From ca939363f8c2c6fc0ab554821aa14fe39cca1162 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Fri, 7 Sep 2018 16:09:15 +0200
Subject: [PATCH] feat (molgenis-vault): Add backup cronjob

Needs to run under service account created by the etcd-operator subchart so there's some template magic needed to figure out what it's called.
---
 molgenis-vault/Chart.yaml                     |  2 +-
 molgenis-vault/README.md                      | 10 ++++++-
 molgenis-vault/resources/backup.yaml          | 12 --------
 molgenis-vault/resources/restore.yaml         |  3 +-
 molgenis-vault/templates/_helpers.tpl         |  8 +++++
 .../templates/backup-configmap.yaml           | 17 +++++++++++
 molgenis-vault/templates/backup-cronjob.yaml  | 30 +++++++++++++++++++
 molgenis-vault/values.yaml                    |  9 +++++-
 8 files changed, 75 insertions(+), 16 deletions(-)
 delete mode 100644 molgenis-vault/resources/backup.yaml
 create mode 100644 molgenis-vault/templates/backup-configmap.yaml
 create mode 100644 molgenis-vault/templates/backup-cronjob.yaml

diff --git a/molgenis-vault/Chart.yaml b/molgenis-vault/Chart.yaml
index cc807f6..d14c86c 100644
--- a/molgenis-vault/Chart.yaml
+++ b/molgenis-vault/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS vault
 name: molgenis-vault
-version: 0.1.0
+version: 0.1.1
diff --git a/molgenis-vault/README.md b/molgenis-vault/README.md
index 3f9255b..a534657 100644
--- a/molgenis-vault/README.md
+++ b/molgenis-vault/README.md
@@ -22,4 +22,12 @@ See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/m
 | --------------- | ----------------------------- | ------------------ |
 | `abs.account`   | name of storage account       | `fdlkops`          |
 | `abs.accessKey` | access key of storage account | `xxxx`             |
-| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
\ No newline at end of file
+| `abs.cloud`     | name of cloud environment     | `AzurePublicCloud` |
+
+### Backup job
+Define the schedule of the backup job
+
+| Parameter            | Description                  | Default            |
+| -------------------- | ---------------------------- | ------------------ |
+| `backupJob.enable`   | Enable backup cronjob        | `true`             |
+| `backupJob.schedule` | cron schedule for the backup | `0 0 0 ? * MON *`  |
diff --git a/molgenis-vault/resources/backup.yaml b/molgenis-vault/resources/backup.yaml
deleted file mode 100644
index 3945a00..0000000
--- a/molgenis-vault/resources/backup.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: "etcd.database.coreos.com/v1beta2"
-kind: "EtcdBackup"
-metadata:
-  name: backup
-  namespace: "vault-operator"
-spec:
-  etcdEndpoints: ["https://vault-etcd-client:2379"]
-  storageType: ABS
-  clientTLSSecret: vault-etcd-client-tls
-  abs:
-    path: vault/backup
-    absSecret: abs
\ No newline at end of file
diff --git a/molgenis-vault/resources/restore.yaml b/molgenis-vault/resources/restore.yaml
index a819724..c7db422 100644
--- a/molgenis-vault/resources/restore.yaml
+++ b/molgenis-vault/resources/restore.yaml
@@ -1,3 +1,4 @@
+# Use kubectl create -f restore.yaml to manually execute a restore of the vault
 apiVersion: "etcd.database.coreos.com/v1beta2"
 kind: "EtcdRestore"
 metadata:
@@ -10,5 +11,5 @@ spec:
     name: vault-etcd
   backupStorageType: ABS
   abs:
-    path: vault/backup
+    path: vault/backup-<specify the backup name>
     absSecret: abs
\ No newline at end of file
diff --git a/molgenis-vault/templates/_helpers.tpl b/molgenis-vault/templates/_helpers.tpl
index 97006e3..81f6497 100644
--- a/molgenis-vault/templates/_helpers.tpl
+++ b/molgenis-vault/templates/_helpers.tpl
@@ -1,3 +1,11 @@
+{{/* See https://github.com/helm/helm/issues/4535 */}}
+{{- define "call-nested" }}
+{{- $dot := index . 0 }}
+{{- $subchart := index . 1 }}
+{{- $template := index . 2 }}
+{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
+{{- end }}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
diff --git a/molgenis-vault/templates/backup-configmap.yaml b/molgenis-vault/templates/backup-configmap.yaml
new file mode 100644
index 0000000..89f5404
--- /dev/null
+++ b/molgenis-vault/templates/backup-configmap.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backup-config
+data:
+  backup_cr.yaml: |
+    apiVersion: "etcd.database.coreos.com/v1beta2"
+    kind: "EtcdBackup"
+    metadata:
+      generateName: vault-backup-
+    spec:
+      etcdEndpoints: ["https://vault-etcd-client:2379"]
+      storageType: ABS
+      clientTLSSecret: vault-etcd-client-tls
+      abs:
+        path: vault/backup.<NOW>
+        absSecret: abs
\ No newline at end of file
diff --git a/molgenis-vault/templates/backup-cronjob.yaml b/molgenis-vault/templates/backup-cronjob.yaml
new file mode 100644
index 0000000..e5687fc
--- /dev/null
+++ b/molgenis-vault/templates/backup-cronjob.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.backupJob.enable }}
+# cronjob that creates etcdbackups using the etcd backup serviceaccount
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: etcd-backup
+spec:
+  schedule: {{ .Values.backupJob.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
+          containers:
+          - name: etcd-backup
+            image: lachlanevenson/k8s-kubectl
+            command:
+            - /bin/sh
+            - "-ec"
+            - |
+              sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
+            volumeMounts:
+            - name: backup-config
+              mountPath: /var/etcd_backup
+          restartPolicy: OnFailure
+          volumes:
+          - name: backup-config
+            configMap:
+              name: backup-config
+{{- end }}
\ No newline at end of file
diff --git a/molgenis-vault/values.yaml b/molgenis-vault/values.yaml
index 5d47683..92ac470 100644
--- a/molgenis-vault/values.yaml
+++ b/molgenis-vault/values.yaml
@@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-#abs details of the credentials to reach the azure backup storage
+# abs gives details of the credentials to reach the azure backup storage
 abs:
   # account is the name of the Storage account
   account: fdlkops
@@ -11,6 +11,13 @@ abs:
   # default cloud
   cloud: AzurePublicCloud
 
+# backupjob describes the backup cronjob
+backupJob:
+  # enable enables the backup job
+  enable: true
+  # schedule gives the cron schedule for the backup job
+  schedule: "0 0 0 ? * MON *"
+
 ###
 # All of the config variables related to setting up the etcd-operator
 # If you want more information about the variables exposed, please visit: