Migrate backup upload to use S3 client (#125)

* feat(backup): backup is now uploaded using s3 client(s) * fix: value access in helpers is broken
wbstack · Aug 14, 2023 · af3206a · af3206a
1 parent 641bba5
commit af3206a
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 31 deletions.
diff --git a/charts/wbaas-backup/Chart.yaml b/charts/wbaas-backup/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for WbaaS K8s Cronjob Backups
 name: wbaas-backup
-version: 0.0.6
+version: 0.1.0
 maintainers:
   - name: WMDE
     url: https://github.com/wmde
diff --git a/charts/wbaas-backup/templates/_helpers.tpl b/charts/wbaas-backup/templates/_helpers.tpl
@@ -17,17 +17,6 @@ either will be set to use the `db.load` dict or the `db.dump` dict from the valu
 volumeMounts:
   - name: "scratch-volume"
     mountPath: "/backups/"
-{{- if .context.Values.storage.gcs.uploadToBucket }}
-  - name: "service-account-volume"
-    mountPath: "/var/run/secret/cloud.google.com"
-lifecycle:
-  postStart:
-    exec:
-      command: ["gcsfuse", "--key-file", "/var/run/secret/cloud.google.com/key.json", "{{ .context.Values.storage.gcs.bucketName }}", "/mnt/backup-bucket"]
-  preStop:
-    exec:
-      command: ["fusermount", "-u", /mnt/backup-bucket"]
-{{- end }}
 securityContext:
   privileged: true
   capabilities:
@@ -50,9 +39,23 @@ env:
 - name: MYDUMPER_VERBOSE_LEVEL
   value: {{ .db.verbosity | quote }}
 - name: DO_UPLOAD
-  value: {{ if .context.Values.storage.gcs.uploadToBucket }}"1"{{else}}"0"{{end}}
-- name: GCS_BUCKET_NAME
-  value: {{ .context.Values.storage.gcs.bucketName | quote }}
+  value: {{ if .context.Values.storage.uploadToBucket }}"1"{{else}}"0"{{end}}
+- name: STORAGE_BUCKET_NAME
+  value: {{ .context.Values.storage.bucketName | quote }}
+- name: STORAGE_SIGNATURE_VERSION
+  value: {{ .context.Values.storage.signatureVersion | quote }}
+- name: STORAGE_ACCESS_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .context.Values.storage.accessKeySecretName | quote }}
+      key: {{ .context.Values.storage.accessKeySecretKey | quote }}
+- name: STORAGE_SECRET_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .context.Values.storage.secretKeySecretName | quote }}
+      key: {{ .context.Values.storage.secretKeySecretKey | quote }}
+- name: STORAGE_ENDPOINT
+  value: {{ .context.Values.storage.endpoint | quote }}
 - name: BACKUP_KEY
   valueFrom:
     secretKeyRef:
@@ -81,10 +84,5 @@ volumes:
           accessModes: [ "ReadWriteOnce" ]
           resources:
             requests:
-              storage: {{ .storage.scratchDiskSpace | quote }}
-{{- if .storage.gcs.uploadToBucket }}
-  - name: "service-account-volume"
-    secret:
-      secretName: {{ .storage.gcs.serviceAccountSecretName | quote }}
-{{- end }}
-{{ end }}
+              storage: {{ . | quote }}
+{{ end }}
diff --git a/charts/wbaas-backup/templates/job.yaml b/charts/wbaas-backup/templates/job.yaml
@@ -17,6 +17,6 @@ spec:
             resources:
               {{- toYaml .Values.resources.job | nindent 14 }}
 {{ include "backup.sharedPodConfiguration" ( dict "db" .Values.db.dump "context" $ ) | nindent 12 }}
-{{ include "backup.sharedVolumes" ( dict "storage" .Values.storage ) | nindent 10 }}
+{{ include "backup.sharedVolumes" .Values.scratchDiskSpace | nindent 10 }}
           restartPolicy: Never
-      backoffLimit: 4
+      backoffLimit: 4
diff --git a/charts/wbaas-backup/templates/restore-pod.yaml b/charts/wbaas-backup/templates/restore-pod.yaml
@@ -13,7 +13,7 @@ spec:
     resources:
       {{- toYaml .Values.resources.restorePod | nindent 6 }}
 {{ include "backup.sharedPodConfiguration" ( dict "db" .Values.db.load "context" $ ) | nindent 4 }}
-{{ include "backup.sharedVolumes" ( dict "storage" .Values.storage ) | nindent 2 }}
+{{ include "backup.sharedVolumes" .Values.scratchDiskSpace | nindent 2 }}
   restartPolicy: Never
 
-{{- end }}
+{{- end }}
diff --git a/charts/wbaas-backup/values.yaml b/charts/wbaas-backup/values.yaml
@@ -13,12 +13,17 @@ job:
 backupSecretKey: key
 backupSecretName: backup-openssl-key
 
+scratchDiskSpace: 16Gi
+
 storage:
-  scratchDiskSpace: 16Gi
-  gcs:
-    bucketName: nacho-cheese
-    serviceAccountSecretName: some-gcs-sa
-    uploadToBucket: true
+  bucketName: nacho-cheese
+  uploadToBucket: true
+  accessKeySecretName: gcs-hmac-key
+  accessKeySecretKey: access-key
+  secretKeySecretName: gcs-hmac-key
+  secretKeySecretKey: secret-key
+  endpoint: https://storage.googleapis.com
+  signatureVersion: S3v2
 
 resources:
   job: