adds clickhouse backup job

Sage-Bionetworks-Workflows · Nov 11, 2024 · 87519d6 · 87519d6
1 parent 9c50599
commit 87519d6
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/modules/signoz-fluxcd/main.tf b/modules/signoz-fluxcd/main.tf
@@ -35,6 +35,16 @@ resource "kubernetes_config_map" "signoz-values" {
 
 }
 
+resource "kubernetes_service_account" "clickhouse-backup-service-account" {
+  metadata {
+    name      = "clickhouse-backup"
+    namespace = var.namespace
+    annotations = {
+      "eks.amazonaws.com/role-arn" = "arn:aws:iam::${var.aws_account_id}:role/clickhouse-backup-access-role"
+    }
+  }
+}
+
 resource "kubectl_manifest" "signoz-helm-release" {
   depends_on = [kubernetes_namespace.signoz]
 
@@ -66,6 +76,23 @@ spec:
       name: clickhouse-admin-password
       valuesKey: password
       targetPath: clickhouse.password
+    - kind: Secret
+      name: aws-credentials
+      valuesKey: aws_access_key_id
+      targetPath: clickhouse.s3.accessKey
+    - kind: Secret
+      name: aws-credentials
+      valuesKey: aws_secret_access_key
+      targetPath: clickhouse.s3.secretKey
+  postRenderers:
+    - kustomize:
+        patches:
+          - target:
+              version: v1
+              kind: Deployment
+              name: clickhouse-backup
+            patch: |
+              ${file("${path.module}/templates/clickhouse-backup-patch.yaml")}
 YAML
 }
 
@@ -173,3 +200,15 @@ resource "kubernetes_secret" "clickhouse-admin-password" {
 
   depends_on = [kubernetes_namespace.signoz]
 }
+
+resource "kubernetes_secret" "aws_credentials" {
+  metadata {
+    name      = "aws-credentials"
+    namespace = var.namespace
+  }
+
+  data = {
+    aws_access_key_id     = var.aws_access_key_id
+    aws_secret_access_key = var.aws_secret_access_key
+  }
+}
diff --git a/modules/signoz-fluxcd/templates/clickhouse-backup-patch.yaml b/modules/signoz-fluxcd/templates/clickhouse-backup-patch.yaml
@@ -0,0 +1,30 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: clickhouse-backup
+spec:
+  schedule: "0 0 * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: clickhouse-backup
+            image: aws/aws-cli:2.8.12
+            command:
+            - /bin/sh
+            - -c
+            - |
+              aws s3 mb s3://clickhouse-backup-${aws_account_id}
+              aws s3 sync /data/clickhouse-backup s3://clickhouse-backup-${aws_account_id}
+            volumeMounts:
+            - name: backup-data
+              mountPath: /data/clickhouse-backup
+          volumes:
+          - name: backup-data
+            emptyDir: {}
+          serviceAccountName: clickhouse-backup-service-account
+          restartPolicy: OnFailure
diff --git a/modules/signoz-fluxcd/templates/values.yaml b/modules/signoz-fluxcd/templates/values.yaml
@@ -41,6 +41,11 @@ imagePullSecrets: []
 clickhouse:
   # -- Whether to install clickhouse. If false, `clickhouse.host` must be set
   enabled: true
+  storage:
+  type: s3
+  endpoint: s3.amazonaws.com
+  bucket: clickhouse-backup-${aws_account_id}
+  region: us-east-1
 
   # Zookeeper default values
   # Ref: https://github.com/bitnami/charts/blob/main/bitnami/zookeeper/values.yaml