parent
a98d915658
commit
40427c0426
@ -0,0 +1,146 @@ |
||||
apiVersion: batch/v1 |
||||
kind: CronJob |
||||
metadata: |
||||
name: keycloak-backup |
||||
namespace: keycloak |
||||
spec: |
||||
# Arbitrary non-midnight time. |
||||
schedule: "10 2 * * *" |
||||
jobTemplate: |
||||
spec: |
||||
template: |
||||
spec: |
||||
initContainers: |
||||
- args: |
||||
- -ec |
||||
- | |
||||
#!/bin/bash |
||||
cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus |
||||
command: |
||||
- /bin/bash |
||||
image: docker.io/bitnami/keycloak:24.0.2 |
||||
imagePullPolicy: IfNotPresent |
||||
name: init-quarkus-directories |
||||
resources: {} |
||||
securityContext: |
||||
allowPrivilegeEscalation: false |
||||
capabilities: |
||||
drop: |
||||
- ALL |
||||
privileged: false |
||||
readOnlyRootFilesystem: false |
||||
runAsGroup: 0 |
||||
runAsNonRoot: true |
||||
runAsUser: 1001 |
||||
seccompProfile: |
||||
type: RuntimeDefault |
||||
volumeMounts: |
||||
- mountPath: /tmp |
||||
name: empty-dir |
||||
subPath: tmp-dir |
||||
- mountPath: /quarkus |
||||
name: empty-dir |
||||
subPath: app-quarkus-dir |
||||
containers: |
||||
- args: |
||||
- /opt/bitnami/keycloak/bin/kc.sh |
||||
- export |
||||
- --file |
||||
- /backup/realm-export.json |
||||
- --realm |
||||
- avril |
||||
- --db |
||||
- postgres |
||||
- --db-url |
||||
- jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak |
||||
- --db-password |
||||
- $(KEYCLOAK_DATABASE_PASSWORD) |
||||
- --db-username |
||||
- bn_keycloak |
||||
env: |
||||
- name: KUBERNETES_NAMESPACE |
||||
valueFrom: |
||||
fieldRef: |
||||
apiVersion: v1 |
||||
fieldPath: metadata.namespace |
||||
- name: BITNAMI_DEBUG |
||||
value: "false" |
||||
- name: KEYCLOAK_ADMIN_PASSWORD |
||||
valueFrom: |
||||
secretKeyRef: |
||||
key: admin-password |
||||
name: keycloak |
||||
- name: KEYCLOAK_DATABASE_PASSWORD |
||||
valueFrom: |
||||
secretKeyRef: |
||||
key: password |
||||
name: keycloak-postgresql |
||||
- name: KEYCLOAK_HTTP_RELATIVE_PATH |
||||
value: / |
||||
- name: KEYCLOAK_CACHE_TYPE |
||||
value: local |
||||
envFrom: |
||||
- configMapRef: |
||||
name: keycloak-env-vars |
||||
image: docker.io/bitnami/keycloak:24.0.2 |
||||
imagePullPolicy: IfNotPresent |
||||
name: backup-container |
||||
ports: |
||||
- containerPort: 8080 |
||||
name: http |
||||
protocol: TCP |
||||
- containerPort: 7800 |
||||
name: infinispan |
||||
protocol: TCP |
||||
volumeMounts: |
||||
- mountPath: /tmp |
||||
name: empty-dir |
||||
subPath: tmp-dir |
||||
- mountPath: /opt/bitnami/keycloak/conf |
||||
name: empty-dir |
||||
subPath: app-conf-dir |
||||
- mountPath: /opt/bitnami/keycloak/lib/quarkus |
||||
name: empty-dir |
||||
subPath: app-quarkus-dir |
||||
- mountPath: /backup |
||||
name: backup-dir |
||||
restartPolicy: Never |
||||
securityContext: |
||||
# https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied |
||||
runAsUser: 501 |
||||
fsGroup: 501 |
||||
volumes: |
||||
- emptyDir: {} |
||||
name: empty-dir |
||||
- name: backup-dir |
||||
persistentVolumeClaim: |
||||
claimName: backup-dir-pvc |
||||
--- |
||||
apiVersion: v1 |
||||
kind: PersistentVolume |
||||
metadata: |
||||
name: backup-dir-pv |
||||
spec: |
||||
capacity: |
||||
storage: 2M |
||||
accessModes: |
||||
- ReadWriteMany |
||||
nfs: |
||||
server: galactus.avril |
||||
path: /mnt/high-resiliency/manual-nfs/backups/keycloak/ |
||||
mountOptions: |
||||
- nfsvers=4.2 |
||||
--- |
||||
apiVersion: v1 |
||||
kind: PersistentVolumeClaim |
||||
metadata: |
||||
name: backup-dir-pvc |
||||
spec: |
||||
storageClassName: "" |
||||
volumeName: backup-dir-pv |
||||
accessModes: |
||||
- ReadWriteMany |
||||
volumeMode: Filesystem |
||||
resources: |
||||
requests: |
||||
storage: 2M |
Loading…
Reference in new issue