|
| 1 | +{{- if .Values.etcd.backup.enabled }} |
| 2 | +{{- $fullName := include "kubernetes.fullname" . -}} |
| 3 | +--- |
| 4 | +apiVersion: batch/v1beta1 |
| 5 | +kind: CronJob |
| 6 | +metadata: |
| 7 | + name: {{ $fullName }}-etcd-backup |
| 8 | + labels: |
| 9 | + app: {{ $fullName }}-etcd-backup |
| 10 | + {{- with .Values.etcd.backup.labels }} |
| 11 | + {{- toYaml . | nindent 4 }} |
| 12 | + {{- end }} |
| 13 | + {{- with .Values.etcd.backup.annotations }} |
| 14 | + annotations: |
| 15 | + {{- toYaml . | nindent 4 }} |
| 16 | + {{- end }} |
| 17 | +spec: |
| 18 | + schedule: "{{ .Values.etcd.backup.schedule }}" |
| 19 | + successfulJobsHistoryLimit: {{ .Values.etcd.backup.successfulJobsHistoryLimit }} |
| 20 | + failedJobsHistoryLimit: {{ .Values.etcd.backup.failedJobsHistoryLimit }} |
| 21 | + jobTemplate: |
| 22 | + metadata: |
| 23 | + labels: |
| 24 | + app: {{ $fullName }}-etcd-backup |
| 25 | + {{- with .Values.etcd.backup.labels }} |
| 26 | + {{- toYaml . | nindent 8 }} |
| 27 | + {{- end }} |
| 28 | + {{- with .Values.etcd.backup.annotations }} |
| 29 | + annotations: |
| 30 | + {{- toYaml . | nindent 8 }} |
| 31 | + {{- end }} |
| 32 | + spec: |
| 33 | + template: |
| 34 | + metadata: |
| 35 | + labels: |
| 36 | + app: {{ $fullName }}-etcd-backup |
| 37 | + {{- with .Values.etcd.backup.podLabels }} |
| 38 | + {{- toYaml . | nindent 12 }} |
| 39 | + {{- end }} |
| 40 | + {{- with .Values.etcd.backup.podAnnotations }} |
| 41 | + annotations: |
| 42 | + {{- toYaml . | nindent 12 }} |
| 43 | + {{- end }} |
| 44 | + spec: |
| 45 | + {{- with .Values.etcd.backup.nodeSelector }} |
| 46 | + nodeSelector: |
| 47 | + {{- toYaml . | nindent 12 }} |
| 48 | + {{- end }} |
| 49 | + {{- with .Values.etcd.backup.tolerations }} |
| 50 | + tolerations: |
| 51 | + {{- toYaml . | nindent 10 }} |
| 52 | + {{- end }} |
| 53 | + {{- if or .Values.etcd.backup.affinity .Values.etcd.backup.podAffinity }} |
| 54 | + affinity: |
| 55 | + {{- with .Values.etcd.backup.affinity }} |
| 56 | + {{- toYaml . | nindent 12 }} |
| 57 | + {{- end }} |
| 58 | + {{- if eq .Values.etcd.backup.podAffinity "hard" }} |
| 59 | + podAffinity: |
| 60 | + requiredDuringSchedulingIgnoredDuringExecution: |
| 61 | + - topologyKey: "{{ .Values.etcd.backup.podAffinityTopologyKey }}" |
| 62 | + labelSelector: |
| 63 | + matchLabels: |
| 64 | + app: {{ $fullName }}-etcd |
| 65 | + {{- else if eq .Values.etcd.backup.podAffinity "soft" }} |
| 66 | + podAffinity: |
| 67 | + preferredDuringSchedulingIgnoredDuringExecution: |
| 68 | + - weight: 1 |
| 69 | + podAffinityTerm: |
| 70 | + topologyKey: "{{ .Values.etcd.backup.podAffinityTopologyKey }}" |
| 71 | + labelSelector: |
| 72 | + matchLabels: |
| 73 | + app: {{ $fullName }}-etcd |
| 74 | + {{- end }} |
| 75 | + {{- end }} |
| 76 | + |
| 77 | + {{- with .Values.etcd.image.pullSecrets }} |
| 78 | + imagePullSecrets: |
| 79 | + {{- toYaml . | nindent 10 }} |
| 80 | + {{- end }} |
| 81 | + automountServiceAccountToken: false |
| 82 | + restartPolicy: OnFailure |
| 83 | + containers: |
| 84 | + - command: |
| 85 | + - /bin/sh |
| 86 | + - -xc |
| 87 | + - | |
| 88 | + rtc() { while read k s v; do test "$k" = "rtc_$1" && echo "$v" && break; done </proc/driver/rtc; } |
| 89 | + etcdctl snapshot save /data/etcd-prod-hosting-$(rtc date)-$(rtc time).db |
| 90 | + {{- range $key, $value := .Values.etcd.backup.extraArgs }} --{{ $key }}={{ $value }}{{- end }} |
| 91 | + env: |
| 92 | + - name: ETCDCTL_API |
| 93 | + value: "3" |
| 94 | + - name: ETCDCTL_CACERT |
| 95 | + value: /pki/etcd/peer/ca.crt |
| 96 | + - name: ETCDCTL_CERT |
| 97 | + value: /pki/etcd/peer/tls.crt |
| 98 | + - name: ETCDCTL_KEY |
| 99 | + value: /pki/etcd/peer/tls.key |
| 100 | + - name: ETCDCTL_ENDPOINTS |
| 101 | + value: {{ $fullName }}-etcd:{{ .Values.etcd.ports.client }} |
| 102 | + {{- with .Values.etcd.backup.extraEnv }} |
| 103 | + {{- toYaml . | nindent 12 }} |
| 104 | + {{- end }} |
| 105 | + {{- with .Values.etcd.image }} |
| 106 | + image: "{{ .repository }}{{ if .digest }}@{{ .digest }}{{ else }}:{{ .tag }}{{ end }}" |
| 107 | + imagePullPolicy: {{ .pullPolicy }} |
| 108 | + {{- end }} |
| 109 | + name: etcd-backup |
| 110 | + resources: |
| 111 | + {{- toYaml .Values.etcd.backup.resources | nindent 14 }} |
| 112 | + volumeMounts: |
| 113 | + - mountPath: /pki/etcd/ca |
| 114 | + name: pki-etcd-certs-ca |
| 115 | + - mountPath: /pki/etcd/peer |
| 116 | + name: pki-etcd-certs-peer |
| 117 | + - mountPath: /pki/etcd/server |
| 118 | + name: pki-etcd-certs-server |
| 119 | + - mountPath: /data |
| 120 | + name: data |
| 121 | + {{- with .Values.persistence.backup.subPath }} |
| 122 | + subPath: {{ . }} |
| 123 | + {{- end }} |
| 124 | + {{- with .Values.etcd.backup.extraVolumeMounts }} |
| 125 | + {{- toYaml . | nindent 12 }} |
| 126 | + {{- end }} |
| 127 | + {{- with .Values.etcd.backup.sidecars }} |
| 128 | + {{- toYaml . | nindent 10 }} |
| 129 | + {{- end }} |
| 130 | + volumes: |
| 131 | + - secret: |
| 132 | + secretName: {{ $fullName }}-pki-etcd-ca |
| 133 | + name: pki-etcd-certs-ca |
| 134 | + - secret: |
| 135 | + secretName: {{ $fullName }}-pki-etcd-peer |
| 136 | + name: pki-etcd-certs-peer |
| 137 | + - secret: |
| 138 | + secretName: {{ $fullName }}-pki-etcd-server |
| 139 | + name: pki-etcd-certs-server |
| 140 | + - name: data |
| 141 | + persistentVolumeClaim: |
| 142 | + claimName: {{ .Values.persistence.backup.existingClaim | default (printf "etcd-backup-%s-etcd" $fullName) }} |
| 143 | + {{- with .Values.etcd.backup.extraVolumes }} |
| 144 | + {{- toYaml . | nindent 10 }} |
| 145 | + {{- end }} |
| 146 | +{{- end }} |
0 commit comments