kustomize: add db backup

kustomize/DBDump.dockerfile

@@ -0,0 +1,8 @@
+FROM postgres:16.3-alpine
+
+WORKDIR /
+
+RUN apk add --no-cache curl python3 &&\
+  curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-arm.tar.gz &&\
+  tar -xf google-cloud-cli-linux-arm.tar.gz &&\
+  /google-cloud-sdk/install.sh

kustomize/dbBackup.yaml

@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: db-backup
+  namespace: cherrypick
+spec:
+  schedule: "0 4,16 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          volumes:
+            - name: creds
+              secret:
+                secretName: gcloud
+                items:
+                - key: creds
+                  path: creds.json
+            - name: pgpass-volume
+              secret:
+                secretName: pgpass-secret
+                defaultMode: 384
+          containers:
+            - name: db-backup
+              image: juunini/postgres-gsutil:latest
+              env:
+                - name: PGPASSFILE
+                  value: /.pgpass
+                - name: GOOGLE_APPLICATION_CREDENTIALS
+                  value: /etc/gcp/creds.json
+              command:
+                - /bin/bash
+                - -c
+              args:
+                - mkdir backup && pg_dump -Fc -C -h postgres.cherrypick.svc -U postgres -d cherrypick -f /backup/$(date '+%Y-%m-%d-%H-%M').dump && /google-cloud-sdk/bin/gcloud auth activate-service-account --key-file /etc/gcp/creds.json && /google-cloud-sdk/bin/gsutil cp /backup/*.dump gs://yodangang-express-backup/postgres/
+              resources:
+                requests:
+                  cpu: 500m
+                  memory: 1Gi
+              volumeMounts:
+                - name: creds
+                  mountPath: /etc/gcp
+                  readOnly: true
+                - name: pgpass-volume
+                  mountPath: /.pgpass
+                  subPath: .pgpass
+                  readOnly: true
+          restartPolicy: OnFailure

kustomize/kustomization.yaml

@@ -5,10 +5,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - secret.yaml
   - postgres.yaml
   - redis.yaml
   - deployment.yaml
   - hpa.yaml
   - service.yaml
   - issuer.yaml
   - ingress.yaml
+  - dbBackup.yaml

kustomize/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1 
+kind: Secret 
+metadata: 
+  name: pgpass-secret 
+  namespace: cherrypick
+type: Opaque 
+data: 
+  .pgpass: cG9zdGdyZXMuY2hlcnJ5cGljay5zdmM6NTQzMjpjaGVycnlwaWNrOnBvc3RncmVzOjEyMzQ=