This repository has been archived by the owner on Apr 17, 2023. It is now read-only.
/
backups.go
126 lines (112 loc) · 3.51 KB
/
backups.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package unifiedpushserver
import (
"github.com/aerogear/unifiedpush-operator/pkg/constants"
pushv1alpha1 "github.com/aerogear/unifiedpush-operator/pkg/apis/push/v1alpha1"
batchv1 "k8s.io/api/batch/v1"
batchv1beta1 "k8s.io/api/batch/v1beta1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func backups(ups *pushv1alpha1.UnifiedPushServer) ([]batchv1beta1.CronJob, error) {
cronjobs := []batchv1beta1.CronJob{}
for _, upsBackup := range ups.Spec.Backups {
cronJobLabels := labels(ups, "backup")
jobLabels := cronJobLabels
jobLabels["cronjob-name"] = upsBackup.Name
cronjobs = append(cronjobs, batchv1beta1.CronJob{
ObjectMeta: metav1.ObjectMeta{
Name: upsBackup.Name,
Namespace: ups.Namespace,
Labels: cronJobLabels,
},
Spec: batchv1beta1.CronJobSpec{
Schedule: upsBackup.Schedule,
JobTemplate: batchv1beta1.JobTemplateSpec{
Spec: batchv1.JobSpec{
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: jobLabels,
},
Spec: corev1.PodSpec{
// This SA needs to be created beforehand
// https://github.com/integr8ly/backup-container-image/tree/master/templates/openshift/rbac
ServiceAccountName: "backupjob",
Containers: []corev1.Container{
{
Name: upsBackup.Name + "-ups-backup",
Image: constants.BackupImage,
ImagePullPolicy: "Always",
Command: buildBackupContainerCommand(upsBackup, ups.Namespace),
Env: buildBackupCronJobEnvVars(upsBackup, ups.Name, ups.Namespace, postgresqlSecretName(ups)),
},
},
RestartPolicy: corev1.RestartPolicyOnFailure,
Affinity: ups.Spec.Affinity,
Tolerations: ups.Spec.Tolerations,
},
},
},
},
},
})
}
return cronjobs, nil
}
func buildBackupContainerCommand(upsBackup pushv1alpha1.UnifiedPushServerBackup, upsNamespace string) []string {
command := []string{"/opt/intly/tools/entrypoint.sh", "-c", "postgres", "-n", upsNamespace}
// If there is no encryption secret, we need to inhibit the
// encryption behaviour
if upsBackup.EncryptionKeySecretName == "" {
command = append(command, "-e", "")
}
return command
}
func buildBackupCronJobEnvVars(upsBackup pushv1alpha1.UnifiedPushServerBackup, upsName string, upsNamespace string, postgresqlSecret string) []corev1.EnvVar {
envVars := []corev1.EnvVar{
{
Name: "PRODUCT_NAME",
Value: "unifiedpush",
},
{
Name: "COMPONENT_SECRET_NAME",
Value: postgresqlSecret,
},
{
Name: "COMPONENT_SECRET_NAMESPACE",
Value: upsNamespace,
},
}
backendSecretNamespace := upsBackup.BackendSecretNamespace
if backendSecretNamespace == "" {
backendSecretNamespace = upsNamespace
}
encryptionKeySecretNamespace := upsBackup.EncryptionKeySecretNamespace
if encryptionKeySecretNamespace == "" {
encryptionKeySecretNamespace = upsNamespace
}
if upsBackup.BackendSecretName != "" {
envVars = append(envVars,
corev1.EnvVar{
Name: "BACKEND_SECRET_NAME",
Value: upsBackup.BackendSecretName,
},
corev1.EnvVar{
Name: "BACKEND_SECRET_NAMESPACE",
Value: backendSecretNamespace,
},
)
}
if upsBackup.EncryptionKeySecretName != "" {
envVars = append(envVars,
corev1.EnvVar{
Name: "ENCRYPTION_SECRET_NAME",
Value: upsBackup.EncryptionKeySecretName,
},
corev1.EnvVar{
Name: "ENCRYPTION_SECRET_NAMESPACE",
Value: encryptionKeySecretNamespace,
},
)
}
return envVars
}