Docker container uses cron and psql
to do a database backup and then write the backup to object storage using the gcloud
cli.
- create a service account that has a
Storage -> Storage Object Creator
role - download the
.json
key file and save it
You can now either:
- add the key to a custom image
FROM binocarlos/gcloud-psql-cron
- mount the key as a Docker volume
- use k8s secrets
You end up with a file that contains the key.
To configure the container:
$ docker run
-e SERVICE_ACCOUNT_EMAIL=... \
-e SERVICE_ACCOUNT_KEY_FILE=/service-account-key.json \
-v ./mykey.json:/service-account-key.json \
binocarlos/gcloud-psql-cron
vars:
SERVICE_ACCOUNT_EMAIL
- email associated with the service accountSERVICE_ACCOUNT_KEY_FILE
- path to the file containing the private key for the service accountSERVICE_ACCOUNT_PROJECT
- gcloud projectSERVICE_ACCOUNT_STORAGE_BUCKET
- the storage bucket to save the backupsPOSTGRES_SERVICE_HOST
- hostname for the postgres databasePOSTGRES_SERVICE_USER
- postgres userPOSTGRES_SERVICE_PASSWORD
- postgres passwordPOSTGRES_SERVICE_DATABASE
- postgres database
You can control when the backup happens by adding a custom cronfile to /cron/crontab
that points to the /app/backup.sh
script.
Here is the default crontab that runs every hour:
0 * * * * /app/backup.sh
MIT