From 284e9233146ea670ed9097884d622b0c1bdd00e0 Mon Sep 17 00:00:00 2001 From: Sergiy Markin Date: Wed, 13 Dec 2023 18:06:38 +0000 Subject: [PATCH] [backups] Mariadb backups improvements This PS removes mariadb-verify-server sidecar container from mariadb-ondemand job in order to make backup process more resilent. Change-Id: I30aa513d28826c8ea487937c8c3f1a7afd985d21 --- charts/mysqlclient-utility/Chart.yaml | 2 +- .../templates/bin/utility/_dbutils.tpl | 2 +- .../bin/utility/_mariadb_ondemand_job.sh.tpl | 81 ++++--------------- charts/mysqlclient-utility/values.yaml | 4 - 4 files changed, 17 insertions(+), 72 deletions(-) diff --git a/charts/mysqlclient-utility/Chart.yaml b/charts/mysqlclient-utility/Chart.yaml index 3e6aff91..7efdabaf 100644 --- a/charts/mysqlclient-utility/Chart.yaml +++ b/charts/mysqlclient-utility/Chart.yaml @@ -13,4 +13,4 @@ apiVersion: v1 description: Porthole MySql Client name: mysqlclient-utility -version: 0.1.5 +version: 0.1.7 diff --git a/charts/mysqlclient-utility/templates/bin/utility/_dbutils.tpl b/charts/mysqlclient-utility/templates/bin/utility/_dbutils.tpl index 7ebb39fd..c5d3959c 100755 --- a/charts/mysqlclient-utility/templates/bin/utility/_dbutils.tpl +++ b/charts/mysqlclient-utility/templates/bin/utility/_dbutils.tpl @@ -111,7 +111,7 @@ function ensure_ondemand_pod_exists() { CONTAINERS=$(echo "$POD_LISTING" | awk '{print $2}') # There should only ever be one ondemand pod existing at any time, so if # we find any which are not ready remove them, even if completed. - if [[ $STATUS != "Running" || $CONTAINERS != "2/2" ]]; then + if [[ $STATUS != "Running" || $CONTAINERS != "1/1" ]]; then echo "Found an old on-demand pod; removing it." remove_job "$NAMESPACE" "$ONDEMAND_JOB" if [[ $? -ne 0 ]]; then diff --git a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl index 5037dc1d..1fd8358d 100644 --- a/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl +++ b/charts/mysqlclient-utility/templates/bin/utility/_mariadb_ondemand_job.sh.tpl @@ -9,17 +9,11 @@ if [[ $MARIADB_POD_NAMESPACE == "" ]]; then fi export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }} -export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mariadb) export MYSQLCLIENT_UTILTIY_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility) export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d) MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d) export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g') -if [[ $MARIADB_IMAGE_NAME == "" ]]; then - echo "Cannot find the utility image for populating MARIADB_IMAGE_NAME variable." - exit 1 -fi - if [[ $MYSQLCLIENT_UTILTIY_IMAGE_NAME == "" ]]; then echo "Cannot find the utility image for populating MYSQLCLIENT_UTILTIY_IMAGE_NAME variable." exit 1 @@ -50,7 +44,7 @@ spec: metadata: annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -{{ dict "envAll" $envAll "podName" "mariadb-ondemand" "containerNames" (list "ondemand-perms" "mariadb-verify-server" "mariadb-ondemand" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "mariadb-ondemand" "containerNames" (list "ondemand-perms" "mariadb-ondemand" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} labels: {{ tuple $envAll "mariadb-ondemand" "ondemand" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: @@ -93,8 +87,10 @@ spec: {{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_ondemand | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ dict "envAll" $envAll "application" "mariadb_ondemand" "container" "mariadb_ondemand" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - - /bin/sleep - - "{{ .Values.conf.mariadb_ondemand.ondemapd_pod_sleep_time }}" + - /bin/sh + args: + - -c + - ( /tmp/start_verification_server.sh ) & /bin/sleep {{ .Values.conf.mariadb_ondemand.ondemapd_pod_sleep_time }} env: - name: MARIADB_BACKUP_BASE_DIR valueFrom: @@ -233,42 +229,17 @@ if $TLS_ENABLED; then mountPath: /etc/mysql/certs/ca.crt subPath: ca.crt readOnly: true -{{- if .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts }} -{{ .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts | toYaml | indent 12 }} -{{- end }} - - name: mariadb-verify-server - image: ${MARIADB_IMAGE_NAME} -{{ dict "envAll" $envAll "application" "mariadb_ondemand" "container" "mariadb_verify_server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.mariadb_verify_server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - - name: MYSQL_HISTFILE - value: /dev/null - command: - - /bin/sh - args: - - -c - - ( /tmp/start_verification_server.sh )& /bin/sleep {{ .Values.conf.mariadb_ondemand.ondemapd_pod_sleep_time }} - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: var-run - mountPath: /var/run/mysqld - - name: mycnfd - mountPath: /etc/mysql/conf.d - - name: mariadb-etc - mountPath: /etc/mysql/my.cnf - subPath: my.cnf - readOnly: true - - name: mariadb-secrets - mountPath: /etc/mysql/admin_user.cnf - subPath: admin_user.cnf - readOnly: true - name: mysql-data mountPath: /var/lib/mysql - name: mariadb-bin mountPath: /tmp/start_verification_server.sh subPath: start_verification_server.sh readOnly: true + - name: var-run + mountPath: /run/mysqld +{{- if .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts }} +{{ .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts | toYaml | indent 12 }} +{{- end }} volumes: - name: pod-tmp emptyDir: {} @@ -328,39 +299,17 @@ else mountPath: /etc/mysql/admin_user.cnf subPath: admin_user.cnf readOnly: true -{{- if .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts }} -{{ .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts | toYaml | indent 12 }} -{{- end }} - - name: mariadb-verify-server - image: ${MARIADB_IMAGE_NAME} -{{ dict "envAll" $envAll "application" "mariadb_ondemand" "container" "mariadb_verify_server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.mariadb_verify_server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - - name: MYSQL_HISTFILE - value: /dev/null - command: - - /tmp/start_verification_server.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: var-run - mountPath: /var/run/mysqld - - name: mycnfd - mountPath: /etc/mysql/conf.d - - name: mariadb-etc - mountPath: /etc/mysql/my.cnf - subPath: my.cnf - readOnly: true - - name: mariadb-secrets - mountPath: /etc/mysql/admin_user.cnf - subPath: admin_user.cnf - readOnly: true - name: mysql-data mountPath: /var/lib/mysql - name: mariadb-bin mountPath: /tmp/start_verification_server.sh subPath: start_verification_server.sh readOnly: true + - name: var-run + mountPath: /run/mysqld +{{- if .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts }} +{{ .Values.pod.mounts.mariadb_ondemand.container.mariadb_ondemand.volumeMounts | toYaml | indent 12 }} +{{- end }} volumes: - name: pod-tmp emptyDir: {} diff --git a/charts/mysqlclient-utility/values.yaml b/charts/mysqlclient-utility/values.yaml index e7660889..c16964d7 100644 --- a/charts/mysqlclient-utility/values.yaml +++ b/charts/mysqlclient-utility/values.yaml @@ -57,10 +57,6 @@ pod: runAsUser: 65534 readOnlyRootFilesystem: true allowPrivilegeEscalation: false - mariadb_verify_server: - runAsUser: 65534 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false mounts: mysqlclient: container: