Merge pull request #66 from cloudkite-io/mssql-backups

eduartua · web-flow · commit 56253c107a12 · 2025-10-05T19:37:46.000-06:00
Add templates to support backup resources
diff --git a/mssql/Chart.yaml b/mssql/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: mssql
 description: A Helm chart for Kubernetes
 type: application
-version: 0.1.3
-appVersion: "0.1.3"
+version: 0.1.4
+appVersion: "0.1.4"
diff --git a/mssql/sample.values.yaml b/mssql/sample.values.yaml
@@ -28,6 +28,22 @@ databases:
         memory: 4Gi
       limits:
         memory: 4Gi
+    backup:
+      enabled: true
+      schedule: "0 2 * * *" # Daily at 2:00 AM UTC
+      s3Bucket: "your-primary-backup-bucket"
+      s3Region: "us-east-1"
+      image:
+        repository: gcr.io/cloudkite-public/mssql
+        tag: "2022"
+        pullPolicy: IfNotPresent
+      serviceAccount:
+        create: true
+        name: "db-a-backup-sa"
+        # Add your IRSA role ARN annotation here
+        annotations:
+          eks.amazonaws.com/role-arn: "arn:aws:iam::123456789012:role/mssql-backup-role-for-db-a"
+
   - name: db-b
     database: db_b
     port: 1433
@@ -49,3 +65,5 @@ databases:
         memory: 4Gi
       limits:
         memory: 4Gi
+    backup:
+      enabled: false
diff --git a/mssql/templates/backup-configmap.yaml b/mssql/templates/backup-configmap.yaml
@@ -0,0 +1,55 @@
+{{- range .Values.databases }}
+{{- if .backup.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .name }}-backup-script
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .name }}-backup
+data:
+  backup-script.sh: |
+    #!/bin/bash
+    set -eo pipefail
+
+    # --- Configuration ---
+    DB_SERVER="{{ .name }}-svc"
+    DB_DATABASE="{{ .database }}"
+    DB_USER="sa"
+    DB_PASSWORD="${MSSQL_SA_PASSWORD}"
+
+    # S3 Backup details from values
+    S3_BUCKET="{{ .backup.s3Bucket }}"
+    S3_REGION="{{ .backup.s3Region }}"
+    S3_ENDPOINT="${S3_BUCKET}.s3.${S3_REGION}.amazonaws.com"
+    BACKUP_FILENAME="${DB_DATABASE}-$(date +%Y-%m-%d-%H-%M-%S).bak"
+    S3_URL="s3://${S3_ENDPOINT}/backups/${BACKUP_FILENAME}"
+    CREDENTIAL_NAME="s3://${S3_ENDPOINT}"
+
+    echo "Starting backup for database [${DB_DATABASE}] to ${S3_URL}"
+
+    # --- T-SQL Commands ---
+    CREATE_CREDENTIAL_SQL="
+    IF NOT EXISTS (SELECT 1 FROM sys.credentials WHERE name = '${CREDENTIAL_NAME}')
+    BEGIN
+      CREATE CREDENTIAL [${CREDENTIAL_NAME}]
+      WITH IDENTITY = 'S3 Access Key',
+      SECRET = '${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}'
+    END"
+
+    BACKUP_DATABASE_SQL="
+    BACKUP DATABASE [${DB_DATABASE}]
+    TO URL = '${S3_URL}'
+    WITH FORMAT, COMPRESSION, STATS = 10, MAXTRANSFERSIZE = 20971520;"
+
+    # --- Execution ---
+    echo "Ensuring S3 credential exists..."
+    sqlcmd -S "${DB_SERVER}" -U "${DB_USER}" -P "${DB_PASSWORD}" -Q "${CREATE_CREDENTIAL_SQL}" -b -C
+
+    echo "Executing backup..."
+    sqlcmd -S "${DB_SERVER}" -U "${DB_USER}" -P "${DB_PASSWORD}" -Q "${BACKUP_DATABASE_SQL}" -b -C -t 600
+
+    echo "Backup of [${DB_DATABASE}] completed successfully."
+{{- end }}
+{{- end }}
diff --git a/mssql/templates/cronjob.yaml b/mssql/templates/cronjob.yaml
@@ -0,0 +1,46 @@
+{{- range .Values.databases }}
+{{- if .backup.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .name }}-backup-cronjob
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .name }}-backup
+spec:
+  schedule: {{ .backup.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: {{ .name }}-backup
+        spec:
+          serviceAccountName: {{ .backup.serviceAccount.name | default (printf "%s-backup-sa" .name) }}
+          restartPolicy: OnFailure
+          containers:
+          - name: mssql-backup
+            image: "{{ .backup.image.repository }}:{{ .backup.image.tag }}"
+            imagePullPolicy: {{ .backup.image.pullPolicy }}
+            command: ["/bin/bash", "-c", "/scripts/backup-script.sh"]
+            env:
+              # Mount the database password from the specified secret
+              - name: MSSQL_SA_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ .secretName }}
+                    key: {{ .secretKey }}
+            volumeMounts:
+            - name: backup-script-volume
+              mountPath: /scripts
+          volumes:
+          - name: backup-script-volume
+            configMap:
+              name: {{ .name }}-backup-script
+              defaultMode: 0755
+{{- end }}
+{{- end }}
diff --git a/mssql/templates/serviceaccount.yaml b/mssql/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{- range .Values.databases }}
+{{- if and .backup.enabled .backup.serviceAccount.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .backup.serviceAccount.name | default (printf "%s-backup-sa" .name) }}
+  namespace: {{ $.Release.Namespace }}
+  annotations:
+    {{- toYaml .backup.serviceAccount.annotations | nindent 4 }}
+  labels:
+    app.kubernetes.io/name: {{ .name }}-backup
+{{- end }}
+{{- end }}
