dbeaver · flambchap · Jun 13, 2025 · Jun 13, 2025 · Jun 16, 2025 · Jun 30, 2025
diff --git a/AWS/ecs-fargate/README.md b/AWS/ecs-fargate/README.md
@@ -17,7 +17,7 @@
 
 4. Clone the Git repository to your local machine by running the following command in your terminal:
 ```
-git clone https://github.com/dbeaver/cloudbeaver-deploy.git
+git clone https://github.com/dbeaver/team-edition-deploy.git
 ```
 5. Choose configuration for your cluster database:
    - If you plan to use the PostgreSQL internal container:

diff --git a/compose/cbte/docker-compose.yml b/compose/cbte/docker-compose.yml
@@ -19,6 +19,7 @@ services:
       - 443:8443
     environment:
       - PRODUCT_TYPE=te
+      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-dbeaver}
       - CLOUDBEAVER_WEB_SERVER_PORT=${CLOUDBEAVER_WEB_SERVER_PORT:-8978}
     networks:
       - cloudbeaver-te-private-net

diff --git a/compose/cbte/podman-compose.yml b/compose/cbte/podman-compose.yml
@@ -24,6 +24,7 @@ services:
       - 443:8443
     environment:
       - PRODUCT_TYPE=te
+      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-dbeaver}
       - CLOUDBEAVER_WEB_SERVER_PORT=${CLOUDBEAVER_WEB_SERVER_PORT:-8978}
     networks:
       - cloudbeaver-te-private-net

diff --git a/k8s/README.md b/k8s/README.md
@@ -12,6 +12,7 @@
     - [AWS](../AWS/aws-eks/README.md#aws-volumes-configuration-for-kubernetes-deployment)
     - [Google Cloud](../GCP/gke/README.md)
     - [Azure](../Azure/aks/README.md)
+- [Backup and Restore](#backup-and-restore)
 
 
 ### Minimum requirements
@@ -93,3 +94,97 @@ If you want to use AWS Application Load Balancer as ingress controller, [follow
 - [AWS](../AWS/aws-eks/README.md#aws-volumes-configuration-for-kubernetes-deployment)
 - [Google Cloud](../GCP/gke/README.md)
 - [Azure](../Azure/aks/README.md)
+
+### Backup and Restore
+
+To back up your DBeaver Team Edition deployment, you need to preserve both the database and persistent volume data.
+The following steps outline how to perform a backup and restore procedure.
+
+#### Backup Procedure
+
+1. **Database Backup**:
+    - **For in-cluster PostgreSQL**:
+    ```bash
+    NAMESPACE="default" # Change this to your namespace if different
+    BACKUP_DB_TARGETS=$(kubectl get pods -n $NAMESPACE --no-headers | awk '{print $1}' | grep 'postgre')
+    BACKUP_DIR=$(pwd) # Change this to your desired backup directory
+    kubectl exec -n $NAMESPACE $BACKUP_DB_TARGETS -- pg_dump -U postgres --format=plain -C cloudbeaver > $BACKUP_DIR/dump.sql
+    ```
+
+    - **For external or other database types**: Use the appropriate backup command for your database type and ensure proper connectivity
+      to the database.
+
+2. **Persistent Volume Backup**:
+
+    Back up workspace data from each service's persistent volume.
+
+    ```bash
+    BACKUP_CB_TARGETS=$(kubectl get pods -n $NAMESPACE --no-headers | awk '{print $1}' | grep -vE 'zoo|kafka|postgre|clean-up')
+    for svc in $BACKUP_CB_TARGETS
+    do
+        BACKUP_DEST_DIR=$(echo "$svc" | cut -d'-' -f2)
+        mkdir -p $BACKUP_DIR/$BACKUP_DEST_DIR
+        kubectl cp -n "$NAMESPACE" "$svc:workspace" "$BACKUP_DIR/$BACKUP_DEST_DIR" && break
+    done
+    ```
+
+3. **Archive packing**:
+
+    ```bash
+    tar czf $BACKUP_DIR.tar.gz $BACKUP_DIR/
+    ```
+
+#### Restore Procedure
+
+1. **Unpack the backup**:
+
+    Unpack the backup archive to a directory of your choice:
+
+    ```bash
+    ARCHIVE="" # Path to the backup archive
+    BACKUP_DIR="backups" # Change this to your backup directory
+    tar xzf "$ARCHIVE" -C "$BACKUP_DIR"
+    ```
+
+2. **Restore Persistent Volume Data**:
+
+    Restore workspace data to each service's persistent volume.
+
+    ```bash
+    NAMESPACE="default" # Change this to your namespace if different
+    BACKUP_CB_TARGETS=$(kubectl -n "$NAMESPACE" get pods --no-headers | awk '{print $1}' | grep -vE 'zoo|kafka|postgre|clean-up')
+    for svc in $BACKUP_CB_TARGETS; do
+        DIR=$(echo "$svc" | cut -d '-' -f2)
+        if ! kubectl cp "$BACKUP_DIR/$DIR/." "$NAMESPACE/$svc:workspace"; then
+            echo "ERROR: kubectl cp failed for pod $svc"
+            continue
+        fi
+    done
+    ```
+
+3. **Restore Database**:
+
+    - **For in-cluster PostgreSQL**:
+    ```bash
+    BACKUP_DB_TARGET=$(kubectl -n "$NAMESPACE" get pods --no-headers | awk '{print $1}' | grep postgre | head -n1)
+    kubectl exec -n "$NAMESPACE" "$BACKUP_DB_TARGET" -- bash -c 'rm -rf /var/lib/postgresql/data/*'
+    kubectl delete pod -n "$NAMESPACE" "$BACKUP_DB_TARGET"
+    kubectl wait --for=condition=Ready -n "$NAMESPACE" pod -l app=db --timeout=180s
+    NEW_DB_POD=$(kubectl -n "$NAMESPACE" get pods --no-headers | awk '{print $1}' | grep postgre | head -n1)
+    sleep 10
+    DB_USER=$(kubectl get pod "$NEW_DB_POD" -n "$NAMESPACE" -o jsonpath='{.spec.containers[0].env[?(@.name=="POSTGRES_USER")].value}')
+    DB=$(kubectl get pod "$NEW_DB_POD" -n "$NAMESPACE" -o jsonpath='{.spec.containers[0].env[?(@.name=="POSTGRES_DB")].value}')
+    kubectl exec -n "$NAMESPACE" -i "$NEW_DB_POD" -- psql -U $DB_USER $DB < "$BACKUP_DIR/dump.sql"
+    ```
+
+    - **For external or other database types**: Use the appropriate restore command for your database type while ensuring proper 
+    connectivity to the database.
+
+4. **Restart Services**:
+
+    Restart the services to ensure they pick up the restored data.
+
+    ```bash
+    DEPLOYMENTS=$(printf '%s\n' $BACKUP_CB_TARGETS $NEW_DB_POD | awk -F'-' 'BEGIN{OFS="-"}{NF-=2;print}' | sort -u)
+    kubectl -n "$NAMESPACE" rollout restart deployment $DEPLOYMENTS
+    ```
diff --git a/k8s/cbte/templates/_tls-checks.tpl b/k8s/cbte/templates/_tls-checks.tpl
@@ -0,0 +1,5 @@
+{{- define "check.pem" -}}
+{{- if not (regexMatch .pattern (.content | trim)) }}
+  {{- fail (printf "TLS file %s is not a valid PEM, check format" .path) }}
+{{- end }}
+{{- end }}
diff --git a/k8s/cbte/templates/secrets/ingress-cert.yaml b/k8s/cbte/templates/secrets/ingress-cert.yaml
@@ -12,6 +12,10 @@
   {{- fail (printf "Error: TLS is enabled (httpScheme=https), but one or both TLS files (%s, %s) are missing or empty." $chainCertPath $keyCertPath) }}
 {{- end }}
 
+{{- include "check.pem" (dict "path" $chainCertPath "content" (.Files.Get $chainCertPath)
+                               "pattern" "^-----BEGIN CERTIFICATE-----[\\s\\S]+-----END CERTIFICATE-----$") }}
+{{- include "check.pem" (dict "path" $keyCertPath   "content" (.Files.Get $keyCertPath)
+                               "pattern" "^-----BEGIN (?:EC |RSA |)?PRIVATE KEY-----[\\s\\S]+-----END (?:EC |RSA |)?PRIVATE KEY-----$") }}
 ---
 apiVersion: v1
 kind: Secret