573ac49939
Below enhancements are made to Mariadb backup: 1) Used new helm-toolkit function to send/retrieve Mariadb backups to/from RGW via OpenStack Swift API. 2) Modified the backup script such that the database backup tarball can be sent to RGW. 3) Added a keystone user for RGW access. 4) Added a secret for OpenStack Swift API access. 5) Changed the cronjob image and runAsUser 6) Modified the restore script so that archives stored remotely on RGW can be used for the restore data source. 7) Added functions to the restore script to retrieve data from an archive for tables, table rows and table schema of a databse 8) Added a secret containing all the backup/restore related configuration needed for invoking the backup/restore operation from a different application or namespace. Change-Id: Iadb9438fe419cded374897b43337039609077e61
148 lines
6.7 KiB
YAML
148 lines
6.7 KiB
YAML
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.manifests.cron_job_mariadb_backup }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $serviceAccountName := "mariadb-backup" }}
|
|
{{ tuple $envAll "mariadb_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: batch/v1beta1
|
|
kind: CronJob
|
|
metadata:
|
|
name: mariadb-backup
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
labels:
|
|
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
spec:
|
|
{{- if .Values.jobs.backup_mariadb.backoffLimit }}
|
|
backoffLimit: {{ .Values.jobs.backup_mariadb.backoffLimit }}
|
|
{{- end }}
|
|
{{- if .Values.jobs.backup_mariadb.activeDeadlineSeconds }}
|
|
activeDeadlineSeconds: {{ .Values.jobs.backup_mariadb.activeDeadlineSeconds }}
|
|
{{- end }}
|
|
schedule: {{ .Values.jobs.backup_mariadb.cron | quote }}
|
|
successfulJobsHistoryLimit: {{ .Values.jobs.backup_mariadb.history.success }}
|
|
failedJobsHistoryLimit: {{ .Values.jobs.backup_mariadb.history.failed }}
|
|
concurrencyPolicy: Forbid
|
|
jobTemplate:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
{{ dict "envAll" $envAll "podName" "mariadb-backup" "containerNames" (list "init" "backup-perms" "mariadb-backup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
|
|
spec:
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
restartPolicy: OnFailure
|
|
nodeSelector:
|
|
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
|
initContainers:
|
|
{{ tuple $envAll "mariadb_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
|
|
- name: backup-perms
|
|
{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
|
|
{{ dict "envAll" $envAll "application" "mariadb_backup" "container" "backup_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
|
|
command:
|
|
- chown
|
|
- -R
|
|
- "65534:65534"
|
|
- $(MARIADB_BACKUP_BASE_DIR)
|
|
env:
|
|
- name: MARIADB_BACKUP_BASE_DIR
|
|
value: {{ .Values.conf.backup.base_path | quote }}
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: pod-tmp
|
|
- mountPath: {{ .Values.conf.backup.base_path }}
|
|
name: mariadb-backup-dir
|
|
containers:
|
|
- name: mariadb-backup
|
|
command:
|
|
- /tmp/backup_mariadb.sh
|
|
env:
|
|
- name: MARIADB_BACKUP_BASE_DIR
|
|
value: {{ .Values.conf.backup.base_path | quote }}
|
|
- name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS
|
|
value: {{ .Values.conf.backup.mysqldump_options | quote }}
|
|
- name: MARIADB_LOCAL_BACKUP_DAYS_TO_KEEP
|
|
value: {{ .Values.conf.backup.days_to_keep | quote }}
|
|
- name: MARIADB_POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: REMOTE_BACKUP_ENABLED
|
|
value: "{{ .Values.conf.backup.remote_backup.enabled }}"
|
|
{{- if .Values.conf.backup.remote_backup.enabled }}
|
|
- name: MARIADB_REMOTE_BACKUP_DAYS_TO_KEEP
|
|
value: {{ .Values.conf.backup.remote_backup.days_to_keep | quote }}
|
|
- name: CONTAINER_NAME
|
|
value: {{ .Values.conf.backup.remote_backup.container_name | quote }}
|
|
- name: STORAGE_POLICY
|
|
value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
|
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.remote_rgw_user }}
|
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
|
|
{{ dict "envAll" $envAll "application" "mariadb_backup" "container" "mariadb_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- mountPath: /tmp/backup_mariadb.sh
|
|
name: mariadb-bin
|
|
readOnly: true
|
|
subPath: backup_mariadb.sh
|
|
- mountPath: /tmp/backup_main.sh
|
|
name: mariadb-bin
|
|
readOnly: true
|
|
subPath: backup_main.sh
|
|
- mountPath: {{ .Values.conf.backup.base_path }}
|
|
name: mariadb-backup-dir
|
|
- name: mariadb-secrets
|
|
mountPath: /etc/mysql/admin_user.cnf
|
|
subPath: admin_user.cnf
|
|
readOnly: true
|
|
restartPolicy: OnFailure
|
|
serviceAccount: {{ $serviceAccountName }}
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
volumes:
|
|
- name: pod-tmp
|
|
emptyDir: {}
|
|
- name: mariadb-secrets
|
|
secret:
|
|
secretName: mariadb-secrets
|
|
defaultMode: 420
|
|
- configMap:
|
|
defaultMode: 365
|
|
name: mariadb-bin
|
|
name: mariadb-bin
|
|
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
|
|
- name: mariadb-backup-dir
|
|
persistentVolumeClaim:
|
|
claimName: mariadb-backup-data
|
|
{{- else }}
|
|
- hostPath:
|
|
path: {{ .Values.conf.backup.base_path }}
|
|
type: DirectoryOrCreate
|
|
name: mariadb-backup-dir
|
|
{{- end }}
|
|
{{- end }}
|