timescale · nhudson · Jan 24, 2023 · Jul 19, 2022 · Jul 19, 2022 · Jul 19, 2022
@@ -6,14 +6,16 @@ Please see the included NOTICE for copyright information and LICENSE for a copy
 # TimescaleDB Single
 
 ##### Table of Contents
-- [Introduction](#introduction)
-- [Installing](#installing)
-  - [Installing from the Timescale Helm Repo](#installing-from-the-timescale-helm-repo)
-- [Connecting to TimescaleDBs](#connecting-to-timescaledbs)
-  - [Connecting from inside the Cluster](#connecting-from-inside-the-cluster)
-- [Create backups to S3](#create-backups-to-s3)
-- [Cleanup](#cleanup)
-- [Further reading](#further-reading)
+- [TimescaleDB Single](#timescaledb-single)
+        - [Table of Contents](#table-of-contents)
+  - [Introduction](#introduction)
+  - [Installing](#installing)
+    - [Installing from the Timescale Helm Repo](#installing-from-the-timescale-helm-repo)
+  - [Connecting to TimescaleDBs](#connecting-to-timescaledbs)
+    - [Connecting from inside the Cluster](#connecting-from-inside-the-cluster)
+  - [Create backups to S3 or GCS](#create-backups-to-s3-or-gcs)
+  - [Cleanup](#cleanup)
+  - [Further reading](#further-reading)
 
 ## Introduction
 This directory contains a Helm chart to deploy a three
@@ -139,7 +141,7 @@ RELEASE=my-release
 kubectl exec -ti $(kubectl get pod -o name -l role=master,release=$RELEASE) psql
 ```
 
-## Create backups to S3
+## Create backups to S3 or GCS
 The backup is disabled by default, look at the
 [Administrator Guide](admin-guide.md#backups) on how to configure backup location, credentials, schedules, etc.
 

diff --git a/charts/timescaledb-single/admin-guide.md b/charts/timescaledb-single/admin-guide.md
@@ -279,6 +279,31 @@ backup:
 helm upgrade --install example -f myvalues.yaml charts/timescaledb-single
 ```
 
+### Create backups to GCS
+ the following items are required for you to enable creating backups to GCS:
+
+- a GCS bucket available for your backups
+- a [Service Account](https://cloud.google.com/storage/docs/projects#service-accounts)
+- [IAM Permissions for Cloud Storage](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html) that allows the service account read and write access to (parts of) the bucket
+- [Service Account Key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) for authentication
+
+The service account key should be configured through the `RELEASE-pgbackrest-secrets` secret. Once you create this secret
+with the service account key, you can enable backups by setting `backup.enabled` to `true` and configuring `pgabackrest` to use GCS for backups. For example, if `RELEASE-pgbackrest-secrets` was configured as `your-service-key.json`:
+
+```yaml
+# Filename: myvalues.yaml
+backup:
+  enabled: true
+  pgBackRest:
+    repo1-type: gcs
+    repo1-path: /repo
+    repo1-gcs-bucket: your-bucket
+    repo1-gcs-key: /etc/pgbackrest_secrets/your-service-key.json
+```
+```
+helm upgrade --install example -f myvalues.yaml charts/timescaledb-single
+```
+
 ### Control the backup schedule
 If you want to alter the backup jobs, or their schedule, you can override the `backup.jobs` in your configuration, for example:
 

@@ -305,6 +305,9 @@ spec:
         - mountPath: {{ template "scripts_dir" . }}
           name: timescaledb-scripts
           readOnly: true
+        - mountPath: /etc/pgbackrest_secrets
+          name: pgbackrest-secrets
+          readOnly: true
         - mountPath: {{ template "post_init_dir" . | quote }}
           name: post-init
           readOnly: true
@@ -403,6 +406,9 @@ spec:
         - mountPath: {{ template "scripts_dir" . }}
           name: timescaledb-scripts
           readOnly: true
+        - mountPath: /etc/pgbackrest_secrets
+          name: pgbackrest-secrets
+          readOnly: true
         env:
           - name: PGHOST
             value: {{ template "socket_directory" . }}
@@ -510,6 +516,11 @@ spec:
           name: {{ template "timescaledb.fullname" . }}-pgbackrest
           defaultMode: 416 # 0640 permissions
           optional: true
+      - name: pgbackrest-secrets
+        secret:
+          secretName: {{ template "timescaledb.fullname" . }}-pgbackrest-secrets
+          defaultMode: 416
+          optional: true
       - name: certificate
         secret:
           secretName: {{ template "secrets_certificate" . }}