From e988790a79d3cc69cec873d13a69ed1a04e39ce4 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:32:18 +0530 Subject: [PATCH 01/10] Modify backup job by adding PVC for backup Updated backup-on-azure.yaml to change restart policy to OnFailure, added cleanup for backup tar files, and introduced PersistentVolumeClaim for Azure persistence. --- .../templates/backup-on-azure.yaml | 44 +++++++++++++------ 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/charts/devtron-backups/templates/backup-on-azure.yaml b/charts/devtron-backups/templates/backup-on-azure.yaml index 7613d6ca1..0591140fe 100644 --- a/charts/devtron-backups/templates/backup-on-azure.yaml +++ b/charts/devtron-backups/templates/backup-on-azure.yaml @@ -30,10 +30,6 @@ spec: schedule: {{ .Values.global.schedule }} jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -102,13 +98,18 @@ spec: - /bin/bash - -c {{- if $.Values.global.AZURE.encryption.enabled }} - - set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar.gpg --account-key $AZURE_ACCOUNT_KEY; + - set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar.gpg --account-key $AZURE_ACCOUNT_KEY; rm -rvf /postgres/backup-$date1.tar; {{- else }} - - set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar --account-key $AZURE_ACCOUNT_KEY; + - set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar --account-key $AZURE_ACCOUNT_KEY; rm -rvf /postgres/backup-$date1.tar; {{- end }} volumes: - - name: psql-volume - emptyDir: {} + - name: psql-volume + persistentVolumeClaim: + {{- if and .Values.global.AZURE.PERSISTENCE.enabled .Values.global.AZURE.PERSISTENCE.existingClaim }} + claimName: {{ .Values.global.AZURE.PERSISTENCE.existingClaim }} + {{- else }} + claimName: devtron-backup-pvc + {{- end }} {{- if $.Values.global.nodeSelector }} nodeselector: {{ toYaml .Values.global.nodeSelector | indent 12 }} @@ -117,7 +118,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure {{- end }} --- {{- if .Values.argocd_backup.enabled }} @@ -135,10 +136,6 @@ spec: schedule: {{ .Values.global.schedule }} jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -215,7 +212,26 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure serviceAccountName: {{ .Values.argocd_backup.serviceAccountName }} {{- end }} {{- end }} + + +{{- if and (.Values.global.AZURE.enabled) (.Values.global.AZURE.PERSISTENCE.enabled) (not .Values.global.AZURE.PERSISTENCE.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: devtron-backup-pvc + namespace: devtroncd +spec: + {{- if .Values.global.AZURE.PERSISTENCE.storageClass }} + storageClassName: {{ .Values.global.AZURE.PERSISTENCE.storageClass }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.global.AZURE.PERSISTENCE.size }} +{{- end }} From f70a1e9a1e1773143aa13aed481139568b4208d4 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:33:03 +0530 Subject: [PATCH 02/10] Modify GCP backup job and adding PVC configuration Updated backup job configurations for GCP, including changes to restart policy and added persistent volume claim for backups. --- .../templates/backup-on-gcp.yaml | 47 ++++++++++++------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/charts/devtron-backups/templates/backup-on-gcp.yaml b/charts/devtron-backups/templates/backup-on-gcp.yaml index 70341fc41..4a3ca0701 100644 --- a/charts/devtron-backups/templates/backup-on-gcp.yaml +++ b/charts/devtron-backups/templates/backup-on-gcp.yaml @@ -28,10 +28,6 @@ spec: schedule: "{{ .Values.global.schedule }}" jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -90,14 +86,19 @@ spec: - /bin/bash - -c {{- if $.Values.global.GCP.encryption.enabled }} - - set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; gsutil cp /postgres/backup-$date1.tar.gpg gs://$GCS_BUCKET/postgres/; + - set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; gsutil cp /postgres/backup-$date1.tar.gpg gs://$GCS_BUCKET/postgres/; rm -rvf /postgres/backup-$date1.tar.gpg; {{- else}} - - set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; gsutil cp /postgres/backup-$date1.tar gs://$GCS_BUCKET/postgres/; + - set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; gsutil cp /postgres/backup-$date1.tar gs://$GCS_BUCKET/postgres/; rm -rvf /postgres/backup-$date1.tar.gpg; {{- end }} volumes: - - name: psql-volume - emptyDir: {} - {{- if $.Values.global.nodeSelector }} + - name: psql-volume + persistentVolumeClaim: + {{- if and .Values.global.GCP.PERSISTENCE.enabled .Values.global.GCP.PERSISTENCE.existingClaim }} + claimName: {{ .Values.global.GCP.PERSISTENCE.existingClaim }} + {{- else }} + claimName: devtron-backup-pvc + {{- end }} + {{- if $.Values.global.nodeSelector }} nodeselector: {{ toYaml .Values.global.nodeSelector | indent 12 }} {{- end }} @@ -105,7 +106,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure serviceAccountName: {{ .Values.postgres_backup.serviceAccountName | default "default" }} {{- end }} --- @@ -124,10 +125,6 @@ spec: schedule: "{{ .Values.global.schedule }}" jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -196,7 +193,25 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure serviceAccountName: {{ .Values.argocd_backup.serviceAccountName }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{- if and (.Values.global.GCP.enabled) (.Values.global.GCP.PERSISTENCE.enabled) (not .Values.global.GCP.PERSISTENCE.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: devtron-backup-pvc + namespace: devtroncd +spec: + {{- if .Values.global.GCP.PERSISTENCE.storageClass }} + storageClassName: {{ .Values.global.GCP.PERSISTENCE.storageClass }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.global.GCP.PERSISTENCE.size }} +{{- end }} From 0d0ca23dfa7fdc28a2c4d6e5c4bdda858fe710d3 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:33:21 +0530 Subject: [PATCH 03/10] Modify backup-on-pvc.yaml for job settings Updated backup job configuration to handle extra configurations and changed the restart policy to OnFailure. --- charts/devtron-backups/templates/backup-on-pvc.yaml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/charts/devtron-backups/templates/backup-on-pvc.yaml b/charts/devtron-backups/templates/backup-on-pvc.yaml index 438fd60fb..86f988745 100644 --- a/charts/devtron-backups/templates/backup-on-pvc.yaml +++ b/charts/devtron-backups/templates/backup-on-pvc.yaml @@ -14,9 +14,6 @@ spec: schedule: {{ .Values.global.schedule }} jobTemplate: spec: - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -49,7 +46,7 @@ spec: {{- if $.Values.global.PERSISTENCE.encryption.enabled }} - set -ex; mkdir -p /postgres/ ; date1=$(date +%Y%m%d-%H%M); pg_dumpall -h postgresql-postgresql.devtroncd -p 5432 -U postgres --no-privileges > /postgres/backup-$date1.tar ; gpg -c --batch --passphrase {{ .Values.global.PERSISTENCE.encryption.passphrase }} /postgres/backup-$date1.tar ; rm -rvf /postgres/backup-$date1.tar; {{- else }} - - set -ex; mkdir -p /postgres/ ; date1=$(date +%Y%m%d-%H%M); pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /postgres/backup-$date1.tar ; + - set -ex; mkdir -p /postgres/ ; date1=$(date +%Y%m%d-%H%M); pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /postgres/backup-$date1.tar ; rm -rvf /postgres/backup-$date1.tar; {{- end }} resources: {{ toYaml .Values.postgres_backup.resources | indent 12 }} @@ -69,7 +66,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure {{- end }} {{- if and (.Values.global.PERSISTENCE.enabled) (not .Values.global.PERSISTENCE.existingClaim) }} --- @@ -104,10 +101,6 @@ spec: schedule: {{ .Values.global.schedule }} jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -155,7 +148,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure serviceAccountName: argocd-backup {{- end }} {{- end }} From b49d118e876413e4fb185159c83630636b62be06 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:33:59 +0530 Subject: [PATCH 04/10] Modify S3 backup configuration and add PVC Updated backup-on-s3.yaml to conditionally set AWS_ACCESS_KEY and AWS_SECRET_KEY based on NODE_ROLE. Changed restartPolicy from Never to OnFailure and added PersistentVolumeClaim for S3 backups. --- .../templates/backup-on-s3.yaml | 41 +++++++++++++------ 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/charts/devtron-backups/templates/backup-on-s3.yaml b/charts/devtron-backups/templates/backup-on-s3.yaml index 7f5a3efcb..108d68b47 100644 --- a/charts/devtron-backups/templates/backup-on-s3.yaml +++ b/charts/devtron-backups/templates/backup-on-s3.yaml @@ -8,7 +8,7 @@ metadata: type: Opaque data: S3_BUCKET_NAME: {{ .Values.global.S3.S3_BUCKET_NAME | b64enc }} - {{- if .Values.global.S3.S3_ACCESS_KEY }} + {{- if eq .Values.global.S3.NODE_ROLE "false" }} AWS_ACCESS_KEY: {{ .Values.global.S3.S3_ACCESS_KEY | b64enc }} AWS_SECRET_KEY: {{ .Values.global.S3.S3_SECRET_KEY | b64enc }} {{- end }} @@ -33,10 +33,6 @@ spec: schedule: "{{ .Values.global.schedule }}" jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -115,7 +111,12 @@ spec: {{ include "devtron.postgresBackup" . | indent 6 }} volumes: - name: psql-volume - emptyDir: {} + persistentVolumeClaim: + {{- if and .Values.global.S3.PERSISTENCE.enabled .Values.global.S3.PERSISTENCE.existingClaim }} + claimName: {{ .Values.global.S3.PERSISTENCE.existingClaim }} + {{- else }} + claimName: devtron-backup-pvc + {{- end }} {{- if $.Values.global.nodeSelector }} nodeselector: {{ toYaml .Values.global.nodeSelector | indent 12 }} @@ -124,7 +125,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure {{- end }} --- {{- if .Values.argocd_backup.enabled }} @@ -142,10 +143,6 @@ spec: schedule: "{{ .Values.global.schedule }}" jobTemplate: spec: - backoffLimit: 0 - {{- if $.Values.global.extraConfig }} -{{ toYaml $.Values.global.extraConfig | indent 6 }} - {{- end }} template: {{- if or $.Values.postgres_backup.labels $.Values.postgres_backup.annotations }} metadata: @@ -227,7 +224,25 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 12 }} {{- end }} - restartPolicy: Never + restartPolicy: OnFailure serviceAccountName: {{ .Values.argocd_backup.serviceAccountName }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{- if and (.Values.global.S3.enabled) (.Values.global.S3.PERSISTENCE.enabled) (not .Values.global.S3.PERSISTENCE.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: devtron-backup-pvc + namespace: devtroncd +spec: + {{- if .Values.global.S3.PERSISTENCE.storageClass }} + storageClassName: {{ .Values.global.S3.PERSISTENCE.storageClass }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.global.S3.PERSISTENCE.size }} +{{- end }} From 6e62de8dc1bbb477bd93d00adea20af20f123356 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:34:34 +0530 Subject: [PATCH 05/10] Enhance postgres backup script with cleanup Added cleanup of backup files after S3 upload. --- charts/devtron-backups/templates/_helpers.tpl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/devtron-backups/templates/_helpers.tpl b/charts/devtron-backups/templates/_helpers.tpl index 03f69d724..d4ac3fba2 100644 --- a/charts/devtron-backups/templates/_helpers.tpl +++ b/charts/devtron-backups/templates/_helpers.tpl @@ -2,29 +2,29 @@ {{- if .Values.global.S3.CA_BUNDLE }} {{- if .Values.global.S3.S3_ENDPOINT }} {{- if .Values.global.S3.encryption.enabled }} - set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }} --ca-bundle $AWS_CA_BUNDLE; + set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }} --ca-bundle $AWS_CA_BUNDLE; rm -rvf /postgres/backup-$date1.tar.gpg; {{- else }} - set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }} --ca-bundle $AWS_CA_BUNDLE; + set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }} --ca-bundle $AWS_CA_BUNDLE; rm -rvf /postgres/backup-$date1.tar.gpg; {{- end }} {{- else}} {{- if .Values.global.S3.encryption.enabled }} - set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ ; + set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ ; rm -rvf /postgres/backup-$date1.tar.gpg; {{- else}} - set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/; + set -ex; date1=$(date +%Y%m%d-%H%M); path=$(pwd); echo "$CA_BUNDLE" > /cabundle.pem; export AWS_CA_BUNDLE=/cabundle.pem; mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/; rm -rvf /postgres/backup-$date1.tar.gpg; {{- end }} {{- end }} {{- else }} {{- if .Values.global.S3.S3_ENDPOINT }} {{- if .Values.global.S3.encryption.enabled }} - set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }}; + set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }}; rm -rvf /postgres/backup-$date1.tar.gpg; {{- else}} - set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }}; + set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/ --endpoint-url {{ .Values.global.S3.S3_ENDPOINT }}; rm -rvf /postgres/backup-$date1.tar.gpg; {{- end }} {{- else}} {{- if .Values.global.S3.encryption.enabled }} - set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/; + set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.S3.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; aws s3 cp /postgres/backup-$date1.tar.gpg s3://$S3_BUCKET/postgres/; rm -rvf /postgres/backup-$date1.tar.gpg; {{- else}} - set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/; + set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; aws s3 cp /postgres/backup-$date1.tar s3://$S3_BUCKET/postgres/; rm -rvf /postgres/backup-$date1.tar.gpg; {{- end }} {{- end }} {{- end }} @@ -60,4 +60,4 @@ {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From d7f81de393f2b2a806f7bf8a7812497092be6352 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:34:59 +0530 Subject: [PATCH 06/10] Update serviceaccount.yaml --- charts/devtron-backups/templates/serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/devtron-backups/templates/serviceaccount.yaml b/charts/devtron-backups/templates/serviceaccount.yaml index 427a15f3a..f991e81af 100644 --- a/charts/devtron-backups/templates/serviceaccount.yaml +++ b/charts/devtron-backups/templates/serviceaccount.yaml @@ -48,4 +48,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.argocd_backup.serviceAccountName }} -{{- end }} \ No newline at end of file +{{- end }} From 12370638fe34f3b62a1976a6e15df5b2e2672efb Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:36:13 +0530 Subject: [PATCH 07/10] Update S3 settings and resource limits in values.yaml Updated S3 configuration to enable encryption and set default values for NODE_ROLE and PERSISTENCE. Adjusted resource limits for postgres_backup and argocd_backup. --- charts/devtron-backups/values.yaml | 37 +++++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/charts/devtron-backups/values.yaml b/charts/devtron-backups/values.yaml index 9ad2c813c..c3c66d81e 100644 --- a/charts/devtron-backups/values.yaml +++ b/charts/devtron-backups/values.yaml @@ -5,8 +5,6 @@ global: S3: # give the endpoint in case of non AWS storages with s3 protocol enabled: false - - # If S3_ACCESS_KEY and S3_SECRET_KEY are set, they'll be used; otherwise, the node's IAM role will be used by default. S3_BUCKET_NAME: "" S3_ACCESS_KEY: "" S3_SECRET_KEY: "" @@ -15,10 +13,17 @@ global: CA_BUNDLE: "" # CA_BUNDLE: "-----BEGIN CERTIFICATE-----\nMIIDcDfghjklcvbnm,tryupE+mz30g=\n-----END CERTIFICATE-----" # set true if node has access of buckets + #defaults to true, set false and specify S3_ACCESS_KEY & S3_SECRET_KEY if node does not have bucket access + NODE_ROLE: "true" + PERSISTENCE: + enabled: true + existingClaim: "" # Required if existingClaim is not used + size: "" # Required if existingClaim is not used + storageClass: "" # passphrase used to encrypt/decrypt the file (encryption is done by gpg) encryption: - enabled: false - passphrase: "" + enabled: true + passphrase: "devtron-backup" # image: quay.io/devtron/k8s-utils:ubuntu-aws-cli #default amd # image: quay.io/devtron/k8s-utils:0b9f5ba5-395-11405 #arm AZURE: @@ -27,6 +32,11 @@ global: AZURE_ACCOUNT_KEY: "" AZURE_BLOB_CONTAINER_FOR_POSTGRES: "" AZURE_BLOB_CONTAINER_FOR_ARGOCD: "" + PERSISTENCE: + enabled: false + existingClaim: "" + # size: 30Gi # Required if existingClaim is not used + storageClass: "" # Required if existingClaim is not used encryption: enabled: false # Recommended passphrase: "" # Required if encryption is enabled @@ -66,21 +76,19 @@ global: timezone: "" #Set the timezone for scheduling the cronJob. # default UTC - extraConfig: {} - #Pass any additional custom fields under jobTemplate.spec in the Kubernetes CronJob spec. argocdversion: v2 postgres_backup: # Reference to secret which as postgresql password in PG_PASSWORD key secretName: "devtron-secret" enabled: true - resources: + resources: requests: cpu: 100m memory: 100Mi - # limits: - # cpu: 100m - # memory: 100Mi + limits: + cpu: 100m + memory: 100Mi labels: {} # key: "example-value" annotations: {} @@ -92,13 +100,13 @@ postgres_backup: argocd_backup: serviceAccountName: "argocd-backup" enabled: false - resources: + resources: requests: cpu: 100m memory: 100Mi - # limits: - # cpu: 100m - # memory: 100Mi + limits: + cpu: 100m + memory: 100Mi labels: {} # key: "example-value" annotations: {} @@ -110,3 +118,4 @@ argocd_backup: # argocdImage: argoproj/argocd:v1.8.1 #(image for argo-V1) # args: argocd-util export --namespace devtroncd > /argocd/backup.yaml; #(argo-V1) + From 442adb6b961f7b7f201383b5ebae2e179158b07b Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:36:40 +0530 Subject: [PATCH 08/10] Bump version to 0.2.9 in Chart.yaml --- charts/devtron-backups/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/devtron-backups/Chart.yaml b/charts/devtron-backups/Chart.yaml index 8f08afa0f..1d0d85cd9 100644 --- a/charts/devtron-backups/Chart.yaml +++ b/charts/devtron-backups/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v2 appVersion: "2.0" description: A Helm chart for Devtron Backups name: devtron-backups -version: 0.2.8 +version: 0.2.9 From c5e8a21ff22bea0f87fbb0d1f1d448b6f01b6f68 Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:40:05 +0530 Subject: [PATCH 09/10] Update devtron-backups version to 0.2.9 --- charts/devtron-utilities/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/devtron-utilities/Chart.yaml b/charts/devtron-utilities/Chart.yaml index 6814e7370..d4146efdf 100644 --- a/charts/devtron-utilities/Chart.yaml +++ b/charts/devtron-utilities/Chart.yaml @@ -47,7 +47,7 @@ dependencies: repository: https://helm.devtron.ai/ condition: k8s-shield.enabled - name: devtron-backups - version: "0.2.5" + version: "0.2.9" repository: https://helm.devtron.ai/ condition: devtron-backups.enabled - name: devtron-generic-helm From 7e9bcf579190007d5a870e7f4951dacb7133e2ca Mon Sep 17 00:00:00 2001 From: Yashasvi17 <155513200+YashasviDevtron@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:41:41 +0530 Subject: [PATCH 10/10] Modify values.yaml for custom labels and backups Added custom selector labels and updated AWS region and postgres backup settings. --- charts/devtron-utilities/values.yaml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/devtron-utilities/values.yaml b/charts/devtron-utilities/values.yaml index 83bc19159..5a52e2306 100644 --- a/charts/devtron-utilities/values.yaml +++ b/charts/devtron-utilities/values.yaml @@ -7,6 +7,7 @@ aws-load-balancer-controller: vpcId: "" ingressClass: alb defaultTargetType: instance + customSelectorLabels: {} # Default values for nginx configuration ingress-nginx: @@ -222,14 +223,20 @@ devtron-backups: S3: enabled: false S3_BUCKET_NAME: "" - AWS_REGION: "ap-south-1" + AWS_REGION: "" NODE_ROLE: "true" + PERSISTENCE: + enabled: true + existingClaim: "" # Required if existingClaim is not used + size: 30Gi # Required if existingClaim is not used + storageClass: "" # Required if existingClaim is not used encryption: enabled: false passphrase: "" + postgres_backup: secretName: "postgres-creds-3" - enabled: false + enabled: true argocd_backup: enabled: false @@ -240,4 +247,4 @@ holmes-ai: value: gpt-4o-mini k8s-shield: - enabled: false \ No newline at end of file + enabled: false