From d7f42fcc18aa7f3a568f3e6e82854d1003993137 Mon Sep 17 00:00:00 2001 From: Sergiy Markin Date: Thu, 29 Jan 2026 21:31:06 +0000 Subject: [PATCH] Added failover openrc environment variables This PS adds failover OpenRC environment variables to the keystone_openrc_failover_env_vars.tpl snippet and includes this snippet in the mariadb, mariadb-backup, and postgresql backup cron job templates. Change-Id: I54b9aff48d1b3d801f00680e9d8721050c6a4b29 Signed-off-by: Sergiy Markin --- .../_keystone_openrc_failover_env_vars.tpl | 116 ++++++++++++++++++ .../templates/cron-job-backup-mariadb.yaml | 5 + .../templates/cron-job-backup-mariadb.yaml | 5 + .../templates/cron-job-backup-postgres.yaml | 5 + .../notes/helm-toolkit-81cf091a301877ff.yaml | 6 + .../notes/mariadb-0cb94bb0ae8cf38a.yaml | 5 + .../mariadb-backup-58c8a77f9c03bae8.yaml | 5 + .../notes/postgresql-4ee4e72706f17d8a.yaml | 5 + values_overrides/mariadb/backups.yaml | 23 +++- values_overrides/postgresql/backups.yaml | 23 +++- 10 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 helm-toolkit/templates/snippets/_keystone_openrc_failover_env_vars.tpl create mode 100644 releasenotes/notes/helm-toolkit-81cf091a301877ff.yaml create mode 100644 releasenotes/notes/mariadb-0cb94bb0ae8cf38a.yaml create mode 100644 releasenotes/notes/mariadb-backup-58c8a77f9c03bae8.yaml create mode 100644 releasenotes/notes/postgresql-4ee4e72706f17d8a.yaml diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_failover_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_failover_env_vars.tpl new file mode 100644 index 0000000000..278ea967e6 --- /dev/null +++ b/helm-toolkit/templates/snippets/_keystone_openrc_failover_env_vars.tpl @@ -0,0 +1,116 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +abstract: | + Returns a set of container failover environment variables, equivlant to an openrc for + use with keystone based command line clients. +values: | + secrets: + identity: + admin: example-keystone-admin +usage: | + {{ include "helm-toolkit.snippets.keystone_openrc_failover_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.admin ) }} +return: | + - name: OS_AUTH_URL_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_AUTH_URL_FAILOVER + - name: OS_REGION_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_REGION_NAME_FAILOVER + - name: OS_INTERFACE_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_INTERFACE_FAILOVER + - name: OS_PROJECT_DOMAIN_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_PROJECT_DOMAIN_NAME_FAILOVER + - name: OS_PROJECT_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_PROJECT_NAME_FAILOVER + - name: OS_USER_DOMAIN_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_USER_DOMAIN_NAME_FAILOVER + - name: OS_USERNAME_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_USERNAME_FAILOVER + - name: OS_PASSWORD_FAILOVER + valueFrom: + secretKeyRef: + name: example-keystone-admin + key: OS_PASSWORD_FAILOVER +*/}} + +{{- define "helm-toolkit.snippets.keystone_openrc_failover_env_vars" }} +{{- $useCA := .useCA -}} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_AUTH_URL_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL_FAILOVER +- name: OS_REGION_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME_FAILOVER +- name: OS_INTERFACE_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_INTERFACE_FAILOVER +- name: OS_PROJECT_DOMAIN_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME_FAILOVER +- name: OS_PROJECT_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME_FAILOVER +- name: OS_USER_DOMAIN_NAME_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME_FAILOVER +- name: OS_USERNAME_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME_FAILOVER +- name: OS_PASSWORD_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD_FAILOVER +- name: OS_DEFAULT_DOMAIN_FAILOVER + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_DEFAULT_DOMAIN_FAILOVER +{{- end }} diff --git a/mariadb-backup/templates/cron-job-backup-mariadb.yaml b/mariadb-backup/templates/cron-job-backup-mariadb.yaml index d84ec16942..d5c895be3f 100644 --- a/mariadb-backup/templates/cron-job-backup-mariadb.yaml +++ b/mariadb-backup/templates/cron-job-backup-mariadb.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- $serviceAccountName := "mariadb-backup" }} +{{- $failoverUserClass := .Values.conf.backup.remote_backup.failover_user_class }} {{ tuple $envAll "mariadb_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 @@ -144,6 +145,10 @@ spec: value: {{ .Values.conf.backup.remote_backup.throttle_backups.container_name | quote }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.mariadb }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} +{{- $failoverIdentityClass := index $envAll.Values.endpoints.identity.auth $failoverUserClass }} +{{- if $failoverIdentityClass }} +{{- include "helm-toolkit.snippets.keystone_openrc_failover_env_vars" $env | indent 16 }} +{{- end }} {{- end }} {{- end }} {{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }} diff --git a/mariadb/templates/cron-job-backup-mariadb.yaml b/mariadb/templates/cron-job-backup-mariadb.yaml index cb83812543..2809c58bb6 100644 --- a/mariadb/templates/cron-job-backup-mariadb.yaml +++ b/mariadb/templates/cron-job-backup-mariadb.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- $serviceAccountName := "mariadb-backup" }} +{{- $failoverUserClass := .Values.conf.backup.remote_backup.failover_user_class }} {{ tuple $envAll "mariadb_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 @@ -144,6 +145,10 @@ spec: value: {{ .Values.conf.backup.remote_backup.throttle_backups.container_name | quote }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.mariadb }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} +{{- $failoverIdentityClass := index $envAll.Values.endpoints.identity.auth $failoverUserClass }} +{{- if $failoverIdentityClass }} +{{- include "helm-toolkit.snippets.keystone_openrc_failover_env_vars" $env | indent 16 }} +{{- end }} {{- end }} {{- end }} {{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }} diff --git a/postgresql/templates/cron-job-backup-postgres.yaml b/postgresql/templates/cron-job-backup-postgres.yaml index 8331049ac5..3f069e13e2 100644 --- a/postgresql/templates/cron-job-backup-postgres.yaml +++ b/postgresql/templates/cron-job-backup-postgres.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- $serviceAccountName := "postgresql-backup" }} +{{- $failoverUserClass := .Values.conf.backup.remote_backup.failover_user_class }} {{ tuple $envAll "postgresql_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 @@ -134,6 +135,10 @@ spec: value: {{ .Values.conf.backup.remote_backup.throttle_backups.container_name | quote }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.postgresql }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} +{{- $failoverIdentityClass := index $envAll.Values.endpoints.identity.auth $failoverUserClass }} +{{- if $failoverIdentityClass }} +{{- include "helm-toolkit.snippets.keystone_openrc_failover_env_vars" $env | indent 16 }} +{{- end }} {{- end }} {{- end }} volumeMounts: diff --git a/releasenotes/notes/helm-toolkit-81cf091a301877ff.yaml b/releasenotes/notes/helm-toolkit-81cf091a301877ff.yaml new file mode 100644 index 0000000000..85de77aaae --- /dev/null +++ b/releasenotes/notes/helm-toolkit-81cf091a301877ff.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Added new snippet to include failover OpenRC environment variables in backup cron jobs for + MariaDB and PostgreSQL charts. +... diff --git a/releasenotes/notes/mariadb-0cb94bb0ae8cf38a.yaml b/releasenotes/notes/mariadb-0cb94bb0ae8cf38a.yaml new file mode 100644 index 0000000000..cb76436eba --- /dev/null +++ b/releasenotes/notes/mariadb-0cb94bb0ae8cf38a.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Added failover openrc environment variables to database backup cron jobs. +... diff --git a/releasenotes/notes/mariadb-backup-58c8a77f9c03bae8.yaml b/releasenotes/notes/mariadb-backup-58c8a77f9c03bae8.yaml new file mode 100644 index 0000000000..cb76436eba --- /dev/null +++ b/releasenotes/notes/mariadb-backup-58c8a77f9c03bae8.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Added failover openrc environment variables to database backup cron jobs. +... diff --git a/releasenotes/notes/postgresql-4ee4e72706f17d8a.yaml b/releasenotes/notes/postgresql-4ee4e72706f17d8a.yaml new file mode 100644 index 0000000000..cb76436eba --- /dev/null +++ b/releasenotes/notes/postgresql-4ee4e72706f17d8a.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Added failover openrc environment variables to database backup cron jobs. +... diff --git a/values_overrides/mariadb/backups.yaml b/values_overrides/mariadb/backups.yaml index 5a7de206c1..2367abc4cb 100644 --- a/values_overrides/mariadb/backups.yaml +++ b/values_overrides/mariadb/backups.yaml @@ -3,7 +3,7 @@ conf: backup: enabled: true remote_backup: - enabled: false + enabled: true volume: backup: enabled: true @@ -12,4 +12,25 @@ manifests: job_ks_user: false cron_job_mariadb_backup: true secret_backup_restore: true +endpoints: + identity: + auth: + mariadb: + auth_url: null + role: admin + region_name: RegionOne + username: mariadb-backup-user + password: password + project_name: service + user_domain_name: service + project_domain_name: service + mariadb_failover: + auth_url: null + role: admin + region_name: RegionOne + username: mariadb-backup-user-failover + password: password + project_name: service + user_domain_name: service + project_domain_name: service ... diff --git a/values_overrides/postgresql/backups.yaml b/values_overrides/postgresql/backups.yaml index 499322a810..c6ce1ee99f 100644 --- a/values_overrides/postgresql/backups.yaml +++ b/values_overrides/postgresql/backups.yaml @@ -3,7 +3,7 @@ conf: backup: enabled: true remote_backup: - enabled: false + enabled: true volume: backup: enabled: true @@ -12,4 +12,25 @@ manifests: job_ks_user: false cron_job_postgresql_backup: true secret_backup_restore: true +endpoints: + identity: + auth: + postgresql: + auth_url: null + role: admin + region_name: RegionOne + username: postgresql-backup-user + password: password + project_name: service + user_domain_name: service + project_domain_name: service + postgresql_failover: + auth_url: null + role: admin + region_name: RegionOne + username: postgresql-backup-user-failover + password: password + project_name: service + user_domain_name: service + project_domain_name: service ...