apiVersion: batch/v1 kind: CronJob metadata: name: keycloak-backup namespace: keycloak spec: # Arbitrary non-midnight time. schedule: "10 2 * * *" jobTemplate: spec: template: spec: initContainers: - args: - -ec - | #!/bin/bash cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus command: - /bin/bash image: docker.io/bitnami/keycloak:24.0.2 imagePullPolicy: IfNotPresent name: init-quarkus-directories resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: true runAsUser: 1001 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /quarkus name: empty-dir subPath: app-quarkus-dir containers: - args: - /script/backup_keycloak.sh env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: BITNAMI_DEBUG value: "false" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: admin-password name: keycloak - name: KEYCLOAK_DATABASE_PASSWORD valueFrom: secretKeyRef: key: password name: keycloak-postgresql - name: KEYCLOAK_HTTP_RELATIVE_PATH value: / - name: KEYCLOAK_CACHE_TYPE value: local envFrom: - configMapRef: name: keycloak-env-vars image: docker.io/bitnami/keycloak:24.0.2 imagePullPolicy: IfNotPresent name: backup-container ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 7800 name: infinispan protocol: TCP volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /opt/bitnami/keycloak/conf name: empty-dir subPath: app-conf-dir - mountPath: /opt/bitnami/keycloak/lib/quarkus name: empty-dir subPath: app-quarkus-dir - mountPath: /backup name: backup-dir - mountPath: /script name: script-volume restartPolicy: Never securityContext: # https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied runAsUser: 501 fsGroup: 501 volumes: - emptyDir: {} name: empty-dir - name: backup-dir persistentVolumeClaim: claimName: backup-dir-pvc - name: script-volume configMap: name: keycloak-backup-script defaultMode: 0777 --- apiVersion: v1 kind: PersistentVolume metadata: name: backup-dir-pv namespace: keycloak spec: capacity: storage: 2M accessModes: - ReadWriteMany nfs: server: galactus.avril path: /mnt/high-resiliency/manual-nfs/backups/keycloak/ mountOptions: - nfsvers=4.2 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: backup-dir-pvc namespace: keycloak spec: storageClassName: "" volumeName: backup-dir-pv accessModes: - ReadWriteMany volumeMode: Filesystem resources: requests: storage: 2M --- apiVersion: v1 kind: ConfigMap metadata: creationTimestamp: "2024-04-20T04:14:45Z" name: keycloak-backup-script namespace: keycloak data: backup_keycloak.sh: |+ /opt/bitnami/keycloak/bin/kc.sh export \ --file "/backup/realm-export-$(date '+%Y-%m-%d').json" \ --realm avril \ --db postgres \ --db-url jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak \ --db-password $(KEYCLOAK_DATABASE_PASSWORD) \ --db-username bn_keycloak