Add Keycloak Backup job

app-of-apps/keycloak-backup.yaml

@@ -0,0 +1,146 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: keycloak-backup
+  namespace: keycloak
+spec:
+  # Arbitrary non-midnight time.
+  schedule: "10 2 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          initContainers:
+            - args:
+                - -ec
+                - |
+                  #!/bin/bash
+                  cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
+              command:
+                - /bin/bash
+              image: docker.io/bitnami/keycloak:24.0.2
+              imagePullPolicy: IfNotPresent
+              name: init-quarkus-directories
+              resources: {}
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                  - ALL
+                privileged: false
+                readOnlyRootFilesystem: false
+                runAsGroup: 0
+                runAsNonRoot: true
+                runAsUser: 1001
+                seccompProfile:
+                  type: RuntimeDefault
+              volumeMounts:
+              - mountPath: /tmp
+                name: empty-dir
+                subPath: tmp-dir
+              - mountPath: /quarkus
+                name: empty-dir
+                subPath: app-quarkus-dir
+          containers:
+            - args:
+                - /opt/bitnami/keycloak/bin/kc.sh
+                - export
+                - --file
+                - /backup/realm-export.json
+                - --realm
+                - avril
+                - --db
+                - postgres
+                - --db-url
+                - jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak
+                - --db-password
+                - $(KEYCLOAK_DATABASE_PASSWORD)
+                - --db-username
+                - bn_keycloak
+              env:
+                - name: KUBERNETES_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      apiVersion: v1
+                      fieldPath: metadata.namespace
+                - name: BITNAMI_DEBUG
+                  value: "false"
+                - name: KEYCLOAK_ADMIN_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      key: admin-password
+                      name: keycloak
+                - name: KEYCLOAK_DATABASE_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      key: password
+                      name: keycloak-postgresql
+                - name: KEYCLOAK_HTTP_RELATIVE_PATH
+                  value: /
+                - name: KEYCLOAK_CACHE_TYPE
+                  value: local
+              envFrom:
+                - configMapRef:
+                    name: keycloak-env-vars
+              image: docker.io/bitnami/keycloak:24.0.2
+              imagePullPolicy: IfNotPresent
+              name: backup-container
+              ports:
+                - containerPort: 8080
+                  name: http
+                  protocol: TCP
+                - containerPort: 7800
+                  name: infinispan
+                  protocol: TCP
+              volumeMounts:
+                - mountPath: /tmp
+                  name: empty-dir
+                  subPath: tmp-dir
+                - mountPath: /opt/bitnami/keycloak/conf
+                  name: empty-dir
+                  subPath: app-conf-dir
+                - mountPath: /opt/bitnami/keycloak/lib/quarkus
+                  name: empty-dir
+                  subPath: app-quarkus-dir
+                - mountPath: /backup
+                  name: backup-dir
+          restartPolicy: Never
+          securityContext:
+            # https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied
+            runAsUser: 501
+            fsGroup: 501
+          volumes:
+            - emptyDir: {}
+              name: empty-dir
+            - name: backup-dir
+              persistentVolumeClaim:
+                claimName: backup-dir-pvc
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: backup-dir-pv
+spec:
+  capacity:
+    storage: 2M
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: galactus.avril
+    path: /mnt/high-resiliency/manual-nfs/backups/keycloak/
+  mountOptions:
+    - nfsvers=4.2
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: backup-dir-pvc
+spec:
+  storageClassName: ""
+  volumeName: backup-dir-pv
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2M