Add Keycloak Backup job
This commit is contained in:
Jack Jackson
parent
a98d915658
commit
40427c0426
146
app-of-apps/keycloak-backup.yaml
Normal file
146
app-of-apps/keycloak-backup.yaml
Normal file
@ -0,0 +1,146 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: keycloak-backup
|
||||
namespace: keycloak
|
||||
spec:
|
||||
# Arbitrary non-midnight time.
|
||||
schedule: "10 2 * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- args:
|
||||
- -ec
|
||||
- |
|
||||
#!/bin/bash
|
||||
cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
|
||||
command:
|
||||
- /bin/bash
|
||||
image: docker.io/bitnami/keycloak:24.0.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: init-quarkus-directories
|
||||
resources: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: empty-dir
|
||||
subPath: tmp-dir
|
||||
- mountPath: /quarkus
|
||||
name: empty-dir
|
||||
subPath: app-quarkus-dir
|
||||
containers:
|
||||
- args:
|
||||
- /opt/bitnami/keycloak/bin/kc.sh
|
||||
- export
|
||||
- --file
|
||||
- /backup/realm-export.json
|
||||
- --realm
|
||||
- avril
|
||||
- --db
|
||||
- postgres
|
||||
- --db-url
|
||||
- jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak
|
||||
- --db-password
|
||||
- $(KEYCLOAK_DATABASE_PASSWORD)
|
||||
- --db-username
|
||||
- bn_keycloak
|
||||
env:
|
||||
- name: KUBERNETES_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
- name: BITNAMI_DEBUG
|
||||
value: "false"
|
||||
- name: KEYCLOAK_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: admin-password
|
||||
name: keycloak
|
||||
- name: KEYCLOAK_DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: keycloak-postgresql
|
||||
- name: KEYCLOAK_HTTP_RELATIVE_PATH
|
||||
value: /
|
||||
- name: KEYCLOAK_CACHE_TYPE
|
||||
value: local
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: keycloak-env-vars
|
||||
image: docker.io/bitnami/keycloak:24.0.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: backup-container
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
protocol: TCP
|
||||
- containerPort: 7800
|
||||
name: infinispan
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: empty-dir
|
||||
subPath: tmp-dir
|
||||
- mountPath: /opt/bitnami/keycloak/conf
|
||||
name: empty-dir
|
||||
subPath: app-conf-dir
|
||||
- mountPath: /opt/bitnami/keycloak/lib/quarkus
|
||||
name: empty-dir
|
||||
subPath: app-quarkus-dir
|
||||
- mountPath: /backup
|
||||
name: backup-dir
|
||||
restartPolicy: Never
|
||||
securityContext:
|
||||
# https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied
|
||||
runAsUser: 501
|
||||
fsGroup: 501
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: empty-dir
|
||||
- name: backup-dir
|
||||
persistentVolumeClaim:
|
||||
claimName: backup-dir-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: backup-dir-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 2M
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
server: galactus.avril
|
||||
path: /mnt/high-resiliency/manual-nfs/backups/keycloak/
|
||||
mountOptions:
|
||||
- nfsvers=4.2
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: backup-dir-pvc
|
||||
spec:
|
||||
storageClassName: ""
|
||||
volumeName: backup-dir-pv
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2M
|
||||
Loading…
x
Reference in New Issue
Block a user