Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
120 lines (119 sloc) 3.93 KB
{{- if .Values.global.etcdBackup.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ template "etcd-fullname" . }}-backup
namespace: "{{ .Release.Namespace }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-install
spec:
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 3
concurrencyPolicy: Forbid
schedule: "{{ .Values.backupApp.cronJobSchedule }}"
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
serviceAccountName: {{ template "etcd-fullname" . }}-backup
containers:
- name: etcd-backup
image: "{{ .Values.global.containerRegistry.path }}/{{ .Values.global.etcd_backup.dir }}etcd-backup:{{ .Values.global.etcd_backup.version }}"
imagePullPolicy: "{{ .Values.backupApp.image.pullPolicy }}"
env:
- name: APP_WORKING_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: APP_ABS_CONTAINER_NAME
value: "{{ .Values.global.etcdBackup.containerName }}"
- name: APP_ABS_SECRET_NAME
value: "{{ .Values.global.etcdBackup.secretName }}"
- name: APP_BLOB_PREFIX
value: "service-catalog"
- name: APP_BACKUP_CONFIG_MAP_NAME_FOR_TRACING
value: "sc-recorded-etcd-backup-data"
{{- if .Values.etcd.secure }}
- name: APP_BACKUP_CLIENT_TLS_SECRET
value: "{{ template "etcd-fullname" . }}-etcd-client-tls"
{{ end }}
- name: APP_BACKUP_ETCD_ENDPOINTS
# After helm v2.9 we can replace it with sprig ternary function:
# http://masterminds.github.io/sprig/defaults.html#ternary
# value: \{\{ ternary "https" "http" .Values.cluster.TLS.enabled }}://service-catalog-etcd-client.kyma-system.svc.cluster.local:2379
{{- if .Values.etcd.secure }}
value: https://service-catalog-etcd-stateful-client.kyma-system.svc.cluster.local:2379
{{ else }}
value: http://service-catalog-etcd-stateful-client.kyma-system.svc.cluster.local:2379
{{ end }}
- name: APP_CLEANER_LEAVE_MIN_NEWEST_BACKUP_BLOBS
value: "{{ .Values.backupApp.cleaner.leaveMinNewestBackupBlobs }}"
- name: APP_CLEANER_EXPIRATION_BLOB_TIME
value: "{{ .Values.backupApp.cleaner.expirationBlobTime }}"
restartPolicy: Never
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "etcd-fullname" . }}-backup
namespace: "{{ .Release.Namespace }}"
rules:
- apiGroups:
- etcd.database.coreos.com
resources:
- etcdbackups
verbs:
- "list"
- "watch"
- "create"
- "delete"
- apiGroups:
- ""
resources:
- configmaps
verbs:
- "get"
- "create"
- "update"
- apiGroups:
- ""
resources:
- secrets
verbs:
- "get"
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "etcd-fullname" . }}-backup
namespace: "{{ .Release.Namespace }}"
labels:
app: {{ template "etcd-fullname" . }}-backup
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "etcd-fullname" . }}-backup
subjects:
- kind: ServiceAccount
name: {{ template "etcd-fullname" . }}-backup
namespace: "{{ .Release.Namespace }}"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "etcd-fullname" . }}-backup
namespace: "{{ .Release.Namespace }}"
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: {{ template "etcd-fullname" . }}-backup
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- end }}