feat (molgenis-vault): Add backup cronjob
Needs to run under service account created by the etcd-operator subchart so there's some template magic needed to figure out what it's called.
This commit is contained in:
parent
7df68882b6
commit
ca939363f8
@ -2,4 +2,4 @@ apiVersion: v1
|
|||||||
appVersion: "1.0"
|
appVersion: "1.0"
|
||||||
description: MOLGENIS vault
|
description: MOLGENIS vault
|
||||||
name: molgenis-vault
|
name: molgenis-vault
|
||||||
version: 0.1.0
|
version: 0.1.1
|
||||||
|
@ -23,3 +23,11 @@ See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/m
|
|||||||
| `abs.account` | name of storage account | `fdlkops` |
|
| `abs.account` | name of storage account | `fdlkops` |
|
||||||
| `abs.accessKey` | access key of storage account | `xxxx` |
|
| `abs.accessKey` | access key of storage account | `xxxx` |
|
||||||
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
|
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
|
||||||
|
|
||||||
|
### Backup job
|
||||||
|
Define the schedule of the backup job
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| -------------------- | ---------------------------- | ------------------ |
|
||||||
|
| `backupJob.enable` | Enable backup cronjob | `true` |
|
||||||
|
| `backupJob.schedule` | cron schedule for the backup | `0 0 0 ? * MON *` |
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
|
||||||
kind: "EtcdBackup"
|
|
||||||
metadata:
|
|
||||||
name: backup
|
|
||||||
namespace: "vault-operator"
|
|
||||||
spec:
|
|
||||||
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
|
||||||
storageType: ABS
|
|
||||||
clientTLSSecret: vault-etcd-client-tls
|
|
||||||
abs:
|
|
||||||
path: vault/backup
|
|
||||||
absSecret: abs
|
|
@ -1,3 +1,4 @@
|
|||||||
|
# Use kubectl create -f restore.yaml to manually execute a restore of the vault
|
||||||
apiVersion: "etcd.database.coreos.com/v1beta2"
|
apiVersion: "etcd.database.coreos.com/v1beta2"
|
||||||
kind: "EtcdRestore"
|
kind: "EtcdRestore"
|
||||||
metadata:
|
metadata:
|
||||||
@ -10,5 +11,5 @@ spec:
|
|||||||
name: vault-etcd
|
name: vault-etcd
|
||||||
backupStorageType: ABS
|
backupStorageType: ABS
|
||||||
abs:
|
abs:
|
||||||
path: vault/backup
|
path: vault/backup-<specify the backup name>
|
||||||
absSecret: abs
|
absSecret: abs
|
@ -1,3 +1,11 @@
|
|||||||
|
{{/* See https://github.com/helm/helm/issues/4535 */}}
|
||||||
|
{{- define "call-nested" }}
|
||||||
|
{{- $dot := index . 0 }}
|
||||||
|
{{- $subchart := index . 1 }}
|
||||||
|
{{- $template := index . 2 }}
|
||||||
|
{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{/* vim: set filetype=mustache: */}}
|
{{/* vim: set filetype=mustache: */}}
|
||||||
{{/*
|
{{/*
|
||||||
Expand the name of the chart.
|
Expand the name of the chart.
|
||||||
|
17
molgenis-vault/templates/backup-configmap.yaml
Normal file
17
molgenis-vault/templates/backup-configmap.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: backup-config
|
||||||
|
data:
|
||||||
|
backup_cr.yaml: |
|
||||||
|
apiVersion: "etcd.database.coreos.com/v1beta2"
|
||||||
|
kind: "EtcdBackup"
|
||||||
|
metadata:
|
||||||
|
generateName: vault-backup-
|
||||||
|
spec:
|
||||||
|
etcdEndpoints: ["https://vault-etcd-client:2379"]
|
||||||
|
storageType: ABS
|
||||||
|
clientTLSSecret: vault-etcd-client-tls
|
||||||
|
abs:
|
||||||
|
path: vault/backup.<NOW>
|
||||||
|
absSecret: abs
|
30
molgenis-vault/templates/backup-cronjob.yaml
Normal file
30
molgenis-vault/templates/backup-cronjob.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{{- if .Values.backupJob.enable }}
|
||||||
|
# cronjob that creates etcdbackups using the etcd backup serviceaccount
|
||||||
|
apiVersion: batch/v1beta1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: etcd-backup
|
||||||
|
spec:
|
||||||
|
schedule: {{ .Values.backupJob.schedule | quote }}
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
|
||||||
|
containers:
|
||||||
|
- name: etcd-backup
|
||||||
|
image: lachlanevenson/k8s-kubectl
|
||||||
|
command:
|
||||||
|
- /bin/sh
|
||||||
|
- "-ec"
|
||||||
|
- |
|
||||||
|
sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
|
||||||
|
volumeMounts:
|
||||||
|
- name: backup-config
|
||||||
|
mountPath: /var/etcd_backup
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
volumes:
|
||||||
|
- name: backup-config
|
||||||
|
configMap:
|
||||||
|
name: backup-config
|
||||||
|
{{- end }}
|
@ -2,7 +2,7 @@
|
|||||||
# This is a YAML-formatted file.
|
# This is a YAML-formatted file.
|
||||||
# Declare variables to be passed into your templates.
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
#abs details of the credentials to reach the azure backup storage
|
# abs gives details of the credentials to reach the azure backup storage
|
||||||
abs:
|
abs:
|
||||||
# account is the name of the Storage account
|
# account is the name of the Storage account
|
||||||
account: fdlkops
|
account: fdlkops
|
||||||
@ -11,6 +11,13 @@ abs:
|
|||||||
# default cloud
|
# default cloud
|
||||||
cloud: AzurePublicCloud
|
cloud: AzurePublicCloud
|
||||||
|
|
||||||
|
# backupjob describes the backup cronjob
|
||||||
|
backupJob:
|
||||||
|
# enable enables the backup job
|
||||||
|
enable: true
|
||||||
|
# schedule gives the cron schedule for the backup job
|
||||||
|
schedule: "0 0 0 ? * MON *"
|
||||||
|
|
||||||
###
|
###
|
||||||
# All of the config variables related to setting up the etcd-operator
|
# All of the config variables related to setting up the etcd-operator
|
||||||
# If you want more information about the variables exposed, please visit:
|
# If you want more information about the variables exposed, please visit:
|
||||||
|
Loading…
Reference in New Issue
Block a user