.helm/files+psql.values.yml

releasePrefix: "-"

envs:
  ALERT_SYSTEM_URL: "https://you.alert-system.ru/alert"
  PSQL_PORT: 6432
  PSQL_USER: backup-user@app_db  # `@<db_name>` uses if user don't have db with same name

secretEnvs:
  SMPT_USR: backup@email.com
  SMPT_PASS: b64:YmFja3VwX3NtdHBfcGFzcw==
  PSQL_HOST: 'rc1a-b70n6w4sg4g4r2wd.mdb.yandexcloud.net'
  PSQL_PASS: secure_psql_user_pass
  ALERT_AUTH_KEY: b64:c2VjdXJlX2FsZXJ0X2FwaV9rZXk=
  S3_ACCESS_KEY: ""
  S3_SECRET_KEY: ""

defaultImage: registry.nixys.ru/public/nxs-backup
defaultImageTag: 3.0.0-alpine

configMaps:
  configs:
    data:
      main: |
        project_name: My Project
        server_name: k8s-backup
        loglevel: info
        notifications:
          mail:
            message_level: "err"
            smtp_server: smtp.email.com
            smtp_port: 465
            smtp_user: ENV:SMPT_USR
            smtp_password: ENV:SMPT_PASS
            recipients:
              - my@email.com
              - devops@project.io
          webhooks:
            - webhook_url: ENV:ALERT_SYSTEM_URL
              message_level: "warn"
              extra_headers:
                "X-Auth-Key": ENV:ALERT_AUTH_KEY
              payload_message_key: "triggerMessage"
              extra_payload:
                "isEmergencyAlert":  false
                "rawTriggerMessage": false
                "monitoringURL":     "-"
        include_jobs_configs: ["conf.d/*.yaml"]
        jobs: []
        storage_connects:
        - name: selectel_s3
          s3_params:
            bucket_name: Backups
            access_key_id: ENV:S3_ACCESS_KEY
            secret_access_key: ENV:S3_SECRET_KEY
            endpoint: s3.storage.selcloud.ru
            region: ru-1
      files: |
        job_name: "files backup"
        type: desc_files
        tmp_dir: /var/nxs-backup/tmp_dump

        sources:
          - name: upload
            save_abs_path: yes
            targets:
              - /var/www/project/upload
            excludes:
              - log
              - tmp
            gzip: true
          - name: data
            save_abs_path: yes
            targets:
              - /var/www/project/data
            excludes:
              - log
              - tmp/*
            gzip: true

        storages_options:
          - storage_name: local
            backup_path: /var/nxs-backup/files
            retention:
              days: 3
              weeks: 0
              months: 0
          - storage_name: selectel_s3
            backup_path: /nxs-backup/files
            retention:
              days: 30
              weeks: 0
              months: 12
      database: |
        job_name: psql backup
        type: postgresql
        tmp_dir: /var/nxs-backup/tmp_dump

        sources:
          - name: app_db
            connect:
              db_host: ENV:PSQL_HOST
              db_port: ENV:PSQL_PORT
              db_user: ENV:PSQL_USER
              db_password: ENV:PSQL_PASS
              psql_ssl_mode: verify-full
              psql_ssl_root_cert: '/var/lib/secrets/psql_root.crt'
            target_dbs:
              - app_db
            excludes:
              - postgres
              - app_db.information_schema
              - app_db.app_schema.tmp
            gzip: true
            db_extra_keys: ''

        storages_options:
          - storage_name: local
            backup_path: /var/nxs-backup/databases
            retention:
              days: 3
              weeks: 0
              months: 0
          - storage_name: selectel_s3
            backup_path: /nxs-backup/files
            retention:
              days: 30
              weeks: 0
              months: 12

secrets:
  secret-files:
    data:
      psql_root.crt: |
        LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzVENDQXNXZ0F3SUJBZ0lLUHhiNXNBQUFBQUFBRnpBTkJna3Foa2lHOXcwQkFRMEZBREFmTVIwd0d3WUQKLi4uCmJ3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkdUQ0NBd0dnQXdJQkFnSVFKTU03Wkl5MlNZeENCZ0s3V2NGd25qQU5CZ2txaGtpRzl3MEJBUTBGQURBZgouLi4KTHB1UUtiU2JJRVJzbVIrUXFRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=

pvcs:
  nxs-backup:
    accessModes:
      - ReadWriteOnce
      - ReadWriteMany
    size: 1000Gi

cronJobs:
  nxs-backup:
    affinity:
      nodeAffinity: {}
      podAntiAffinity: {}
      podAffinity: {}
    schedule: "0 1 * * *"
    containers:
      - command: nxs-backup start
        volumeMounts:
          - name: secret-files
            mountPath: /var/lib/secrets
          - name: configs
            mountPath: /etc/nxs-backup
          - name: nxs-backup
            mountPath: /var/nxs-backup
          - name: app-data
            mountPath: /var/www/project
    volumes:
      - name: nxs-backup
        type: pvc
      - name: secret-files
        type: secret
      - type: configMap
        name: configs
        items:
          - key: main
            path: nxs-backup.conf
          - key: files
            path: conf.d/files.conf
          - key: database
            path: conf.d/database.conf
    extraVolumes:
      - name: app-data
        persistentVolumeClaim:
          claimName: my-app-data-pvc
    restartPolicy: OnFailure