{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "cronjob") }} apiVersion: batch/v1 kind: CronJob metadata: name: gitea-files-backup namespace: {{ .Release.Namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: schedule: {{ .Values.backup.giteaFiles.schedule | quote }} {{- with .Values.backup.timeZone }} timeZone: {{ . | quote }} {{- end }} concurrencyPolicy: Forbid successfulJobsHistoryLimit: {{ .Values.backup.giteaFiles.successfulJobsHistoryLimit }} failedJobsHistoryLimit: {{ .Values.backup.giteaFiles.failedJobsHistoryLimit }} jobTemplate: spec: {{- with .Values.backup.giteaFiles.ttlSecondsAfterFinished }} ttlSecondsAfterFinished: {{ . }} {{- end }} template: spec: restartPolicy: OnFailure containers: - name: backup image: "{{ .Values.backup.giteaFiles.image.repository }}:{{ .Values.backup.giteaFiles.image.tag }}" imagePullPolicy: {{ .Values.backup.giteaFiles.image.pullPolicy }} command: - /bin/sh - -ec - | case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; } timestamp="$(date +%F-%H%M%S)" archive_name="gitea-files-${timestamp}.tar.gz" tar -C /data -czf "/tmp/${archive_name}" . aws --endpoint-url "${AWS_ENDPOINT_URL}" \ s3 cp "/tmp/${archive_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}" env: - name: S3_BUCKET value: {{ .Values.backup.s3.bucket | quote }} - name: S3_PREFIX value: {{ .Values.backup.s3.prefix | quote }} - name: AWS_DEFAULT_REGION value: {{ .Values.backup.s3.region | quote }} - name: AWS_ENDPOINT_URL value: {{ .Values.backup.s3.endpointUrl | quote }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-secret-access-key volumeMounts: - name: gitea-data mountPath: /data readOnly: true resources: {{- toYaml .Values.backup.giteaFiles.resources | nindent 16 }} volumes: - name: gitea-data persistentVolumeClaim: claimName: {{ include "gitea.giteaPvcName" . | quote }} readOnly: true {{- end }} {{- if and .Values.backup.enabled .Values.backup.postgresql.enabled }} --- apiVersion: batch/v1 kind: CronJob metadata: name: gitea-postgresql-backup namespace: {{ .Release.Namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: schedule: {{ .Values.backup.postgresql.schedule | quote }} {{- with .Values.backup.timeZone }} timeZone: {{ . | quote }} {{- end }} concurrencyPolicy: Forbid successfulJobsHistoryLimit: {{ .Values.backup.postgresql.successfulJobsHistoryLimit }} failedJobsHistoryLimit: {{ .Values.backup.postgresql.failedJobsHistoryLimit }} jobTemplate: spec: {{- with .Values.backup.postgresql.ttlSecondsAfterFinished }} ttlSecondsAfterFinished: {{ . }} {{- end }} template: spec: restartPolicy: OnFailure initContainers: - name: dump image: "{{ .Values.backup.postgresql.dumpImage.repository }}:{{ .Values.backup.postgresql.dumpImage.tag }}" imagePullPolicy: {{ .Values.backup.postgresql.dumpImage.pullPolicy }} command: - /bin/sh - -ec - | timestamp="$(date +%F-%H%M%S)" dump_name="gitea-postgresql-${timestamp}.sql.gz" until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}"; do sleep 5 done pg_dump -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" "${POSTGRES_DB}" | gzip -9 > "/backup/${dump_name}" printf "%s" "${dump_name}" > /backup/dump-name env: - name: POSTGRES_HOST value: {{ .Values.backup.postgresql.host | quote }} - name: POSTGRES_DB value: {{ .Values.postgresql.auth.database | quote }} - name: POSTGRES_USER value: {{ .Values.postgresql.auth.username | quote }} - name: PGPASSWORD valueFrom: secretKeyRef: name: {{ .Values.databaseSecret.name | quote }} key: {{ .Values.databaseSecret.passwordKey | quote }} volumeMounts: - name: backup mountPath: /backup containers: - name: upload image: "{{ .Values.backup.postgresql.uploadImage.repository }}:{{ .Values.backup.postgresql.uploadImage.tag }}" imagePullPolicy: {{ .Values.backup.postgresql.uploadImage.pullPolicy }} command: - /bin/sh - -ec - | case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; } dump_name="$(cat /backup/dump-name)" aws --endpoint-url "${AWS_ENDPOINT_URL}" \ s3 cp "/backup/${dump_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/postgresql/${dump_name}" env: - name: S3_BUCKET value: {{ .Values.backup.s3.bucket | quote }} - name: S3_PREFIX value: {{ .Values.backup.s3.prefix | quote }} - name: AWS_DEFAULT_REGION value: {{ .Values.backup.s3.region | quote }} - name: AWS_ENDPOINT_URL value: {{ .Values.backup.s3.endpointUrl | quote }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-secret-access-key volumeMounts: - name: backup mountPath: /backup resources: {{- toYaml .Values.backup.postgresql.resources | nindent 16 }} volumes: - name: backup emptyDir: {} {{- end }}