From 5bad685c6f0bab058d0034fd68292625962a2a14 Mon Sep 17 00:00:00 2001 From: Valentin Fedoskin Date: Thu, 2 Apr 2020 10:18:30 +0200 Subject: [PATCH] add backups cron job to gitlab --- charts/gitlab-omnibus/Chart.yaml | 2 +- charts/gitlab-omnibus/README.md | 6 ++- .../templates/cronjob-backup.yaml | 42 +++++++++++++++++++ .../gitlab-omnibus/templates/rbac-backup.yaml | 41 ++++++++++++++++++ charts/gitlab-omnibus/values.yaml | 15 +++++++ 5 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 charts/gitlab-omnibus/templates/cronjob-backup.yaml create mode 100644 charts/gitlab-omnibus/templates/rbac-backup.yaml diff --git a/charts/gitlab-omnibus/Chart.yaml b/charts/gitlab-omnibus/Chart.yaml index aac7f95..82bab80 100644 --- a/charts/gitlab-omnibus/Chart.yaml +++ b/charts/gitlab-omnibus/Chart.yaml @@ -3,7 +3,7 @@ name: gitlab-omnibus description: |- Helm chart to deploy [Omnibus Gitlab](https://docs.gitlab.com/omnibus/). type: application -version: 0.0.1 +version: 0.0.2 appVersion: "12.9.2-ee.0" home: https://github.com/slamdev/helm-charts/tree/master/charts/gitlab-omnibus icon: https://docs.gitlab.com/assets/images/gitlab-logo.svg diff --git a/charts/gitlab-omnibus/README.md b/charts/gitlab-omnibus/README.md index b760e6c..2e6ed27 100644 --- a/charts/gitlab-omnibus/README.md +++ b/charts/gitlab-omnibus/README.md @@ -2,7 +2,7 @@ gitlab-omnibus ============== Helm chart to deploy [Omnibus Gitlab](https://docs.gitlab.com/omnibus/). -Current chart version is `0.0.1` +Current chart version is `0.0.2` Source code can be found [here](https://github.com/slamdev/helm-charts/tree/master/charts/gitlab-omnibus) @@ -13,6 +13,10 @@ Source code can be found [here](https://github.com/slamdev/helm-charts/tree/mast | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | affinity for scheduler pod assignment | +| backupCronJob.command | list | `["gitlab-backup","create","SKIP=uploads,builds,artifacts,registry,pages","GZIP_RSYNCABLE=yes","STRATEGY=copy"]` | command to execute in gitlab container | +| backupCronJob.enabled | bool | `true` | enable scheduled backups | +| backupCronJob.image | string | `"wernight/kubectl"` | image | +| backupCronJob.schedule | string | `"@daily"` | how often to run backaup job | | env | list | `[]` | environment variables for the container | | envFrom | list | `[]` | environment variable sources for the container | | fullnameOverride | string | `""` | full name of the chart. | diff --git a/charts/gitlab-omnibus/templates/cronjob-backup.yaml b/charts/gitlab-omnibus/templates/cronjob-backup.yaml new file mode 100644 index 0000000..b96dbc0 --- /dev/null +++ b/charts/gitlab-omnibus/templates/cronjob-backup.yaml @@ -0,0 +1,42 @@ +{{- if .Values.backupCronJob.enabled -}} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ include "gitlab.fullname" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + {{- include "gitlab.labels" . | nindent 4 }} + component: 'backup' +spec: + concurrencyPolicy: Forbid + schedule: {{ .Values.backupCronJob.schedule | quote }} + jobTemplate: + metadata: + labels: + {{- include "gitlab.selectorLabels" . | nindent 8 }} + component: 'backup' + spec: + template: + metadata: + labels: + {{- include "gitlab.selectorLabels" . | nindent 12 }} + component: 'backup' + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + serviceAccountName: {{ include "gitlab.serviceAccountName" . }} + restartPolicy: Never + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.backupCronJob.image }} + args: + - exec + - sts/{{ include "gitlab.fullname" . }} + - -n{{ .Release.Namespace }} + - -- + {{- with .Values.backupCronJob.command }} + {{- toYaml . | nindent 16 }} + {{- end }} +{{- end -}} diff --git a/charts/gitlab-omnibus/templates/rbac-backup.yaml b/charts/gitlab-omnibus/templates/rbac-backup.yaml new file mode 100644 index 0000000..e872222 --- /dev/null +++ b/charts/gitlab-omnibus/templates/rbac-backup.yaml @@ -0,0 +1,41 @@ +{{- if .Values.backupCronJob.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitlab.fullname" . }}-backup + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gitlab.fullname" . }}-backup + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gitlab.fullname" . }}-backup + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gitlab.fullname" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ include "gitlab.fullname" . }}-backup + +{{- end -}} diff --git a/charts/gitlab-omnibus/values.yaml b/charts/gitlab-omnibus/values.yaml index eed793b..894a5d1 100644 --- a/charts/gitlab-omnibus/values.yaml +++ b/charts/gitlab-omnibus/values.yaml @@ -127,3 +127,18 @@ envFrom: [] gitlabConf: |- external_url 'https://gitlab.example.com' gitlab_rails['initial_root_password'] = ENV['GITLAB_INITIAL_ROOT_PASSWORD'] + +backupCronJob: + # backupCronJob.enabled -- enable scheduled backups + enabled: true + # backupCronJob.schedule -- how often to run backaup job + schedule: "@daily" + # backupCronJob.image -- image + image: wernight/kubectl + # backupCronJob.command -- command to execute in gitlab container + command: + - gitlab-backup + - create + - SKIP=uploads,builds,artifacts,registry,pages + - GZIP_RSYNCABLE=yes + - STRATEGY=copy