openstack-helm-infra/mariadb/templates/cron-job-backup-mariadb.yaml
Huang, Sophie (sh879n) 573ac49939 Mariadb backup/restore enhancements
Below enhancements are made to Mariadb backup:
1) Used new helm-toolkit function to send/retrieve Mariadb
   backups to/from RGW via OpenStack Swift API.
2) Modified the backup script such that the database backup
   tarball can be sent to RGW.
3) Added a keystone user for RGW access.
4) Added a secret for OpenStack Swift API access.
5) Changed the cronjob image and runAsUser
6) Modified the restore script so that archives stored remotely
   on RGW can be used for the restore data source.
7) Added functions to the restore script to retrieve data
   from an archive for tables, table rows and table schema of a databse
8) Added a secret containing all the backup/restore related
   configuration needed for invoking the backup/restore operation
   from a different application or namespace.

Change-Id: Iadb9438fe419cded374897b43337039609077e61
2020-06-24 21:13:21 +00:00

148 lines
6.7 KiB
YAML

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.cron_job_mariadb_backup }}
{{- $envAll := . }}
{{- $serviceAccountName := "mariadb-backup" }}
{{ tuple $envAll "mariadb_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: mariadb-backup
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if .Values.jobs.backup_mariadb.backoffLimit }}
backoffLimit: {{ .Values.jobs.backup_mariadb.backoffLimit }}
{{- end }}
{{- if .Values.jobs.backup_mariadb.activeDeadlineSeconds }}
activeDeadlineSeconds: {{ .Values.jobs.backup_mariadb.activeDeadlineSeconds }}
{{- end }}
schedule: {{ .Values.jobs.backup_mariadb.cron | quote }}
successfulJobsHistoryLimit: {{ .Values.jobs.backup_mariadb.history.success }}
failedJobsHistoryLimit: {{ .Values.jobs.backup_mariadb.history.failed }}
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ dict "envAll" $envAll "podName" "mariadb-backup" "containerNames" (list "init" "backup-perms" "mariadb-backup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
template:
metadata:
labels:
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll "mariadb_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
- name: backup-perms
{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "mariadb_backup" "container" "backup_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
command:
- chown
- -R
- "65534:65534"
- $(MARIADB_BACKUP_BASE_DIR)
env:
- name: MARIADB_BACKUP_BASE_DIR
value: {{ .Values.conf.backup.base_path | quote }}
volumeMounts:
- mountPath: /tmp
name: pod-tmp
- mountPath: {{ .Values.conf.backup.base_path }}
name: mariadb-backup-dir
containers:
- name: mariadb-backup
command:
- /tmp/backup_mariadb.sh
env:
- name: MARIADB_BACKUP_BASE_DIR
value: {{ .Values.conf.backup.base_path | quote }}
- name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS
value: {{ .Values.conf.backup.mysqldump_options | quote }}
- name: MARIADB_LOCAL_BACKUP_DAYS_TO_KEEP
value: {{ .Values.conf.backup.days_to_keep | quote }}
- name: MARIADB_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: REMOTE_BACKUP_ENABLED
value: "{{ .Values.conf.backup.remote_backup.enabled }}"
{{- if .Values.conf.backup.remote_backup.enabled }}
- name: MARIADB_REMOTE_BACKUP_DAYS_TO_KEEP
value: {{ .Values.conf.backup.remote_backup.days_to_keep | quote }}
- name: CONTAINER_NAME
value: {{ .Values.conf.backup.remote_backup.container_name | quote }}
- name: STORAGE_POLICY
value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.remote_rgw_user }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
{{- end }}
{{- end }}
{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "mariadb_backup" "container" "mariadb_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- mountPath: /tmp/backup_mariadb.sh
name: mariadb-bin
readOnly: true
subPath: backup_mariadb.sh
- mountPath: /tmp/backup_main.sh
name: mariadb-bin
readOnly: true
subPath: backup_main.sh
- mountPath: {{ .Values.conf.backup.base_path }}
name: mariadb-backup-dir
- name: mariadb-secrets
mountPath: /etc/mysql/admin_user.cnf
subPath: admin_user.cnf
readOnly: true
restartPolicy: OnFailure
serviceAccount: {{ $serviceAccountName }}
serviceAccountName: {{ $serviceAccountName }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: mariadb-secrets
secret:
secretName: mariadb-secrets
defaultMode: 420
- configMap:
defaultMode: 365
name: mariadb-bin
name: mariadb-bin
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: mariadb-backup-dir
persistentVolumeClaim:
claimName: mariadb-backup-data
{{- else }}
- hostPath:
path: {{ .Values.conf.backup.base_path }}
type: DirectoryOrCreate
name: mariadb-backup-dir
{{- end }}
{{- end }}