postgres-backup-template-with-icinga-and-secret.yaml

apiVersion: v1
kind: Template
metadata:
  name: postgres-backup-template
  annotations:
    description: 'Template for a DB container backup job'
    tags: 'database'
parameters:
  - name: DATABASE_BACKUP_KEEP
    description: 'Number of backups to keep'
    value: '5'
  - name: DATABASE_BACKUP_SCHEDULE
    description: 'Cron-like schedule expression'
    value: '50 * * * *'
  - name: DATABASE_SECRET
    description: 'database secret'
    required: true
  - name: DATABASE_HOST
    description: 'Hostname of DB server'
    required: true
  - name: DATABASE_PORT
    description: 'DB Port'
    required: true
  - name: DATABASE_BACKUP_VOLUME_CLAIM
    description: 'Name of the volume claim to be used as storage'
    required: true
  - name: ICINGA_USERNAME
    description: 'User for Icinga Login'
  - name: ICINGA_PASSWORD
    description: 'Password for Icinga Login'
  - name: ICINGA_SERVICE_URL
    description: 'Service url to be notified in Incinga'
objects:
  - apiVersion: batch/v1beta1
    kind: CronJob
    metadata:
      name: postgres-backup
    spec:
      schedule: ${DATABASE_BACKUP_SCHEDULE}
      concurrencyPolicy: Forbid
      jobTemplate:
        spec:
          template:
            spec:
              volumes:
                - name: database-backup
                  persistentVolumeClaim:
                    claimName: ${DATABASE_BACKUP_VOLUME_CLAIM}
              containers:
                - name: database-backup
                  image: 'registry.access.redhat.com/rhscl/postgresql-96-rhel7:1'
                  command:
                    - 'bash'
                    - '-eo'
                    - 'pipefail'
                    - '-c'
                    - > 
                      trap "echo Backup failed; exit 0" ERR; 
                      FILENAME=backup-${DATABASE_NAME}-`date +%Y-%m-%d_%H%M%S`.sql.gz;
                      time (find /database-backup -type f -name "backup-${DATABASE_NAME}-*"  -exec ls -1tr "{}" + | head -n -${DATABASE_BACKUP_KEEP} | xargs rm -fr; 
                      PGPASSWORD="$DATABASE_PASSWORD" pg_dump --username=$DATABASE_USER --host=$DATABASE_HOST --port=$DATABASE_PORT --column-inserts --clean --create ${DATABASE_NAME} | gzip > /database-backup/$FILENAME); 
                      echo "Icinga Response:";
                      curl -k -s -u $ICINGA_USERNAME:"$ICINGA_PASSWORD" -H 'Accept: application/json' -X POST "$ICINGA_SERVICE_URL" -d '{ "exit_status": 0, "plugin_output": "backup ok" }';
                      echo "";
                      echo "Backup successful"; du -h /database-backup/$FILENAME; 
                      echo "to restore the backup to the serviced host use: $ psql --username=$DATABASE_USER --password --host=$DATABASE_HOST --port=$DATABASE_PORT postgres < /database-backup/<backupfile> (unpacked)"
                  env:
                    - name: DATABASE_USER
                      valueFrom:
                        secretKeyRef:
                          key: database-user
                          name: ${DATABASE_SECRET}
                    - name: DATABASE_PASSWORD
                      valueFrom:
                        secretKeyRef:
                          key: database-password
                          name: ${DATABASE_SECRET}
                    - name: DATABASE_NAME
                      valueFrom:
                        secretKeyRef:
                          key: database-name
                          name: ${DATABASE_SECRET}
                    - name: DATABASE_BACKUP_KEEP
                      value: ${DATABASE_BACKUP_KEEP}
                    - name: DATABASE_HOST
                      value: ${DATABASE_HOST}
                    - name: DATABASE_PORT
                      value: ${DATABASE_PORT}
                    - name: ICINGA_USERNAME
                      value: ${ICINGA_USERNAME}
                    - name: ICINGA_PASSWORD
                      value: ${ICINGA_PASSWORD}
                    - name: ICINGA_SERVICE_URL
                      value: ${ICINGA_SERVICE_URL}
                    - name: TZ
                      value: Europe/Zurich
                  volumeMounts:
                    - name: database-backup
                      mountPath: /database-backup
              restartPolicy: Never