Merge pull request #4436 from sgibson91/gcp-filestore-backups/k8s-dep…

…loyment Create k8s resources in support chart to run gcp-filestores-backup
2i2c-org · Jul 17, 2024 · 2061d4c · 2061d4c
2 parents c94e476 + 705b456
commit 2061d4c
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 1 deletion.
diff --git a/helm-charts/images/gcp-filestore-backups/Dockerfile b/helm-charts/images/gcp-filestore-backups/Dockerfile
@@ -13,4 +13,3 @@ COPY requirements.txt /tmp/
 RUN pip install -r /tmp/requirements.txt
 
 COPY gcp-filestore-backups.py /
-ENTRYPOINT ["python", "gcp-filestore-backups.py"]
diff --git a/helm-charts/support/templates/gcp-filestore-backups/deployment.yaml b/helm-charts/support/templates/gcp-filestore-backups/deployment.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.gcpFilestoreBackups.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gcp-filestore-backups
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gcp-filestore-backups
+  template:
+    metadata:
+      labels:
+        app: gcp-filestore-backups
+    spec:
+      strategy:
+        type: Recreate
+      serviceAccountName: gcp-filestore-backups-sa
+      automountServiceAccountToken: false
+      containers:
+        - name: gcp-filestore-backups
+          image: "quay.io/2i2c/gcp-filestore-backups:0.0.1-0.dev.git.9800.hbcab1958"
+          command:
+            - python
+            - gcp-filestore-backups.py
+          args:
+            - '{{ .Values.gcpFilestoreBackups.filestoreName | required "gcpFilestoreBackups.filestoreName is required with gcpFilestoreBackups.enabled set to true" }}'
+            - '{{ .Values.gcpFilestoreBackups.project | required "gcpFilestoreBackups.project is required with gcpFilestoreBackups.enabled set to true" }}'
+            - '{{ .Values.gcpFilestoreBackups.zone | required "gcpFilestoreBackups.zone is required with gcpFilestoreBackups.enabled set to true" }}'
+          securityContext:
+            runAsUser: 1000
+            allowPrivilegeEscalation: False
+            readOnlyRootFilesystem: True
+{{- end -}}
diff --git a/helm-charts/support/templates/gcp-filestore-backups/serviceaccount.yaml b/helm-charts/support/templates/gcp-filestore-backups/serviceaccount.yaml
@@ -0,0 +1,7 @@
+{{ if .Values.gcpFilestoreBackups.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gcp-filestore-backups-sa
+  annotations: {{ .Values.gcpFilestoreBackups.annotations | toJson }}
+{{- end }}
diff --git a/helm-charts/support/values.schema.yaml b/helm-charts/support/values.schema.yaml
@@ -19,6 +19,7 @@ required:
   - prometheusIngressAuthSecret
   - cryptnono
   - redirects
+  - gcpFilestoreBackups
   - global
 properties:
   # cluster-autoscaler is a dependent helm chart, we rely on its schema
@@ -165,6 +166,48 @@ properties:
             type: string
             description: |
               Name of the StorageClass to create
+  gcpFilestoreBackups:
+    type: object
+    additionalProperties: false
+    required:
+      - enabled
+    # Require options to be set *only* if gcpFilestoreBackups is enabled
+    if:
+      properties:
+        enabled:
+          const: true
+    then:
+      required:
+        - filestoreName
+        - project
+        - zone
+        - annotations
+    properties:
+      enabled:
+        type: boolean
+        description: |
+          Enable automatic daily backups of GCP Filestores
+      filestoreName:
+        type: string
+        description: |
+          The name of the GCP Filestore to backup
+      project:
+        type: string
+        description: |
+          The GCP project the Filestore and backups are stored in
+      zone:
+        type: string
+        description: |
+          The GCP zone the Filestore and backups are stored in, e.g., us-central1-b
+      annotations:
+        type: object
+        additionalProperties: true
+        description: |
+          Dictionary of annotations that can be applied to the service account.
+
+          When used with GKE and Workload Identity, you need to set the
+          annotation with the key "iam.gke.io/gcp-service-account" to the email
+          address of the Google Service Account whose credentials it should have.
   global:
     type: object
     additionalProperties: true
diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml
@@ -501,6 +501,10 @@ prometheusStorageClass:
     parameters:
       type: pd-balanced
 
+# Setup a deployment that will periodically backup the Filestore contents
+gcpFilestoreBackups:
+  enabled: false
+
 # A placeholder as global values that can be referenced from the same location
 # of any chart should be possible to provide, but aren't necessarily provided or
 # used.