azure][2]
+* [Use IBM Cloud Object Store as Ark's storage destination][4]
+
+In version 0.9.0 and later, you can use Ark's integration with restic, which requires additional setup. See [Restic instructions][20].
+
+## Examples
+
+After you set up the Ark server, try these examples:
+
+### Basic example (without PersistentVolumes)
+
+1. Start the sample nginx app:
+
+    ```bash
+    kubectl apply -f examples/nginx-app/base.yaml
+    ```
+
+1. Create a backup:
+
+    ```bash
+    ark backup create nginx-backup --include-namespaces nginx-example
+    ```
+
+1. Simulate a disaster:
+
+    ```bash
+    kubectl delete namespaces nginx-example
+    ```
+
+    Wait for the namespace to be deleted.
+
+1. Restore your lost resources:
+
+    ```bash
+    ark restore create --from-backup nginx-backup
+    ```
+
+### Snapshot example (with PersistentVolumes)
+
+> NOTE: For Azure, your Kubernetes cluster needs to be version 1.7.2+ to support PV snapshotting of its managed disks.
+
+1. Start the sample nginx app:
+
+    ```bash
+    kubectl apply -f examples/nginx-app/with-pv.yaml
+    ```
+
+1. Create a backup with PV snapshotting:
+
+    ```bash
+    ark backup create nginx-backup --include-namespaces nginx-example
+    ```
+
+1. Simulate a disaster:
+
+    ```bash
+    kubectl delete namespaces nginx-example
+    ```
+
+    Because the default [reclaim policy][19] for dynamically-provisioned PVs is "Delete", these commands should trigger your cloud provider to delete the disk backing the PV. The deletion process is asynchronous so this may take some time. **Before continuing to the next step, check your cloud provider to confirm that the disk no longer exists.**
+
+1. Restore your lost resources:
+
+    ```bash
+    ark restore create --from-backup nginx-backup
+    ```
+
+[0]: aws-config.md
+[1]: gcp-config.md
+[2]: azure-config.md
+[3]: namespace.md
+[4]: ibm-config.md
+[19]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
+[20]: https://github.com/heptio/ark/blob/master/docs/restic.md

docs/cloud-provider-specifics.md

@@ -1,361 +0,0 @@
-# Cloud Provider Specifics
-
-While the [Quickstart][0] uses a local storage service to quickly set up Heptio Ark as a demonstration, this document details additional configurations that are required when integrating with the cloud providers below:
-
-* [Setup][12]
-  * [AWS][1]
-  * [GCP][2]
-  * [Azure][3]
-* [Run][13]
-  * [Ark server][9]
-  * [Basic example (no PVs)][10]
-  * [Snapshot example (with PVs)][11]
-
-
-## Setup
-### AWS
-
-#### IAM user creation
-
-To integrate Heptio Ark with AWS, you should follow the instructions below to create an Ark-specific [IAM user][14].
-
-1. If you do not have the AWS CLI locally installed, follow the [user guide][5] to set it up.
-
-2. Create an IAM user:
-
-    ```
-    aws iam create-user --user-name heptio-ark
-    ```
-
-3. Attach a policy to give `heptio-ark` the necessary permissions:
-
-    ```
-    aws iam attach-user-policy \
-        --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
-        --user-name heptio-ark
-    aws iam attach-user-policy \
-        --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
-        --user-name heptio-ark
-    ```
-
-4. Create an access key for the user:
-
-    ```
-    aws iam create-access-key --user-name heptio-ark
-    ```
-
-    The result should look like:
-
-    ```
-     {
-        "AccessKey": {
-              "UserName": "heptio-ark",
-              "Status": "Active",
-              "CreateDate": "2017-07-31T22:24:41.576Z",
-              "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
-              "AccessKeyId": <AWS_ACCESS_KEY_ID>
-          }
-     }
-    ```
-5. Using the output from the previous command, create an Ark-specific credentials file (`credentials-ark`) in your local directory that looks like the following:
-
-    ```
-    [default]
-    aws_access_key_id=<AWS_ACCESS_KEY_ID>
-    aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
-    ```
-
-
-#### Credentials and configuration
-
-In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding:
-```
-kubectl apply -f examples/common/00-prereqs.yaml
-```
-
-Create a Secret, running this command in the local directory of the credentials file you just created:
-
-```
-kubectl create secret generic cloud-credentials \
-    --namespace heptio-ark \
-    --from-file cloud=credentials-ark
-```
-
-Now that you have your IAM user credentials stored in a Secret, you need to replace some placeholder values in the template files. Specifically, you need to change the following:
-
-* In file `examples/aws/00-ark-config.yaml`:
-
-  * Replace `<YOUR_BUCKET>`, `<YOUR_REGION>`, and `<YOUR_AVAILABILITY_ZONE>`. See the [Config definition][6] for details.
-
-
-* In file `examples/common/10-deployment.yaml`:
-
-  * Make sure that `spec.template.spec.containers[*].env.name` is "AWS_SHARED_CREDENTIALS_FILE".
-
-
-* (Optional) If you are running the Nginx example, in file `examples/nginx-app/with-pv.yaml`:
-
-    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `gp2`. This is AWS's default `StorageClass` name.
-
-
-### GCP
-
-#### Service account creation
-
-To integrate Heptio Ark with GCP, you should follow the instructions below to create an Ark-specific [Service Account][15].
-
-1. If you do not have the gcloud CLI locally installed, follow the [user guide][16] to set it up.
-
-2. View your current config settings:
-
-    ```
-    gcloud config list
-    ```
-
-    Store the `project` value from the results in the environment variable `$PROJECT_ID`.
-
-2. Create a service account:
-
-    ```
-    gcloud iam service-accounts create heptio-ark \
-        --display-name "Heptio Ark service account"
-    ```
-    Then list all accounts and find the `heptio-ark` account you just created:
-    ```
-    gcloud iam service-accounts list
-    ```
-    Set the `$SERVICE_ACCOUNT_EMAIL` variable to match its `email` value.
-
-3. Attach policies to give `heptio-ark` the necessary permissions to function (replacing placeholders appropriately):
-
-    ```
-    gcloud projects add-iam-policy-binding $PROJECT_ID \
-        --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
-        --role roles/compute.storageAdmin
-    gcloud projects add-iam-policy-binding $PROJECT_ID \
-        --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
-        --role roles/storage.admin
-    ```
-
-4. Create a service account key, specifying an output file (`credentials-ark`) in your local directory:
-
-    ```
-    gcloud iam service-accounts keys create credentials-ark \
-        --iam-account $SERVICE_ACCOUNT_EMAIL
-    ```
-
-#### Credentials and configuration
-
-In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding:
-```
-kubectl apply -f examples/common/00-prereqs.yaml
-```
-
-Create a Secret, running this command in the local directory of the credentials file you just created:
-
-```
-kubectl create secret generic cloud-credentials \
-    --namespace heptio-ark \
-    --from-file cloud=credentials-ark
-```
-
-Now that you have your Google Cloud credentials stored in a Secret, you need to replace some placeholder values in the template files. Specifically, you need to change the following:
-
-* In file `examples/gcp/00-ark-config.yaml`:
-
-  * Replace `<YOUR_BUCKET>`, `<YOUR_PROJECT>` and `<YOUR_ZONE>`. See the [Config definition][7] for details.
-
-
-* In file `examples/common/10-deployment.yaml`:
-
-  * Change `spec.template.spec.containers[*].env.name` to "GOOGLE_APPLICATION_CREDENTIALS".
-
-
-* (Optional) If you are running the Nginx example, in file `examples/nginx-app/with-pv.yaml`:
-
-    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `standard`. This is GCP's default `StorageClass` name.
-
-### Azure
-
-#### Service principal creation
-To integrate Heptio Ark with Azure, you should follow the instructions below to create an Ark-specific [service principal][17].
-
-1. If you do not have the `az` Azure CLI 2.0 locally installed, follow the [user guide][18] to set it up. Once done, run:
-
-    ```
-    az login
-    ```
-
-2. There are seven environment variables that need to be set for Heptio Ark to work properly. The following steps detail how to acquire these, in the process of setting up the necessary RBAC.
-
-3. List your account:
-
-    ```
-    az account list
-    ```
-    Save the relevant response values into environment variables: `id` corresponds to `$AZURE_SUBSCRIPTION_ID` and `tenantId` corresponds to `$AZURE_TENANT_ID`.
-
-4. Assuming that you already have a running Kubernetes cluster on Azure, you should have a corresponding resource group as well. List your current groups to find it:
-
-    ```
-    az group list
-    ```
-     Get your cluster's group `name` from the response, and use it to set `$AZURE_RESOURCE_GROUP`. (Also note the `location`--this is later used in the Azure-specific portion of the Ark Config).
-
-5. Create a service principal with the "Contributor" role:
-
-    ```
-    az ad sp create-for-rbac --role="Contributor" --name="heptio-ark"
-    ```
-    From the response, save `appId` into `$AZURE_CLIENT_ID` and `password` into `$AZURE_CLIENT_SECRET`.
-
-6. Login into the `heptio-ark` service principal account:
-
-    ```
-    az login --service-principal \
-        --username http://heptio-ark-test \
-        --password $AZURE_CLIENT_SECRET \
-        --tenant $AZURE_TENANT_ID
-    ```
-
-7. Specify a *globally-unique* storage account id and save it in `$AZURE_STORAGE_ACCOUNT_ID`. Then create the storage account, specifying the optional `--location` flag if you do not have defaults from `az configure`:
-
-    ```
-    az storage account create \
-        --name $AZURE_STORAGE_ACCOUNT_ID \
-        --resource-group $AZURE_RESOURCE_GROUP \
-        --sku Standard_GRS
-    ```
-    You will encounter an error message if the storage account ID is not unique; change it accordingly.
-
-8. Get the keys for your storage account:
-
-    ```
-    az storage account keys list \
-        --account-name $AZURE_STORAGE_ACCOUNT_ID \
-        --resource-group $AZURE_RESOURCE_GROUP
-    ```
-    Set `$AZURE_STORAGE_KEY` to any one of the `value`s returned.
-
-#### Credentials and configuration
-
-In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding:
-```
-kubectl apply -f examples/common/00-prereqs.yaml
-```
-
-Now you need to create a Secret that contains all the seven environment variables you just set. The command looks like the following:
-```
-kubectl create secret generic cloud-credentials \
-    --namespace heptio-ark \
-    --from-literal AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \
-    --from-literal AZURE_TENANT_ID=${AZURE_TENANT_ID} \
-    --from-literal AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} \
-    --from-literal AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
-    --from-literal AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
-    --from-literal AZURE_STORAGE_ACCOUNT_ID=${AZURE_STORAGE_ACCOUNT_ID} \
-    --from-literal AZURE_STORAGE_KEY=${AZURE_STORAGE_KEY}
-```
-
-Now that you have your Azure credentials stored in a Secret, you need to replace some placeholder values in the template files. Specifically, you need to change the following:
-
-* In file `examples/azure/10-ark-config.yaml`:
-
-  * Replace `<YOUR_BUCKET>`, `<YOUR_LOCATION>`, and `<YOUR_TIMEOUT>`. See the [Config definition][8] for details.
-
-
-## Run
-
-### Ark server
-
-Make sure that you have run `kubectl apply -f examples/common/00-prereqs.yaml` first (this command is incorporated in the previous setup instructions because it creates the necessary namespaces).
-
-* **AWS and GCP**
-
-  Start the Ark server itself, using the Config from the appropriate cloud-provider-specific directory:
-  ```
-  kubectl apply -f examples/common/10-deployment.yaml
-  kubectl apply -f examples/<CLOUD-PROVIDER>/
-  ```
-* **Azure**
-
-  Because Azure loads its credentials differently (from environment variables rather than a file), you need to instead run:
-  ```
-  kubectl apply -f examples/azure/
-  ```
-
-### Basic example (No PVs)
-
-Start the sample nginx app:
-```
-kubectl apply -f examples/nginx-app/base.yaml
-```
-Now create a backup:
-```
-ark backup create nginx-backup --selector app=nginx
-```
-Simulate a disaster:
-```
-kubectl delete namespaces nginx-example
-```
-Now restore your lost resources:
-```
-ark restore create nginx-backup
-```
-
-### Snapshot example (With PVs)
-
-> NOTE: For Azure, your Kubernetes cluster needs to be version 1.7.2+ in order to support PV snapshotting of its managed disks.
-
-Label a node so that all nginx pods end up on the same machine (avoiding PV binding issues):
-```
-nginx_node_name=$(kubectl get nodes -o jsonpath='{.items[0].metadata.name}')
-kubectl label nodes $nginx_node_name app=nginx
-```
-
-Start the sample nginx app:
-```
-kubectl apply -f examples/nginx-app/with-pv.yaml
-```
-
-Because Kubernetes does not automatically transfer labels from PVCs to dynamically generated PVs, you need to do so manually:
-```
-nginx_pv_name=$(kubectl get pv -o jsonpath='{.items[?(@.spec.claimRef.name=="nginx-logs")].metadata.name}')
-kubectl label pv $nginx_pv_name app=nginx
-```
-Now create a backup with PV snapshotting:
-```
-ark backup create nginx-backup --selector app=nginx --snapshot-volumes
-```
-Simulate a disaster:
-```
-kubectl delete namespaces nginx-example
-kubectl delete pv $nginx_pv_name
-```
-Because the default [reclaim policy][19] for dynamically-provisioned PVs is "Delete", the above commands should trigger your cloud provider to delete the disk backing the PV. The deletion process is asynchronous so this may take some time. **Before continuing to the next step, check your cloud provider (via dashboard or CLI) to confirm that the disk no longer exists.**
-
-Now restore your lost resources:
-```
-ark restore create nginx-backup --restore-volumes
-```
-
-[0]: /README.md#quickstart
-[1]: #aws
-[2]: #gcp
-[3]: #azure
-[4]: /examples/aws
-[5]: http://docs.aws.amazon.com/cli/latest/userguide/installing.html
-[6]: config-definition.md#aws
-[7]: config-definition.md#gcp
-[8]: config-definition.md#azure
-[9]: #ark-server
-[10]: #basic-example-no-pvs
-[11]: #snapshot-example-with-pvs
-[12]: #setup
-[13]: #run
-[14]: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
-[15]: https://cloud.google.com/compute/docs/access/service-accounts
-[16]: https://cloud.google.com/compute/docs/gcloud-compute
-[17]: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects
-[18]: https://docs.microsoft.com/en-us/azure/storage/storage-azure-cli
-[19]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming

docs/concepts.md

@@ -1,66 +0,0 @@
-# Concepts
-
-* [Overview][0]
-* [Operation types][1]
-    * [1. Backups][2]
-    * [2. Schedules][3]
-    * [3. Restores][4]
-* [Expired backup deletion][5]
-* [Cloud storage sync][6]
-
-## Overview
-
-Heptio Ark provides customizable degrees of recovery for all Kubernetes API objects (Pods, Deployments, Jobs, Custom Resource Definitions, etc.), as well as for persistent volumes. This recovery can be cluster-wide, or fine-tuned according to object type, namespace, or labels.
-
-Ark is ideal for the disaster recovery use case, as well as for snapshotting your application state, prior to performing system operations on your cluster (e.g. upgrades).
-
-## Operation types
-
-This section gives a quick overview of the Ark operation types.
-
-### 1. Backups
-The *backup* operation (1) uploads a tarball of copied Kubernetes resources into cloud object storage and (2) uses the cloud provider API to make disk snapshots of persistent volumes, if specified. [Annotations][8] are cleared for PVs but kept for all other object types.
-
-Some things to be aware of:
-* *Cluster backups are not strictly atomic.* If API objects are being created or edited at the time of backup, they may or not be included in the backup. In practice, backups happen very quickly and so the odds of capturing inconsistent information are low, but still possible.
-
-* *A backup usually takes no more than a few seconds.* The snapshotting process for persistent volumes is asynchronous, so the runtime of the `ark backup` command isn't dependent on disk size.
-
-These ad-hoc backups are saved with the `<BACKUP NAME>` specified during creation.
-
-
-### 2. Schedules
-The *schedule* operation allows you to back up your data at recurring intervals. The first backup is performed when the schedule is first created, and subsequent backups happen at the schedule's specified interval. These intervals are specified by a Cron expression.
-
-A Schedule acts as a wrapper for Backups; when triggered, it creates them behind the scenes.
-
-Scheduled backups are saved with the name `<SCHEDULE NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*.
-
-### 3. Restores
-The *restore* operation allows you to restore all of the objects and persistent volumes from a previously created Backup. Heptio Ark supports multiple namespace remapping--for example, in a single restore, objects in namespace "abc" can be recreated under namespace "def", and the ones in "123" under "456".
-
-Kubernetes API objects that have been restored can be identified with a label that looks like `ark-restore=<BACKUP NAME>-<TIMESTAMP>`, where `<TIMESTAMP>` is formatted as *YYYYMMDDhhmmss*.
-
-You can also run the Ark server in *restore-only* mode, which disables backup, schedule, and garbage collection functionality during disaster recovery.
-
-## Expired backup deletion
-
-When first creating a backup, you can specify a TTL. If Ark sees that an existing Backup resource has expired, it removes both:
-* The Backup resource itself
-* The actual backup file from cloud object storage
-
-## Cloud storage sync
-
-Heptio Ark treats object storage as the source of truth. It continuously checks to see that the correct Backup resources are always present. If there is a properly formatted backup file in the storage bucket, but no corresponding Backup resources in the Kubernetes API, Ark synchronizes the information from object storage to Kubernetes.
-
-This allows *restore* functionality to work in a cluster migration scenario, where the original Backup objects do not exist in the new cluster. See the [use case guide][7] for details.
-
-[0]: #overview
-[1]: #operation-types
-[2]: #1-backups
-[3]: #2-schedules
-[4]: #3-restores
-[5]: #expired-backup-deletion
-[6]: #cloud-storage-sync
-[7]: use-cases.md#cluster-migration
-[8]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

docs/config-definition.md

@@ -1,9 +1,9 @@
 # Ark Config definition
 
-* [Overview][10]
-* [Example][11]
-* [Parameter Reference][8]
-  * [Main config][9]
+* [Overview][8]
+* [Example][9]
+* [Parameter Reference][6]
+  * [Main config][7]
   * [AWS][0]
   * [GCP][1]
   * [Azure][2]
@@ -24,18 +24,14 @@ metadata:
   namespace: heptio-ark
   name: default
 persistentVolumeProvider:
-  aws:
-    region: minio
-    availabilityZone: minio
-    s3ForcePathStyle: true
-    s3Url: http://minio:9000
+  name: aws
+  config:
+    region: us-west-2
 backupStorageProvider:
+  name: aws
   bucket: ark
-  aws:
-    region: minio
-    availabilityZone: minio
-    s3ForcePathStyle: true
-    s3Url: http://minio:9000
+  config:
+    region: us-west-2
 backupSyncPeriod: 60m
 gcSyncPeriod: 60m
 scheduleSyncPeriod: 1m
@@ -50,48 +46,66 @@ The configurable parameters are as follows:
 
 | Key | Type | Default | Meaning |
 | --- | --- | --- | --- |
-| `persistentVolumeProvider` | CloudProviderConfig<br><br>(Supported key values are `aws`, `gcp`, and `azure`, but only one can be present. See the corresponding [AWS][0], [GCP][1], and [Azure][2]-specific configs.) | Required Field | The specification for whichever cloud provider the cluster is using for persistent volumes (to be snapshotted).<br><br> *NOTE*: For Azure, your Kubernetes cluster needs to be version 1.7.2+ in order to support PV snapshotting of its managed disks. |
-| `backupStorageProvider`/(inline) | CloudProviderConfig<br><br>(Supported key values are `aws`, `gcp`, and `azure`, but only one can be present. See the corresponding [AWS][0], [GCP][1], and [Azure][2]-specific configs.) | Required Field | The specification for whichever cloud provider will be used to actually store the backups. |
+| `persistentVolumeProvider` | CloudProviderConfig | None (Optional) | The specification for whichever cloud provider the cluster is using for persistent volumes (to be snapshotted), if any.<br><br>If not specified, Backups and Restores requesting PV snapshots & restores, respectively, are considered invalid. <br><br> *NOTE*: For Azure, your Kubernetes cluster needs to be version 1.7.2+ in order to support PV snapshotting of its managed disks. |
+| `persistentVolumeProvider/name` | String<br><br>(Ark natively supports `aws`, `gcp`, and `azure`. Other providers may be available via external plugins.) | None (Optional) | The name of the cloud provider the cluster is using for persistent volumes, if any. |
+| `persistentVolumeProvider/config` | map[string]string<br><br>(See the corresponding [AWS][0], [GCP][1], and [Azure][2]-specific configs or your provider's documentation.) | None (Optional) | Configuration keys/values to be passed to the cloud provider for persistent volumes.  |
+| `backupStorageProvider` | CloudProviderConfig | Required Field | The specification for whichever cloud provider will be used to actually store the backups. |
+| `backupStorageProvider/name` | String<br><br>(Ark natively supports `aws`, `gcp`, and `azure`. Other providers may be available via external plugins.) | Required Field | The name of the cloud provider that will be used to actually store the backups. |
 | `backupStorageProvider/bucket` | String | Required Field | The storage bucket where backups are to be uploaded. |
+| `backupStorageProvider/config` | map[string]string<br><br>(See the corresponding [AWS][0], [GCP][1], and [Azure][2]-specific configs or your provider's documentation.) | None (Optional) | Configuration keys/values to be passed to the cloud provider for backup storage. |
 | `backupSyncPeriod` | metav1.Duration | 60m0s | How frequently Ark queries the object storage to make sure that the appropriate Backup resources have been created for existing backup files. |
 | `gcSyncPeriod` | metav1.Duration | 60m0s | How frequently Ark queries the object storage to delete backup files that have passed their TTL. |
 | `scheduleSyncPeriod` | metav1.Duration | 1m0s | How frequently Ark checks its Schedule resource objects to see if a backup needs to be initiated. |
-| `resourcePriorities` | []string | `[namespaces, persistentvolumes, persistentvolumeclaims, secrets, configmaps]` | An ordered list that describes the order in which Kubernetes resource objects should be restored (also specified with the `<RESOURCE>.<GROUP>` format.<br><br>If a resource is not in this list, it is restored after all other prioritized resources. |
+| `resourcePriorities` | []string | `[namespaces, persistentvolumes, persistentvolumeclaims, secrets, configmaps, serviceaccounts, limitranges]` | An ordered list that describes the order in which Kubernetes resource objects should be restored (also specified with the `<RESOURCE>.<GROUP>` format.<br><br>If a resource is not in this list, it is restored after all other prioritized resources. |
 | `restoreOnlyMode` | bool | `false` | When RestoreOnly mode is on, functionality for backups, schedules, and expired backup deletion is *turned off*. Restores are made from existing backup files in object storage. |
 
 ### AWS
 
 **(Or other S3-compatible storage)**
 
+#### backupStorageProvider/config
+
+| Key | Type | Default | Meaning |
+| --- | --- | --- | --- |
+| `region` | string | Empty | *Example*: "us-east-1"<br><br>See [AWS documentation][3] for the full list.<br><br>Queried from the AWS S3 API if not provided. |
+| `s3ForcePathStyle` | bool | `false` | Set this to `true` if you are using a local storage service like Minio. |
+| `s3Url` | string | Required field for non-AWS-hosted storage| *Example*: http://minio:9000<br><br>You can specify the AWS S3 URL here for explicitness, but Ark can already generate it from `region`, and `bucket`. This field is primarily for local storage services like Minio.|
+| `kmsKeyId` | string | Empty | *Example*: "502b409c-4da1-419f-a16e-eif453b3i49f" or "alias/`<KMS-Key-Alias-Name>`"<br><br>Specify an [AWS KMS key][10] id or alias to enable encryption of the backups stored in S3. Only works with AWS S3 and may require explicitly granting key usage rights.|
+
+#### persistentVolumeProvider/config (AWS Only)
+
 | Key | Type | Default | Meaning |
 | --- | --- | --- | --- |
 | `region` | string | Required Field | *Example*: "us-east-1"<br><br>See [AWS documentation][3] for the full list. |
-| `availabilityZone` | string | Required Field | *Example*: "us-east-1a"<br><br>See [AWS documentation][4] for details. |
-| `disableSSL` | bool | `false` | Set this to `true` if you are using Minio (or another local, S3-compatible storage service) and your deployment is not secured. |
-| `s3ForcePathStyle` | bool | `false` | Set this to `true` if you are using a local storage service like Minio. |
-| `s3Url` | string | Required field for non-AWS-hosted storage| *Example*: http://minio:9000<br><br>You can specify the AWS S3 URL here for explicitness, but Ark can already generate it from `region`, `availabilityZone`, and `bucket`. This field is primarily for local sotrage services like Minio.|
 
 ### GCP
-| Key | Type | Default | Meaning |
-| --- | --- | --- | --- |
-| `project` | string | Required Field | *Example*: "project-example-3jsn23"<br><br> See the [Project ID documentation][5] for details. |
-| `zone` | string | Required Field | *Example*: "us-central1-a"<br><br>See [GCP documentation][6] for the full list. |
+
+#### backupStorageProvider/config
+
+No parameters required.
+
+#### persistentVolumeProvider/config
+
+No parameters required.
 
 ### Azure
+
+#### backupStorageProvider/config
+
+No parameters required.
+
+#### persistentVolumeProvider/config
+
 | Key | Type | Default | Meaning |
 | --- | --- | --- | --- |
-| `location` | string | Required Field | *Example*: "Canada East"<br><br>See [the list of available locations][7] (note that this particular page refers to them as "Regions"). |
-| `apiTimeout` | metav1.Duration | 1m0s | How long to wait for an API Azure request to complete before timeout. |
+| `apiTimeout` | metav1.Duration | 2m0s | How long to wait for an Azure API request to complete before timeout. |
 
 [0]: #aws
 [1]: #gcp
 [2]: #azure
 [3]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
-[4]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones
-[5]: https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects
-[6]: https://cloud.google.com/compute/docs/regions-zones/regions-zones
-[7]: https://azure.microsoft.com/en-us/regions/
-[8]: #parameter-reference
-[9]: #main-config-parameters
-[10]: #overview
-[11]: #example
+[6]: #parameter-reference
+[7]: #main-config-parameters
+[8]: #overview
+[9]: #example
+[10]: http://docs.aws.amazon.com/kms/latest/developerguide/overview.html

docs/debugging-deletes.md

@@ -0,0 +1,47 @@
+# Ark version 0.7.0 and later: issue with deleting namespaces and backups 
+
+Version 0.7.0 introduced the ability to delete backups. However, you may encounter an issue if you try to 
+delete the `heptio-ark` namespace. The namespace can get stuck in a terminating state, and you cannot delete your backups. 
+To fix:
+
+1. If you don't have it, [install `jq`][0].
+
+1. Run:
+    
+    ```bash
+    bash <(kubectl -n heptio-ark get backup -o json | jq -c -r $'.items[] | "kubectl -n heptio-ark patch backup/" + .metadata.name + " -p \'" + (({metadata: {finalizers: ( (.metadata.finalizers // []) - ["gc.ark.heptio.com"]), resourceVersion: .metadata.resourceVersion}}) | tostring) + "\' --type=merge"')
+    ```
+
+This command retrieves a list of backups, then generates and runs another list of commands that look like:
+
+```
+kubectl -n heptio-ark patch backup/my-backup -p '{"metadata":{"finalizers":[],"resourceVersion":"461343"}}' --type=merge
+kubectl -n heptio-ark patch backup/some-other-backup -p '{"metadata":{"finalizers":[],"resourceVersion":"461718"}}' --type=merge
+```
+
+If you encounter errors that tell you patching backups is not allowed, the Ark
+CustomResourceDefinitions (CRDs) might have been deleted. To fix, recreate the CRDs using 
+`examples/common/00-prereqs.yaml`, then follow the steps above.
+
+## Mitigate the issue in Ark version 0.7.1 and later
+
+In Ark version 0.7.1, the default configuration runs the Ark server in a different namespace from the namespace 
+for backups, schedules, restores, and the Ark config. We strongly recommend that you keep this configuration. 
+This approach can help prevent issues with deletes.
+
+## For the curious: why the error occurs
+
+The Ark team added the ability to delete backups by adding a **finalizer** to each
+backup. When you request the deletion of an object that has at least one finalizer, Kubernetes sets
+the object's deletion timestamp, which indicates that the object is marked for deletion. However, it does
+not immediately delete the object. Instead, the object is deleted only when it no longer has
+any finalizers. This means that something -- in this case, Ark -- must process the backup and then
+remove the Ark finalizer from it.
+
+Ark versions earlier than v0.7.1 place the Ark server pod in the same namespace as backups, restores,
+schedules, and the Ark config. If you try to delete the namespace, with `kubectl delete
+namespace/heptio-ark`, the Ark server pod might be deleted before the backups, because
+the order of deletions is arbitrary. If this happens, the remaining bacukps are stuck in a 
+deleting state, because the Ark server pod no longer exists to remove their finalizers.
+
+[0]: https://stedolan.github.io/jq/

docs/debugging-install.md

@@ -0,0 +1,59 @@
+# Debugging Installation Issues
+
+## General
+
+### `invalid configuration: no configuration has been provided`
+This typically means that no `kubeconfig` file can be found for the Ark client to use. Ark looks for a kubeconfig in the 
+following locations:
+* the path specified by the `--kubeconfig` flag, if any
+* the path specified by the `$KUBECONFIG` environment variable, if any
+* `~/.kube/config`
+
+### Backups or restores stuck in `New` phase
+This means that the Ark controllers are not processing the backups/restores, which usually happens because the Ark server is not running. Check the pod description and logs for errors:
+```
+kubectl -n heptio-ark describe pods
+kubectl -n heptio-ark logs deployment/ark
+```
+
+
+## AWS
+
+### `NoCredentialProviders: no valid providers in chain`
+This means that the secret containing the AWS IAM user credentials for Ark has not been created/mounted properly 
+into the Ark server pod. Ensure the following:
+* The `cloud-credentials` secret exists in the Ark server's namespace
+* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-ark` file
+* The `credentials-ark` file is formatted properly and has the correct values:
+    
+    ```
+    [default]
+    aws_access_key_id=<your AWS access key ID>
+    aws_secret_access_key=<your AWS secret access key>
+    ```
+* The `cloud-credentials` secret is defined as a volume for the Ark deployment
+* The `cloud-credentials` secret is being mounted into the Ark server pod at `/credentials`
+
+
+## Azure
+
+### `Failed to refresh the Token` or `adal: Refresh request failed`
+This means that the secrets containing the Azure service principal credentials for Ark has not been created/mounted 
+properly into the Ark server pod. Ensure the following:
+* The `cloud-credentials` secret exists in the Ark server's namespace
+* The `cloud-credentials` secret has seven keys and each one has the correct value (see [setup instructions](0))
+* The `cloud-credentials` secret is defined as a volume for the Ark deployment
+* The `cloud-credentials` secret is being mounted into the Ark server pod at `/credentials`
+
+
+## GCE/GKE
+
+### `open credentials/cloud: no such file or directory`
+This means that the secret containing the GCE service account credentials for Ark has not been created/mounted properly 
+into the Ark server pod. Ensure the following:
+* The `cloud-credentials` secret exists in the Ark server's namespace
+* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-ark` file
+* The `cloud-credentials` secret is defined as a volume for the Ark deployment
+* The `cloud-credentials` secret is being mounted into the Ark server pod at `/credentials`
+
+[0]: azure-config#credentials-and-configuration

docs/debugging-restores.md

@@ -15,37 +15,89 @@ backup-test-2-20170726180514  backup-test-2   Completed   0          0         2
 backup-test-2-20170726180515  backup-test-2   Completed   0          1         2017-07-26 13:32:59 -0400 EDT   <none>
 ```
 
-To delve into the warnings and errors into more detail, you can use the `-o` option:
+To delve into the warnings and errors into more detail, you can use `ark restore describe`:
 ```
-kubectl restore get backup-test-20170726180512 -o yaml
+ark restore describe backup-test-20170726180512
 ```
-The output YAML has a `status` field which may look like the following:
+The output looks like this:
 ```
-status:
-  errors:
-    ark: null
-    cluster: null
-    namespaces: null 
-  phase: Completed
-  validationErrors: null
-  warnings:
-    ark: null
-    cluster: null
-    namespaces:
-      cm1:
-      - secrets "default-token-t0slk" already exists
+Name:         backup-test-20170726180512
+Namespace:    heptio-ark
+Labels:       <none>
+Annotations:  <none>
+
+Backup:  backup-test
+
+Namespaces:
+  Included:  *
+  Excluded:  <none>
+
+Resources:
+  Included:        serviceaccounts
+  Excluded:        nodes, events, events.events.k8s.io
+  Cluster-scoped:  auto
+
+Namespace mappings:  <none>
+
+Label selector:  <none>
+
+Restore PVs:  auto
+
+Phase:  Completed
+
+Validation errors:  <none>
+
+Warnings:
+  Ark:        <none>
+  Cluster:    <none>
+  Namespaces:
+    heptio-ark:   serviceaccounts "ark" already exists
+                  serviceaccounts "default" already exists
+    kube-public:  serviceaccounts "default" already exists
+    kube-system:  serviceaccounts "attachdetach-controller" already exists
+                  serviceaccounts "certificate-controller" already exists
+                  serviceaccounts "cronjob-controller" already exists
+                  serviceaccounts "daemon-set-controller" already exists
+                  serviceaccounts "default" already exists
+                  serviceaccounts "deployment-controller" already exists
+                  serviceaccounts "disruption-controller" already exists
+                  serviceaccounts "endpoint-controller" already exists
+                  serviceaccounts "generic-garbage-collector" already exists
+                  serviceaccounts "horizontal-pod-autoscaler" already exists
+                  serviceaccounts "job-controller" already exists
+                  serviceaccounts "kube-dns" already exists
+                  serviceaccounts "namespace-controller" already exists
+                  serviceaccounts "node-controller" already exists
+                  serviceaccounts "persistent-volume-binder" already exists
+                  serviceaccounts "pod-garbage-collector" already exists
+                  serviceaccounts "replicaset-controller" already exists
+                  serviceaccounts "replication-controller" already exists
+                  serviceaccounts "resourcequota-controller" already exists
+                  serviceaccounts "service-account-controller" already exists
+                  serviceaccounts "service-controller" already exists
+                  serviceaccounts "statefulset-controller" already exists
+                  serviceaccounts "ttl-controller" already exists
+    default:      serviceaccounts "default" already exists
+
+Errors:
+  Ark:        <none>
+  Cluster:    <none>
+  Namespaces: <none>
 ```
 
 ## Structure
-The `status` field in a Restore's YAML has subfields for `errors` and `warnings`. `errors` appear for incomplete or partial restores. `warnings` appear for non-blocking issues (e.g. the restore looks "normal" and all resources referenced in the backup exist in some form, although some of them may have been pre-existing).
 
-Both `errors` and `warnings` are structured in the same way:
+Errors appear for incomplete or partial restores. Warnings appear for non-blocking issues (e.g. the
+restore looks "normal" and all resources referenced in the backup exist in some form, although some
+of them may have been pre-existing).
 
-* `ark`: A list of system-related issues encountered by the Ark server (e.g. couldn't read directory).
+Both errors and warnings are structured in the same way:
 
-* `cluster`: A list of issues related to the restore of cluster-scoped resources.
+* `Ark`: A list of system-related issues encountered by the Ark server (e.g. couldn't read directory).
 
-* `namespaces`: A map of namespaces to the list of issues related to the restore of their respective resources.
+* `Cluster`: A list of issues related to the restore of cluster-scoped resources.
+
+* `Namespaces`: A map of namespaces to the list of issues related to the restore of their respective resources.
 
 [0]: #example
 [1]: #structure

docs/extend.md

@@ -0,0 +1,9 @@
+# Extend Ark
+
+Ark includes mechanisms for extending the core functionality to meet your individual backup/restore needs:
+
+* [Hooks][27] allow you to specify commands to be executed within running pods during a backup. This is useful if you need to run a workload-specific command prior to taking a backup (for example, to flush disk buffers or to freeze a database).
+* [Plugins][28] allow you to develop custom object/block storage back-ends or per-item backup/restore actions that can execute arbitrary logic, including modifying the items being backed up/restored. Plugins can be used by Ark without needing to be compiled into the core Ark binary.
+
+[27]: hooks.md
+[28]: plugins.md

docs/faq.md

@@ -0,0 +1,38 @@
+# FAQ
+
+## When is it appropriate to use Ark instead of etcd's built in backup/restore?
+
+Etcd's backup/restore tooling is good for recovering from data loss in a single etcd cluster. For
+example, it is a good idea to take a backup of etcd prior to upgrading etcd itself. For more
+sophisticated management of your Kubernetes cluster backups and restores, we feel that Ark is
+generally a better approach. It gives you the ability to throw away an unstable cluster and restore
+your Kubernetes resources and data into a new cluster, which you can't do easily just by backing up
+and restoring etcd.
+
+Examples of cases where Ark is useful:
+
+* you don't have access to etcd (e.g. you're running on GKE)
+* backing up both Kubernetes resources and persistent volume state
+* cluster migrations
+* backing up a subset of your Kubernetes resources
+* backing up Kubernetes resources that are stored across multiple etcd clusters (for example if you
+  run a custom apiserver)
+
+## Will Ark restore my Kubernetes resources exactly the way they were before?
+
+Yes, with some exceptions. For example, when Ark restores pods it deletes the `nodeName` from the
+pod so that it can be scheduled onto a new node. You can see some more examples of the differences
+in [pod_action.go](https://github.com/heptio/ark/blob/master/pkg/restore/pod_action.go)
+
+## I'm using Ark in multiple clusters. Should I use the same bucket to store all of my backups?
+
+We **strongly** recommend that you use a separate bucket per cluster to store backups. Sharing a bucket
+across multiple Ark instances can lead to numerous problems - failed backups, overwritten backups,
+inadvertently deleted backups, etc., all of which can be avoided by using a separate bucket per Ark
+instance.
+
+Related to this, if you need to restore a backup from cluster A into cluster B, please use [restore-only][1]
+mode in cluster B's Ark instance while it's configured to use cluster A's bucket. This will ensure no 
+new backups are created, and no existing backups are deleted or overwritten.
+
+[1]: config-definition.md#main-config-parameters

docs/gcp-config.md

@@ -0,0 +1,122 @@
+# Run Ark on GCP
+
+You can run Kubernetes on Google Cloud Platform in either of: 
+
+* Kubernetes on Google Compute Engine virtual machines
+* Google Kubernetes Engine 
+
+If you do not have the `gcloud` and `gsutil` CLIs locally installed, follow the [user guide][16] to set them up.
+
+## Create GCS bucket
+
+Heptio Ark requires an object storage bucket in which to store backups. Create a GCS bucket, replacing placeholder appropriately:
+
+```bash
+gsutil mb gs://<YOUR_BUCKET>/
+```
+
+## Create service account
+
+To integrate Heptio Ark with GCP, create an Ark-specific [Service Account][15]:
+
+1. View your current config settings:
+
+    ```bash
+    gcloud config list
+    ```
+
+    Store the `project` value from the results in the environment variable `$PROJECT_ID`.
+
+2. Create a service account:
+
+    ```bash
+    gcloud iam service-accounts create heptio-ark \
+        --display-name "Heptio Ark service account"
+    ```
+
+    Then list all accounts and find the `heptio-ark` account you just created:
+    ```bash
+    gcloud iam service-accounts list
+    ```
+
+    Set the `$SERVICE_ACCOUNT_EMAIL` variable to match its `email` value.
+
+3. Attach policies to give `heptio-ark` the necessary permissions to function:
+
+    ```bash
+    BUCKET=<YOUR_BUCKET>
+    
+    ROLE_PERMISSIONS=(
+        compute.disks.get
+        compute.disks.create
+        compute.disks.createSnapshot
+        compute.snapshots.get
+        compute.snapshots.create
+        compute.snapshots.useReadOnly
+        compute.snapshots.delete
+        compute.projects.get
+    )
+
+    gcloud iam roles create heptio_ark.server \
+        --project $PROJECT_ID \
+        --title "Heptio Ark Server" \
+        --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"    
+
+    gcloud projects add-iam-policy-binding $PROJECT_ID \
+        --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
+        --role projects/$PROJECT_ID/roles/heptio_ark.server
+
+    gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
+    ```
+
+4. Create a service account key, specifying an output file (`credentials-ark`) in your local directory:
+
+    ```bash
+    gcloud iam service-accounts keys create credentials-ark \
+        --iam-account $SERVICE_ACCOUNT_EMAIL
+    ```
+
+## Credentials and configuration
+
+If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects.
+See [the GKE documentation][22] for more information.
+
+In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
+
+```bash
+kubectl apply -f examples/common/00-prereqs.yaml
+```
+
+Create a Secret. In the directory of the credentials file you just created, run:
+
+```bash
+kubectl create secret generic cloud-credentials \
+    --namespace <ARK_NAMESPACE> \
+    --from-file cloud=credentials-ark
+```
+
+Specify the following values in the example files:
+
+* In file `examples/gcp/00-ark-config.yaml`:
+
+  * Replace `<YOUR_BUCKET>`. See the [Config definition][7] for details.
+
+* (Optional) If you run the nginx example, in file `examples/nginx-app/with-pv.yaml`:
+
+    * Replace `<YOUR_STORAGE_CLASS_NAME>` with `standard`. This is GCP's default `StorageClass` name.
+
+## Start the server
+
+In the root of your Ark directory, run:
+
+  ```bash
+  kubectl apply -f examples/gcp/00-ark-config.yaml
+  kubectl apply -f examples/gcp/10-deployment.yaml
+  ```
+
+  [0]: namespace.md
+  [7]: config-definition.md#gcp
+  [15]: https://cloud.google.com/compute/docs/access/service-accounts
+  [16]: https://cloud.google.com/sdk/docs/
+  [22]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#prerequisites_for_using_role-based_access_control
+

docs/generate/ark.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 Heptio Inc.
+Copyright 2017 the Heptio Ark contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -18,17 +18,17 @@ package main
 
 import (
 	"log"
-  "os"
+	"os"
 
-	"github.com/spf13/cobra/doc"
 	"github.com/heptio/ark/pkg/cmd/ark"
+	"github.com/spf13/cobra/doc"
 )
 
 func main() {
-  cmdName := os.Args[1]
+	cmdName := os.Args[1]
 	outputDir := os.Args[2]
 
-  cmd := ark.NewCommand(cmdName)
+	cmd := ark.NewCommand(cmdName)
 	// Remove auto-generated timestamps
 	cmd.DisableAutoGenTag = true
 

docs/hooks.md

@@ -0,0 +1,54 @@
+# Hooks
+
+Heptio Ark currently supports executing commands in containers in pods during a backup.
+
+## Backup Hooks
+
+When performing a backup, you can specify one or more commands to execute in a container in a pod
+when that pod is being backed up.
+
+Ark versions prior to v0.7.0 only support hooks that execute prior to any custom action processing
+("pre" hooks).
+
+As of version v0.7.0, Ark also supports "post" hooks - these execute after all custom actions have
+completed, as well as after all the additional items specified by custom actions have been backed
+up.
+
+An example of when you might use both pre and post hooks is freezing a file system. If you want to
+ensure that all pending disk I/O operations have completed prior to taking a snapshot, you could use
+a pre hook to run `fsfreeze --freeze`. Next, Ark would take a snapshot of the disk. Finally, you
+could use a post hook to run `fsfreeze --unfreeze`.
+
+There are two ways to specify hooks: annotations on the pod itself, and in the Backup spec.
+
+### Specifying Hooks As Pod Annotations
+
+You can use the following annotations on a pod to make Ark execute a hook when backing up the pod:
+
+#### Pre hooks
+
+| Annotation Name | Description |
+| --- | --- |
+| `pre.hook.backup.ark.heptio.com/container` | The container where the command should be executed.  Defaults to the first container in the pod. Optional. |
+| `pre.hook.backup.ark.heptio.com/command` | The command to execute. If you need multiple arguments, specify the command as a JSON array, such as `["/usr/bin/uname", "-a"]` |
+| `pre.hook.backup.ark.heptio.com/on-error` | What to do if the command returns a non-zero exit code.  Defaults to Fail. Valid values are Fail and Continue. Optional. |
+| `pre.hook.backup.ark.heptio.com/timeout` | How long to wait for the command to execute. The hook is considered in error if the command exceeds the timeout. Defaults to 30s. Optional. |
+
+Ark v0.7.0+ continues to support the original (deprecated) way to specify pre hooks - without the
+`pre.` prefix in the annotation names (e.g. `hook.backup.ark.heptio.com/container`).
+
+#### Post hooks (v0.7.0+)
+
+| Annotation Name | Description |
+| --- | --- |
+| `post.hook.backup.ark.heptio.com/container` | The container where the command should be executed.  Defaults to the first container in the pod. Optional. |
+| `post.hook.backup.ark.heptio.com/command` | The command to execute. If you need multiple arguments, specify the command as a JSON array, such as `["/usr/bin/uname", "-a"]` |
+| `post.hook.backup.ark.heptio.com/on-error` | What to do if the command returns a non-zero exit code.  Defaults to Fail. Valid values are Fail and Continue. Optional. |
+| `post.hook.backup.ark.heptio.com/timeout` | How long to wait for the command to execute. The hook is considered in error if the command exceeds the timeout. Defaults to 30s. Optional. |
+
+### Specifying Hooks in the Backup Spec
+
+Please see the documentation on the [Backup API Type][1] for how to specify hooks in the Backup
+spec.
+
+[1]: api-types/backup.md

docs/ibm-config.md

@@ -0,0 +1,82 @@
+# Use IBM Cloud Object Storage as Ark's storage destination.
+You can deploy Ark on IBM [Public][5] or [Private][4] clouds, or even on any other Kubernetes cluster, but anyway you can use IBM Cloud Object Store as a destination for Ark's backups. 
+
+To set up IBM Cloud Object Storage (COS) as Ark's destination, you:
+
+* Create your COS instance
+* Create an S3 bucket
+* Define a service that can store data in the bucket
+* Configure and start the Ark server
+
+
+## Create COS instance
+If you don’t have a COS instance, you can create a new one, according to the detailed instructions in [Creating a new resource instance][1].
+
+## Create an S3 bucket
+Heptio Ark requires an object storage bucket to store backups in. See instructions in [Create some buckets to store your data][2].
+
+## Define a service that can store data in the bucket.
+The process of creating service credentials is described in [Service credentials][3].
+Several comments:
+
+1. The Ark service will write its backup into the bucket, so it requires the “Writer” access role.
+
+2. Ark uses an AWS S3 compatible API. Which means it authenticates using a signature created from a pair of access and secret keys — a set of HMAC credentials. You can create these HMAC credentials by specifying `{“HMAC”:true}` as an optional inline parameter. See step 3 in the [Service credentials][3] guide.
+
+3. After successfully creating a Service credential, you can view the JSON definition of the credential. Under the `cos_hmac_keys` entry there are `access_key_id` and `secret_access_key`. We will use them in the next step.
+
+4. Create an Ark-specific credentials file (`credentials-ark`) in your local directory:
+
+    ```
+    [default]
+    aws_access_key_id=<ACCESS_KEY_ID>
+    aws_secret_access_key=<SECRET_ACCESS_KEY>
+    ```
+
+    where the access key id and secret are the values that we got above.
+
+## Credentials and configuration
+
+In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
+
+```bash
+kubectl apply -f examples/common/00-prereqs.yaml
+```
+
+Create a Secret. In the directory of the credentials file you just created, run:
+
+```bash
+kubectl create secret generic cloud-credentials \
+    --namespace <ARK_NAMESPACE> \
+    --from-file cloud=credentials-ark
+```
+
+Specify the following values in the example files:
+
+* In `examples/ibm/00-ark-config.yaml`:
+
+  * Replace `<YOUR_BUCKET>`, `<YOUR_REGION>` and `<YOUR_URL_ACCESS_POINT>`. See the [Config definition][6] for details.
+
+
+
+* (Optional) If you run the nginx example, in file `examples/nginx-app/with-pv.yaml`:
+
+    * Replace `<YOUR_STORAGE_CLASS_NAME>` with your `StorageClass` name.
+
+## Start the Ark server
+
+In the root of your Ark directory, run:
+
+  ```bash
+  kubectl apply -f examples/ibm/00-ark-config.yaml
+  kubectl apply -f examples/ibm/10-deployment.yaml
+  ```
+
+  [0]: namespace.md
+  [1]: https://console.bluemix.net/docs/services/cloud-object-storage/basics/order-storage.html#creating-a-new-resource-instance
+  [2]: https://console.bluemix.net/docs/services/cloud-object-storage/getting-started.html#create-buckets
+  [3]: https://console.bluemix.net/docs/services/cloud-object-storage/iam/service-credentials.html#service-credentials
+  [4]: https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0/kc_welcome_containers.html
+  [5]: https://console.bluemix.net/docs/containers/container_index.html#container_index
+  [6]: config-definition.md#aws
+  [14]: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

docs/image-tagging.md

@@ -0,0 +1,21 @@
+# Image tagging policy
+
+This document describes Ark's image tagging policy.
+
+## Released versions
+
+`gcr.io/heptio-images/ark:<SemVer>`
+
+Ark follows the [Semantic Versioning](http://semver.org/) standard for releases. Each tag in the `github.com/heptio/ark` repository has a matching image, e.g. `gcr.io/heptio-images/ark:v0.8.0`.
+
+### Latest
+
+`gcr.io/heptio-images/ark:latest`
+
+The `latest` tag follows the most recently released version of Ark.
+
+## Development
+
+`gcr.io/heptio-images/ark:master`
+
+The `master` tag follows the latest commit to land on the `master` branch.

docs/namespace.md

@@ -0,0 +1,68 @@
+# Run in custom namespace
+
+In Ark version 0.7.0 and later, you can run Ark in any namespace. To do so, you specify the
+namespace in the YAML files that configure the Ark server. You then also specify the namespace when
+you run Ark client commands.
+
+## Edit the example files
+
+The Ark repository includes [a set of examples][0] that you can use to set up your Ark server. The
+examples place the server and backup/schedule/restore/config data in the `heptio-ark` namespace.
+
+To run the server in another namespace, you edit the relevant files, changing `heptio-ark` to
+your desired namespace.
+
+To store your backups, schedules, restores, and config in another namespace, you edit the relevant
+files, changing `heptio-ark` to your desired namespace. You also need to create the
+`cloud-credentials` secret in your desired namespace.
+
+For all cloud providers, edit `https://github.com/heptio/ark/blob/master/examples/common/00-prereqs.yaml`. This file defines:
+
+* CustomResourceDefinitions for the Ark objects (backups, schedules, restores, configs, downloadrequests)
+* The namespace where the Ark server runs
+* The namespace where backups, schedules, restores, and the config are stored
+* The Ark service account
+* The RBAC rules to grant permissions to the Ark service account
+
+
+### AWS
+
+For AWS, edit:
+
+* `https://github.com/heptio/ark/blob/master/examples/aws/10-deployment.yaml`
+* `https://github.com/heptio/ark/blob/master/examples/aws/00-ark-config.yaml`
+
+
+### GCP
+
+For GCP, edit:
+
+* `https://github.com/heptio/ark/blob/master/examples/gcp/10-deployment.yaml`
+* `https://github.com/heptio/ark/blob/master/examples/gcp/00-ark-config.yaml`
+
+
+### Azure
+
+For Azure, edit:
+
+* `https://github.com/heptio/ark/blob/master/examples/azure/00-ark-deployment.yaml`
+* `https://github.com/heptio/ark/blob/master/examples/azure/10-ark-config.yaml`
+
+### IBM
+
+For IBM, edit:
+
+* `https://github.com/heptio/ark/blob/master/examples/ibm/10-deployment.yaml`
+* `https://github.com/heptio/ark/blob/master/examples/ibm/00-ark-config.yaml`
+
+## Specify the namespace in client commands
+
+To specify the namespace for all Ark client commands, run:
+
+```
+ark client config set namespace=<NAMESPACE_VALUE>
+```
+
+
+
+[0]: https://github.com/heptio/ark/tree/master/examples

docs/output-file-format.md

@@ -2,9 +2,9 @@
 
 A backup is a gzip-compressed tar file whose name matches the Backup API resource's `metadata.name` (what is specified during `ark backup create <NAME>`).
 
-In cloud object storage, *each backup file is stored in its own subdirectory* beneath the bucket specified in the Ark server configuration. This subdirectory includes an additional file called `ark-backup.json`. The JSON file explicitly lists all info about your associated Backup resource--including any default values used--so that you have a complete historical record of its configuration. It also specifies `status.version`, which corresponds to the output file format.
+In cloud object storage, each backup file is stored in its own subdirectory in the bucket specified in the Ark server configuration. This subdirectory includes an additional file called `ark-backup.json`. The JSON file lists all information about your associated Backup resource, including any default values. This gives you a complete historical record of the backup configuration. The JSON file also specifies `status.version`, which corresponds to the output file format.
 
-All together, the directory structure in your cloud storage may look like:
+The directory structure in your cloud storage looks something like:
 
 ```
 rootBucket/
@@ -13,8 +13,8 @@ rootBucket/
         backup1234.tar.gz
 ```
 
-## `ark-backup.json`
-An example of this file looks like the following:
+## Example backup JSON file
+
 ```
 {
   "kind": "Backup",
@@ -62,26 +62,38 @@ Note that this file includes detailed info about your volume snapshots in the `s
 When unzipped, a typical backup directory (e.g. `backup1234.tar.gz`) looks like the following:
 
 ```
-cluster/
+resources/
     persistentvolumes/
-        pv01.json
-        ...
-namespaces/
-    namespace1/
-        configmaps/
-            myconfigmap.json
+        cluster/
+            pv01.json
             ...
-        pods
-            mypod.json
-            ...
-        jobs
-            awesome-job.json
-            ...
-        deployments
-            cool-deployment.json
-            ...
-        ...
-    namespace2/
-        ...
+    configmaps/
+        namespaces/
+            namespace1/
+                myconfigmap.json
+                ...
+            namespace2/
+                ...
+    pods/
+        namespaces/
+            namespace1/
+                mypod.json
+                ...
+            namespace2/
+                ...
+    jobs/
+        namespaces/
+            namespace1/
+                awesome-job.json
+                ...
+            namespace2/
+                ...
+    deployments/
+        namespaces/
+            namespace1/
+                cool-deployment.json
+                ...
+            namespace2/
+                ...
     ...
 ```

docs/plugins.md

@@ -0,0 +1,35 @@
+# Plugins
+
+Heptio Ark has a plugin architecture that allows users to add their own custom functionality to Ark backups & restores 
+without having to modify/recompile the core Ark binary. To add custom functionality, users simply create their own binary 
+containing an implementation of one of Ark's plugin kinds (described below), plus a small amount of boilerplate code to 
+expose the plugin implementation to Ark. This binary is added to a container image that serves as an init container for 
+the Ark server pod and copies the binary into a shared emptyDir volume for the Ark server to access. 
+
+A fully-functional [sample plugin repository][1] is provided to serve as a convenient starting point for plugin authors.
+
+## Plugin Kinds
+
+Ark currently supports the following kinds of plugins:
+
+- **Object Store** - persists and retrieves backups, backup logs and restore logs
+- **Block Store** - creates volume snapshots (during backup) and restores volumes from snapshots (during restore)
+- **Backup Item Action** - executes arbitrary logic for individual items prior to storing them in a backup file
+- **Restore Item Action** - executes arbitrary logic for individual items prior to restoring them into a cluster
+
+## Plugin Naming
+
+Ark relies on a naming convention to identify plugins. Each plugin binary should be named `ark-<plugin-kind>-<name>`,
+where `plugin-kind` is one of `objectstore`, `blockstore`, `backupitemaction`, or `restoreitemaction`, and `name` is
+unique within the plugin kind.
+
+## Plugin Logging
+
+Ark provides a [logger][2] that can be used by plugins to log structured information to the main Ark server log or 
+per-backup/restore logs. See the [sample repository][1] for an example of how to instantiate and use the logger 
+within your plugin.
+
+
+
+[1]: https://github.com/heptio/ark-plugin-example
+[2]: https://github.com/heptio/ark/blob/master/pkg/plugin/logger.go

docs/quickstart.md

@@ -0,0 +1,149 @@
+## Getting started
+
+The following example sets up the Ark server and client, then backs up and restores a sample application.
+
+For simplicity, the example uses Minio, an S3-compatible storage service that runs locally on your cluster. See [Set up Ark with your cloud provider][3] for how to run on a cloud provider. 
+
+### Prerequisites
+
+* Access to a Kubernetes cluster, version 1.7 or later. Version 1.7.5 or later is required to run `ark backup delete`.
+* A DNS server on the cluster
+* `kubectl` installed
+
+### Download
+
+Clone or fork the Ark repository:
+
+```
+git clone git@github.com:heptio/ark.git
+```
+
+NOTE: Make sure to check out the appropriate version. We recommend that you check out the latest tagged version. The master branch is under active development and might not be stable.
+
+### Set up server
+
+1. Start the server and the local storage service. In the root directory of Ark, run:
+
+    ```bash
+    kubectl apply -f examples/common/00-prereqs.yaml
+    kubectl apply -f examples/minio/
+    ```
+
+    NOTE: If you get an error about Config creation, wait for a minute, then run the commands again.
+
+1. Deploy the example nginx application:
+
+    ```bash
+    kubectl apply -f examples/nginx-app/base.yaml
+    ```
+
+1. Check to see that both the Ark and nginx deployments are successfully created:
+
+    ```
+    kubectl get deployments -l component=ark --namespace=heptio-ark
+    kubectl get deployments --namespace=nginx-example
+    ```
+
+### Install client
+
+[Download the client][26].
+
+Make sure that you install somewhere in your PATH.
+
+### Back up
+
+1. Create a backup for any object that matches the `app=nginx` label selector:
+
+    ```
+    ark backup create nginx-backup --selector app=nginx
+    ```
+
+   Alternatively if you want to backup all objects *except* those matching the label `backup=ignore`:
+
+   ```
+   ark backup create nginx-backup --selector 'backup notin (ignore)'
+   ```
+
+1. Simulate a disaster:
+
+    ```
+    kubectl delete namespace nginx-example
+    ```
+
+1. To check that the nginx deployment and service are gone, run:
+
+    ```
+    kubectl get deployments --namespace=nginx-example
+    kubectl get services --namespace=nginx-example
+    kubectl get namespace/nginx-example
+    ```
+
+    You should get no results.
+    
+    NOTE: You might need to wait for a few minutes for the namespace to be fully cleaned up.
+
+### Restore
+
+1. Run:
+
+    ```
+    ark restore create --from-backup nginx-backup
+    ```
+
+1. Run:
+
+    ```
+    ark restore get
+    ```
+
+    After the restore finishes, the output looks like the following:
+
+    ```
+    NAME                          BACKUP         STATUS      WARNINGS   ERRORS    CREATED                         SELECTOR
+    nginx-backup-20170727200524   nginx-backup   Completed   0          0         2017-07-27 20:05:24 +0000 UTC   <none>
+    ```
+
+NOTE: The restore can take a few moments to finish. During this time, the `STATUS` column reads `InProgress`.
+
+After a successful restore, the `STATUS` column is `Completed`, and `WARNINGS` and `ERRORS` are 0. All objects in the `nginx-example` namespace should be just as they were before you deleted them.
+
+If there are errors or warnings, you can look at them in detail:
+
+```
+ark restore describe <RESTORE_NAME>
+```
+
+For more information, see [the debugging information][18].
+
+### Clean up
+
+If you want to delete any backups you created, including data in object storage and persistent
+volume snapshots, you can run:
+
+```
+ark backup delete BACKUP_NAME
+```
+
+This asks the Ark server to delete all backup data associated with `BACKUP_NAME`.  You need to do
+this for each backup you want to permanently delete. A future version of Ark will allow you to
+delete multiple backups by name or label selector.
+
+Once fully removed, the backup is no longer visible when you run:
+
+```
+ark backup get BACKUP_NAME
+```
+
+If you want to uninstall Ark but preserve the backup data in object storage and persistent volume
+snapshots, it is safe to remove the `heptio-ark` namespace and everything else created for this
+example:
+
+```
+kubectl delete -f examples/common/
+kubectl delete -f examples/minio/
+kubectl delete -f examples/nginx-app/base.yaml
+```
+
+[3]: /docs/cloud-common.md
+[18]: /docs/debugging-restores.md
+[26]: https://github.com/heptio/ark/releases

docs/restic.md

@@ -0,0 +1,267 @@
+# Restic Integration
+
+As of version 0.9.0, Ark has support for backing up and restoring Kubernetes volumes using a free open-source backup tool called 
+[restic][1].
+
+Ark has always allowed you to take snapshots of persistent volumes as part of your backups if you’re using one of 
+the supported cloud providers’ block storage offerings (Amazon EBS Volumes, Azure Managed Disks, Google Persistent Disks). 
+Starting with version 0.6.0, we provide a plugin model that enables anyone to implement additional object and block storage 
+backends, outside the main Ark repository.
+
+We integrated restic with Ark so that users have an out-of-the-box solution for backing up and restoring almost any type of Kubernetes
+volume*. This is a new capability for Ark, not a replacement for existing functionality. If you're running on AWS, and
+taking EBS snapshots as part of your regular Ark backups, there's no need to switch to using restic. However, if you've
+been waiting for a snapshot plugin for your storage platform, or if you're using EFS, AzureFile, NFS, emptyDir, 
+local, or any other volume type that doesn't have a native snapshot concept, restic might be for you.
+
+Restic is not tied to a specific storage platform, which means that this integration also paves the way for future work to enable
+cross-volume-type data migrations. Stay tuned as this evolves!
+
+\* hostPath volumes are not supported, but the [new local volume type][4] is supported.
+
+## Setup
+
+### Prerequisites
+
+- A working install of Ark version 0.9.0 or later. See [Set up Ark][2]
+- A local clone of [the latest release tag of the Ark repository][3]
+
+#### Additional steps if upgrading from version 0.9 alpha
+
+- Manually delete all of the repositories/data from your existing restic bucket
+- Delete all Ark backups from your cluster using `ark backup delete`
+- Delete all secrets named `ark-restic-credentials` across all namespaces in your cluster
+
+### Instructions
+
+1. Download an updated Ark client from the [latest release][3], and move it to a location in your PATH.
+
+1. From the Ark root directory, run the following to create new custom resource definitions:
+
+    ```bash
+    kubectl apply -f examples/common/00-prereqs.yaml
+    ```
+
+1. Run one of the following for your platform to create the daemonset:
+
+    - AWS: `kubectl apply -f examples/aws/20-restic-daemonset.yaml`
+    - Azure: `kubectl apply -f examples/azure/20-restic-daemonset.yaml`
+    - GCP: `kubectl apply -f examples/gcp/20-restic-daemonset.yaml`
+    - Minio: `kubectl apply -f examples/minio/30-restic-daemonset.yaml`
+
+1. Create a new bucket for restic to store its data in, and give the `heptio-ark` IAM user access to it, similarly to
+the main Ark bucket you've already set up. Note that this must be a different bucket than the main Ark bucket.
+We plan to remove this limitation in a future release.
+
+1. Uncomment `resticLocation` in your Ark config and set the value appropriately, then apply:
+    
+    - AWS: `kubectl apply -f examples/aws/00-ark-config.yaml`
+    - Azure: `kubectl apply -f examples/azure/10-ark-config.yaml`
+    - GCP: `kubectl apply -f examples/gcp/00-ark-config.yaml`
+    - Minio: `kubectl apply -f examples/minio/10-ark-config.yaml`
+
+    Note that `resticLocation` may either be just a bucket name, e.g. `my-restic-bucket`, or a bucket name plus a prefix under
+    which you'd like the restic data to be stored, e.g. `my-restic-bucket/ark-repos`.
+
+You're now ready to use Ark with restic.
+
+## Back up
+
+1. Run the following for each pod that contains a volume to back up:
+
+    ```bash
+    kubectl -n YOUR_POD_NAMESPACE annotate pod/YOUR_POD_NAME backup.ark.heptio.com/backup-volumes=YOUR_VOLUME_NAME_1,YOUR_VOLUME_NAME_2,...
+    ```
+
+    where the volume names are the names of the volumes in the pod spec. 
+    
+    For example, for the following pod:
+
+    ```bash
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: sample
+      namespace: foo
+    spec:
+      containers:
+      - image: k8s.gcr.io/test-webserver
+        name: test-webserver
+        volumeMounts:
+        - name: pvc-volume
+          mountPath: /volume-1
+        - name: emptydir-volume
+          mountPath: /volume-2
+      volumes:
+      - name: pvc-volume
+        persistentVolumeClaim: 
+          claimName: test-volume-claim
+      - name: emptydir-volume
+        emptyDir: {}
+    ```
+
+    You'd run:
+    ```bash
+    kubectl -n foo annotate pod/sample backup.ark.heptio.com/backup-volumes=pvc-volume,emptydir-volume
+    ```
+
+    This annotation can also be provided in a pod template spec if you use a controller to manage your pods.
+
+1. Take an Ark backup:
+
+    ```bash
+    ark backup create NAME OPTIONS...
+    ```
+
+1. When the backup completes, view information about the backups:
+
+    ```bash
+    ark backup describe YOUR_BACKUP_NAME
+
+    kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=YOUR_BACKUP_NAME -o yaml
+    ```
+
+## Restore
+
+1. Restore from your Ark backup:
+
+    ```bash
+    ark restore create --from-backup BACKUP_NAME OPTIONS...
+    ```
+
+1. When the restore completes, view information about your pod volume restores:
+    
+    ```bash
+    ark restore describe YOUR_RESTORE_NAME
+
+    kubectl -n heptio-ark get podvolumerestores -l ark.heptio.com/restore-name=YOUR_RESTORE_NAME -o yaml
+    ```
+
+## Limitations
+
+- You cannot use the main Ark bucket for storing restic backups. We plan to address this issue
+in a future release.
+- `hostPath` volumes are not supported. [Local persistent volumes][4] are supported.
+- Those of you familiar with [restic][1] may know that it encrypts all of its data. We've decided to use a static, 
+common encryption key for all restic repositories created by Ark. **This means that anyone who has access to your
+bucket can decrypt your restic backup data**. Make sure that you limit access to the restic bucket
+appropriately. We plan to implement full Ark backup encryption, including securing the restic encryption keys, in 
+a future release.   
+
+## Troubleshooting
+
+Run the following checks:
+
+Are your Ark server and daemonset pods running?
+
+```bash
+kubectl get pods -n heptio-ark
+```
+
+Does your restic repository exist, and is it ready?
+
+```bash
+ark restic repo get
+
+ark restic repo get REPO_NAME -o yaml
+```
+
+Are there any errors in your Ark backup/restore?
+
+```bash
+ark backup describe BACKUP_NAME
+ark backup logs BACKUP_NAME
+
+ark restore describe RESTORE_NAME
+ark restore logs RESTORE_NAME
+```
+
+What is the status of your pod volume backups/restores?
+
+```bash
+kubectl -n heptio-ark get podvolumebackups -l ark.heptio.com/backup-name=BACKUP_NAME -o yaml
+
+kubectl -n heptio-ark get podvolumerestores -l ark.heptio.com/restore-name=RESTORE_NAME -o yaml
+```
+
+Is there any useful information in the Ark server or daemon pod logs?
+
+```bash
+kubectl -n heptio-ark logs deploy/ark
+kubectl -n heptio-ark logs DAEMON_POD_NAME
+```
+
+**NOTE**: You can increase the verbosity of the pod logs by adding `--log-level=debug` as an argument
+to the container command in the deployment/daemonset pod template spec.
+
+## How backup and restore work with restic
+
+We introduced three custom resource definitions and associated controllers:
+
+- `ResticRepository` - represents/manages the lifecycle of Ark's [restic repositories][5]. Ark creates
+a restic repository per namespace when the first restic backup for a namespace is requested. The controller
+for this custom resource executes restic repository lifecycle commands -- `restic init`, `restic check`,
+and `restic prune`.
+
+    You can see information about your Ark restic repositories by running `ark restic repo get`.
+
+- `PodVolumeBackup` - represents a restic backup of a volume in a pod. The main Ark backup process creates
+one or more of these when it finds an annotated pod. Each node in the cluster runs a controller for this
+resource (in a daemonset) that handles the `PodVolumeBackups` for pods on that node. The controller executes
+`restic backup` commands to backup pod volume data. 
+
+- `PodVolumeRestore` - represents a restic restore of a pod volume. The main Ark restore process creates one
+or more of these when it encounters a pod that has associated restic backups. Each node in the cluster runs a 
+controller for this resource (in the same daemonset as above) that handles the `PodVolumeRestores` for pods 
+on that node. The controller executes `restic restore` commands to restore pod volume data.
+
+### Backup
+
+1. The main Ark backup process checks each pod that it's backing up for the annotation specifying a restic backup
+should be taken (`backup.ark.heptio.com/backup-volumes`)
+1. When found, Ark first ensures a restic repository exists for the pod's namespace, by:
+    - checking if a `ResticRepository` custom resource already exists
+    - if not, creating a new one, and waiting for the `ResticRepository` controller to init/check it
+1. Ark then creates a `PodVolumeBackup` custom resource per volume listed in the pod annotation
+1. The main Ark process now waits for the `PodVolumeBackup` resources to complete or fail
+1. Meanwhile, each `PodVolumeBackup` is handled by the controller on the appropriate node, which:
+    - has a hostPath volume mount of `/var/lib/kubelet/pods` to access the pod volume data
+    - finds the pod volume's subdirectory within the above volume
+    - runs `restic backup`
+    - updates the status of the custom resource to `Completed` or `Failed`
+1. As each `PodVolumeBackup` finishes, the main Ark process captures its restic snapshot ID and adds it as an annotation
+to the copy of the pod JSON that's stored in the Ark backup. This will be used for restores, as seen in the next section.
+
+### Restore
+
+1. The main Ark restore process checks each pod that it's restoring for annotations specifying a restic backup
+exists for a volume in the pod (`snapshot.ark.heptio.com/<volume-name>`)
+1. When found, Ark first ensures a restic repository exists for the pod's namespace, by:
+    - checking if a `ResticRepository` custom resource already exists
+    - if not, creating a new one, and waiting for the `ResticRepository` controller to init/check it (note that
+    in this case, the actual repository should already exist in object storage, so the Ark controller will simply
+    check it for integrity)
+1. Ark adds an init container to the pod, whose job is to wait for all restic restores for the pod to complete (more
+on this shortly)
+1. Ark creates the pod, with the added init container, by submitting it to the Kubernetes API
+1. Ark creates a `PodVolumeRestore` custom resource for each volume to be restored in the pod
+1. The main Ark process now waits for each `PodVolumeRestore` resource to complete or fail
+1. Meanwhile, each `PodVolumeRestore` is handled by the controller on the appropriate node, which:
+    - has a hostPath volume mount of `/var/lib/kubelet/pods` to access the pod volume data
+    - waits for the pod to be running the init container
+    - finds the pod volume's subdirectory within the above volume
+    - runs `restic restore`
+    - on success, writes a file into the pod volume, in an `.ark` subdirectory, whose name is the UID of the Ark restore
+    that this pod volume restore is for
+    - updates the status of the custom resource to `Completed` or `Failed`
+1. The init container that was added to the pod is running a process that waits until it finds a file
+within each restored volume, under `.ark`, whose name is the UID of the Ark restore being run
+1. Once all such files are found, the init container's process terminates successfully and the pod moves
+on to running other init containers/the main containers.
+
+
+[1]: https://github.com/restic/restic
+[2]: cloud-common.md
+[3]: https://github.com/heptio/ark/releases/
+[4]: https://kubernetes.io/docs/concepts/storage/volumes/#local
+[5]: http://restic.readthedocs.io/en/latest/100_references.html#terminology

docs/troubleshooting.md

@@ -0,0 +1,15 @@
+# Troubleshooting
+
+These tips can help you troubleshoot known issues. If they don't help, you can [file an issue][4], or talk to us on the [Kubernetes Slack team][25] channel `#ark-dr`.
+
+* [Debug installation/setup issues][2]
+
+* [Delete namespaces and backups][0]
+
+* [Debug restores][1]
+
+[0]: debugging-deletes.md
+[1]: debugging-restores.md
+[2]: debugging-install.md
+[4]: https://github.com/heptio/ark/issues
+[25]: http://slack.kubernetes.io/

docs/use-cases.md

@@ -23,7 +23,7 @@ If you periodically back up your cluster's resources, you are able to return to
 
 4. Create a restore with your most recent Ark Backup:
     ```
-    ark restore create <SCHEDULE NAME>-<TIMESTAMP>
+    ark restore create --from-backup <SCHEDULE NAME>-<TIMESTAMP>
     ```
 
 ## Cluster migration
@@ -35,20 +35,19 @@ Heptio Ark can help you port your resources from one cluster to another, as long
 1. *(Cluster 1)* Assuming you haven't already been checkpointing your data with the Ark `schedule` operation, you need to first back up your entire cluster (replacing `<BACKUP-NAME>` as desired):
 
    ```
-   ark backup create <BACKUP-NAME> --snapshot-volumes
+   ark backup create <BACKUP-NAME>
    ```
-   The default TTL is 24 hours; you can use the `--ttl` flag to change this as necessary.
+   The default TTL is 30 days (720 hours); you can use the `--ttl` flag to change this as necessary.
 
 2. *(Cluster 2)* Make sure that the `persistentVolumeProvider` and `backupStorageProvider` fields in the Ark Config match the ones from *Cluster 1*, so that your new Ark server instance is pointing to the same bucket.
 
-3. *(Cluster 2)* Make sure that the Ark Backup object has been created. Ark resources are [synced][2] with the backup files available in cloud storage.
+3. *(Cluster 2)* Make sure that the Ark Backup object has been created. Ark resources are synced with the backup files available in cloud storage.
 
 4. *(Cluster 2)* Once you have confirmed that the right Backup (`<BACKUP-NAME>`) is now present, you can restore everything with:
 ```
-ark restore create <BACKUP-NAME> --restore-volumes
+ark restore create --from-backup <BACKUP-NAME>
 ```
 
 [0]: #disaster-recovery
 [1]: #cluster-migration
-[2]: concepts.md#cloud-storage-sync
 [3]: config-definition.md#main-config-parameters

docs/vendoring-dependencies.md

@@ -0,0 +1,18 @@
+# Vendoring dependencies
+
+## Overview
+
+We are using [dep][0] to manage dependencies. You can install it by following [these
+instructions][1].
+
+## Adding a new dependency
+
+Run `dep ensure`. If you want to see verbose output, you can append `-v` as in
+`dep ensure -v`.
+
+## Updating an existing dependency
+
+Run `dep ensure -update <pkg> [<pkg> ...]` to update one or more dependencies.
+
+[0]: https://github.com/golang/dep
+[1]: https://golang.github.io/dep/docs/installation.html

examples/README.md

@@ -6,7 +6,7 @@ The YAML config files in this directory can be used to quickly deploy a containe
 
 * `minio/`: Used in the [Quickstart][1] to set up [Minio][0], a local S3-compatible object storage service. It provides a convenient way to test Ark without tying you to a specific cloud provider.
 
-* `aws/`, `azure/`, `gcp/`: Contains manifests specific to the given cloud provider's setup.
+* `aws/`, `azure/`, `gcp/`, `ibm/`: Contains manifests specific to the given cloud provider's setup.
 
 [0]: https://github.com/minio/minio
 [1]: /README.md#quickstart

examples/aws/00-ark-config.yaml

@@ -1,4 +1,4 @@
-# Copyright 2017 Heptio Inc.
+# Copyright 2017 the Heptio Ark contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,14 +19,20 @@ metadata:
   namespace: heptio-ark
   name: default
 persistentVolumeProvider:
-  aws:
+  name: aws
+  config:
     region: <YOUR_REGION>
-    availabilityZone: <YOUR_AVAILABILITY_ZONE>
 backupStorageProvider:
+  name: aws
   bucket: <YOUR_BUCKET>
-  aws:
+  # Uncomment the below line to enable restic integration.
+  # The format for resticLocation is <bucket>[/<prefix>],
+  # e.g. "my-restic-bucket" or "my-restic-bucket/repos".
+  # This MUST be a different bucket than the main Ark bucket
+  # specified just above.
+  # resticLocation: <YOUR_RESTIC_LOCATION>
+  config:
     region: <YOUR_REGION>
-    availabilityZone: <YOUR_AVAILABILITY_ZONE>
 backupSyncPeriod: 30m
 gcSyncPeriod: 30m
 scheduleSyncPeriod: 1m

examples/aws/10-deployment-kube2iam.yaml

@@ -0,0 +1,50 @@
+# Copyright 2018 the Heptio Ark contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  namespace: heptio-ark
+  name: ark
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: ark
+      annotations:
+        iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_ID>:role/<HEPTIO_ARK_ROLE_NAME>
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8085"
+        prometheus.io/path: "/metrics"
+    spec:
+      restartPolicy: Always
+      serviceAccountName: ark
+      containers:
+        - name: ark
+          image: gcr.io/heptio-images/ark:latest
+          ports:
+            - name: metrics
+              containerPort: 8085
+          command:
+            - /ark
+          args:
+            - server
+          volumeMounts:
+            - name: plugins
+              mountPath: /plugins
+      volumes:
+        - name: plugins
+          emptyDir: {}

examples/aws/10-deployment.yaml

@@ -0,0 +1,60 @@
+# Copyright 2017 the Heptio Ark contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  namespace: heptio-ark
+  name: ark
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: ark
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8085"
+        prometheus.io/path: "/metrics"
+    spec:
+      restartPolicy: Always
+      serviceAccountName: ark
+      containers:
+        - name: ark
+          image: gcr.io/heptio-images/ark:latest
+          command:
+            - /ark
+          args:
+            - server
+          volumeMounts:
+            - name: cloud-credentials
+              mountPath: /credentials
+            - name: plugins
+              mountPath: /plugins
+            - name: scratch
+              mountPath: /scratch
+          env:
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: /credentials/cloud
+            - name: ARK_SCRATCH_DIR
+              value: /scratch
+      volumes:
+        - name: cloud-credentials
+          secret:
+            secretName: cloud-credentials
+        - name: plugins
+          emptyDir: {}
+        - name: scratch
+          emptyDir: {}

examples/aws/20-restic-daemonset.yaml

@@ -0,0 +1,69 @@
+# Copyright 2018 the Heptio Ark contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata: 
+  name: restic
+  namespace: heptio-ark
+spec:
+  selector:
+    matchLabels:
+      name: restic
+  template:
+    metadata:
+      labels:
+        name: restic
+    spec:
+      serviceAccountName: ark
+      securityContext:
+        runAsUser: 0
+      volumes:
+        - name: cloud-credentials
+          secret:
+            secretName: cloud-credentials
+        - name: host-pods
+          hostPath:
+            path: /var/lib/kubelet/pods
+        - name: scratch
+          emptyDir: {}
+      containers:
+        - name: ark
+          image: gcr.io/heptio-images/ark:latest
+          command:
+            - /ark
+          args:
+            - restic 
+            - server
+          volumeMounts:
+            - name: cloud-credentials
+              mountPath: /credentials
+            - name: host-pods
+              mountPath: /host_pods
+              mountPropagation: HostToContainer
+            - name: scratch
+              mountPath: /scratch
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: HEPTIO_ARK_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: /credentials/cloud
+            - name: ARK_SCRATCH_DIR
+              value: /scratch