feat (molgenis-vault): Add backup cronjob

Needs to run under service account created by the etcd-operator subchart so there's some template magic needed to figure out what it's called.
2018-09-07 16:09:15 +02:00 · 2018-09-07 16:09:15 +02:00 · ca939363f8
parent 7df68882b6
commit ca939363f8
8 changed files with 75 additions and 16 deletions
--- a/molgenis-vault/Chart.yaml
+++ b/molgenis-vault/Chart.yaml
@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS vault
 name: molgenis-vault
-version: 0.1.0
+version: 0.1.1
--- a/molgenis-vault/README.md
+++ b/molgenis-vault/README.md
@ -22,4 +22,12 @@ See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/m
 | --------------- | ----------------------------- | ------------------ |
 | `abs.account`   | name of storage account       | `fdlkops`          |
 | `abs.accessKey` | access key of storage account | `xxxx`             |
-| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
+| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
+
+### Backup job
+Define the schedule of the backup job
+
+| Parameter            | Description                  | Default            |
+| -------------------- | ---------------------------- | ------------------ |
+| `backupJob.enable`   | Enable backup cronjob        | `true`             |
+| `backupJob.schedule` | cron schedule for the backup | `0 0 0 ? * MON *`  |
--- a/molgenis-vault/resources/backup.yaml
+++ b/molgenis-vault/resources/backup.yaml
@ -1,12 +0,0 @@
-apiVersion: "etcd.database.coreos.com/v1beta2"
-kind: "EtcdBackup"
-metadata:
-  name: backup
-  namespace: "vault-operator"
-spec:
-  etcdEndpoints: ["https://vault-etcd-client:2379"]
-  storageType: ABS
-  clientTLSSecret: vault-etcd-client-tls
-  abs:
-    path: vault/backup
-    absSecret: abs
--- a/molgenis-vault/resources/restore.yaml
+++ b/molgenis-vault/resources/restore.yaml
@ -1,3 +1,4 @@
+# Use kubectl create -f restore.yaml to manually execute a restore of the vault
 apiVersion: "etcd.database.coreos.com/v1beta2"
 kind: "EtcdRestore"
 metadata:
@ -10,5 +11,5 @@ spec:
    name: vault-etcd
  backupStorageType: ABS
  abs:
-    path: vault/backup
+    path: vault/backup-<specify the backup name>
    absSecret: abs
--- a/molgenis-vault/templates/_helpers.tpl
+++ b/molgenis-vault/templates/_helpers.tpl
@ -1,3 +1,11 @@
+{{/* See https://github.com/helm/helm/issues/4535 */}}
+{{- define "call-nested" }}
+{{- $dot := index . 0 }}
+{{- $subchart := index . 1 }}
+{{- $template := index . 2 }}
+{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
+{{- end }}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
--- a/molgenis-vault/templates/backup-configmap.yaml
+++ b/molgenis-vault/templates/backup-configmap.yaml
@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backup-config
+data:
+  backup_cr.yaml: |
+    apiVersion: "etcd.database.coreos.com/v1beta2"
+    kind: "EtcdBackup"
+    metadata:
+      generateName: vault-backup-
+    spec:
+      etcdEndpoints: ["https://vault-etcd-client:2379"]
+      storageType: ABS
+      clientTLSSecret: vault-etcd-client-tls
+      abs:
+        path: vault/backup.<NOW>
+        absSecret: abs
--- a/molgenis-vault/templates/backup-cronjob.yaml
+++ b/molgenis-vault/templates/backup-cronjob.yaml
@ -0,0 +1,30 @@
+{{- if .Values.backupJob.enable }}
+# cronjob that creates etcdbackups using the etcd backup serviceaccount
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: etcd-backup
+spec:
+  schedule: {{ .Values.backupJob.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
+          containers:
+          - name: etcd-backup
+            image: lachlanevenson/k8s-kubectl
+            command:
+            - /bin/sh
+            - "-ec"
+            - |
+              sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
+            volumeMounts:
+            - name: backup-config
+              mountPath: /var/etcd_backup
+          restartPolicy: OnFailure
+          volumes:
+          - name: backup-config
+            configMap:
+              name: backup-config
+{{- end }}
--- a/molgenis-vault/values.yaml
+++ b/molgenis-vault/values.yaml
@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.

-#abs details of the credentials to reach the azure backup storage
+# abs gives details of the credentials to reach the azure backup storage
 abs:
  # account is the name of the Storage account
  account: fdlkops
@ -11,6 +11,13 @@ abs:
  # default cloud
  cloud: AzurePublicCloud

+# backupjob describes the backup cronjob
+backupJob:
+  # enable enables the backup job
+  enable: true
+  # schedule gives the cron schedule for the backup job
+  schedule: "0 0 0 ? * MON *"
+
 ###
 # All of the config variables related to setting up the etcd-operator
 # If you want more information about the variables exposed, please visit: