From 278c4685cfb4c5d0135e56ed95f553828fd639fd Mon Sep 17 00:00:00 2001
From: Jonas Kaninda <jonaskaninda@gmail.com>
Date: Wed, 14 Aug 2024 21:30:29 +0200
Subject: [PATCH 1/2] Fix encryption permission issue on Openshift

---
 README.md                | 94 ++++++++++++++++++++--------------------
 docker/Dockerfile        | 26 +++++++++--
 pkg/backup.go            |  4 +-
 pkg/scripts.go           |  2 +-
 scripts/backup_script.sh |  8 ----
 5 files changed, 73 insertions(+), 61 deletions(-)
 delete mode 100755 scripts/backup_script.sh

diff --git a/README.md b/README.md
index f3448b5..c48505a 100644
--- a/README.md
+++ b/README.md
@@ -79,59 +79,61 @@ networks:
 ```
 ## Deploy on Kubernetes
 
-For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as CronJob.
+For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as Job or CronJob.
 
-### Simple Kubernetes CronJob usage:
+### Simple Kubernetes backup Job :
 
 ```yaml
 apiVersion: batch/v1
-kind: CronJob
+kind: Job
 metadata:
-  name: backup-job
+  name: backup
 spec:
-  schedule: "0 1 * * *"
-  jobTemplate:
+  template:
     spec:
-      template:
-        spec:
-          containers:
-          - name: pg-bkup
-            # In production, it is advised to lock your image tag to a proper
-            # release version instead of using `latest`.
-            # Check https://github.com/jkaninda/pg-bkup/releases
-            # for a list of available releases.
-            image: jkaninda/pg-bkup
-            command:
-              - bkup
-              - backup
-              - --storage
-              - s3
-              - --disable-compression
-            env:
-              - name: DB_PORT
-                value: "5432" 
-              - name: DB_HOST
-                value: ""
-              - name: DB_NAME
-                value: ""
-              - name: DB_USERNAME
-                value: ""
-              # Please use secret!
-              - name: DB_PASSWORD
-                value: ""
-              - name: AWS_S3_ENDPOINT
-                value: "https://s3.amazonaws.com"
-              - name: AWS_S3_BUCKET_NAME
-                value: "xxx"
-              - name: AWS_REGION
-                value: "us-west-2"    
-              - name: AWS_ACCESS_KEY
-                value: "xxxx"        
-              - name: AWS_SECRET_KEY
-                value: "xxxx"    
-              - name: AWS_DISABLE_SSL
-                value: "false"
-          restartPolicy: Never
+      containers:
+      - name: pg-bkup
+        # In production, it is advised to lock your image tag to a proper
+        # release version instead of using `latest`.
+        # Check https://github.com/jkaninda/pg-bkup/releases
+        # for a list of available releases.
+        image: jkaninda/pg-bkup
+        command:
+        - bkup
+        - backup
+        - --storage
+        - ssh
+        - --disable-compression
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        env:
+          - name: DB_PORT
+            value: "5432"
+          - name: DB_HOST
+            value: ""
+          - name: DB_NAME
+            value: "dbname"
+          - name: DB_USERNAME
+            value: "postgres"
+          # Please use secret!
+          - name: DB_PASSWORD
+            value: ""
+          - name: SSH_HOST_NAME
+            value: "xxx"
+          - name: SSH_PORT
+            value: "22"
+          - name: SSH_USER
+            value: "xxx"
+          - name: SSH_PASSWORD
+            value: "xxxx"
+          - name: SSH_REMOTE_PATH
+            value: "/home/toto/backup"
+          # Optional, required if you want to encrypt your backup
+          - name: GPG_PASSPHRASE
+            value: "xxxx"
+      restartPolicy: Never
 ```
 ## Available image registries
 
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 5bad1be..7c81f8c 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -31,7 +31,9 @@ ENV SSH_HOST_NAME=""
 ENV SSH_IDENTIFY_FILE=""
 ENV SSH_PORT="22"
 ARG DEBIAN_FRONTEND=noninteractive
-ENV VERSION="v1.2.1"
+ENV VERSION="v1.2.2"
+ENV BACKUP_CRON_EXPRESSION=""
+ENV GNUPGHOME="/tmp/gnupg"
 ARG WORKDIR="/app"
 ARG BACKUPDIR="/backup"
 ARG BACKUP_TMP_DIR="/tmp/backup"
@@ -41,21 +43,23 @@ LABEL author="Jonas Kaninda"
 
 RUN apt-get update -qq
 
-RUN apt install postgresql-client postgresql-client-common supervisor cron gnupg -y
+RUN apt install postgresql-client supervisor cron gnupg -y
 
 # Clear cache
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir $WORKDIR
 RUN mkdir $BACKUPDIR
-RUN mkdir -p $BACKUP_TMP_DIR
+RUN mkdir -p $BACKUP_TMP_DIR && \
+  mkdir -p $GNUPGHOME
 RUN chmod 777 $WORKDIR
 RUN chmod 777 $BACKUPDIR
 RUN chmod 777 $BACKUP_TMP_DIR
 RUN touch $BACKUP_CRON && \
     touch $BACKUP_CRON_SCRIPT && \
     chmod 777 $BACKUP_CRON && \
-    chmod 777 $BACKUP_CRON_SCRIPT
+    chmod 777 $BACKUP_CRON_SCRIPT && \
+    chmod 777 $GNUPGHOME
 
 COPY --from=build /app/pg-bkup /usr/local/bin/pg-bkup
 RUN chmod +x /usr/local/bin/pg-bkup
@@ -65,4 +69,18 @@ RUN ln -s /usr/local/bin/pg-bkup /usr/local/bin/bkup
 ADD docker/supervisord.conf /etc/supervisor/supervisord.conf
 
 WORKDIR $WORKDIR
+# Create backup shell script
+COPY <<EOF /usr/local/bin/backup
+#!/bin/sh
+# shellcheck disable=SC2068
+/usr/local/bin/pg-bkup backup $@
+EOF
+# Create restore shell script
+COPY <<EOF /usr/local/bin/restore
+#!/bin/sh
+# shellcheck disable=SC2068
+/usr/local/bin/pg-bkup restore $@
+EOF
+RUN chmod +x /usr/local/bin/backup && \
+    chmod +x /usr/local/bin/restore
 ENTRYPOINT ["/usr/local/bin/pg-bkup"]
diff --git a/pkg/backup.go b/pkg/backup.go
index f0a3afa..e6f2764 100644
--- a/pkg/backup.go
+++ b/pkg/backup.go
@@ -22,7 +22,7 @@ func StartBackup(cmd *cobra.Command) {
 	utils.SetEnv("STORAGE_PATH", storagePath)
 	utils.GetEnv(cmd, "dbname", "DB_NAME")
 	utils.GetEnv(cmd, "port", "DB_PORT")
-	utils.GetEnv(cmd, "period", "SCHEDULE_PERIOD")
+	utils.GetEnv(cmd, "period", "BACKUP_CRON_EXPRESSION")
 
 	//Get flag value and set env
 	remotePath := utils.GetEnv(cmd, "path", "SSH_REMOTE_PATH")
@@ -77,7 +77,7 @@ func scheduledMode(storage string) {
 	fmt.Println("     Starting PostgreSQL Bkup...   ")
 	fmt.Println("***********************************")
 	utils.Info("Running in Scheduled mode")
-	utils.Info("Execution period %s ", os.Getenv("SCHEDULE_PERIOD"))
+	utils.Info("Execution period %s ", os.Getenv("BACKUP_CRON_EXPRESSION"))
 	utils.Info("Storage type %s ", storage)
 
 	//Test database connexion
diff --git a/pkg/scripts.go b/pkg/scripts.go
index 9e0f637..55cc077 100644
--- a/pkg/scripts.go
+++ b/pkg/scripts.go
@@ -56,7 +56,7 @@ set -e
 	}
 
 	cronContent := fmt.Sprintf(`%s root exec /bin/bash -c ". /run/supervisord.env; /usr/local/bin/backup_cron.sh >> %s"
-`, os.Getenv("SCHEDULE_PERIOD"), cronLogFile)
+`, os.Getenv("BACKUP_CRON_EXPRESSION"), cronLogFile)
 
 	if err := utils.WriteToFile(cronJob, cronContent); err != nil {
 		utils.Fatal("Error writing to %s: %v\n", cronJob, err)
diff --git a/scripts/backup_script.sh b/scripts/backup_script.sh
deleted file mode 100755
index 6bc5dc6..0000000
--- a/scripts/backup_script.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-DB_USERNAME='db_username'
-DB_PASSWORD='password'
-DB_HOST='db_hostname'
-DB_NAME='db_name'
-BACKUP_DIR="$PWD/backup"
-
-docker run --rm --name pg-bkup -v $BACKUP_DIR:/backup/ -e "DB_HOST=$DB_HOST" -e "DB_USERNAME=$DB_USERNAME" -e "DB_PASSWORD=$DB_PASSWORD" jkaninda/pg-bkup  bkup backup -d $DB_NAME
\ No newline at end of file

From d53cdbc6a8bc5510d3275a92b16820e86ff02d73 Mon Sep 17 00:00:00 2001
From: Jonas Kaninda <jonaskaninda@gmail.com>
Date: Wed, 14 Aug 2024 21:48:49 +0200
Subject: [PATCH 2/2] docs: update kubernetes deployment

---
 README.md                            | 16 --------
 docs/how-tos/backup-to-s3.md         |  2 +-
 docs/how-tos/deploy-on-kubernetes.md | 60 +++++++++++++++++++++++++++-
 3 files changed, 59 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index c48505a..004fe7b 100644
--- a/README.md
+++ b/README.md
@@ -101,9 +101,6 @@ spec:
         command:
         - bkup
         - backup
-        - --storage
-        - ssh
-        - --disable-compression
         resources:
           limits:
             memory: "128Mi"
@@ -120,19 +117,6 @@ spec:
           # Please use secret!
           - name: DB_PASSWORD
             value: ""
-          - name: SSH_HOST_NAME
-            value: "xxx"
-          - name: SSH_PORT
-            value: "22"
-          - name: SSH_USER
-            value: "xxx"
-          - name: SSH_PASSWORD
-            value: "xxxx"
-          - name: SSH_REMOTE_PATH
-            value: "/home/toto/backup"
-          # Optional, required if you want to encrypt your backup
-          - name: GPG_PASSPHRASE
-            value: "xxxx"
       restartPolicy: Never
 ```
 ## Available image registries
diff --git a/docs/how-tos/backup-to-s3.md b/docs/how-tos/backup-to-s3.md
index 5fe120b..7e48b11 100644
--- a/docs/how-tos/backup-to-s3.md
+++ b/docs/how-tos/backup-to-s3.md
@@ -85,7 +85,7 @@ networks:
 
 For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as CronJob.
 
-### Simple Kubernetes CronJob usage:
+### Simple Kubernetes backup  CronJob:
 
 ```yaml
 apiVersion: batch/v1
diff --git a/docs/how-tos/deploy-on-kubernetes.md b/docs/how-tos/deploy-on-kubernetes.md
index 964e855..bef0760 100644
--- a/docs/how-tos/deploy-on-kubernetes.md
+++ b/docs/how-tos/deploy-on-kubernetes.md
@@ -10,7 +10,60 @@ nav_order: 8
 To deploy PostgreSQL Backup on Kubernetes, you can use Job to backup or Restore your database.
 For recurring backup you can use CronJob, you don't need to run it in scheduled mode. as described bellow.
 
-## Backup Job
+## Backup Job to S3 Storage
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: backup
+spec:
+  template:
+    spec:
+      containers:
+      - name: pg-bkup
+        # In production, it is advised to lock your image tag to a proper
+        # release version instead of using `latest`.
+        # Check https://github.com/jkaninda/pg-bkup/releases
+        # for a list of available releases.
+        image: jkaninda/pg-bkup
+        command:
+        - bkup
+        - backup
+        - --storage
+        - s3
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        env:
+          - name: DB_PORT
+            value: "5432"
+          - name: DB_HOST
+            value: ""
+          - name: DB_NAME
+            value: ""
+          - name: DB_USERNAME
+            value: ""
+          # Please use secret!
+          - name: DB_PASSWORD
+            value: ""
+          - name: AWS_S3_ENDPOINT
+            value: "https://s3.amazonaws.com"
+          - name: AWS_S3_BUCKET_NAME
+            value: "xxx"
+          - name: AWS_REGION
+            value: "us-west-2"
+          - name: AWS_ACCESS_KEY
+            value: "xxxx"
+          - name: AWS_SECRET_KEY
+            value: "xxxx"
+          - name: AWS_DISABLE_SSL
+            value: "false"
+      restartPolicy: Never
+```
+
+## Backup Job to SSH remote Server
 
 ```yaml
 apiVersion: batch/v1
@@ -181,7 +234,10 @@ spec:
 ```
 
 ## Kubernetes Rootless
-    
+
+This image also supports Kubernetes security context, you can run it in Rootless environment.
+It has been tested on Openshift, it works well.
+Deployment on Openshift is supported, you need to remove `securityContext` section on your yaml file.
 
 ```yaml
 apiVersion: batch/v1