Fix encryption permission issue on Openshift

Makefile

@@ -18,7 +18,7 @@ compile:
 docker-build:
 	docker build -f docker/Dockerfile  -t jkaninda/mysql-bkup:latest .
 
-docker-run: #docker-build
+docker-run: docker-build
 	docker run --rm --network web --name mysql-bkup -v "./backup:/backup" -e "DB_HOST=${DB_HOST}" -e "DB_NAME=${DB_NAME}" -e "DB_USERNAME=${DB_USERNAME}" -e "DB_PASSWORD=${DB_PASSWORD}" -e "GPG_PASSPHRASE=${GPG_PASSPHRASE}" ${IMAGE_NAME} backup --prune --keep-last 2
 docker-restore: docker-build
 	docker run --rm --network web --name mysql-bkup -v "./backup:/backup" -e "DB_HOST=${DB_HOST}" -e "DB_NAME=${DB_NAME}" -e "DB_USERNAME=${DB_USERNAME}" -e "DB_PASSWORD=${DB_PASSWORD}"  -e "GPG_PASSPHRASE=${GPG_PASSPHRASE}" ${IMAGE_NAME} restore -f ${FILE_NAME}

README.md

@@ -85,18 +85,15 @@ networks:
 ```
 ## Deploy on Kubernetes
 
-For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as CronJob.
+For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as Job or CronJob.
 
-### Simple Kubernetes CronJob usage:
+### Simple Kubernetes backup Job :
 
 ```yaml
 apiVersion: batch/v1
-kind: CronJob
+kind: Job
 metadata:
-  name: bkup-job
-spec:
-  schedule: "0 1 * * *"
-  jobTemplate:
+  name: backup
 spec:
   template:
     spec:
@@ -108,33 +105,24 @@ spec:
           # for a list of available releases.
           image: jkaninda/mysql-bkup
           command:
-            - /bin/sh
-            - -c
-            - mysql-bkup backup -s s3 --path /custom_path
+            - bkup
+            - backup
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
           env:
             - name: DB_PORT
-                value: "5432" 
+              value: "3306"
             - name: DB_HOST
               value: ""
             - name: DB_NAME
-                value: ""
+              value: "dbname"
             - name: DB_USERNAME
-                value: ""
+              value: "username"
             # Please use secret!
             - name: DB_PASSWORD
               value: ""
-              - name: AWS_S3_ENDPOINT
-                value: "https://s3.amazonaws.com"
-              - name: AWS_S3_BUCKET_NAME
-                value: "xxx"
-              - name: AWS_REGION
-                value: "us-west-2"    
-              - name: AWS_ACCESS_KEY
-                value: "xxxx"        
-              - name: AWS_SECRET_KEY
-                value: "xxxx"    
-              - name: AWS_DISABLE_SSL
-                value: "false"
       restartPolicy: Never
 ```
 ## Available image registries

docker/Dockerfile

@@ -31,7 +31,9 @@ ENV SSH_HOST_NAME=""
 ENV SSH_IDENTIFY_FILE=""
 ENV SSH_PORT="22"
 ARG DEBIAN_FRONTEND=noninteractive
-ENV VERSION="v1.2.1"
+ENV VERSION="v1.2.2"
+ENV BACKUP_CRON_EXPRESSION=""
+ENV GNUPGHOME="/tmp/gnupg"
 ARG WORKDIR="/app"
 ARG BACKUPDIR="/backup"
 ARG BACKUP_TMP_DIR="/tmp/backup"
@@ -40,7 +42,6 @@ ARG BACKUP_CRON_SCRIPT="/usr/local/bin/backup_cron.sh"
 LABEL author="Jonas Kaninda"
 
 RUN apt-get update -qq
-#RUN apt-get install build-essential libcurl4-openssl-dev libxml2-dev mime-support -y
 RUN apt install mysql-client supervisor cron gnupg -y
 
 # Clear cache
@@ -48,14 +49,16 @@ RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir $WORKDIR
 RUN mkdir $BACKUPDIR
-RUN mkdir -p $BACKUP_TMP_DIR
+RUN mkdir -p $BACKUP_TMP_DIR && \
+    mkdir -p $GNUPGHOME
 RUN chmod 777 $WORKDIR
 RUN chmod 777 $BACKUPDIR
 RUN chmod 777 $BACKUP_TMP_DIR
 RUN touch $BACKUP_CRON && \
     touch $BACKUP_CRON_SCRIPT && \
     chmod 777 $BACKUP_CRON && \
-    chmod 777 $BACKUP_CRON_SCRIPT
+    chmod 777 $BACKUP_CRON_SCRIPT && \
+    chmod 777 $GNUPGHOME
 
 COPY --from=build /app/mysql-bkup /usr/local/bin/mysql-bkup
 RUN chmod +x /usr/local/bin/mysql-bkup
@@ -65,4 +68,18 @@ RUN ln -s /usr/local/bin/mysql-bkup /usr/local/bin/bkup
 ADD docker/supervisord.conf /etc/supervisor/supervisord.conf
 
 WORKDIR $WORKDIR
-ENTRYPOINT ["/usr/local/bin/mysql-bkup"]
+# Create backup shell script
+COPY <<EOF /usr/local/bin/backup
+#!/bin/sh
+# shellcheck disable=SC2068
+/usr/local/bin/mysql-bkup backup $@
+EOF
+# Create restore shell script
+COPY <<EOF /usr/local/bin/restore
+#!/bin/sh
+# shellcheck disable=SC2068
+/usr/local/bin/mysql-bkup restore $@
+EOF
+RUN chmod +x /usr/local/bin/backup && \
+    chmod +x /usr/local/bin/restore
+#ENTRYPOINT ["/usr/local/bin/mysql-bkup"]

docs/how-tos/deploy-on-kubernetes.md

@@ -10,7 +10,60 @@ nav_order: 8
 To deploy MySQL Backup on Kubernetes, you can use Job to backup or Restore your database.
 For recurring backup you can use CronJob, you don't need to run it in scheduled mode. as described bellow.
 
-## Backup Job
+## Backup to S3 storage
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: backup
+spec:
+  template:
+    spec:
+      containers:
+        - name: mysql-bkup
+          # In production, it is advised to lock your image tag to a proper
+          # release version instead of using `latest`.
+          # Check https://github.com/jkaninda/mysql-bkup/releases
+          # for a list of available releases.
+          image: jkaninda/mysql-bkup
+          command:
+            - bkup
+            - backup
+            - --storage
+            - s3
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          env:
+            - name: DB_PORT
+              value: "3306"
+            - name: DB_HOST
+              value: ""
+            - name: DB_NAME
+              value: "dbname"
+            - name: DB_USERNAME
+              value: "username"
+            # Please use secret!
+            - name: DB_PASSWORD
+              value: ""
+            - name: AWS_S3_ENDPOINT
+              value: "https://s3.amazonaws.com"
+            - name: AWS_S3_BUCKET_NAME
+              value: "xxx"
+            - name: AWS_REGION
+              value: "us-west-2"
+            - name: AWS_ACCESS_KEY
+              value: "xxxx"
+            - name: AWS_SECRET_KEY
+              value: "xxxx"
+            - name: AWS_DISABLE_SSL
+              value: "false"
+      restartPolicy: Never
+```
+
+## Backup Job to SSH remote server
 
 ```yaml
 apiVersion: batch/v1
@@ -178,6 +231,9 @@ spec:
 
 ## Kubernetes Rootless
 
+This image also supports Kubernetes security context, you can run it in Rootless environment.
+It has been tested on Openshift, it works well.
+Deployment on Openshift is supported, you need to remove `securityContext` section on your yaml file.
 
 ```yaml
 apiVersion: batch/v1

pkg/backup.go

@@ -22,7 +22,7 @@ func StartBackup(cmd *cobra.Command) {
 	utils.SetEnv("STORAGE_PATH", storagePath)
 	utils.GetEnv(cmd, "dbname", "DB_NAME")
 	utils.GetEnv(cmd, "port", "DB_PORT")
-	utils.GetEnv(cmd, "period", "SCHEDULE_PERIOD")
+	utils.GetEnv(cmd, "period", "BACKUP_CRON_EXPRESSION")
 
 	//Get flag value and set env
 	remotePath := utils.GetEnv(cmd, "path", "SSH_REMOTE_PATH")
@@ -77,7 +77,7 @@ func scheduledMode(storage string) {
 	fmt.Println("     Starting MySQL Bkup...       ")
 	fmt.Println("***********************************")
 	utils.Info("Running in Scheduled mode")
-	utils.Info("Execution period  %s", os.Getenv("SCHEDULE_PERIOD"))
+	utils.Info("Execution period  %s", os.Getenv("BACKUP_CRON_EXPRESSION"))
 	utils.Info("Storage type %s ", storage)
 
 	//Test database connexion

pkg/scripts.go

@@ -54,7 +54,7 @@ set -e
 	}
 
 	cronContent := fmt.Sprintf(`%s root exec /bin/bash -c ". /run/supervisord.env; /usr/local/bin/backup_cron.sh >> %s"
-`, os.Getenv("SCHEDULE_PERIOD"), cronLogFile)
+`, os.Getenv("BACKUP_CRON_EXPRESSION"), cronLogFile)
 
 	if err := utils.WriteToFile(cronJob, cronContent); err != nil {
 		utils.Fatal("Error writing to %s: %v\n", cronJob, err)