171 lines
7.5 KiB
YAML
171 lines
7.5 KiB
YAML
{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "cronjob") }}
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: gitea-files-backup
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
spec:
|
|
schedule: {{ .Values.backup.giteaFiles.schedule | quote }}
|
|
{{- with .Values.backup.timeZone }}
|
|
timeZone: {{ . | quote }}
|
|
{{- end }}
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: {{ .Values.backup.giteaFiles.successfulJobsHistoryLimit }}
|
|
failedJobsHistoryLimit: {{ .Values.backup.giteaFiles.failedJobsHistoryLimit }}
|
|
jobTemplate:
|
|
spec:
|
|
{{- with .Values.backup.giteaFiles.ttlSecondsAfterFinished }}
|
|
ttlSecondsAfterFinished: {{ . }}
|
|
{{- end }}
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: backup
|
|
image: "{{ .Values.backup.giteaFiles.image.repository }}:{{ .Values.backup.giteaFiles.image.tag }}"
|
|
imagePullPolicy: {{ .Values.backup.giteaFiles.image.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
|
|
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
|
|
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
|
|
|
|
timestamp="$(date +%F-%H%M%S)"
|
|
archive_name="gitea-files-${timestamp}.tar.gz"
|
|
tar -C /data -czf "/tmp/${archive_name}" .
|
|
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
|
|
s3 cp "/tmp/${archive_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}"
|
|
env:
|
|
- name: S3_BUCKET
|
|
value: {{ .Values.backup.s3.bucket | quote }}
|
|
- name: S3_PREFIX
|
|
value: {{ .Values.backup.s3.prefix | quote }}
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.backup.s3.region | quote }}
|
|
- name: AWS_ENDPOINT_URL
|
|
value: {{ .Values.backup.s3.endpointUrl | quote }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-access-key-id
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-secret-access-key
|
|
volumeMounts:
|
|
- name: gitea-data
|
|
mountPath: /data
|
|
readOnly: true
|
|
resources:
|
|
{{- toYaml .Values.backup.giteaFiles.resources | nindent 16 }}
|
|
volumes:
|
|
- name: gitea-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "gitea.giteaPvcName" . | quote }}
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if and .Values.backup.enabled .Values.backup.postgresql.enabled }}
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: gitea-postgresql-backup
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
spec:
|
|
schedule: {{ .Values.backup.postgresql.schedule | quote }}
|
|
{{- with .Values.backup.timeZone }}
|
|
timeZone: {{ . | quote }}
|
|
{{- end }}
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: {{ .Values.backup.postgresql.successfulJobsHistoryLimit }}
|
|
failedJobsHistoryLimit: {{ .Values.backup.postgresql.failedJobsHistoryLimit }}
|
|
jobTemplate:
|
|
spec:
|
|
{{- with .Values.backup.postgresql.ttlSecondsAfterFinished }}
|
|
ttlSecondsAfterFinished: {{ . }}
|
|
{{- end }}
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
initContainers:
|
|
- name: dump
|
|
image: "{{ .Values.backup.postgresql.dumpImage.repository }}:{{ .Values.backup.postgresql.dumpImage.tag }}"
|
|
imagePullPolicy: {{ .Values.backup.postgresql.dumpImage.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
timestamp="$(date +%F-%H%M%S)"
|
|
dump_name="gitea-postgresql-${timestamp}.sql.gz"
|
|
until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}"; do
|
|
sleep 5
|
|
done
|
|
pg_dump -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" "${POSTGRES_DB}" | gzip -9 > "/backup/${dump_name}"
|
|
printf "%s" "${dump_name}" > /backup/dump-name
|
|
env:
|
|
- name: POSTGRES_HOST
|
|
value: {{ .Values.backup.postgresql.host | quote }}
|
|
- name: POSTGRES_DB
|
|
value: {{ .Values.postgresql.auth.database | quote }}
|
|
- name: POSTGRES_USER
|
|
value: {{ .Values.postgresql.auth.username | quote }}
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.databaseSecret.name | quote }}
|
|
key: {{ .Values.databaseSecret.passwordKey | quote }}
|
|
volumeMounts:
|
|
- name: backup
|
|
mountPath: /backup
|
|
containers:
|
|
- name: upload
|
|
image: "{{ .Values.backup.postgresql.uploadImage.repository }}:{{ .Values.backup.postgresql.uploadImage.tag }}"
|
|
imagePullPolicy: {{ .Values.backup.postgresql.uploadImage.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
|
|
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
|
|
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
|
|
|
|
dump_name="$(cat /backup/dump-name)"
|
|
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
|
|
s3 cp "/backup/${dump_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/postgresql/${dump_name}"
|
|
env:
|
|
- name: S3_BUCKET
|
|
value: {{ .Values.backup.s3.bucket | quote }}
|
|
- name: S3_PREFIX
|
|
value: {{ .Values.backup.s3.prefix | quote }}
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.backup.s3.region | quote }}
|
|
- name: AWS_ENDPOINT_URL
|
|
value: {{ .Values.backup.s3.endpointUrl | quote }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-access-key-id
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-secret-access-key
|
|
volumeMounts:
|
|
- name: backup
|
|
mountPath: /backup
|
|
resources:
|
|
{{- toYaml .Values.backup.postgresql.resources | nindent 16 }}
|
|
volumes:
|
|
- name: backup
|
|
emptyDir: {}
|
|
{{- end }}
|