diff --git a/Dockerfile b/Dockerfile index d7520c3..d082e3e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,8 @@ -FROM alpine:3.20.0 +FROM gcr.io/google.com/cloudsdktool/cloud-sdk:alpine -RUN apk add --update \ - bash \ - postgresql15 \ - curl \ - python3 \ - py-pip \ - py-cffi \ - && pip install --upgrade pip \ - && apk add --virtual build-deps \ - gcc \ - libffi-dev \ - python3-dev \ - linux-headers \ - musl-dev \ - openssl-dev \ - && pip install gsutil \ - && apk del build-deps \ - && rm -rf /var/cache/apk/* +RUN apk add --update postgresql-client +RUN apk add --update bash +RUN apk add --update curl ADD . /postgres-gcs-backup diff --git a/README.md b/README.md index ff00878..88c1642 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # postgres-gcs-backup -This project aims to provide a simple way to perform a PostgreSQL server/db backup using `pg_dump` and to upload it to Google Cloud Storage. It was greatly inspired from [`takemetour/docker-postgres-gcs-backup`](https://github.com/takemetour/docker-postgres-gcs-backup). +This project aims to provide a simple way to perform a PostgreSQL server/db backup using `pg_dump` and to upload it to Google Cloud Storage. This is a fork from [`diogopms/postgres-gcs-backup`](https://github.com/diogopms/docker-postgres-gcs-backup) retrofitted to work similar to Galoy's mongo backup. We provide a kubernetes support thanks to the helm chart located in the `chart` folder of this repository. @@ -8,7 +8,7 @@ We provide a kubernetes support thanks to the helm chart located in the `chart` You can pull the public image from Docker Hub: - docker pull diogopms/postgres-gcs-backup:latest + docker pull docker.io/brh28/postgres-gcs-backup:latest ### Configuration @@ -20,7 +20,7 @@ Environment Variable | Required | Default | Description `BACKUP_DIR` | No | `/tmp` | The path where the `pg_dump` result will be temporarily stored. `BOTO_CONFIG_PATH` | No | `/root/.boto` | The path where `gsutil` will search for the boto configuration file. `GCS_BUCKET` | Yes | | The bucket you want to upload the backup archive to. -`GCS_KEY_FILE_PATH` | Yes | | The location where the GCS serviceaccount key file will be mounted. +`GCS_KEY_FILE_PATH` | Yes | | The location where the GCS serviceaccount key file will be mounted. Set to /secrets/gcp/gcs-creds.json `POSTGRES_HOST` | No | `localhost` | The PostgreSQL server host. `POSTGRES_PORT` | No | `5432` | The PostgreSQL port. `POSTGRES_DB` | No | | The database to backup. By default, a backup of all the databases will be performed. @@ -35,6 +35,12 @@ Environment Variable | Required | Default | Description You can set all of these variables within your `values.yaml` file under the `env` dict key. +``` +env: + - name: GCS_BUCKET + value: flash-backups +``` + ### Usage #### Run locally diff --git a/backup.sh b/backup.sh old mode 100644 new mode 100755 index 5905cdd..f6a0b1d --- a/backup.sh +++ b/backup.sh @@ -1,15 +1,9 @@ #!/bin/bash -set -o pipefail -set -o errexit -set -o errtrace -set -o nounset -# set -o xtrace JOB_NAME=${JOB_NAME:-default-job} BACKUP_DIR=${BACKUP_DIR:-/tmp} -BOTO_CONFIG_PATH=${BOTO_CONFIG_PATH:-/root/.boto} GCS_BUCKET=${GCS_BUCKET:-} -GCS_KEY_FILE_PATH=${GCS_KEY_FILE_PATH:-} +GCS_KEY_FILE_PATH=${GCS_KEY_FILE_PATH:-/secrets/gcp/gcs-creds.json} POSTGRES_HOST=${POSTGRES_HOST:-localhost} POSTGRES_PORT=${POSTGRES_PORT:-5432} POSTGRES_DB=${POSTGRES_DB:-} @@ -50,22 +44,11 @@ upload_to_gcs() { GCS_BUCKET="gs://${GCS_BUCKET}" fi - if [[ $GCS_KEY_FILE_PATH != "" ]] - then -cat < $BOTO_CONFIG_PATH -[Credentials] -gs_service_key_file = $GCS_KEY_FILE_PATH -[Boto] -https_validate_certificates = True -[GoogleCompute] -[GSUtil] -content_language = en -default_api_version = 2 -[OAuth2] -EOF - fi - echo "uploading backup archive to GCS bucket=$GCS_BUCKET" - gsutil cp $BACKUP_DIR/$archive_name $GCS_BUCKET + echo "Activating service account" + gcloud auth activate-service-account --key-file=$GCS_KEY_FILE_PATH + echo "Uploading backup $archive_name to gcs" + gsutil cp $BACKUP_DIR/$archive_name $GCS_BUCKET/kratos/$archive_name 2>&1 + echo "Uploaded backup successfully" } send_slack_message() { diff --git a/chart/postgres-gcs-backup/Chart.yaml b/chart/postgres-gcs-backup/Chart.yaml index d3b038a..7661281 100755 --- a/chart/postgres-gcs-backup/Chart.yaml +++ b/chart/postgres-gcs-backup/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: postgres-gcs-backup -version: 0.1.2 +version: 0.1.3 diff --git a/chart/postgres-gcs-backup/templates/cronjob.yaml b/chart/postgres-gcs-backup/templates/cronjob.yaml index 429ecd1..85d1862 100755 --- a/chart/postgres-gcs-backup/templates/cronjob.yaml +++ b/chart/postgres-gcs-backup/templates/cronjob.yaml @@ -1,4 +1,4 @@ -apiVersion: batch/v1beta1 +apiVersion: batch/v1 kind: CronJob metadata: name: {{ template "postgres-gcs-backup.fullname" . }} @@ -37,4 +37,7 @@ spec: volumes: - name: gcp-credentials secret: - secretName: {{ .Values.secretName }} + secretName: {{ .Values.gcsCredentials.secret.name }} + items: + - key: {{ .Values.gcsCredentials.secret.key }} + path: "gcs-creds.json" diff --git a/chart/postgres-gcs-backup/values.yaml b/chart/postgres-gcs-backup/values.yaml index 28f9cf5..19d4842 100755 --- a/chart/postgres-gcs-backup/values.yaml +++ b/chart/postgres-gcs-backup/values.yaml @@ -1,8 +1,13 @@ image: - repository: diogopms/postgres-gcs-backup + repository: docker.io/brh28/postgres-gcs-backup tag: latest pullPolicy: IfNotPresent +gcsCredentials: + secret: + name: + key: + resources: {} # limits: # cpu: 100m @@ -16,3 +21,7 @@ failedJobsHistoryLimit: 1 restartPolicy: OnFailure schedule: "* * * * *" successfulJobsHistoryLimit: 3 + +# env: +# - name: GCS_KEY_FILE_PATH +# value: "/secrets/gcp/gcs-creds.json"