You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
159 lines
4.7 KiB
159 lines
4.7 KiB
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: keycloak-backup
|
|
namespace: keycloak
|
|
spec:
|
|
# Arbitrary non-midnight time.
|
|
schedule: "10 2 * * *"
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
initContainers:
|
|
- args:
|
|
- -ec
|
|
- |
|
|
#!/bin/bash
|
|
cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
|
|
command:
|
|
- /bin/bash
|
|
image: docker.io/bitnami/keycloak:24.0.2
|
|
imagePullPolicy: IfNotPresent
|
|
name: init-quarkus-directories
|
|
resources: {}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: false
|
|
runAsGroup: 0
|
|
runAsNonRoot: true
|
|
runAsUser: 1001
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: empty-dir
|
|
subPath: tmp-dir
|
|
- mountPath: /quarkus
|
|
name: empty-dir
|
|
subPath: app-quarkus-dir
|
|
containers:
|
|
- args:
|
|
- /script/backup_keycloak.sh
|
|
env:
|
|
- name: KUBERNETES_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: BITNAMI_DEBUG
|
|
value: "false"
|
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: admin-password
|
|
name: keycloak
|
|
- name: KEYCLOAK_DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: keycloak-postgresql
|
|
- name: KEYCLOAK_HTTP_RELATIVE_PATH
|
|
value: /
|
|
- name: KEYCLOAK_CACHE_TYPE
|
|
value: local
|
|
envFrom:
|
|
- configMapRef:
|
|
name: keycloak-env-vars
|
|
image: docker.io/bitnami/keycloak:24.0.2
|
|
imagePullPolicy: IfNotPresent
|
|
name: backup-container
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 7800
|
|
name: infinispan
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: empty-dir
|
|
subPath: tmp-dir
|
|
- mountPath: /opt/bitnami/keycloak/conf
|
|
name: empty-dir
|
|
subPath: app-conf-dir
|
|
- mountPath: /opt/bitnami/keycloak/lib/quarkus
|
|
name: empty-dir
|
|
subPath: app-quarkus-dir
|
|
- mountPath: /backup
|
|
name: backup-dir
|
|
- mountPath: /script
|
|
name: script-volume
|
|
restartPolicy: Never
|
|
securityContext:
|
|
# https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied
|
|
runAsUser: 501
|
|
fsGroup: 501
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: empty-dir
|
|
- name: backup-dir
|
|
persistentVolumeClaim:
|
|
claimName: backup-dir-pvc
|
|
- name: script-volume
|
|
configMap:
|
|
name: keycloak-backup-script
|
|
defaultMode: 0777
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: backup-dir-pv
|
|
namespace: keycloak
|
|
spec:
|
|
capacity:
|
|
storage: 2M
|
|
accessModes:
|
|
- ReadWriteMany
|
|
nfs:
|
|
server: galactus.avril
|
|
path: /mnt/high-resiliency/manual-nfs/backups/keycloak/
|
|
mountOptions:
|
|
- nfsvers=4.2
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: backup-dir-pvc
|
|
namespace: keycloak
|
|
spec:
|
|
storageClassName: ""
|
|
volumeName: backup-dir-pv
|
|
accessModes:
|
|
- ReadWriteMany
|
|
volumeMode: Filesystem
|
|
resources:
|
|
requests:
|
|
storage: 2M
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
creationTimestamp: "2024-04-20T04:14:45Z"
|
|
name: keycloak-backup-script
|
|
namespace: keycloak
|
|
data:
|
|
backup_keycloak.sh: |+
|
|
env
|
|
echo 'That was the env, now running export'
|
|
/opt/bitnami/keycloak/bin/kc.sh export \
|
|
--file "/backup/realm-export-$(date '+%Y-%m-%d').json" \
|
|
--realm avril \
|
|
--db postgres \
|
|
--db-url jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak \
|
|
--db-password "$KEYCLOAK_DATABASE_PASSWORD" \
|
|
--db-username bn_keycloak
|
|
|