manifests/backups/daemonset+cronjob/daemonset.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-backup-daemon
  namespace: backup-system
spec:
  selector:
    matchLabels:
      app: node-backup
  template:
    metadata:
      labels:
        app: node-backup
    spec:
      #nodeSelector:
      #  kubernetes.io/hostname: "vkvm-us1"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/hostname
                operator: NotIn
                values:
                #- vkvm-us2
                - aliyun-gz2
                - tencent-gz1
                - tencent-sh1
      #      - matchExpressions:
      #        #- key: region
      #        #  operator: NotIn
      #        #  values:
      #        #  - cn
      #        - key: kubernetes.io/hostname
      #          operator: In
      #          values:
      #          - zgocloud-us1
      containers:
      - name: backup-container
        image: alpine:latest
        imagePullPolicy: IfNotPresent
        command:
        - /bin/sh
        - -c
        - |
          # 安装依赖工具
          apk add --no-cache bash s3cmd tar rsync curl jq
          
          # 启动一个循环，每分钟检查一次触发文件
          while true; do
            bash /scripts/s3cmd-trigger.sh
            date
            sleep 60
          done          
        env:
        - name: NODE_NAME # 使用 Downward API 获取 Pod 运行的节点名
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: S3_ENDPOINT
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: endpoint
        - name: S3_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: access-key
        - name: S3_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: secret-key
        - name: S3_BUCKET
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: bucket
        - name: S3_PROVIDER
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: provider
        - name: S3_SUBPATH
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: subpath
              optional: true
        - name: BACKUPS_TO_KEEP
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: backups-to-keep
              optional: true
        - name: USE_HTTPS
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: use-https
              optional: true
        - name: SIGNATURE_V2
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: signature-v2
              optional: true
        volumeMounts:
        - name: host-data
          mountPath: /data
        - name: scripts
          mountPath: /scripts
        - name: feishu-webhook-volume
          mountPath: /etc/feishu-webhook # 挂载飞书 Webhook Secret
          readOnly: true
      volumes:
      - name: host-data
        hostPath:
          path: /data
      - name: scripts
        configMap:
          name: backup-script
          defaultMode: 0755
      - name: feishu-webhook-volume
        secret:
          secretName: feishu-webhook
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-backup-agz-daemon
  namespace: backup-system
spec:
  selector:
    matchLabels:
      app: node-backup
  template:
    metadata:
      labels:
        app: node-backup
    spec:
      #nodeSelector:
      #  kubernetes.io/hostname: "aliyun-gz2"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/hostname
                operator: In
                values:
                - aliyun-gz2
                - tencent-gz1
                - tencent-sh1
      #      - matchExpressions:
      #        #- key: region
      #        #  operator: NotIn
      #        #  values:
      #        #  - cn
      #        - key: kubernetes.io/hostname
      #          operator: In
      #          values:
      #          - zgocloud-us1
      containers:
      - name: backup-container
        image: alpine:latest
        imagePullPolicy: IfNotPresent
        command:
        - /bin/sh
        - -c
        - |
          # 安装依赖工具
          apk add --no-cache bash s3cmd tar rsync curl jq
          
          # 启动一个循环，每分钟检查一次触发文件
          while true; do
            bash /scripts/s3cmd-trigger.sh
            date
            sleep 60
          done          
        env:
        - name: NODE_NAME # 使用 Downward API 获取 Pod 运行的节点名
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: S3_ENDPOINT
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: agz-endpoint
        - name: S3_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: agz-access-key
        - name: S3_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: agz-secret-key
        - name: S3_BUCKET
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: agz-bucket
        - name: S3_PROVIDER
          valueFrom:
            secretKeyRef:
              name: s3-credentials
              key: agz-provider

        - name: S3_SUBPATH
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: subpath
              optional: true
        - name: BACKUPS_TO_KEEP
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: backups-to-keep
              optional: true
        - name: USE_HTTPS
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: use-https
              optional: true
        - name: SIGNATURE_V2
          valueFrom:
            configMapKeyRef:
              name: backup-config
              key: signature-v2
              optional: true
        volumeMounts:
        - name: host-data
          mountPath: /data
        - name: scripts
          mountPath: /scripts
        - name: feishu-webhook-volume
          mountPath: /etc/feishu-webhook # 挂载飞书 Webhook Secret
          readOnly: true
      volumes:
      - name: host-data
        hostPath:
          path: /data
      - name: scripts
        configMap:
          name: backup-script
          defaultMode: 0755
      - name: feishu-webhook-volume
        secret:
          secretName: feishu-webhook