Skip to content

Instantly share code, notes, and snippets.

@erwanriou

erwanriou/backup-cron-job.yml

Last active May 31, 2022 14:31
Show Gist options
  • Save erwanriou/cf2d5c67d85b5b8d9a162f5129ff08b8 to your computer and use it in GitHub Desktop.
Save erwanriou/cf2d5c67d85b5b8d9a162f5129ff08b8 to your computer and use it in GitHub Desktop.
Download ZIP
How to create a backup cron job for MongoDB database on kubernetes (GKE)
Raw
backup-cron-job.yml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cluster-admin
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec", "pods/cp"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cluster-admin
namespace: default
subjects:
- kind: ServiceAccount
name: cluster-reader
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: cluster-reader
namespace: default
---
kind: ConfigMap
apiVersion: v1
metadata:
name: backup-script
data:
backup.sh: |
#!/bin/bash
JSON_FILE=$(cat <<-END
{
"type": "service_account",
"project_id": "your-project",
"private_key_id": "${GCS_PRIVATE_KEY_ID}",
"private_key": "${GCS_PRIVATE_KEY}",
"client_email": "[email protected]",
"client_id": "${GCS_CLIENT_ID}",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/storage-update%40your-project.iam.gserviceaccount.com"
}
END
)
echo "$JSON_FILE" > key.json
gcloud auth activate-service-account --key-file=key.json
mkdir backups
BACKUP_DIR=$(date +'%m.%d.%Y')
array=($(kubectl get pods | grep mongo | awk '{ print $1 }'))
for KEY in "${!array[@]}"; do
kubectl exec -i ${array[$KEY]} -- bash -c "cd tmp && mongodump --archive > mongo.dump && exit"
kubectl cp ${array[$KEY]}:/tmp/mongo.dump /backups/${array[$KEY]}.dump
done
gsutil cp -r /backups gs://your-backups/${BACKUP_DIR}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: cron-backup
spec:
schedule: "0 0 * * *"
jobTemplate:
spec:
template:
spec:
serviceAccountName: cluster-reader
restartPolicy: OnFailure
volumes:
- name: backup-script
configMap:
name: backup-script
defaultMode: 0777
containers:
- name: runner
image: gcr.io/google.com/cloudsdktool/cloud-sdk:latest
command: ["/bin/bash", "-c", "/scripts/backup.sh"]
securityContext:
runAsUser: 0
volumeMounts:
- name: backup-script
mountPath: /scripts/backup.sh
subPath: backup.sh
env:
- name: GOOGLE_STORAGE_BUCKET
value: your-project-backup
- name: GCS_PRIVATE_KEY_ID
valueFrom:
secretKeyRef:
name: gcs-private-key-id
key: GCS_PRIVATE_KEY_ID
- name: GCS_CLIENT_ID
valueFrom:
secretKeyRef:
name: gcs-client-id
key: GCS_CLIENT_ID
- name: GCS_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: gcs-private-key
key: GCS_PRIVATE_KEY
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment