183 lines
8.2 KiB
YAML
183 lines
8.2 KiB
YAML
{{- if and .Values.restore .Values.restore.enabled }}
|
|
{{- $restoreFiles := default false .Values.restore.files.enabled }}
|
|
{{- $restorePostgresql := default false .Values.restore.postgresql.enabled }}
|
|
{{- if not (or $restoreFiles $restorePostgresql) }}
|
|
{{- fail "restore.enabled=true requires restore.files.enabled=true or restore.postgresql.enabled=true" }}
|
|
{{- end }}
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ .Values.restore.name | quote }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
annotations:
|
|
helm.sh/hook: pre-install,pre-upgrade
|
|
helm.sh/hook-weight: "0"
|
|
helm.sh/hook-delete-policy: before-hook-creation
|
|
spec:
|
|
backoffLimit: 1
|
|
template:
|
|
spec:
|
|
restartPolicy: Never
|
|
initContainers:
|
|
- name: download
|
|
image: "{{ .Values.restore.images.awsCli.repository }}:{{ .Values.restore.images.awsCli.tag }}"
|
|
imagePullPolicy: {{ .Values.restore.images.awsCli.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
|
|
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
|
|
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
|
|
{{- if $restoreFiles }}
|
|
test -n "${GITEA_FILES_KEY}"
|
|
aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${GITEA_FILES_KEY}" /restore/gitea-files.tar.gz
|
|
{{- end }}
|
|
{{- if $restorePostgresql }}
|
|
test -n "${POSTGRESQL_DUMP_KEY}"
|
|
aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${POSTGRESQL_DUMP_KEY}" /restore/postgresql.sql.gz
|
|
{{- end }}
|
|
env:
|
|
- name: S3_BUCKET
|
|
value: {{ .Values.restore.s3.bucket | quote }}
|
|
- name: GITEA_FILES_KEY
|
|
value: {{ default "" .Values.restore.s3.giteaFilesKey | quote }}
|
|
- name: POSTGRESQL_DUMP_KEY
|
|
value: {{ default "" .Values.restore.s3.postgresqlDumpKey | quote }}
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.restore.s3.region | quote }}
|
|
- name: AWS_ENDPOINT_URL
|
|
value: {{ .Values.restore.s3.endpointUrl | quote }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-access-key-id
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-secret-access-key
|
|
volumeMounts:
|
|
- name: restore
|
|
mountPath: /restore
|
|
{{- if $restoreFiles }}
|
|
- name: restore-files
|
|
image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}"
|
|
imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
rm -rf /data/* /data/.[!.]* /data/..?*
|
|
tar -C /data -xzf /restore/gitea-files.tar.gz
|
|
volumeMounts:
|
|
- name: restore
|
|
mountPath: /restore
|
|
- name: gitea-data
|
|
mountPath: /data
|
|
{{- end }}
|
|
{{- if $restorePostgresql }}
|
|
- name: restore-postgresql
|
|
image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}"
|
|
imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
export PGPASSWORD="${POSTGRES_PASSWORD}"
|
|
until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres; do
|
|
sleep 5
|
|
done
|
|
|
|
escaped_user="$(printf "%s" "${POSTGRES_USER}" | sed 's/"/""/g')"
|
|
escaped_db="$(printf "%s" "${POSTGRES_DB}" | sed 's/"/""/g')"
|
|
|
|
if ! psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -tAc "select 1 from pg_database where datname = '${POSTGRES_DB}'" | grep -q 1; then
|
|
createdb -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -O "${POSTGRES_USER}" "${POSTGRES_DB}"
|
|
fi
|
|
|
|
psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -v ON_ERROR_STOP=1 \
|
|
-c "ALTER DATABASE \"${escaped_db}\" OWNER TO \"${escaped_user}\";"
|
|
|
|
psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1 \
|
|
-c "DROP SCHEMA IF EXISTS public CASCADE; CREATE SCHEMA public AUTHORIZATION \"${POSTGRES_USER}\"; GRANT ALL ON SCHEMA public TO \"${POSTGRES_USER}\";"
|
|
|
|
gunzip -c /restore/postgresql.sql.gz | psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1
|
|
env:
|
|
- name: POSTGRES_HOST
|
|
value: {{ .Values.restore.postgresql.host | quote }}
|
|
- name: POSTGRES_DB
|
|
value: {{ .Values.postgresql.auth.database | quote }}
|
|
- name: POSTGRES_USER
|
|
value: {{ .Values.postgresql.auth.username | quote }}
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.databaseSecret.name | quote }}
|
|
key: {{ .Values.databaseSecret.passwordKey | quote }}
|
|
volumeMounts:
|
|
- name: restore
|
|
mountPath: /restore
|
|
{{- end }}
|
|
containers:
|
|
{{- if .Values.restore.verify.enabled }}
|
|
- name: verify
|
|
image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}"
|
|
imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
{{- if $restoreFiles }}
|
|
test -d /data
|
|
objects="$(find /data -mindepth 1 -maxdepth 2 | head -n 1)"
|
|
test -n "${objects}"
|
|
{{- end }}
|
|
{{- if $restorePostgresql }}
|
|
tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public'")"
|
|
test "${tables}" -gt 0
|
|
core_tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public' and table_name in ('user', 'repository', 'version')")"
|
|
test "${core_tables}" -gt 0
|
|
echo "Gitea database restore verification passed: ${tables} public tables, ${core_tables} core tables"
|
|
{{- end }}
|
|
echo "Gitea restore verification passed"
|
|
env:
|
|
- name: POSTGRES_HOST
|
|
value: {{ .Values.restore.postgresql.host | quote }}
|
|
- name: POSTGRES_DB
|
|
value: {{ .Values.postgresql.auth.database | quote }}
|
|
- name: POSTGRES_USER
|
|
value: {{ .Values.postgresql.auth.username | quote }}
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.databaseSecret.name | quote }}
|
|
key: {{ .Values.databaseSecret.passwordKey | quote }}
|
|
{{- if $restoreFiles }}
|
|
volumeMounts:
|
|
- name: gitea-data
|
|
mountPath: /data
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- else }}
|
|
- name: done
|
|
image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}"
|
|
imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- echo "Gitea restore completed"
|
|
{{- end }}
|
|
volumes:
|
|
- name: restore
|
|
emptyDir: {}
|
|
{{- if $restoreFiles }}
|
|
- name: gitea-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "gitea.giteaPvcName" . | quote }}
|
|
{{- end }}
|
|
{{- end }}
|