scubbo/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
helm-charts/app-of-apps/keycloak-backup.yaml
Jack Jackson b4c9947e4c Try including date in backup name
2024-04-19 21:32:13 -07:00

158 lines
4.7 KiB
YAML
Raw Blame History

apiVersion: batch/v1
kind: CronJob
metadata:
name: keycloak-backup
namespace: keycloak
spec:
# Arbitrary non-midnight time.
schedule: "10 2 * * *"
jobTemplate:
spec:
template:
spec:
initContainers:
- args:
- -ec
- |
#!/bin/bash
cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
command:
- /bin/bash
image: docker.io/bitnami/keycloak:24.0.2
imagePullPolicy: IfNotPresent
name: init-quarkus-directories
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: empty-dir
subPath: tmp-dir
- mountPath: /quarkus
name: empty-dir
subPath: app-quarkus-dir
containers:
- args:
- /script/backup_keycloak.sh
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BITNAMI_DEBUG
value: "false"
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: keycloak
- name: KEYCLOAK_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloak-postgresql
- name: KEYCLOAK_HTTP_RELATIVE_PATH
value: /
- name: KEYCLOAK_CACHE_TYPE
value: local
envFrom:
- configMapRef:
name: keycloak-env-vars
image: docker.io/bitnami/keycloak:24.0.2
imagePullPolicy: IfNotPresent
name: backup-container
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 7800
name: infinispan
protocol: TCP
volumeMounts:
- mountPath: /tmp
name: empty-dir
subPath: tmp-dir
- mountPath: /opt/bitnami/keycloak/conf
name: empty-dir
subPath: app-conf-dir
- mountPath: /opt/bitnami/keycloak/lib/quarkus
name: empty-dir
subPath: app-quarkus-dir
- mountPath: /backup
name: backup-dir
- mountPath: /script
name: script-volume
restartPolicy: Never
securityContext:
# https://stackoverflow.com/questions/50156124/kubernetes-nfs-persistent-volumes-permission-denied
runAsUser: 501
fsGroup: 501
volumes:
- emptyDir: {}
name: empty-dir
- name: backup-dir
persistentVolumeClaim:
claimName: backup-dir-pvc
- name: script-volume
configMap:
name: keycloak-backup-script
defaultMode: 0777
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: backup-dir-pv
namespace: keycloak
spec:
capacity:
storage: 2M
accessModes:
- ReadWriteMany
nfs:
server: galactus.avril
path: /mnt/high-resiliency/manual-nfs/backups/keycloak/
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: backup-dir-pvc
namespace: keycloak
spec:
storageClassName: ""
volumeName: backup-dir-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 2M
---
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: "2024-04-20T04:14:45Z"
name: keycloak-backup-script
namespace: keycloak
data:
backup_keycloak.sh: |+
/opt/bitnami/keycloak/bin/kc.sh export \
--file "/backup/realm-export-$(date '+%Y-%m-%d').json" \
--realm avril \
--db postgres \
--db-url jdbc:postgresql://keycloak-postgresql-hl/bitnami_keycloak \
--db-password $(KEYCLOAK_DATABASE_PASSWORD) \
--db-username bn_keycloak
Reference in New Issue View Git Blame Copy Permalink