diff --git a/charts/metabase/Chart.yaml b/charts/metabase/Chart.yaml index 385cfdd..fc26774 100644 --- a/charts/metabase/Chart.yaml +++ b/charts/metabase/Chart.yaml @@ -3,7 +3,7 @@ description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 2.23.0 +version: 2.24.0 appVersion: v0.56.2.x maintainers: - name: pmint93 diff --git a/charts/metabase/README.md b/charts/metabase/README.md index c990e6f..46b0559 100644 --- a/charts/metabase/README.md +++ b/charts/metabase/README.md @@ -83,16 +83,27 @@ The following table lists the configurable parameters of the Metabase chart and | database.dbname | Database name | null | | database.username | Database username | null | | database.password | Database password | null | -| database.existingSecret | Exising secret for database credentials | null | -| database.existingSecretUsernameKey | Username key for exising secret | null | -| database.existingSecretPasswordKey | Password key for exising secret | null | -| database.existingSecretConnectionURIKey | ConnectionURI key for exising secret | null | -| database.existingSecretEncryptionKeyKey | EncryptionKey key for exising secret | null | +| database.existingSecret | existing secret for database credentials | null | +| database.existingSecretUsernameKey | Username key for existing secret | null | +| database.existingSecretPasswordKey | Password key for existing secret | null | +| database.existingSecretConnectionURIKey | ConnectionURI key for existing secret | null | +| database.existingSecretEncryptionKeyKey | EncryptionKey key for existing secret | null | | database.googleCloudSQL.instanceConnectionNames | Google Cloud SQL instance connection names. See `values.yaml` for details. | [] | | database.googleCloudSQL.sidecarImage | Specific image for the Google Cloud SQL Auth proxy sidecar | gcr.io/cloudsql-docker/gce-proxy | | database.googleCloudSQL.sidecarImageTag | Specific tag for the Google Cloud SQL Auth proxy sidecar image | latest | | database.googleCloudSQL.resources | Google Cloud SQL Auth proxy resource requests and limits | {} | | database.googleCloudSQL.securityContext | Google Cloud SQL Security Context | runAsNonRoot: true| +| database.postgresBackupHook.enabled | Enables pg_dump backup pre-upgrade hook of Metabase application database | false | +| database.postgresBackupHook.image | image that contains 'pg_dump' | postgres:latest | +| database.postgresBackupHook.existingSecret | existing secret for database credentials | null | +| database.postgresBackupHook.existingSecretUsernameKey | Username key for existing secret | null | +| database.postgresBackupHook.existingSecretPasswordKey | Password key for existing secret | null | +| database.postgresBackupHook.existingSecretHostKey | Username key for existing secret | null | +| database.postgresBackupHook.existingSecretPortKey | Password key for existing secret | null | +| database.postgresBackupHook.existingSecretDatabaseNameKey | Password key for existing secret | null | +| database.postgresBackupHook.existingSecretConnectionURIKey | ConnectionURI key for existing secret | null | +| database.postgresBackupHook.pvcName | name of the PersistenceVolumeClaim to store the backup | null | +| database.postgresBackupHook.schema | pg_dump '--schema' option | null | | password.complexity | Complexity requirement for Metabase account's password | normal | | password.length | Minimum length required for Metabase account's password | 6 | | timeZone | Service time zone | UTC | diff --git a/charts/metabase/templates/pg-dump-hook.yaml b/charts/metabase/templates/pg-dump-hook.yaml new file mode 100644 index 0000000..4bb6500 --- /dev/null +++ b/charts/metabase/templates/pg-dump-hook.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.database.type "postgres") .Values.database.postgresBackupHook.enabled }} +{{- $fullName := include "metabase.fullname" . }} +{{- $datestring := (now | date "20060102-150405") }} +{{- $jobname := ( printf "%s-rev-%d-%s" $fullName .Release.Revision $datestring ) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobname }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 0 + template: + metadata: + name: pg-dump + spec: + containers: + - name: pg-dump + image: {{ .Values.database.postgresBackupHook.image | required "database.postgresBackupHook.image must be set" }} + env: + {{- if .Values.database.postgresBackupHook.existingSecretConnectionURIKey }} + - name: BACKUP_CONNECTION_URI + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret | required "database.postgresBackupHook.existingSecret must be set" }} + key: {{ .Values.database.postgresBackupHook.existingSecretConnectionURIKey }} + {{- else }} + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret }} + key: {{ .Values.database.postgresBackupHook.existingSecretPasswordKey }} + - name: PGHOST + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret }} + key: {{ .Values.database.postgresBackupHook.existingSecretHostKey }} + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret }} + key: {{ .Values.database.postgresBackupHook.existingSecretUsernameKey }} + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret }} + key: {{ .Values.database.postgresBackupHook.existingSecretDatabaseNameKey }} + - name: PGPORT + valueFrom: + secretKeyRef: + name: {{ .Values.database.postgresBackupHook.existingSecret }} + key: {{ .Values.database.postgresBackupHook.existingSecretPortKey }} + {{- end }} + command: + - sh + - "-c" + - pg_dump --file {{ ( printf "/backup/metabase_db_rev_%d_%s.dump" .Release.Revision $datestring ) | squote }} --format=c --verbose --verbose {{ if .Values.database.postgresBackupHook.schema }}--schema={{ .Values.database.postgresBackupHook.schema | squote }}{{- end }} {{ if .Values.database.postgresBackupHook.existingSecretConnectionURIKey }}$BACKUP_CONNECTION_URI{{- else }}$PGDATABASE{{- end }} + volumeMounts: + - name: backup-storage + mountPath: /backup + restartPolicy: Never + volumes: + - name: backup-storage + persistentVolumeClaim: + claimName: {{ .Values.database.postgresBackupHook.pvcName | required ".Values.database.postgresBackupHook.pvcName is required" }} +{{- end }} diff --git a/charts/metabase/values.yaml b/charts/metabase/values.yaml index 782adaf..2aed463 100644 --- a/charts/metabase/values.yaml +++ b/charts/metabase/values.yaml @@ -128,6 +128,27 @@ database: resources: {} securityContext: runAsNonRoot: true + postgresBackupHook: + ## Only when you use postgres + ## enables a pre-upgrade hook that backups the metabase database with pg_dump prior to upgrading the Helm release + enabled: false + ## image that contains 'pg_dump' + ## version/tag should align with your actual version of postgres (e.g. 'postgres:17.7') for best compability of the dump + image: "postgres:latest" + ## secret with the database credentials must exist + # existingSecret: + ## either use connection string + # existingSecretConnectionURIKey: + ## or specify user,password,host,port and database seperately + # existingSecretUsernameKey: + # existingSecretPasswordKey: + # existingSecretPortKey: + # existingSecretHostKey: + # existingSecretDatabaseNameKey: + ## name of the PersistenceVolumeClaim to store the backup + # pvcName: + ## optional: specify pg_dump '--schema' option (e.g. if you have multiple schemas and only want to backup specific ones) + # schema: password: # Changing Metabase password complexity: