Inspired by postgres-backup-s3
This docker image allows for scheduled backups of a postgres docker container to a Google Cloud Storage bucket.
This image is published on the docker hub.
Variable | Description |
---|---|
POSTGRES_DATABASE |
The name of the database to backup. |
POSTGRES_HOST |
The host of the database to backup. |
POSTGRES_PORT |
The port of the database to backup. Default: 5432 |
POSTGRES_USER |
The username of the backup user. |
POSTGRES_PASSWORD |
The password of the backup user. |
POSTGRES_PASSWORD_FILE |
The password of the backup user. Use it to expose password via secret full path file. |
POSTGRES_EXTRA_OPTS |
Any additional options you wish to pass to pg_dump . Default: '' |
GCLOUD_KEYFILE_BASE64 |
The GCP service account's credential file, in base64. See below for recommendations regarding this. |
GCLOUD_KEYFILE_PATH |
The GCP service account's credential file path. Use it if you want to expose secret full path of keyfile. |
GCLOUD_PROJECT_ID |
The Project ID which the bucket you wish to backup to is in. |
GCS_BACKUP_BUCKET |
The gs:// path to the storage bucket you wish to backup to. |
FILENAME_PREFIX |
Prefix of backup filename Default: '' |
FILENAME_SUFFIX |
Suffix of backup filename Default: '' |
SCHEDULE |
How often you wish the backup to occur. See Scheduling for more information on formatting this. |
More information on the schedule format can be found here.
We recommend creating a new, write-only service account to the storage bucket you wish to backup to (with the storage.objects.list
and storage.objects.create
permissions).
Below is a sample Docker Compose service.
Image contains pg_dump version 13.1
dbbackups:
image: "m0as/pg-docker-gcs-backup:latest"
depends_on:
- database
networks:
- internet
- api-internal
environment:
SCHEDULE: "@every 6h"
POSTGRES_HOST: "database"
POSTGRES_DATABASE: "SomeDatabase"
POSTGRES_USER: "postgres"
POSTGRES_PASSWORD: "postgres"
GCLOUD_KEYFILE_BASE64: "BASE64_PROJECT_KEYFILE_HERE"
GCLOUD_PROJECT_ID: "hello-world"
GCS_BACKUP_BUCKET: "gs://my-backup-bucket-name"
Note: the internet
network exists as api-internal
is an internal network with no connection to the internet. To enable backing up to the cloud, the service has to be on an external network which can access the internet. api-internal
is the network which the database is on, so that the database
hostname resolves to that service.