Backups

charts/backups/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/backups/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+type: application
+name: backups
+description: Helm chart for backing things up.
+icon: https://avatars.githubusercontent.com/u/889755?s=200&v=4
+home: https://www.foomo.org
+keywords:
+  - foomo
+  - backups
+sources:
+  - https://github.com/foomo/helm-charts
+annotations:
+  "artifacthub.io/links": |
+    - name: Chart Source
+      url: https://github.com/foomo/helm-charts
+
+version: 0.1.0
+appVersion: 0.1.0

charts/backups/README.md

@@ -0,0 +1,43 @@
+# backups
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+
+Helm chart for backing things up.
+
+**Homepage:** <https://www.foomo.org>
+
+## Resources
+
+- [Source](https://github.com/foomo/helm-charts)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `""` | Overrides the chart's computed fullname |
+| nameOverride | string | `""` | Overrides the chart's name |
+| namespaceOverride | string | `""` | The name of the Namespace to deploy If not set, `.Release.Namespace` is used |
+| postgres.cronjob.backoffLimit | int | `6` | Set the cronjob parameter backoffLimit |
+| postgres.cronjob.concurrencyPolicy | string | `"Forbid"` | Set the cronjob parameter concurrencyPolicy |
+| postgres.cronjob.failedJobsHistoryLimit | int | `1` | Set the cronjob parameter failedJobsHistoryLimit |
+| postgres.cronjob.restartPolicy | string | `"Never"` | Set the cronjob parameter restartPolicy |
+| postgres.cronjob.schedule | string | `"@daily"` | Set the cronjob parameter schedule |
+| postgres.cronjob.startingDeadlineSeconds | string | `""` |  |
+| postgres.cronjob.successfulJobsHistoryLimit | int | `1` | Set the cronjob parameter successfulJobsHistoryLimit |
+| postgres.cronjob.ttlSecondsAfterFinished | string | `""` | Set the cronjob parameter ttlSecondsAfterFinished |
+| postgres.dump.extraEnv | list | `[]` | Environment variables to add to pg dump container |
+| postgres.dumpImage | string | `"postgres:15-alpine"` |  |
+| postgres.enabled | bool | `false` | Enable backup |
+| postgres.host | string | `""` | Postgres host |
+| postgres.name | string | `"instance-name"` |  |
+| postgres.password | string | `""` | Postgres password |
+| postgres.port | string | `"5432"` | Postgres port |
+| postgres.type | string | `"SelfHosted"` | Set the type of postgres database |
+| postgres.upload.extraEnv | list | `[]` | Environment variables to add to save container |
+| postgres.user | string | `""` | Postgres user name |
+| revisionHistoryLimit | int | `10` | Number of revisions to retain to allow rollback |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
+| upload | object | `{}` |  |

charts/backups/README.md.gotmpl

@@ -0,0 +1,18 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+## Resources
+
+- [Source](https://github.com/foomo/helm-charts)
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/backups/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "backups.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "backups.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "backups.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "backups.labels" -}}
+helm.sh/chart: {{ include "backups.chart" . }}
+{{ include "backups.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "backups.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "backups.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "backups.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "backups.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the namespace
+*/}}
+{{- define "backups.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride }}
+{{- end }}

charts/backups/templates/postgres/_helpers.tpl

@@ -0,0 +1,70 @@
+{{/*
+default fullname
+*/}}
+{{- define "backups.postgres.fullname" -}}
+{{ include "backups.fullname" . }}
+{{- end }}
+
+{{/*
+default common labels
+*/}}
+{{- define "backups.postgres.labels" -}}
+{{ include "backups.labels" . }}
+{{- end }}
+
+{{/*
+default selector labels
+*/}}
+{{- define "backups.postgres.selectorLabels" -}}
+{{ include "backups.selectorLabels" . }}
+{{- end }}
+
+
+{{- define "backups.postgres.pgdumpCommand" -}}
+- "/bin/sh"
+- "-c"
+{{- if eq .Values.postgres.type "RDS" }}
+- "pg_dumpall --no-role-passwords -v --exclude-database=rdsadmin {{ with .Values.postgres.port }} -p {{ . }} {{- end }} {{ with .Values.postgres.host }} -h {{ . }} {{- end }} -U $PGUSER | gzip > /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else if eq .Values.postgres.type "CloudSQL" }}
+- "pg_dumpall --no-role-passwords -v --exclude-database=cloudsqladmin --exclude-database=template* {{ with .Values.postgres.port }} -p {{ . }} {{- end }} {{ with .Values.postgres.host }} -h {{ . }} {{- end }} -U $PGUSER | gzip > /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else if eq .Values.postgres.type "AzurePostgres" }}
+#TODO dump command for azure
+- "pg_dumpall --no-role-passwords -v --exclude-database=rdsadmin {{ with .Values.postgres.port }} -p {{ . }} {{- end }} {{ with .Values.postgres.host }} -h {{ . }} {{- end }} -U $PGUSER | gzip > /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else if eq .Values.postgres.type "DOPostgres" }}
+- "pg_dumpall --no-role-passwords -v --exclude-database=_dodb --exclude-database=template* -l defaultdb {{ with .Values.postgres.port }} -p {{ . }} {{- end }} {{ with .Values.postgres.host }} -h {{ . }} {{- end }} -U $PGUSER | gzip > /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else if eq .Values.postgres.type "SelfHosted" }}
+#TODO dump command for selfhosted
+- "pg_dumpall {{ with .Values.postgres.port }} -p {{ . }} {{- end }} {{ with .Values.postgres.host }} -h {{ . }} {{- end }} -U $PGUSER | gzip > /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else }}
+{{ fail "Invalid Postgres provider" }}
+{{- end -}}
+{{- end -}}
+
+{{- define "backups.postgres.uploadCommand" -}}
+- "/bin/sh"
+- "-c"
+{{- if .Values.upload.s3 }}
+- "aws s3 cp /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz s3://{{ .Values.upload.s3.bucket }}/{{ .Values.postgres.bucketPrefix }}/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz {{- if .Values.upload.s3.endpoint }} --endpoint {{ .Values.upload.s3.endpoint }}{{- end }}"
+{{- else if .Values.upload.gcp }}
+- "gcloud storage cp /backup/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz gs://{{ .Values.upload.gcp.bucket }}/{{ .Values.postgres.bucketPrefix }}/{{ .Values.postgres.name }}-$(date \"+%Y-%m-%d\").gz"
+{{- else if .Values.upload.azure }}
+#TODO upload to azure
+- "az storage file upload --account-name <account-name> --account-key <account-key> --share-name <share-name> --path logo.png --source image.png"
+{{- else }}
+{{ fail "Invalid cloud provider" }}
+{{- end -}}
+{{- end -}}
+
+{{- define "backups.postgres.cloudImage" -}}
+{{- if .Values.upload.s3 -}}
+"amazon/aws-cli:2.17.48"
+{{- else if .Values.upload.gcp -}}
+"google/cloud-sdk:492.0.0"
+{{- else if .Values.upload.azure -}}
+"mcr.microsoft.com/azure-cli:2.9.1"
+{{- else if .Values.upload.do -}}
+"amazon/aws-cli:2.17.48"
+{{- else }}
+{{ fail "Invalid cloud provider: " .Values.cloudProvider }}
+{{- end -}}
+{{- end -}}

charts/backups/templates/postgres/cronjob.yaml

@@ -0,0 +1,75 @@
+{{- if .Values.postgres.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "backups.postgres.fullname" . }}
+  labels:
+    {{- include "backups.postgres.labels" . | nindent 4 }}
+  namespace: {{ include "backups.namespace" . }}
+spec:
+  schedule: {{ quote .Values.postgres.cronjob.schedule }}
+  concurrencyPolicy: {{ .Values.postgres.cronjob.concurrencyPolicy }}
+  failedJobsHistoryLimit: {{ .Values.postgres.cronjob.failedJobsHistoryLimit }}
+  successfulJobsHistoryLimit: {{ .Values.postgres.cronjob.successfulJobsHistoryLimit }}
+  {{- if .Values.postgres.cronjob.startingDeadlineSeconds }}
+  startingDeadlineSeconds: {{ .Values.postgres.cronjob.startingDeadlineSeconds }}
+  {{- end }}
+  jobTemplate:
+    spec:
+      {{- if .Values.postgres.cronjob.backoffLimit }}
+      backoffLimit: {{ .Values.postgres.cronjob.backoffLimit }}
+      {{- end }}
+      {{- if .Values.postgres.cronjob.ttlSecondsAfterFinished }}
+      ttlSecondsAfterFinished: {{ .Values.postgres.cronjob.ttlSecondsAfterFinished }}
+      {{- end }}
+      template:
+        spec:
+          serviceAccountName: {{ include "backups.serviceAccountName" . }}
+          initContainers:
+            - name: dump
+              image: {{ .Values.postgres.dumpImage }}
+              command: {{- include "backups.postgres.pgdumpCommand" . | nindent 16 }}
+              env:
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgres-credentials
+                      key: PGUSER
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: postgres-credentials
+                      key: PGPASSWORD
+                {{- with .Values.postgres.dump.extraEnv }}
+                {{- toYaml . | nindent 16 }}
+                {{- end }}
+              volumeMounts:
+                - name: data
+                  mountPath: /backup
+          containers:
+            - name: upload
+              image: {{ include "backups.postgres.cloudImage" . }}
+              imagePullPolicy: IfNotPresent
+              command: {{ include "backups.postgres.uploadCommand" . | trim | nindent 16 }}
+              env:
+              {{- with .Values.upload.s3 }}
+              {{- if hasKey . "accessKey" }}
+                - name: AWS_ACCESS_KEY_ID
+                  value: {{ .accessKey }}
+              {{- end }}
+              {{- if hasKey . "secretAccessKey" }}
+                - name: AWS_SECRET_ACCESS_KEY
+                  value: {{ .secretAccessKey }}
+              {{- end }}
+              {{- end }}
+                {{- with .Values.postgres.upload.extraEnv }}
+                {{- toYaml . | nindent 16 }}
+                {{- end }}
+              volumeMounts:
+                - name: data
+                  mountPath: /backup
+          restartPolicy: {{ .Values.postgres.cronjob.restartPolicy }}
+          volumes:
+            - name: data
+              emptyDir: {}
+{{- end }}

charts/backups/templates/postgres/secret.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.postgres.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-credentials
+  labels:
+    {{- include "backups.postgres.labels" . | nindent 4 }}
+  namespace: {{ include "backups.namespace" . }}
+type: Opaque
+data:
+  PGUSER: {{ .Values.postgres.user | b64enc | quote }}
+  PGPASSWORD: {{ .Values.postgres.password | b64enc | quote }}
+  PGENDPOINT: {{ .Values.postgres.host | b64enc | quote }}
+  PGPORT: {{ .Values.postgres.port | b64enc | quote }}
+{{- end }}

charts/backups/templates/serviceaccount.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "backups.serviceAccountName" . }}
+  labels:
+    {{- include "backups.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  namespace: {{ include "backups.namespace" . }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}