-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathopenshift-postgresql-s3-backup-scheduledJob.yaml
184 lines (184 loc) · 5.72 KB
/
openshift-postgresql-s3-backup-scheduledJob.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
apiVersion: v1
kind: List
items:
- apiVersion: "v1"
kind: "Secret"
metadata:
name: "aws-s3-secret"
data:
# don't forget to base64 encode your values
aws-access-key-id: ""
aws-secret-access-key: ""
- apiVersion: "v1"
kind: "Secret"
metadata:
name: "openssl-encryption-secret"
data:
# don't forget to base64 encode your values
encryption-pass-phrase: ""
- apiVersion: "v1"
kind: "Secret"
metadata:
name: "smtp-authentication-secret-production"
data:
# don't forget to base64 encode your values
smtp-user: ""
smtp-password: ""
- apiVersion: batch/v2alpha1
kind: ScheduledJob
metadata:
name: postgresql-s3-hourly-backup
spec:
# every start of the hour
schedule: "0 * * * *"
jobTemplate:
spec:
template:
spec:
# 30 minutes timeout
activeDeadlineSeconds: 1800
restartPolicy: OnFailure
containers:
- name: postgresql-s3-hourly-backup
image: willemvd/postgresql-client-side-encrypted-s3-backup:1.1.1
env:
- name: PGDATABASE
value:
- name: PGHOST
value:
- name: PGPORT
value: "5432"
- name: PGUSER
value:
- name: PGPASSWORD
value:
- name: ENCRYPTION_PASS_PHRASE
valueFrom:
secretKeyRef:
name: openssl-encryption-secret
key: encryption-pass-phrase
- name: OPENSSL_CIPHER_TYPE
value: aes-256-cbc
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-s3-secret
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-s3-secret
key: aws-secret-access-key
- name: AWS_DEFAULT_REGION
value:
- name: S3_BUCKET_NAME
value:
- name: BACKUP_TYPE
value: hourly
- name: ENABLE_ERROR_MAIL
value: "true"
- name: ERROR_MAIL_SUBJECT
value: Failed to run database backup
- name: SMTP_HOST
value: ""
- name: SMTP_PORT
value: ""
- name: SMTP_STARTTLS
value: "true"
- name: SMTP_AUTH
value:
- name: SMTP_AUTH_USER
valueFrom:
secretKeyRef:
name: smtp-authentication-secret-production
key: smtp-user
- name: SMTP_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-authentication-secret-production
key: smtp-password
- name: SMTP_FROM
value: ""
- name: SMTP_TO
value: ""
- name: ALWAYS_EXIT_ZERO
value: "true"
- apiVersion: batch/v2alpha1
kind: ScheduledJob
metadata:
name: postgresql-s3-daily-backup
spec:
# daily at 02:30 (do not run at the whole hour to prevent potential issues with hourly run)
schedule: "30 2 * * *"
jobTemplate:
spec:
template:
spec:
# 30 minutes timeout
activeDeadlineSeconds: 1800
restartPolicy: OnFailure
containers:
- name: postgresql-s3-daily-backup
image: willemvd/postgresql-client-side-encrypted-s3-backup:1.1.1
env:
- name: PGDATABASE
value:
- name: PGHOST
value:
- name: PGPORT
value: "5432"
- name: PGUSER
value:
- name: PGPASSWORD
value:
- name: ENCRYPTION_PASS_PHRASE
valueFrom:
secretKeyRef:
name: openssl-encryption-secret
key: encryption-pass-phrase
- name: OPENSSL_CIPHER_TYPE
value: aes-256-cbc
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-s3-secret
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-s3-secret
key: aws-secret-access-key
- name: AWS_DEFAULT_REGION
value:
- name: S3_BUCKET_NAME
value:
- name: BACKUP_TYPE
value: daily
- name: ENABLE_ERROR_MAIL
value: "true"
- name: ERROR_MAIL_SUBJECT
value: Failed to run database backup
- name: SMTP_HOST
value: ""
- name: SMTP_PORT
value: ""
- name: SMTP_STARTTLS
value: "true"
- name: SMTP_AUTH
value:
- name: SMTP_AUTH_USER
valueFrom:
secretKeyRef:
name: smtp-authentication-secret-production
key: smtp-user
- name: SMTP_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-authentication-secret-production
key: smtp-password
- name: SMTP_FROM
value: ""
- name: SMTP_TO
value: ""
- name: ALWAYS_EXIT_ZERO
value: "true"