gitea/.helm/templates/backup-cronjobs.yaml
bootstrap 90fd37101b
Some checks failed
trash-ci / smoke (push) Failing after 11s
Initial Gitea chart with smoke CI
2026-05-06 17:35:56 +03:00

171 lines
7.5 KiB
YAML

{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "cronjob") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-files-backup
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
schedule: {{ .Values.backup.giteaFiles.schedule | quote }}
{{- with .Values.backup.timeZone }}
timeZone: {{ . | quote }}
{{- end }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: {{ .Values.backup.giteaFiles.successfulJobsHistoryLimit }}
failedJobsHistoryLimit: {{ .Values.backup.giteaFiles.failedJobsHistoryLimit }}
jobTemplate:
spec:
{{- with .Values.backup.giteaFiles.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
template:
spec:
restartPolicy: OnFailure
containers:
- name: backup
image: "{{ .Values.backup.giteaFiles.image.repository }}:{{ .Values.backup.giteaFiles.image.tag }}"
imagePullPolicy: {{ .Values.backup.giteaFiles.image.pullPolicy }}
command:
- /bin/sh
- -ec
- |
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
timestamp="$(date +%F-%H%M%S)"
archive_name="gitea-files-${timestamp}.tar.gz"
tar -C /data -czf "/tmp/${archive_name}" .
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
s3 cp "/tmp/${archive_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}"
env:
- name: S3_BUCKET
value: {{ .Values.backup.s3.bucket | quote }}
- name: S3_PREFIX
value: {{ .Values.backup.s3.prefix | quote }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.backup.s3.region | quote }}
- name: AWS_ENDPOINT_URL
value: {{ .Values.backup.s3.endpointUrl | quote }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-secret-access-key
volumeMounts:
- name: gitea-data
mountPath: /data
readOnly: true
resources:
{{- toYaml .Values.backup.giteaFiles.resources | nindent 16 }}
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: {{ include "gitea.giteaPvcName" . | quote }}
readOnly: true
{{- end }}
{{- if and .Values.backup.enabled .Values.backup.postgresql.enabled }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-postgresql-backup
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
schedule: {{ .Values.backup.postgresql.schedule | quote }}
{{- with .Values.backup.timeZone }}
timeZone: {{ . | quote }}
{{- end }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: {{ .Values.backup.postgresql.successfulJobsHistoryLimit }}
failedJobsHistoryLimit: {{ .Values.backup.postgresql.failedJobsHistoryLimit }}
jobTemplate:
spec:
{{- with .Values.backup.postgresql.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: dump
image: "{{ .Values.backup.postgresql.dumpImage.repository }}:{{ .Values.backup.postgresql.dumpImage.tag }}"
imagePullPolicy: {{ .Values.backup.postgresql.dumpImage.pullPolicy }}
command:
- /bin/sh
- -ec
- |
timestamp="$(date +%F-%H%M%S)"
dump_name="gitea-postgresql-${timestamp}.sql.gz"
until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}"; do
sleep 5
done
pg_dump -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" "${POSTGRES_DB}" | gzip -9 > "/backup/${dump_name}"
printf "%s" "${dump_name}" > /backup/dump-name
env:
- name: POSTGRES_HOST
value: {{ .Values.backup.postgresql.host | quote }}
- name: POSTGRES_DB
value: {{ .Values.postgresql.auth.database | quote }}
- name: POSTGRES_USER
value: {{ .Values.postgresql.auth.username | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.databaseSecret.name | quote }}
key: {{ .Values.databaseSecret.passwordKey | quote }}
volumeMounts:
- name: backup
mountPath: /backup
containers:
- name: upload
image: "{{ .Values.backup.postgresql.uploadImage.repository }}:{{ .Values.backup.postgresql.uploadImage.tag }}"
imagePullPolicy: {{ .Values.backup.postgresql.uploadImage.pullPolicy }}
command:
- /bin/sh
- -ec
- |
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
dump_name="$(cat /backup/dump-name)"
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
s3 cp "/backup/${dump_name}" "s3://${S3_BUCKET}/${S3_PREFIX}/postgresql/${dump_name}"
env:
- name: S3_BUCKET
value: {{ .Values.backup.s3.bucket | quote }}
- name: S3_PREFIX
value: {{ .Values.backup.s3.prefix | quote }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.backup.s3.region | quote }}
- name: AWS_ENDPOINT_URL
value: {{ .Values.backup.s3.endpointUrl | quote }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-secret-access-key
volumeMounts:
- name: backup
mountPath: /backup
resources:
{{- toYaml .Values.backup.postgresql.resources | nindent 16 }}
volumes:
- name: backup
emptyDir: {}
{{- end }}