From 06eb3b83632335cfa5ab78a4de04493bd0c3e43f Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Thu, 10 Aug 2023 11:02:31 +0200 Subject: [PATCH 1/3] feat(backup): use s3 based backup in staging and local --- .../env/local/wbaas-backup.values.yaml.gotmpl | 17 +++++++++---- .../staging/wbaas-backup.values.yaml.gotmpl | 9 +++---- k8s/helmfile/helmfile.yaml | 4 ++-- tf/env/staging/secrets-gcs.tf | 24 +++++++++++++++++++ tf/env/staging/serviceaccount.tf | 2 +- 5 files changed, 44 insertions(+), 12 deletions(-) create mode 100644 tf/env/staging/secrets-gcs.tf diff --git a/k8s/helmfile/env/local/wbaas-backup.values.yaml.gotmpl b/k8s/helmfile/env/local/wbaas-backup.values.yaml.gotmpl index 8d9459c92..c0a3a82e2 100644 --- a/k8s/helmfile/env/local/wbaas-backup.values.yaml.gotmpl +++ b/k8s/helmfile/env/local/wbaas-backup.values.yaml.gotmpl @@ -1,13 +1,20 @@ image: - tag: v0.2.0 + tag: v0.3.0 job: failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 cronSchedule: "* * 1 1 *" +scratchDiskSpace: 4Gi + +restorePodRunning: false + storage: - scratchDiskSpace: 4Gi - gcs: - bucketName: nacho-cheese - uploadToBucket: false + bucketName: backups + uploadToBucket: true + accessKeySecretName: minio-credentials + accessKeySecretKey: rootUser + secretKeySecretName: minio-credentials + secretKeySecretKey: rootPassword + endpoint: http://minio.default.svc.cluster.local:9000 diff --git a/k8s/helmfile/env/staging/wbaas-backup.values.yaml.gotmpl b/k8s/helmfile/env/staging/wbaas-backup.values.yaml.gotmpl index 945dc42f1..42c45112f 100644 --- a/k8s/helmfile/env/staging/wbaas-backup.values.yaml.gotmpl +++ b/k8s/helmfile/env/staging/wbaas-backup.values.yaml.gotmpl @@ -1,7 +1,8 @@ image: - tag: v0.2.0 + tag: v0.3.0 + +scratchDiskSpace: 8Gi storage: - scratchDiskSpace: 8Gi - gcs: - bucketName: wikibase-dev-sql-backup + bucketName: wikibase-dev-sql-backup + uploadToBucket: true diff --git a/k8s/helmfile/helmfile.yaml b/k8s/helmfile/helmfile.yaml index 65f974ec0..b07577500 100644 --- a/k8s/helmfile/helmfile.yaml +++ b/k8s/helmfile/helmfile.yaml @@ -208,8 +208,8 @@ releases: - name: wbaas-backup namespace: default - chart: wbstack/wbaas-backup - version: 0.0.6 + chart: wbastack/wbaas-backup + version: {{ ternary "0.1.0" "0.0.6" (ne .Environment "production") }} <<: *default_release - name: kube-prometheus-stack diff --git a/tf/env/staging/secrets-gcs.tf b/tf/env/staging/secrets-gcs.tf new file mode 100644 index 000000000..11c96c170 --- /dev/null +++ b/tf/env/staging/secrets-gcs.tf @@ -0,0 +1,24 @@ +resource "google_service_account" "dev-backup-upload" { + account_id = "dev-backup-upload" +} + +resource "google_storage_hmac_key" "dev-backup-upload-key" { + service_account_email = google_service_account.dev-backup-upload.email +} + +resource "google_project_iam_member" "dev-backup-upload" { + role = "roles/storage.admin" + member = "serviceAccount:${google_service_account.dev-backup-upload.email}" + project = local.project_id +} + +resource "kubernetes_secret" "gcs-hmac-key" { + provider = kubernetes.wbaas-2 + metadata { + name = "gcs-hmac-key" + } + data = { + "access-key" = google_storage_hmac_key.dev-backup-upload-key.access_id + "secret-key" = google_storage_hmac_key.dev-backup-upload-key.secret + } +} diff --git a/tf/env/staging/serviceaccount.tf b/tf/env/staging/serviceaccount.tf index 3d4c554df..421e3c42e 100644 --- a/tf/env/staging/serviceaccount.tf +++ b/tf/env/staging/serviceaccount.tf @@ -32,4 +32,4 @@ resource "google_service_account_key" "dev-api" { keepers = { rotate = 1 } -} \ No newline at end of file +} From 74bf97b36d079092c040124646afd081f6344d34 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Mon, 14 Aug 2023 12:51:41 +0200 Subject: [PATCH 2/3] fix: chart repo is misspelled Co-authored-by: Deniz Erdogan <91744937+deer-wmde@users.noreply.github.com> --- k8s/helmfile/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/helmfile/helmfile.yaml b/k8s/helmfile/helmfile.yaml index b07577500..1c101f207 100644 --- a/k8s/helmfile/helmfile.yaml +++ b/k8s/helmfile/helmfile.yaml @@ -208,7 +208,7 @@ releases: - name: wbaas-backup namespace: default - chart: wbastack/wbaas-backup + chart: wbstack/wbaas-backup version: {{ ternary "0.1.0" "0.0.6" (ne .Environment "production") }} <<: *default_release From ae89fbb4e70534cd7ba1b62c7e9ba042e9f30400 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Mon, 14 Aug 2023 14:05:02 +0200 Subject: [PATCH 3/3] Update k8s/helmfile/helmfile.yaml Co-authored-by: Deniz Erdogan <91744937+deer-wmde@users.noreply.github.com> --- k8s/helmfile/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/helmfile/helmfile.yaml b/k8s/helmfile/helmfile.yaml index 1c101f207..e603d8492 100644 --- a/k8s/helmfile/helmfile.yaml +++ b/k8s/helmfile/helmfile.yaml @@ -209,7 +209,7 @@ releases: - name: wbaas-backup namespace: default chart: wbstack/wbaas-backup - version: {{ ternary "0.1.0" "0.0.6" (ne .Environment "production") }} + version: {{ ternary "0.1.0" "0.0.6" (ne .Environment.Name "production") }} <<: *default_release - name: kube-prometheus-stack