chore: update the backup container process (#350)

* chore: reduce dev and test backup frequency to save space

* chore: clean up backup process and documentation

* chore: remove webhook template

* chore: update prod helm charts and remove test webhook

* chore: update the verification config

* chore: simplify the backup image creation action

.github/workflows/publish-image-backup-storage-gold.yml

@@ -1,13 +1,7 @@
 # https://github.com/bcgov/helm-charts/tree/master/charts/backup-storage#build-the-container-image-using-github-actions
-name: Create and publish Backup Storage Docker image Gold
+name: Create and publish a devevlopment Backup Storage Image
 
-on:
-  workflow_dispatch:
-    inputs:
-      postgres_version:
-        description: 'The postgres version'
-        required: true
-        options: ['12', '13']
+on: workflow_dispatch
 
 env:
   GITHUB_REGISTRY: ghcr.io
@@ -28,7 +22,6 @@ jobs:
         run: git clone https://github.com/BCDevOps/backup-container.git
 
       - name: Replace the dockerfile
-        if: ${{ github.event.inputs.postgres_version == '13'}}
         run: cp ./docker/backup-container/* ./backup-container/docker
 
       - name: Log in to the GitHub Container registry
@@ -43,5 +36,5 @@ jobs:
         with:
           context: backup-container/docker
           push: true
-          tags: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:postgres-${{ github.event.inputs.postgres_version}}
+          tags: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:development
           labels: sso-keycloak-backup

docker/backup-container/Dockerfile

@@ -9,7 +9,7 @@ WORKDIR /
 # Load the backup scripts into the container (must be executable).
 COPY backup.* /
 
-COPY webhook-template.json /
+# COPY webhook-template.json /
 
 # ========================================================================================================
 # Install go-crond (from https://github.com/webdevops/go-crond)

helm/backup-storage/README.md

@@ -1,29 +1,43 @@
+# The sso-keycloak implementation of the backup container
 
-## **BEFORE RUNNING HELM UPGRADE:**
+As part of the backup restore process we can build and host backup-container images that our helm charts can use to deploy the container. However, currently we are using the backup container's hosted images.
 
-Make sure to add the rocket chat webhook to production facing values files.  Make sure not to commit this value.
+The backup container repo we use is [here](https://github.com/BCDevOps/backup-container).
 
-## Intro to backup container
 
-The current patroni clusters are backud up using a modified version of the platform services backup container.  This is due to an issue with the spilo patroni image.
+## The verification and restore process
 
-The backup container repo is [here](https://github.com/BCDevOps/backup-container).
+Currently running backup restoration and verification againts the patroni cluster raises several errors, meaning the `-I` flag needs to be added to the verification config and restoration process. To verify a backup run:
 
-The modified postgres plugin can be found [here](https://github.com/bcgov/sso-keycloak/blob/dev/docker/backup-container/backup.postgres.plugin).
+`./backup.sh -I -v all`
 
-A side effect of this conflict is that we cannot currently verify the daily backups with a test restoration.
+To restore from a backup:
 
-## Installing and upgrading backups
+`./backup.sh -I -r sso-patroni:5432/ssokeycloak`
 
-These charts can be upgraded using make commands:
+Furhter documentation can be found in the backup container's [repos](https://github.com/BCDevOps/backup-container)
 
-`make upgrade NAME=sso-backup NAMESPACE=<<namespace>>`
+## Building the image
+
+As of May 2024 we are using the backup-container's images directly in our deployments.  However the action `.github/workflows/publish-image-backup-storage-gold.yml` allows us create a backup container image with files overridden by those in the folder `sso-keycloak/docker/backup-container/*`.  We can tag the image and then use it in our helm chart via the yaml stanza:
+
+```
+image:
+  repository: ghcr.io/bcgov/backup-storage
+  tag: <<TAG NAME>>
+  pullPolicy: Always
+```
 
-To restore from the most recent backup, follow the docs `sso-keycloak/docs/bkp-and-restore-keycloak-db.md`
+## Deploying the charts
 
+### **BEFORE RUNNING HELM UPGRADE:**
 
-Deprecated method left as an example: rsh into the backup pod in the namespace in question and run:
+Make sure to add the rocket chat webhook to production facing values files.  Make sure not to commit this value.
+
+Make certain the image tag reflects the version of the backup container you intend to deploy.
 
-**dev silver production**:
+### Installing and upgrading backups
 
-`./backup.sh -r postgres=sso-pgsql-dev-11-patroni:5432/rhsso`
+These charts can be upgraded using make commands:
+
+`make upgrade NAME=sso-backup NAMESPACE=<<namespace>>`

helm/backup-storage/values-e4ca1d-dev-sso-backup.yaml

@@ -0,0 +1,37 @@
+nameOverride: sso-backup-storage
+fullnameOverride: sso-backup-storage
+
+image:
+  repository: bcgovimages/backup-container
+  tag: 2.8.1
+  pullPolicy: Always
+
+backupConfig: |
+  sso-patroni:5432/ssokeycloak
+  0 1 * * * default ./backup.sh -s
+  0 4 * * * default ./backup.sh -I -s -v all
+
+db:
+  secretName: sso-patroni-appusers
+  usernameKey: username-appuser1
+  passwordKey: password-appuser1
+
+persistence:
+  backup:
+    size: 5Gi
+
+env:
+  ENVIRONMENT_FRIENDLY_NAME:
+    value: 'SSO Sandbox Client Dev Backup'
+  ENVIRONMENT_NAME:
+    value: e4ca1d-dev
+  WEBHOOK_URL:
+#   value: '<<WEBHOOK URL FOR ROCKETCHAT>>'
+    secure: true
+
+  DAILY_BACKUPS:
+    value: '3'
+  WEEKLY_BACKUPS:
+    value: '2'
+  MONTHLY_BACKUPS:
+    value: '1'

helm/backup-storage/values-e4ca1d-prod-sso-backup.yaml

@@ -0,0 +1,37 @@
+nameOverride: sso-backup-storage
+fullnameOverride: sso-backup-storage
+
+image:
+  repository: bcgovimages/backup-container
+  tag: 2.8.1
+  pullPolicy: Always
+
+backupConfig: |
+  sso-patroni:5432/ssokeycloak
+  0 1 * * * default ./backup.sh -s
+  0 4 * * * default ./backup.sh -I -s -v all
+
+db:
+  secretName: sso-patroni-appusers
+  usernameKey: username-appuser1
+  passwordKey: password-appuser1
+
+persistence:
+  backup:
+    size: 5Gi
+
+env:
+  ENVIRONMENT_FRIENDLY_NAME:
+    value: 'SSO Sandbox Client Prod Backup'
+  ENVIRONMENT_NAME:
+    value: e4ca1d-prod
+  WEBHOOK_URL:
+    # value: '<<WEBHOOK URL FOR ROCKETCHAT>>'
+    secure: true
+
+  DAILY_BACKUPS:
+    value: '3'
+  WEEKLY_BACKUPS:
+    value: '2'
+  MONTHLY_BACKUPS:
+    value: '1'

helm/backup-storage/values-e4ca1d-test-sso-backup.yaml

@@ -0,0 +1,37 @@
+nameOverride: sso-backup-storage
+fullnameOverride: sso-backup-storage
+
+image:
+  repository: bcgovimages/backup-container
+  tag: 2.8.1
+  pullPolicy: Always
+
+backupConfig: |
+  sso-patroni:5432/ssokeycloak
+  0 1 * * * default ./backup.sh -s
+  0 4 * * * default ./backup.sh -I -s -v all
+
+db:
+  secretName: sso-patroni-appusers
+  usernameKey: username-appuser1
+  passwordKey: password-appuser1
+
+persistence:
+  backup:
+    size: 5Gi
+
+env:
+  ENVIRONMENT_FRIENDLY_NAME:
+    value: 'SSO Sandbox Client Test Backup'
+  ENVIRONMENT_NAME:
+    value: e4ca1d-test
+  WEBHOOK_URL:
+    # value: '<<WEBHOOK URL FOR ROCKETCHAT>>'
+    secure: true
+
+  DAILY_BACKUPS:
+    value: '3'
+  WEEKLY_BACKUPS:
+    value: '2'
+  MONTHLY_BACKUPS:
+    value: '1'