Backup/Restore (#256)

* lifecycle: move s3 backup settings to s3 name * providers/oauth2: fix for alerting for missing certificatekeypair * lifecycle: add backup commands see #252 * lifecycle: install postgres-client for 11 and 12 * root: migrate to DBBACKUP_STORAGE_OPTIONS, add region setting * lifecycle: auto-clean last backups * helm: add s3 region parameter, add cronjob for backups * docs: add backup docs * root: remove backup scheduled task for now
2020-10-03 20:36:36 +02:00
parent 195d8fe71f
commit 9fb1ac98ec
12 changed files with 225 additions and 62 deletions
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@ -7,10 +7,11 @@ data:
  POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
  POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
  {{- if .Values.backup }}
-  POSTGRESQL__BACKUP__ACCESS_KEY: "{{ .Values.backup.access_key }}"
-  POSTGRESQL__BACKUP__SECRET_KEY: "{{ .Values.backup.secret_key }}"
-  POSTGRESQL__BACKUP__BUCKET: "{{ .Values.backup.bucket }}"
-  POSTGRESQL__BACKUP__HOST: "{{ .Values.backup.host }}"
+  POSTGRESQL__S3_BACKUP__ACCESS_KEY: "{{ .Values.backup.access_key }}"
+  POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secret_key }}"
+  POSTGRESQL__S3_BACKUP__BUCKET: "{{ .Values.backup.bucket }}"
+  POSTGRESQL__S3_BACKUP__REGION: "{{ .Values.backup.region }}"
+  POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}"
  {{- end}}
  REDIS__HOST: "{{ .Release.Name }}-redis-master"
  ERROR_REPORTING__ENABLED: "{{ .Values.config.error_reporting.enabled }}"
--- a/helm/templates/cronjob-backup.yaml
+++ b/helm/templates/cronjob-backup.yaml
@ -0,0 +1,42 @@
+{{- if .Values.backup }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: {{ include "passbook.fullname" . }}-backup
+  labels:
+    app.kubernetes.io/name: {{ include "passbook.name" . }}
+    helm.sh/chart: {{ include "passbook.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  schedule: "0 0 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: {{ .Chart.Name }}
+            image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
+            args: [server]
+            envFrom:
+              - configMapRef:
+                  name: {{ include "passbook.fullname" . }}-config
+                prefix: PASSBOOK_
+            env:
+              - name: PASSBOOK_SECRET_KEY
+                valueFrom:
+                  secretKeyRef:
+                    name: "{{ include "passbook.fullname" . }}-secret-key"
+                    key: "secret_key"
+              - name: PASSBOOK_REDIS__PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: "{{ .Release.Name }}-redis"
+                    key: "redis-password"
+              - name: PASSBOOK_POSTGRESQL__PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: "{{ .Release.Name }}-postgresql"
+                    key: "postgresql-password"
+{{- end}}
--- a/helm/values.yaml
+++ b/helm/values.yaml
@ -28,8 +28,21 @@ config:
 #   access_key: access-key
 #   secret_key: secret-key
 #   bucket: s3-bucket
+#   region: eu-central-1
 #   host: s3-host

+ingress:
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - passbook.k8s.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - passbook.k8s.local
+
 ###################################
 # Values controlling dependencies
 ###################################
@ -50,15 +63,3 @@ redis:
      enabled: false
    # https://stackoverflow.com/a/59189742
    disableCommands: []
-
-ingress:
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - passbook.k8s.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - passbook.k8s.local