mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-03-22 11:41:20 +00:00
102 lines
3.3 KiB
YAML
102 lines
3.3 KiB
YAML
{{- if .Values.backup.enabled }}
|
|
{{ $image := .Files.Get "images/backup.json" | fromJson }}
|
|
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: {{ .Release.Name }}-backup
|
|
spec:
|
|
schedule: "{{ .Values.backup.schedule }}"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
backoffLimit: 2
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }}
|
|
checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }}
|
|
spec:
|
|
imagePullSecrets:
|
|
- name: {{ .Release.Name }}-regsecret
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: mysqldump
|
|
image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}"
|
|
command:
|
|
- /bin/sh
|
|
- /scripts/backup.sh
|
|
env:
|
|
- name: REPO_PREFIX
|
|
value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }}
|
|
- name: CLEANUP_STRATEGY
|
|
value: {{ required "cleanupStrategy is not specified!" .Values.backup.cleanupStrategy | quote }}
|
|
- name: PGUSER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-superuser
|
|
key: username
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-superuser
|
|
key: password
|
|
- name: PGHOST
|
|
value: {{ .Release.Name }}-rw
|
|
- name: PGPORT
|
|
value: "5432"
|
|
- name: PGDATABASE
|
|
value: postgres
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-backup
|
|
key: s3AccessKey
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-backup
|
|
key: s3SecretKey
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.backup.s3Region }}
|
|
- name: RESTIC_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-backup
|
|
key: resticPassword
|
|
volumeMounts:
|
|
- mountPath: /scripts
|
|
name: scripts
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
- mountPath: /.cache
|
|
name: cache
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
volumes:
|
|
- name: scripts
|
|
secret:
|
|
secretName: {{ .Release.Name }}-backup-script
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: cache
|
|
emptyDir: {}
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 9000
|
|
runAsGroup: 9000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
{{- end }}
|