{{/* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.manifests.cron_job_postgresql_backup }} {{- $envAll := . }} {{- $serviceAccountName := "postgresql-backup" }} {{ tuple $envAll "postgresql_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: CronJob metadata: name: postgresql-backup annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} labels: {{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: schedule: {{ .Values.jobs.postgresql_backup.cron | quote }} successfulJobsHistoryLimit: {{ .Values.jobs.postgresql_backup.history.success }} failedJobsHistoryLimit: {{ .Values.jobs.postgresql_backup.history.failed }} concurrencyPolicy: Forbid jobTemplate: metadata: labels: {{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: {{ dict "envAll" $envAll "podName" "postgresql-backup" "containerNames" (list "init" "backup-perms" "postgresql-backup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{- if .Values.jobs.postgresql_backup.backoffLimit }} backoffLimit: {{ .Values.jobs.postgresql_backup.backoffLimit }} {{- end }} {{- if .Values.jobs.postgresql_backup.activeDeadlineSeconds }} activeDeadlineSeconds: {{ .Values.jobs.postgresql_backup.activeDeadlineSeconds }} {{- end }} template: metadata: labels: {{ tuple $envAll "postgresql-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} spec: {{ dict "envAll" $envAll "application" "postgresql_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }} serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure {{- if $envAll.Values.pod.affinity }} {{- if $envAll.Values.pod.affinity.postgresql_backup }} affinity: {{ index $envAll.Values.pod.affinity "postgresql_backup" | toYaml | indent 12}} {{- end }} {{- end }} nodeSelector: {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: {{ tuple $envAll "postgresql_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} - name: backup-perms {{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} {{ dict "envAll" $envAll "application" "postgresql_backup" "container" "backup_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }} command: - chown - -R - "65534:65534" - $(POSTGRESQL_BACKUP_BASE_DIR) env: - name: POSTGRESQL_BACKUP_BASE_DIR value: {{ .Values.conf.backup.base_path }} volumeMounts: - mountPath: /tmp name: pod-tmp - mountPath: {{ .Values.conf.backup.base_path }} name: postgresql-backup-dir containers: - name: postgresql-backup {{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} {{ dict "envAll" $envAll "application" "postgresql_backup" "container" "postgresql_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }} command: - /tmp/backup_postgresql.sh env: - name: POSTGRESQL_ADMIN_PASSWORD valueFrom: secretKeyRef: key: POSTGRES_PASSWORD name: postgresql-admin - name: POSTGRESQL_ADMIN_USER valueFrom: secretKeyRef: key: POSTGRES_USER name: postgresql-admin - name: POSTGRESQL_BACKUP_BASE_DIR value: {{ .Values.conf.backup.base_path }} - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS value: {{ .Values.conf.backup.pg_dumpall_options }} - name: POSTGRESQL_LOCAL_BACKUP_DAYS_TO_KEEP value: "{{ .Values.conf.backup.days_to_keep }}" - name: POSTGRESQL_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: REMOTE_BACKUP_ENABLED value: "{{ .Values.conf.backup.remote_backup.enabled }}" {{- if .Values.conf.backup.remote_backup.enabled }} - name: POSTGRESQL_REMOTE_BACKUP_DAYS_TO_KEEP value: "{{ .Values.conf.backup.remote_backup.days_to_keep }}" - name: CONTAINER_NAME value: "{{ .Values.conf.backup.remote_backup.container_name }}" - name: STORAGE_POLICY value: "{{ .Values.conf.backup.remote_backup.storage_policy }}" - name: NUMBER_OF_RETRIES_SEND_BACKUP_TO_REMOTE value: {{ .Values.conf.backup.remote_backup.number_of_retries | quote }} - name: MIN_DELAY_SEND_BACKUP_TO_REMOTE value: {{ .Values.conf.backup.remote_backup.delay_range.min | quote }} - name: MAX_DELAY_SEND_BACKUP_TO_REMOTE value: {{ .Values.conf.backup.remote_backup.delay_range.max | quote }} - name: THROTTLE_BACKUPS_ENABLED value: "{{ .Values.conf.backup.remote_backup.throttle_backups.enabled }}" - name: THROTTLE_LIMIT value: {{ .Values.conf.backup.remote_backup.throttle_backups.sessions_limit | quote }} - name: THROTTLE_LOCK_EXPIRE_AFTER value: {{ .Values.conf.backup.remote_backup.throttle_backups.lock_expire_after | quote }} - name: THROTTLE_RETRY_AFTER value: {{ .Values.conf.backup.remote_backup.throttle_backups.retry_after | quote }} - name: THROTTLE_CONTAINER_NAME value: {{ .Values.conf.backup.remote_backup.throttle_backups.container_name | quote }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.postgresql }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} {{- end }} {{- end }} volumeMounts: - name: pod-tmp mountPath: /tmp - mountPath: /tmp/backup_postgresql.sh name: postgresql-bin readOnly: true subPath: backup_postgresql.sh - mountPath: /tmp/backup_main.sh name: postgresql-bin readOnly: true subPath: backup_main.sh - mountPath: {{ .Values.conf.backup.base_path }} name: postgresql-backup-dir - name: postgresql-secrets mountPath: /etc/postgresql/admin_user.conf subPath: admin_user.conf readOnly: true volumes: - name: pod-tmp emptyDir: {} - name: postgresql-secrets secret: secretName: postgresql-secrets defaultMode: 292 - name: postgresql-bin secret: secretName: postgresql-bin defaultMode: 365 {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }} - name: postgresql-backup-dir persistentVolumeClaim: claimName: postgresql-backup-data {{- else }} - hostPath: path: {{ .Values.conf.backup.base_path }} type: DirectoryOrCreate name: postgresql-backup-dir {{- end }} {{- end }}