Skip to content

Commit cfa2839

Browse files
tjmoore4tjmoore4
committed
Updates for an always-on pgBackRest repo host
To support the 'backup-standby' pgBackRest configuration setting as well as to simplify the overall pgBackRest integration, this commit changes the pgBackRest repo host creation behavior to always create a 'repo host' Pod as a location to run commands, regardless of whether or not a repo volume is defined. This allows backup commands to be consistently run on this Pod instead of being run at times on the primary instance Pod. Note that in cases where a repo host volume is not defined in the PostgresCluster spec, no volume will be created and pgBackRest log files will not be available in the Pod. Issue: PGO-562
1 parent 9aa988c commit cfa2839

File tree

20 files changed

+364
-291
lines changed

20 files changed

+364
-291
lines changed

internal/controller/postgrescluster/instance.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1376,10 +1376,8 @@ func addPGBackRestToInstancePodSpec(
13761376
ctx context.Context, cluster *v1beta1.PostgresCluster,
13771377
instanceCertificates *corev1.Secret, instancePod *corev1.PodSpec,
13781378
) {
1379-
if pgbackrest.DedicatedRepoHostEnabled(cluster) {
1380-
pgbackrest.AddServerToInstancePod(ctx, cluster, instancePod,
1381-
instanceCertificates.Name)
1382-
}
1379+
pgbackrest.AddServerToInstancePod(ctx, cluster, instancePod,
1380+
instanceCertificates.Name)
13831381

13841382
pgbackrest.AddConfigToInstancePod(cluster, instancePod)
13851383
}

internal/controller/postgrescluster/instance_test.go

Lines changed: 103 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -578,14 +578,104 @@ func TestAddPGBackRestToInstancePodSpec(t *testing.T) {
578578
readOnly: true
579579
- name: other
580580
resources: {}
581+
- command:
582+
- pgbackrest
583+
- server
584+
livenessProbe:
585+
exec:
586+
command:
587+
- pgbackrest
588+
- server-ping
589+
name: pgbackrest
590+
resources: {}
591+
securityContext:
592+
allowPrivilegeEscalation: false
593+
capabilities:
594+
drop:
595+
- ALL
596+
privileged: false
597+
readOnlyRootFilesystem: true
598+
runAsNonRoot: true
599+
seccompProfile:
600+
type: RuntimeDefault
601+
volumeMounts:
602+
- mountPath: /etc/pgbackrest/server
603+
name: pgbackrest-server
604+
readOnly: true
605+
- mountPath: /pgdata
606+
name: postgres-data
607+
- mountPath: /pgwal
608+
name: postgres-wal
609+
- mountPath: /etc/pgbackrest/conf.d
610+
name: pgbackrest-config
611+
readOnly: true
612+
- command:
613+
- bash
614+
- -ceu
615+
- --
616+
- |-
617+
monitor() {
618+
exec {fd}<> <(:||:)
619+
until read -r -t 5 -u "${fd}"; do
620+
if
621+
[[ "${filename}" -nt "/proc/self/fd/${fd}" ]] &&
622+
pkill -HUP --exact --parent=0 pgbackrest
623+
then
624+
exec {fd}>&- && exec {fd}<> <(:||:)
625+
stat --dereference --format='Loaded configuration dated %y' "${filename}"
626+
elif
627+
{ [[ "${directory}" -nt "/proc/self/fd/${fd}" ]] ||
628+
[[ "${authority}" -nt "/proc/self/fd/${fd}" ]]
629+
} &&
630+
pkill -HUP --exact --parent=0 pgbackrest
631+
then
632+
exec {fd}>&- && exec {fd}<> <(:||:)
633+
stat --format='Loaded certificates dated %y' "${directory}"
634+
fi
635+
done
636+
}; export directory="$1" authority="$2" filename="$3"; export -f monitor; exec -a "$0" bash -ceu monitor
637+
- pgbackrest-config
638+
- /etc/pgbackrest/server
639+
- /etc/pgbackrest/conf.d/~postgres-operator/tls-ca.crt
640+
- /etc/pgbackrest/conf.d/~postgres-operator_server.conf
641+
name: pgbackrest-config
642+
resources: {}
643+
securityContext:
644+
allowPrivilegeEscalation: false
645+
capabilities:
646+
drop:
647+
- ALL
648+
privileged: false
649+
readOnlyRootFilesystem: true
650+
runAsNonRoot: true
651+
seccompProfile:
652+
type: RuntimeDefault
653+
volumeMounts:
654+
- mountPath: /etc/pgbackrest/server
655+
name: pgbackrest-server
656+
readOnly: true
657+
- mountPath: /etc/pgbackrest/conf.d
658+
name: pgbackrest-config
659+
readOnly: true
581660
`))
582661

583-
// Instance configuration files but no certificates.
662+
// Instance configuration files with certificates.
584663
// Other volumes are ignored.
585664
assert.Assert(t, marshalMatches(out.Volumes, `
586665
- name: other
587666
- name: postgres-data
588667
- name: postgres-wal
668+
- name: pgbackrest-server
669+
projected:
670+
sources:
671+
- secret:
672+
items:
673+
- key: pgbackrest-server.crt
674+
path: server-tls.crt
675+
- key: pgbackrest-server.key
676+
mode: 384
677+
path: server-tls.key
678+
name: some-secret
589679
- name: pgbackrest-config
590680
projected:
591681
sources:
@@ -595,7 +685,19 @@ func TestAddPGBackRestToInstancePodSpec(t *testing.T) {
595685
path: pgbackrest_instance.conf
596686
- key: config-hash
597687
path: config-hash
688+
- key: pgbackrest-server.conf
689+
path: ~postgres-operator_server.conf
598690
name: hippo-pgbackrest-config
691+
- secret:
692+
items:
693+
- key: pgbackrest.ca-roots
694+
path: ~postgres-operator/tls-ca.crt
695+
- key: pgbackrest-client.crt
696+
path: ~postgres-operator/client-tls.crt
697+
- key: pgbackrest-client.key
698+
mode: 384
699+
path: ~postgres-operator/client-tls.key
700+
name: hippo-pgbackrest
599701
`))
600702
})
601703

@@ -644,7 +746,6 @@ func TestAddPGBackRestToInstancePodSpec(t *testing.T) {
644746
mode: 384
645747
path: ~postgres-operator/client-tls.key
646748
name: hippo-pgbackrest
647-
optional: true
648749
`))
649750
}
650751

0 commit comments

Comments
 (0)