Merge pull request #49 from SUSE/postgres-backup

Adds postgres backup cronjob
SUSE · Aug 8, 2024 · 0c44554 · 0c44554
2 parents aa5c44f + f10e33b
commit 0c44554
Show file tree

Hide file tree

Showing 6 changed files with 108 additions and 14 deletions.
diff --git a/charts/postgres/templates/cronjobs.yaml b/charts/postgres/templates/cronjobs.yaml
@@ -0,0 +1,61 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: postgres-backup
+  namespace: {{ .Release.Namespace }}
+spec:
+{{- if .Values.openplatform.enabled }}
+  schedule: {{ required "A value for schedule is required" .Values.openplatform.backupSchedule | quote }}
+{{- else }}
+  schedule: {{ required "A value for schedule is required" .Values.postgres.backup.schedule | quote }}
+{{- end }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: {{ .Values.postgres.backup.containerName }}
+              image: {{ .Values.postgres.backup.containerImage }}
+              command:
+                - sh
+                - -c
+                - |
+                  apt update
+                  apt install -y awscli
+                  pg_dump -h postgres -U $POSTGRES_USER $POSTGRES_DB > /backup/backup.sql
+                  aws s3 cp /backup/backup.sql s3://$AWS_BUCKET/backups/backup-$(date +%Y%m%d).sql
+              env:
+                - name: POSTGRES_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgres-config
+                      key: POSTGRES_USER
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgres-config
+                      key: POSTGRES_PASSWORD
+                - name: POSTGRES_DB
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgres-config
+                      key: POSTGRES_DB
+                - name: AWS_ACCESS_KEY_ID
+                  valueFrom:
+                    secretKeyRef:
+                      name: aws-credentials
+                      key: aws_access_key_id
+                - name: AWS_SECRET_ACCESS_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      name: aws-credentials
+                      key: aws_secret_access_key
+                - name: AWS_BUCKET
+                  value: {{ .Values.postgres.backup.awsBucket }}
+              volumeMounts:
+                - name: backup-storage
+                  mountPath: /backup
+          volumes:
+            - name: backup-storage
+              emptyDir: {}
diff --git a/charts/postgres/templates/deployment.yaml b/charts/postgres/templates/deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}       
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ required "A value for image.repository is required" .Values.image.repository }}:{{ required "A value for image.tag is required" .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.port }}

diff --git a/charts/postgres/templates/pvc.yaml b/charts/postgres/templates/pvc.yaml
@@ -5,9 +5,18 @@ metadata:
   labels:
     {{- include "chart.labels" . | nindent 4 }}
 spec:
+  {{- if .Values.openplatform.enabled }}
+  storageClassName: {{ .Values.openplatform.pvc.storageClass | quote }}
+  accessModes:
+    - {{ .Values.openplatform.pvc.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.openplatform.pvc.storageSize | quote }}
+  {{- else }}
   storageClassName: manual
   accessModes:
     - ReadWriteMany
   resources:
     requests:
       storage: 5Gi
+  {{- end }}
diff --git a/charts/postgres/templates/secrets.yaml b/charts/postgres/templates/secrets.yaml
@@ -10,3 +10,15 @@ data:
   POSTGRES_DB: {{ .Values.postgres.db | b64enc }}
   POSTGRES_USER: {{ .Values.postgres.user | b64enc }}
   POSTGRES_PASSWORD: {{ .Values.postgres.password | b64enc }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-credentials
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  aws_access_key_id: {{ .Values.awscredentials.accessKeyId | b64enc }}
+  aws_secret_access_key: {{ .Values.awscredentials.secretAccessKey | b64enc }}
diff --git a/charts/postgres/templates/storage.yaml b/charts/postgres/templates/storage.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.openplatform.enabled -}}
 kind: PersistentVolume
 apiVersion: v1
 metadata:
@@ -11,4 +12,5 @@ spec:
   accessModes:
     - ReadWriteMany
   hostPath:
-    path: "/mnt/data"
+    path: "/mnt/data"
+{{- end -}}
diff --git a/charts/postgres/values.yaml b/charts/postgres/values.yaml
@@ -22,13 +22,14 @@ resources:
     memory: 256Mi
 
 volumes:
-- name: postgredb
+- name: postgres-volume
   persistentVolumeClaim:
     claimName: postgres-pv-claim
 
 volumeMounts:
 - mountPath: /var/lib/postgresql/data
-  name: postgredb
+  name: postgres-volume
+  subPath: data
 
 autoscaling:
   enabled: false
@@ -41,14 +42,23 @@ postgres:
   db: operational
   user: postgres
   password: telemetry
+  backup:
+    containerImage: postgres:16
+    containerName: postgres-backup
+    awsBucket: test-ts-postgres-backup
+    # For testing purposes, scheduled to backup every minute, change as needed
+    schedule: "* * * * *"
 
-# OpenPlatform
-# postgres:
-#   persistence:
-#     enabled: true
-#     storageClass: ebs
-#     accessMode: ReadWriteOnce
-#     size: 10Mi
-#   volumeMounts:
-#   - name: postgres-pvc
-#     mountPath: /var/lib/postgresql/telemetry-server-data
+awscredentials:
+  accessKeyId: foo
+  secretAccessKey: bar
+
+# OpenPlatform deployment
+# Defaults to enabled: true. Switch to false for local development
+openplatform:
+  enabled: true
+  pvc:
+    storageClass: ebs
+    accessMode: ReadWriteOnce
+    storageSize: 5Gi
+  backupSchedule: "0 0 * * 0-6"