job-backup.yaml
4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "postgresql-rclone.fullname" . }}-backups
spec:
{{- if .Values.backup.pvc.storageClassName }}
storageClassName: {{ .Values.backup.pvc.storageClassName }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.backup.pvc.size }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "postgresql-rclone.fullname" . }}-backup
labels:
{{- include "postgresql-rclone.labels" . | nindent 4 }}
spec:
{{- if not .Values.backup.enabled }}
suspend: true
{{- end }}
schedule: {{ .Values.backup.job.schedule }}
startingDeadlineSeconds: {{ .Values.backup.job.startingDeadlineSeconds }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: {{ .Values.backup.job.successfulJobsHistoryLimit }}
failedJobsHistoryLimit: {{ .Values.backup.job.failedJobsHistoryLimit }}
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 12 }}
volumes:
- name: backups
persistentVolumeClaim:
claimName: {{ include "postgresql-rclone.fullname" . }}-backups
- name: postgresql-auth
secret:
secretName: {{ include "postgresql-rclone.fullname" . }}-auth
- name: local-config
configMap:
name: {{ include "postgresql-rclone.fullname" . }}-backup-local
{{- if .Values.rclone.enabled }}
- name: rclone-auth
secret:
secretName: {{ include "postgresql-rclone.fullname" . }}-rclone
- name: rclone-config
configMap:
name: {{ include "postgresql-rclone.fullname" . }}-rclone
{{- end }}
initContainers:
- name: dump-databases
image: "{{ .Values.local.image.repository }}:{{ .Values.local.image.tag }}"
imagePullPolicy: {{ .Values.local.image.pullPolicy }}
volumeMounts:
- name: backups
mountPath: /backups
- name: local-config
mountPath: /config
- name: postgresql-auth
mountPath: /secret
env:
- name: BACKUP_KEEP_DAYS
valueFrom:
configMapKeyRef:
name: {{ include "postgresql-rclone.fullname" . }}-backup-local
key: BACKUP_KEEP_DAYS
- name: BACKUP_DIR
value: /backups
- name: POSTGRES_HOST
value: {{ .Values.postgresql.host }}
- name: POSTGRES_DB_FILE
value: /config/POSTGRES_DB
- name: POSTGRES_USER_FILE
value: /secret/POSTGRES_USER
- name: POSTGRES_PASSWORD_FILE
value: /secret/POSTGRES_PASSWORD
command: ["/backup.sh"]
{{- if .Values.rclone.enabled }}
- name: rclone
image: "{{ .Values.rclone.image.repository }}:{{ .Values.rclone.image.tag }}"
imagePullPolicy: {{ .Values.rclone.image.pullPolicy }}
volumeMounts:
- name: backups
mountPath: /backups
- name: rclone-config
mountPath: /config
- name: rclone-auth
mountPath: /secret
envFrom:
- configMapRef:
name: {{ include "postgresql-rclone.fullname" . }}-rclone
- secretRef:
name: {{ include "postgresql-rclone.fullname" . }}-rclone
{{- if .Values.rclone.crypt.enabled }}
env:
- name: RCLONE_CRYPT_REMOTE
value: ":s3:$(S3_BUCKET)/$(S3_PREFIX)/"
{{- end }}
{{- if .Values.rclone.crypt.enabled }}
args: ["copy", "-l", "/backups/", ":crypt:"]
{{- else }}
args: ["copy", "-l", "/backups/", ":s3:$(S3_BUCKET)/$(S3_PREFIX)/"]
{{- end }}
{{- end }}
containers:
- name: show-dumps
image: bash
volumeMounts:
- name: backups
mountPath: /backups
command: ["ls"]
args: ["-alR", "/backups"]