From c762a58080f515e1a562dba2d4ec02eba1ed55f1 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Tue, 28 Nov 2023 22:28:34 +0100
Subject: [PATCH] pg backup as well

---
 .../backup/base/db-backup.cronjob.yaml        | 32 ----------------
 infrastructure/backup/postgres/cronjob.yaml   | 37 +++++++++++++++++++
 .../backup/postgres/kustomization.yaml        |  9 +++++
 .../postgres/postgres.sealedsecret.yaml       | 21 +++++++++++
 infrastructure/backup/postgres/pvc.yaml       | 13 +++++++
 kluster-deployments/backup/kustomization.yaml |  1 +
 .../backup/postgres.backup.application.yaml   | 18 +++++++++
 7 files changed, 99 insertions(+), 32 deletions(-)
 delete mode 100644 infrastructure/backup/base/db-backup.cronjob.yaml
 create mode 100644 infrastructure/backup/postgres/cronjob.yaml
 create mode 100644 infrastructure/backup/postgres/kustomization.yaml
 create mode 100644 infrastructure/backup/postgres/postgres.sealedsecret.yaml
 create mode 100644 infrastructure/backup/postgres/pvc.yaml
 create mode 100644 kluster-deployments/backup/postgres.backup.application.yaml

diff --git a/infrastructure/backup/base/db-backup.cronjob.yaml b/infrastructure/backup/base/db-backup.cronjob.yaml
deleted file mode 100644
index 6482455..0000000
--- a/infrastructure/backup/base/db-backup.cronjob.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: batch/v1beta1
-kind: CronJob
-metadata:
-  name: postgres-backup
-spec:
-  # Backup the database every day at 2AM
-  schedule: "0 2 * * *"
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - name: postgres-backup
-            image: postgres:12
-            command: ["/bin/sh"]
-            args: ["-c", 'echo "$PGPASS" > /root/.pgpass && chmod 600 /root/.pgpass && pg_dump -U postgres_admin -h postgres test_database > /var/backups/backup-$(date +"%m-%d-%Y-%H-%M").sql']
-            env:
-            - name: PGPASS
-              valueFrom:
-                secretKeyRef:
-                  name: pgpass
-                  key: pgpass
-            volumeMounts:
-            - mountPath: /var/backups
-              name: postgres-storage
-          restartPolicy: Never
-          volumes:
-          - name: postgres-storage
-            hostPath:
-            # Ensure the file directory is created.
-              path: /var/volumes/postgres-backups
-              type: DirectoryOrCreate
\ No newline at end of file
diff --git a/infrastructure/backup/postgres/cronjob.yaml b/infrastructure/backup/postgres/cronjob.yaml
new file mode 100644
index 0000000..6e33892
--- /dev/null
+++ b/infrastructure/backup/postgres/cronjob.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: postgres-backup
+spec:
+  # Backup the database every day at 1AM
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: postgres-backup
+            image: postgres:15
+            command: ["/bin/sh"]
+            args:
+              - "-c"
+              - >-
+                echo "$postgress_password" > /root/.pgpass
+                &&
+                chmod 600 /root/.pgpass
+                &&
+                pg_dumpall -U postgres -h postgrespostgres-postgresql.postgres > /backup/backup-$(date +"%m-%d-%Y-%H-%M").sql
+            env:
+            - name: PGpostgress_passwordPASS
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-password
+                  key: password
+            volumeMounts:
+            - mountPath: /backup
+              name: postgres-backup-claim
+          restartPolicy: Never
+          volumes:
+          - name: postgres-backup-claim
+            persistentVolumeClaim:
+              claimName: postgres-backup-claim
diff --git a/infrastructure/backup/postgres/kustomization.yaml b/infrastructure/backup/postgres/kustomization.yaml
new file mode 100644
index 0000000..05b093d
--- /dev/null
+++ b/infrastructure/backup/postgres/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: backup
+
+resources:
+  - postgres.sealedsecret.yaml
+  - pvc.yaml
+  - cronjob.yaml
diff --git a/infrastructure/backup/postgres/postgres.sealedsecret.yaml b/infrastructure/backup/postgres/postgres.sealedsecret.yaml
new file mode 100644
index 0000000..7ceebd9
--- /dev/null
+++ b/infrastructure/backup/postgres/postgres.sealedsecret.yaml
@@ -0,0 +1,21 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "postgres-password",
+    "namespace": "backup",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "postgres-password",
+        "namespace": "backup",
+        "creationTimestamp": null
+      }
+    },
+    "encryptedData": {
+      "password": "AgBKXybtQWxHVX0UeQ9z5VOSJp9dadp+j+8VxBzyh37BdfLA9l5YppOWgK2RpmQmFmcrrxr7u2SgyJ4rP60n0r8LHLcmPTXAUJe5b07HTVOLn8Q4C9ObEkWVXBycmI5Kc8vHZ+OW8T3s/QqrnLIlQPOq56mjsWjO24O/72aUl4IzlrSq3NYPAMpQOwfgoam/4ZaHed6+Im40eQalkEWRlk5KOkSayWsrNJNccAhnZ8JapCP25pVVfz5xJc9286jNqTCgGt1Ez3xTXbd3LPI2QgeonIPU9zqlXeQgjS/UuAIuKyEW7ypD2/7lLoU1Yk4XMzIreVSrYgfy7ylnC++FPZBI+32/ocbEgpXPX9O/gb2tQLANVEn9BwVyPe3MW/vB63ryyfhtrPQbNJCJNnwKlsoS+HcVYBGAAtjdUYD4/2fKabH7Th2SlMIJvGBwhxpJo1bnblHoTUQ/Ao5gaUIcZC0qCnd9ZKVRKwtFsJrgqnEAapd9dNdDu9RBxVKAUa0TS+ahnXBaC87lvydb/9PxLz+J7E27oInt9coFEHpaZFNdt0QJXUqs3DF0JO7ll3wC+R1iDUWRY3NKf/bpiGgkwk3VtUkIXcW5biaD7lF8inrLVzktvQGET/CbYre5ws9qj5xF4NUYUivYexiP8isScnbrys671GizUjxFoPQpWotEHmZ9DNsIYOF3OvewKjDllpo1izKmY1Y="
+    }
+  }
+}
diff --git a/infrastructure/backup/postgres/pvc.yaml b/infrastructure/backup/postgres/pvc.yaml
new file mode 100644
index 0000000..6e0b186
--- /dev/null
+++ b/infrastructure/backup/postgres/pvc.yaml
@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+
+metadata:
+  name: postgres-backup-claim
+
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
diff --git a/kluster-deployments/backup/kustomization.yaml b/kluster-deployments/backup/kustomization.yaml
index 23e4cf8..b1878ac 100644
--- a/kluster-deployments/backup/kustomization.yaml
+++ b/kluster-deployments/backup/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
   - secrets.application.yaml
   - backup.application.yaml
   - prune.application.yaml
+  - postgres.backup.application.yaml
diff --git a/kluster-deployments/backup/postgres.backup.application.yaml b/kluster-deployments/backup/postgres.backup.application.yaml
new file mode 100644
index 0000000..20f6ce8
--- /dev/null
+++ b/kluster-deployments/backup/postgres.backup.application.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-backup-application
+  namespace: argocd
+spec:
+  project: infrastructure
+  source:
+    repoURL: https://github.com/moll-re/k3s-infra.git
+    targetRevision: main
+    path: infrastructure/backup/postgres
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: backup
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
\ No newline at end of file