From 20fadf6467df2084f97bc7bb51928a84f363260d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Tue, 1 Aug 2023 12:28:45 +0200 Subject: [PATCH 1/7] fix: enable pg_dump cron --- .../cnpg-cluster/templates/backup-cron.yaml | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 charts/cnpg-cluster/templates/backup-cron.yaml diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml new file mode 100644 index 0000000..18e7287 --- /dev/null +++ b/charts/cnpg-cluster/templates/backup-cron.yaml @@ -0,0 +1,54 @@ +{{- if .Values.backup.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app: sre + name: backup-cron +spec: + schedule: "0 0 * * *" + concurrencyPolicy: Forbid + jobTemplate: + spec: + backoffLimit: 0 + template: + metadata: + labels: + app: sre + name: backup-cron + spec: + # securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # fsGroup: 1000 + restartPolicy: Never + containers: + - name: image-checker + image: ghcr.io/socialgouv/docker/s3-client:1 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .Values.backup.barmanObjectStore.s3Credentials.accessKeyId.name }} + key: bucket_access_key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.backup.barmanObjectStore.s3Credentials.secretAccessKey.name }} + key: bucket_secret_key + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + name: {{ .Values.backup.barmanObjectStore.s3Credentials.region.name }} + key: bucket_region + - name: AWS_ENDPOINT_URL + value: {{ .Values.backup.barmanObjectStore.endpointURL }} + - name: DESTINATION_PATH + value: {{ trimSuffix "/" .Values.backup.barmanObjectStore.destinationPath }}/dumps + envFrom: + - secretRef: + name: pg-hasura-app +{{- end}} From 41f06f2df35e039bc7699cdadf03203609241651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Tue, 1 Aug 2023 16:02:46 +0200 Subject: [PATCH 2/7] update unittest job --- .github/workflows/lint-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index b435641..61cd376 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -46,5 +46,5 @@ jobs: - name: Run helm unittest run: | - helm plugin install https://github.com/quintush/helm-unittest + helm plugin install https://github.com/helm-unittest/helm-unittest.git helm unittest --debug --color charts/* From 10b7168ff4d1f4c9c0af7bff5683fdcd2fa62dc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Tue, 1 Aug 2023 16:23:22 +0200 Subject: [PATCH 3/7] move values files --- charts/cnpg-cluster/tests/cnpg-cluster_test.yaml | 12 ++++++------ .../backup-recovery.yaml} | 0 .../tests/{values-backup.yaml => values/backup.yaml} | 0 .../{values-instances.yaml => values/instances.yaml} | 0 .../{values-pgparams.yaml => values/pgparams.yaml} | 0 .../{values-recovery.yaml => values/recovery.yaml} | 0 .../tests/{values-tag.yaml => values/tag.yaml} | 0 7 files changed, 6 insertions(+), 6 deletions(-) rename charts/cnpg-cluster/tests/{values-backup-recovery.yaml => values/backup-recovery.yaml} (100%) rename charts/cnpg-cluster/tests/{values-backup.yaml => values/backup.yaml} (100%) rename charts/cnpg-cluster/tests/{values-instances.yaml => values/instances.yaml} (100%) rename charts/cnpg-cluster/tests/{values-pgparams.yaml => values/pgparams.yaml} (100%) rename charts/cnpg-cluster/tests/{values-recovery.yaml => values/recovery.yaml} (100%) rename charts/cnpg-cluster/tests/{values-tag.yaml => values/tag.yaml} (100%) diff --git a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml index cd9c534..40dc97d 100644 --- a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml +++ b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml @@ -13,7 +13,7 @@ tests: count: 1 - it: cluster with custom instances values: - - values-instances.yaml + - ./values/instances.yaml asserts: - template: cluster.cnpg.yaml isKind: @@ -24,7 +24,7 @@ tests: value: 2 - it: cluster with custom image tag values: - - values-tag.yaml + - ./values/tag.yaml asserts: - template: cluster.cnpg.yaml isKind: @@ -35,7 +35,7 @@ tests: value: ghcr.io/cloudnative-pg/postgis:12 - it: cluster with scheduled backup enabled values: - - values-backup.yaml + - ./values/backup.yaml asserts: - template: cluster.cnpg.yaml matchSnapshot: @@ -46,20 +46,20 @@ tests: value: "1 2 3 * * 0" - it: cluster with recovery enabled values: - - values-recovery.yaml + - ./values/recovery.yaml asserts: - template: cluster.cnpg.yaml matchSnapshot: path: spec - it: cluster with enabled backup and recovery values: - - values-backup-recovery.yaml + - ./values/backup-recovery.yaml asserts: - matchSnapshot: path: spec - it: cluster with custom pgparams values: - - values-pgparams.yaml + - ./values/pgparams.yaml asserts: - template: cluster.cnpg.yaml matchSnapshot: diff --git a/charts/cnpg-cluster/tests/values-backup-recovery.yaml b/charts/cnpg-cluster/tests/values/backup-recovery.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-backup-recovery.yaml rename to charts/cnpg-cluster/tests/values/backup-recovery.yaml diff --git a/charts/cnpg-cluster/tests/values-backup.yaml b/charts/cnpg-cluster/tests/values/backup.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-backup.yaml rename to charts/cnpg-cluster/tests/values/backup.yaml diff --git a/charts/cnpg-cluster/tests/values-instances.yaml b/charts/cnpg-cluster/tests/values/instances.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-instances.yaml rename to charts/cnpg-cluster/tests/values/instances.yaml diff --git a/charts/cnpg-cluster/tests/values-pgparams.yaml b/charts/cnpg-cluster/tests/values/pgparams.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-pgparams.yaml rename to charts/cnpg-cluster/tests/values/pgparams.yaml diff --git a/charts/cnpg-cluster/tests/values-recovery.yaml b/charts/cnpg-cluster/tests/values/recovery.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-recovery.yaml rename to charts/cnpg-cluster/tests/values/recovery.yaml diff --git a/charts/cnpg-cluster/tests/values-tag.yaml b/charts/cnpg-cluster/tests/values/tag.yaml similarity index 100% rename from charts/cnpg-cluster/tests/values-tag.yaml rename to charts/cnpg-cluster/tests/values/tag.yaml From fc10bd0c35d0f913f53ae7f080f094b9650f97e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Tue, 1 Aug 2023 16:55:18 +0200 Subject: [PATCH 4/7] waiting for unittest release and refactor --- .../__snapshot__/cnpg-cluster_test.yaml.snap | 12 ++++++++++-- charts/cnpg-cluster/tests/cnpg-cluster_test.yaml | 7 ++++++- .../tests/values/backup-recovery.yaml | 15 --------------- charts/cnpg-cluster/tests/values/backup.yaml | 3 +++ 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap index 1869b7c..71b9688 100644 --- a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap +++ b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap @@ -13,6 +13,9 @@ cluster with enabled backup and recovery: accessKeyId: key: ACCESS_KEY_ID name: minio + region: + key: DEFAULT_REGION + name: minio secretAccessKey: key: ACCESS_SECRET_KEY name: minio @@ -20,6 +23,8 @@ cluster with enabled backup and recovery: retentionPolicy: 30d bootstrap: recovery: + recoveryTarget: + targetTime: 2020-11-26 15:22:00.00000+00 source: my-cluster-name-backup externalClusters: - barmanObjectStore: @@ -32,7 +37,7 @@ cluster with enabled backup and recovery: secretAccessKey: key: ACCESS_SECRET_KEY name: minio - serverName: some-cluster-to-recover + serverName: recoveredCluster name: my-cluster-name-backup imageName: ghcr.io/cloudnative-pg/postgis:15 imagePullPolicy: IfNotPresent @@ -49,7 +54,7 @@ cluster with enabled backup and recovery: backupOwnerReference: self cluster: name: RELEASE-NAME-cnpg-cluster - schedule: 0 0 0 * * 0 + schedule: 1 2 3 * * 0 cluster with recovery enabled: 1: | bootstrap: @@ -91,6 +96,9 @@ cluster with scheduled backup enabled: accessKeyId: key: ACCESS_KEY_ID name: minio + region: + key: DEFAULT_REGION + name: minio secretAccessKey: key: ACCESS_SECRET_KEY name: minio diff --git a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml index 40dc97d..226ac38 100644 --- a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml +++ b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml @@ -11,6 +11,10 @@ tests: - template: cluster.cnpg.yaml hasDocuments: count: 1 + # waiting for release of https://github.com/helm-unittest/helm-unittest/commit/0ace2cc039c1fa33133ea1f26e7cae620443d42a + # - containsDocument: + # kind: CronJob + # not: true - it: cluster with custom instances values: - ./values/instances.yaml @@ -53,7 +57,8 @@ tests: path: spec - it: cluster with enabled backup and recovery values: - - ./values/backup-recovery.yaml + - ./values/recovery.yaml + - ./values/backup.yaml asserts: - matchSnapshot: path: spec diff --git a/charts/cnpg-cluster/tests/values/backup-recovery.yaml b/charts/cnpg-cluster/tests/values/backup-recovery.yaml index 73d553f..99c5c94 100644 --- a/charts/cnpg-cluster/tests/values/backup-recovery.yaml +++ b/charts/cnpg-cluster/tests/values/backup-recovery.yaml @@ -1,18 +1,3 @@ -backup: - enabled: true - barmanObjectStore: - destinationPath: s3://backups/ - endpointURL: http://minio:9000 - serverName: "some-cluster" - s3Credentials: - accessKeyId: - name: minio - key: ACCESS_KEY_ID - secretAccessKey: - name: minio - key: ACCESS_SECRET_KEY - retentionPolicy: "30d" - recovery: enabled: true externalClusterName: my-cluster-name-backup diff --git a/charts/cnpg-cluster/tests/values/backup.yaml b/charts/cnpg-cluster/tests/values/backup.yaml index 5df9476..33b30de 100644 --- a/charts/cnpg-cluster/tests/values/backup.yaml +++ b/charts/cnpg-cluster/tests/values/backup.yaml @@ -12,4 +12,7 @@ backup: secretAccessKey: name: minio key: ACCESS_SECRET_KEY + region: + name: minio + key: DEFAULT_REGION retentionPolicy: "30d" From a16ab3fd77f64af0b4271981dc5ca7a2dfe4b960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= <38255502+matmut7@users.noreply.github.com> Date: Wed, 2 Aug 2023 12:01:06 +0200 Subject: [PATCH 5/7] add securityContext Co-authored-by: Julien Bouquillon --- charts/cnpg-cluster/templates/backup-cron.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml index 18e7287..59bd692 100644 --- a/charts/cnpg-cluster/templates/backup-cron.yaml +++ b/charts/cnpg-cluster/templates/backup-cron.yaml @@ -17,10 +17,10 @@ spec: app: sre name: backup-cron spec: - # securityContext: - # runAsUser: 1000 - # runAsGroup: 1000 - # fsGroup: 1000 + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 restartPolicy: Never containers: - name: image-checker From e8d3eac4f21e44c661d4bc97236094a827166ac2 Mon Sep 17 00:00:00 2001 From: Julien Bouquillon Date: Wed, 2 Aug 2023 13:02:19 +0200 Subject: [PATCH 6/7] tests(cnpg): more (#25) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matéo Mévollon --- .../cnpg-cluster/templates/backup-cron.yaml | 8 +-- .../cnpg-cluster/templates/cluster.cnpg.yaml | 4 +- .../__snapshot__/cnpg-cluster_test.yaml.snap | 62 ++++++++++++++++--- .../cnpg-cluster/tests/cnpg-cluster_test.yaml | 14 +++++ .../tests/values/backup-recovery.yaml | 15 ----- charts/cnpg-cluster/tests/values/backup.yaml | 2 +- .../cnpg-cluster/tests/values/recovery.yaml | 3 +- charts/cnpg-cluster/values.yaml | 6 +- 8 files changed, 80 insertions(+), 34 deletions(-) delete mode 100644 charts/cnpg-cluster/tests/values/backup-recovery.yaml diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml index 59bd692..45b1247 100644 --- a/charts/cnpg-cluster/templates/backup-cron.yaml +++ b/charts/cnpg-cluster/templates/backup-cron.yaml @@ -3,10 +3,10 @@ apiVersion: batch/v1 kind: CronJob metadata: labels: - app: sre + app: cnpg-backup-s3-client name: backup-cron spec: - schedule: "0 0 * * *" + schedule: {{ or .Values.backup.sqlDumpSchedule .Values.backup.schedule "0 0 * * *" }} concurrencyPolicy: Forbid jobTemplate: spec: @@ -14,7 +14,7 @@ spec: template: metadata: labels: - app: sre + app: cnpg-backup-s3-client name: backup-cron spec: securityContext: @@ -23,7 +23,7 @@ spec: fsGroup: 1001 restartPolicy: Never containers: - - name: image-checker + - name: s3-client image: ghcr.io/socialgouv/docker/s3-client:1 imagePullPolicy: IfNotPresent securityContext: diff --git a/charts/cnpg-cluster/templates/cluster.cnpg.yaml b/charts/cnpg-cluster/templates/cluster.cnpg.yaml index b32bebc..d183f68 100644 --- a/charts/cnpg-cluster/templates/cluster.cnpg.yaml +++ b/charts/cnpg-cluster/templates/cluster.cnpg.yaml @@ -80,7 +80,7 @@ spec: bootstrap: {{- if .Values.recovery.enabled }} recovery: - source: "{{ or .Values.recovery.externalClusterName "cnpg-cluster" }}" + source: "recovery-cluster" {{- if .Values.recovery.targetTime }} recoveryTarget: targetTime: "{{ .Values.recovery.targetTime }}" @@ -110,7 +110,7 @@ spec: {{- if .Values.recovery.enabled }} externalClusters: - - name: "{{ or .Values.recovery.externalClusterName "cnpg-cluster" }}" + - name: "recovery-cluster" barmanObjectStore: {{- toYaml .Values.recovery.barmanObjectStore | nindent 8 }} {{- end }} diff --git a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap index 71b9688..4d1f3df 100644 --- a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap +++ b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap @@ -5,6 +5,52 @@ cluster with custom pgparams: work_mem: 512MB cluster with enabled backup and recovery: 1: | + concurrencyPolicy: Forbid + jobTemplate: + spec: + backoffLimit: 0 + template: + metadata: + labels: + app: cnpg-backup-s3-client + name: backup-cron + spec: + containers: + - env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: bucket_access_key + name: minio + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: bucket_secret_key + name: minio + - name: AWS_DEFAULT_REGION + valueFrom: + secretKeyRef: + key: bucket_region + name: minio + - name: AWS_ENDPOINT_URL + value: http://minio:9000 + - name: DESTINATION_PATH + value: s3://backups/dumps + envFrom: + - secretRef: + name: pg-hasura-app + image: ghcr.io/socialgouv/docker/s3-client:1 + imagePullPolicy: IfNotPresent + name: s3-client + securityContext: + allowPrivilegeEscalation: false + restartPolicy: Never + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + schedule: 4 5 * * 0 + 2: | backup: barmanObjectStore: destinationPath: s3://backups/ @@ -19,13 +65,12 @@ cluster with enabled backup and recovery: secretAccessKey: key: ACCESS_SECRET_KEY name: minio - serverName: some-cluster retentionPolicy: 30d bootstrap: recovery: recoveryTarget: targetTime: 2020-11-26 15:22:00.00000+00 - source: my-cluster-name-backup + source: recovery-cluster externalClusters: - barmanObjectStore: destinationPath: s3://backups/ @@ -37,8 +82,8 @@ cluster with enabled backup and recovery: secretAccessKey: key: ACCESS_SECRET_KEY name: minio - serverName: recoveredCluster - name: my-cluster-name-backup + serverName: my-cluster-to-restore + name: recovery-cluster imageName: ghcr.io/cloudnative-pg/postgis:15 imagePullPolicy: IfNotPresent instances: 1 @@ -50,7 +95,7 @@ cluster with enabled backup and recovery: parameters: null storage: size: 8Gi - 2: | + 3: | backupOwnerReference: self cluster: name: RELEASE-NAME-cnpg-cluster @@ -61,7 +106,7 @@ cluster with recovery enabled: recovery: recoveryTarget: targetTime: 2020-11-26 15:22:00.00000+00 - source: my-cluster-name-backup + source: recovery-cluster externalClusters: - barmanObjectStore: destinationPath: s3://backups/ @@ -73,8 +118,8 @@ cluster with recovery enabled: secretAccessKey: key: ACCESS_SECRET_KEY name: minio - serverName: recoveredCluster - name: my-cluster-name-backup + serverName: my-cluster-to-restore + name: recovery-cluster imageName: ghcr.io/cloudnative-pg/postgis:15 imagePullPolicy: IfNotPresent instances: 1 @@ -102,7 +147,6 @@ cluster with scheduled backup enabled: secretAccessKey: key: ACCESS_SECRET_KEY name: minio - serverName: some-cluster retentionPolicy: 30d bootstrap: initdb: diff --git a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml index 226ac38..9e13955 100644 --- a/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml +++ b/charts/cnpg-cluster/tests/cnpg-cluster_test.yaml @@ -1,6 +1,7 @@ suite: test cnpg-cluster templates: - cluster.cnpg.yaml + - backup-cron.yaml - scheduledbackup.cnpg.yaml tests: - it: cluster should render @@ -11,6 +12,9 @@ tests: - template: cluster.cnpg.yaml hasDocuments: count: 1 + - template: backup-cron.yaml + hasDocuments: + count: 0 # waiting for release of https://github.com/helm-unittest/helm-unittest/commit/0ace2cc039c1fa33133ea1f26e7cae620443d42a # - containsDocument: # kind: CronJob @@ -48,6 +52,13 @@ tests: equal: path: spec.schedule value: "1 2 3 * * 0" + - template: backup-cron.yaml + equal: + path: spec.schedule + value: "4 5 * * 0" + - template: backup-cron.yaml + hasDocuments: + count: 1 - it: cluster with recovery enabled values: - ./values/recovery.yaml @@ -62,6 +73,9 @@ tests: asserts: - matchSnapshot: path: spec + - template: backup-cron.yaml + hasDocuments: + count: 1 - it: cluster with custom pgparams values: - ./values/pgparams.yaml diff --git a/charts/cnpg-cluster/tests/values/backup-recovery.yaml b/charts/cnpg-cluster/tests/values/backup-recovery.yaml deleted file mode 100644 index 99c5c94..0000000 --- a/charts/cnpg-cluster/tests/values/backup-recovery.yaml +++ /dev/null @@ -1,15 +0,0 @@ -recovery: - enabled: true - externalClusterName: my-cluster-name-backup - barmanObjectStore: - destinationPath: s3://backups/ - endpointURL: http://minio:9000 - serverName: "some-cluster-to-recover" - s3Credentials: - accessKeyId: - name: minio - key: ACCESS_KEY_ID - secretAccessKey: - name: minio - key: ACCESS_SECRET_KEY - retentionPolicy: "30d" diff --git a/charts/cnpg-cluster/tests/values/backup.yaml b/charts/cnpg-cluster/tests/values/backup.yaml index 33b30de..1a0f603 100644 --- a/charts/cnpg-cluster/tests/values/backup.yaml +++ b/charts/cnpg-cluster/tests/values/backup.yaml @@ -1,10 +1,10 @@ backup: enabled: true schedule: "1 2 3 * * 0" + sqlDumpSchedule: "4 5 * * 0" barmanObjectStore: destinationPath: s3://backups/ endpointURL: http://minio:9000 - serverName: "some-cluster" s3Credentials: accessKeyId: name: minio diff --git a/charts/cnpg-cluster/tests/values/recovery.yaml b/charts/cnpg-cluster/tests/values/recovery.yaml index c31bef2..26737c6 100644 --- a/charts/cnpg-cluster/tests/values/recovery.yaml +++ b/charts/cnpg-cluster/tests/values/recovery.yaml @@ -1,11 +1,10 @@ recovery: enabled: true - externalClusterName: my-cluster-name-backup targetTime: "2020-11-26 15:22:00.00000+00" barmanObjectStore: destinationPath: s3://backups/ endpointURL: http://minio:9000 - serverName: "recoveredCluster" + serverName: my-cluster-to-restore s3Credentials: accessKeyId: name: minio diff --git a/charts/cnpg-cluster/values.yaml b/charts/cnpg-cluster/values.yaml index ce55180..7e30844 100644 --- a/charts/cnpg-cluster/values.yaml +++ b/charts/cnpg-cluster/values.yaml @@ -75,6 +75,9 @@ backup: # this cron format has the seconds on the left schedule: "0 0 0 * * 0" + # -- Schedule the SQL dump backups, for instance every Sunday + sqlDumpSchedule: "0 0 * * 0" + # -- RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). # The retention policy is expressed in the form of XXu where XX is a positive integer and # u is in [dwm] - days, weeks, months. @@ -139,7 +142,6 @@ recovery: enabled: false # -- Name of the source cluster in the backups - externalClusterName: # -- Time to restore from, in RFC3339 format https://datatracker.ietf.org/doc/html/rfc3339 # targetTime: "2020-11-26 15:22:00.00000+00" @@ -149,6 +151,8 @@ recovery: barmanObjectStore: # destinationPath: # endpointURL: + # name of the recovery server on the s3 backups + # serverName: # s3Credentials: # accessKeyId: # name: From 331bf6b1c9fe20f3949772811f0fe02cc350027f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Wed, 2 Aug 2023 16:24:50 +0200 Subject: [PATCH 7/7] template pg_dump secret creds --- charts/cnpg-cluster/templates/backup-cron.yaml | 2 +- .../tests/__snapshot__/cnpg-cluster_test.yaml.snap | 2 +- charts/cnpg-cluster/tests/values/backup.yaml | 1 + charts/cnpg-cluster/values.yaml | 4 ++++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml index 45b1247..11f296c 100644 --- a/charts/cnpg-cluster/templates/backup-cron.yaml +++ b/charts/cnpg-cluster/templates/backup-cron.yaml @@ -50,5 +50,5 @@ spec: value: {{ trimSuffix "/" .Values.backup.barmanObjectStore.destinationPath }}/dumps envFrom: - secretRef: - name: pg-hasura-app + name: {{ .Values.backup.sqlDumpPgSecret }} {{- end}} diff --git a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap index 4d1f3df..6fb1f2b 100644 --- a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap +++ b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap @@ -38,7 +38,7 @@ cluster with enabled backup and recovery: value: s3://backups/dumps envFrom: - secretRef: - name: pg-hasura-app + name: pg-user-app image: ghcr.io/socialgouv/docker/s3-client:1 imagePullPolicy: IfNotPresent name: s3-client diff --git a/charts/cnpg-cluster/tests/values/backup.yaml b/charts/cnpg-cluster/tests/values/backup.yaml index 1a0f603..5701fe2 100644 --- a/charts/cnpg-cluster/tests/values/backup.yaml +++ b/charts/cnpg-cluster/tests/values/backup.yaml @@ -2,6 +2,7 @@ backup: enabled: true schedule: "1 2 3 * * 0" sqlDumpSchedule: "4 5 * * 0" + sqlDumpPgSecret: pg-user-app barmanObjectStore: destinationPath: s3://backups/ endpointURL: http://minio:9000 diff --git a/charts/cnpg-cluster/values.yaml b/charts/cnpg-cluster/values.yaml index 7e30844..bfd66cc 100644 --- a/charts/cnpg-cluster/values.yaml +++ b/charts/cnpg-cluster/values.yaml @@ -78,6 +78,9 @@ backup: # -- Schedule the SQL dump backups, for instance every Sunday sqlDumpSchedule: "0 0 * * 0" + # -- Secret where pg_dump will look for DB credentials + sqlDumpPgSecret: + # -- RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). # The retention policy is expressed in the form of XXu where XX is a positive integer and # u is in [dwm] - days, weeks, months. @@ -137,6 +140,7 @@ monitoring: enablePodMonitor: false superuserSecretName: +dbSecretName: recovery: enabled: false