We value your privacy
Installs database backup components in Kubernetes, creates the following resources:
CronJobConfigMap (generated from flexible number of environment variables)ServiceAccount (optional)PersistentVolumeClaim (optional)Make sure to create a secret for sensitive variables (like passwords and keys). Copy the default values.yaml somewhere, edit the new file accordingly, and proceed with installation. You can always use --set directive for helm upgrade or helm install commands to avoid storing values files in a repository.
Make the charts discoverable by adding the repository to your list:
shellhelm repo add corewide https://solutions.corewide.com/helm/
Chart values (see the table below) can be passed one by one using --set argument or via
a configuration file. You can create one based on the defaults using the following command:
shellhelm show values corewide/db-backup > values.yaml
Install the chart after editing your values.yaml:
shellhelm repo update
helm install corewide/db-backup --version 1.1.3 -f values.yaml
Define Helm provider configuration in your project code, then:
hclresource "helm_release" "db_backup" {
name = "db-backup"
repository = "oci://oci.corewide.com/helm"
chart = "db-backup"
version = "1.1.3"
# define your values as set blocks:
set {
...
}
}
| Database Backup | $500 |
Installs database backup components in Kubernetes, creates the following resources:
CronJobConfigMap (generated from flexible number of environment variables)ServiceAccount (optional)PersistentVolumeClaim (optional)Make sure to create a secret for sensitive variables (like passwords and keys). Copy the default values.yaml somewhere, edit the new file accordingly, and proceed with installation. You can always use --set directive for helm upgrade or helm install commands to avoid storing values files in a repository.
All notable changes to this project are documented here.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
ServiceAccount default name in Helm chartpersistence.accessMode valuepersistence.storageClass valueInitial version:
Azure CosmosDB offers MongoDB with different architecture types that require their own connection settings.
For Request Unit (RU) architecture:
yaml# cosmosdb-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: cosmosdb-mongodb
data:
DB_HOST: <database-cluster>.mongo.cosmos.azure.com
DB_NAME: <database-name>
DB_USER: <database-username>
DB_PASSWORD: <database-user-password>
DB_PORT: 27017
MONGO_URI_OPTIONS: tls=true&authMechanism=SCRAM-SHA-256&retrywrites=false&maxIdleTimeMS=120000&authSource=admin
For vCore architecture:
yaml# cosmosdb-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: cosmosdb-mongodb
data:
DB_HOST: <database-cluster>.mongo.cosmos.azure.com
DB_NAME: <database-name>
DB_USER: <database-username>
DB_PASSWORD: <database-user-password>
MONGO_USE_SRV: true
Define backup configuration in values.yaml and use it to install Helm release:
yamldbType: "mongodb"
imagePullSecrets:
- name: corewide
env:
STORAGE_ACCOUNT: mongodb-backup
STORAGE_TYPE: "azureblob"
STORAGE_PROVIDER: "azure"
STORAGE_BUCKET_NAME: mongodb-backup
STORAGE_ENV_AUTH: true
BACKUP_FILENAME_PREFIX: daily
RETENTION_PERIOD: 14d
secretNamesForEnvFrom:
- cosmosdb-mongodb
serviceAccount:
create: false # in this example, defined externally
enable: true
name: mongodb-backup
podLabels:
azure.workload.identity/use: "true"
schedule: "0 1 * * *"
Make sure that ServiceAccount mongodb-backup you create has the following annotations to use MS Entra Workload ID:
yamlannotations:
azure.workload.identity/client-id: <azure-rm-client-id>
azure.workload.identity/tenant-id: <azure-rm-tenant-id>
Example values.yaml relying on AWS-level RBAC to authenticate at S3:
yamldbType: postgres
dbVersion: "16"
imagePullSecrets:
- name: corewide
env:
PER_TABLE_BACKUP: true
STORAGE_BUCKET_DIR: production-backups
STORAGE_ENV_AUTH: true
STORAGE_PROVIDER: AWS
STORAGE_REGION: us-east-1
STORAGE_TYPE: s3
persistence:
enable: true
volumeSize: 500
schedule: 0 7 * * *
secretNamesForEnvFrom:
- postgres-credentials
serviceAccount:
create: true
enable: true
name: database-backups
Prepare a Kubernetes Secret with DO Spaces credentials:
yaml# spaces-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: spaces-access-keys
data:
STORAGE_SECRET_ACCESS_KEY: <base64-encoded-storage-access-key>
STORAGE_ACCESS_KEY_ID: <base64-encoded-storage-access-key-id>
And another with PostgreSQL access credentials:
yaml# postgres-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: postgres-backup-credentials
data:
DB_HOST: <postgres-host>
DB_PORT: 25060
DB_NAME: production
DB_USER: admin
DB_PASSWORD: <sensitive>
PGSSLMODE: require
Deploy both:
bashkubectl create namespace backups
kubectl -n backups apply -f spaces-secret.yaml
kubectl -n backups apply -f postgres-secret.yaml
Define backup configuration in values.yaml and use it to install Helm release:
yamldbType: "postgres"
dbVersion: "15"
imagePullSecrets:
- name: corewide
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
env:
STORAGE_TYPE: s3
STORAGE_BUCKET_DIR: backups
STORAGE_PROVIDER: DigitalOcean
STORAGE_ENDPOINT: nyc3.digitaloceanspaces.com
BACKUP_FILENAME_PREFIX: daily
secretNamesForEnvFrom:
- postgres-backup-credentials
- spaces-access-keys
schedule: "0 1 * * *"
| Parameter | Type | Description | Default |
|---|---|---|---|
dbType |
string |
A database type to backup (supported: postgres, postgres-legacy, mysql, mongodb) |
postgres |
dbVersion |
string |
A database version to backup | |
appVersion |
string |
Docker image version to override the default appVersion from the chart |
|
image |
map |
A block that describes Docker image pod configuration | |
image.repository |
string |
Address of Docker image repository | oci.corewide.com/docker/db-backup |
image.pullPolicy |
string |
Conditions for pulling new container images | Always |
imagePullSecrets |
list |
Reference to secret with access credentials of Docker image Container Registry | [] |
podAnnotations |
map |
Annotations to attach to pods deployed by the chart | {} |
podSecurityContext |
map |
Security context parameters to pass to pods deployed by the chart | {} |
podLabels |
map |
Provide custom labels to created pod | {} |
securityContext |
map |
Security context parameters to pass to containers in pods deployed by the chart | {} |
resources |
map |
Container resource parameters to pass to application pods | {} |
nodeSelector |
map |
Node selector to attach to pods deployed by the chart | {} |
tolerations |
list(map) |
List of toleration policies to attach to pods deployed by the chart | [] |
affinity |
map |
Set of node affinity parameters for pods deployed by the chart | {} |
successfulJobsHistoryLimit |
int |
How many completed jobs will be kept | 7 |
failedJobsHistoryLimit |
int |
How many failed jobs will be kept | 3 |
env |
map |
Environment variables to pass to the containers of application pods | {} |
secretNamesForEnvFrom |
list(string) |
List of secrets to populate container environment with | [] |
schedule |
string |
A schedule to run backup | "0 0 * * *" |
serviceAccount |
map |
A block that describes ServiceAccount configuration |
|
serviceAccount.enable |
string |
Specifies whether a service account should be used | true |
serviceAccount.create |
string |
Specifies whether a service account should be created | false |
serviceAccount.annotations |
map |
Annotations to add to the service account | {} |
serviceAccount.name |
string |
The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the fullname template |
|
persistence |
map |
A block that describes PersistenceVolumeClaim configuration |
|
persistence.enable |
string |
Specifies whether PersistenceVolumeClaim should be created |
false |
persistence.storageClassName |
string |
Specifies a storageClass name for persistent volume that will be created. If empty, the default one will be used |
|
persistence.volumeSize |
int |
A persistent volume storage size, Gi | 20 |
persistence.accessMode |
string |
Access mode of the attached volume | ReadWriteOnce |