diff --git a/common/pxc-db/templates/backup-configmap.yaml b/common/pxc-db/templates/backup-configmap.yaml new file mode 100644 index 00000000000..b7b16fbdf1d --- /dev/null +++ b/common/pxc-db/templates/backup-configmap.yaml @@ -0,0 +1,14 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: pxc-db-{{ .Values.name }}-backup-scripts + labels: + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + system: openstack + type: configuration + component: database +{{ include "pxc-db.labels" . | indent 4 }} +data: + backup.sh: | +{{ include (print .Template.BasePath "/bin/_backup.sh.tpl") . | indent 4 }} diff --git a/common/pxc-db/templates/backup-job.yaml b/common/pxc-db/templates/backup-job.yaml new file mode 100644 index 00000000000..a6e9a1a07be --- /dev/null +++ b/common/pxc-db/templates/backup-job.yaml @@ -0,0 +1,79 @@ +{{- if .Values.backup.dump.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "pxc-db.clusterName" . }}-backup + labels: + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + system: openstack + type: backup + component: database +{{ include "pxc-db.labels" . | indent 4 }} +spec: + schedule: {{ .Values.backup.dump.schedule | quote }} + concurrencyPolicy: "Forbid" + failedJobsHistoryLimit: 3 + successfulJobsHistoryLimit: 3 + jobTemplate: + spec: + activeDeadlineSeconds: 1200 + template: + metadata: + annotations: + {{- if and $.Values.global.linkerd_enabled $.Values.global.linkerd_requested }} + linkerd.io/inject: enabled + config.linkerd.io/opaque-ports: "3306,4444,4567,4568" + config.alpha.linkerd.io/proxy-enable-native-sidecar: "true" + {{- end }} + spec: + containers: + - name: backup + image: {{ required ".Values.global.registryAlternateRegion is missing" .Values.global.registryAlternateRegion }}/{{ .Values.backup.dump.image.name }}:{{ .Values.backup.dump.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - /backup-scripts/backup.sh + volumeMounts: + - name: backup-scripts + mountPath: /backup-scripts + env: + - name: PXC_NODE_NAME + value: {{ include "pxc-db.clusterName" . }}-pxc-{{ sub .Values.pxc.size 1 }}.{{ include "pxc-db.clusterName" . }}-pxc + - name: PXC_NODE_PORT + value: "33062" + - name: PXC_USERNAME + value: "xtrabackup" + - name: PXC_PASS + valueFrom: + secretKeyRef: + name: pxc-db-{{ .Values.name }}-secrets + key: xtrabackup + - name: ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ tpl (.Values.backup.s3.config.credentialsSecret) . | quote }} + key: AWS_ACCESS_KEY_ID + - name: SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ tpl (.Values.backup.s3.config.credentialsSecret) . | quote }} + key: AWS_SECRET_ACCESS_KEY + - name: PXC_SERVICE + value: {{ include "pxc-db.clusterName" . }}-pxc + - name: S3_BUCKET + value: {{ tpl (.Values.backup.dump.s3.config.bucket) . | quote }} + - name: S3_BUCKET_PATH + value: {{ tpl (.Values.backup.dump.s3.config.prefix) . | quote }} + - name: DEFAULT_REGION + value: {{ tpl (.Values.backup.s3.config.region) . | quote }} + - name: ENDPOINT + value: {{ tpl (.Values.backup.s3.config.endpointUrl) . | quote }} + - name: VERIFY_TLS + value: "false" + restartPolicy: OnFailure + volumes: + - name: backup-scripts + configMap: + name: pxc-db-{{ .Values.name }}-backup-scripts +{{- end }} diff --git a/common/pxc-db/templates/bin/_backup.sh.tpl b/common/pxc-db/templates/bin/_backup.sh.tpl new file mode 100644 index 00000000000..91ca5cb3ea5 --- /dev/null +++ b/common/pxc-db/templates/bin/_backup.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +set -x + +export AWS_SHARED_CREDENTIALS_FILE='/tmp/aws-credfile' +export AWS_ENDPOINT_URL="${ENDPOINT}" +export AWS_REGION="${DEFAULT_REGION}" + +if [ -n "$VERIFY_TLS" ] && [[ $VERIFY_TLS == "false" ]]; then + AWS_S3_NO_VERIFY_SSL='--no-verify-ssl' + XBCLOUD_ARGS="--insecure" +fi + +is_object_exist() { + local bucket="$1" + local object="$2" + + aws $AWS_S3_NO_VERIFY_SSL s3api head-object --bucket $bucket --key "$object" || NOT_EXIST=true + if [[ -z "$NOT_EXIST" ]]; then + return 1 + fi +} + +s3_add_bucket_dest() { + { set +x; } 2>/dev/null + aws configure set aws_access_key_id "$ACCESS_KEY_ID" + aws configure set aws_secret_access_key "$SECRET_ACCESS_KEY" + set -x +} + +dump_databases() { + { set +x; } 2>/dev/null + mysqldump \ + --port="${PXC_NODE_PORT}" \ + --host="${PXC_NODE_NAME}" \ + --user="${PXC_USERNAME}" \ + --password="${PXC_PASS}" \ + --single-transaction \ + --quick \ + --all-databases \ + --source-data=1 > /tmp/${date}/dump.sql + set -x +} + +compress_dump() { + tar -czPf /tmp/${date}/dump.tar.gz /tmp/${date}/dump.sql +} + +date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + +mkdir -p /tmp/${date} +touch /tmp/${date}/xtrabackup_tablespaces + +dump_databases +compress_dump + +xbstream --directory=/tmp/${date} -c dump.tar.gz $XBSTREAM_EXTRA_ARGS \ + | xbcloud put $XBCLOUD_ARGS --parallel="$(grep -c processor /proc/cpuinfo)" --storage=s3 --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH/${date}" 2>&1 \ + | (grep -v "error: http request failed: Couldn't resolve host name" || exit 1) + +rm -fr /tmp/${date} + +sleep 600 diff --git a/common/pxc-db/values.yaml b/common/pxc-db/values.yaml index 91334ef2e5a..3424e99d8f7 100644 --- a/common/pxc-db/values.yaml +++ b/common/pxc-db/values.yaml @@ -489,6 +489,19 @@ backup: keep: 5 # -- The name of the storage for the backups configured in the storages subsection storageName: s3-backups-daily + # -- Logical backup configuration (mysqldump) + # By default, only physical backups are enabled and needed + # Logical backup could be enabled if required by some dependent services + dump: + enabled: false + image: + name: percona-xtradb-cluster-operator + tag: 8.0.39-pxc8.0-backup-pxb8.0.35 + schedule: "15 0 * * *" + s3: + config: + bucket: "pxc-logical-{{ .Values.global.region }}" + prefix: "{{ .Values.name }}" # -- Default Prometheus alerts and rules. alerts: