feat: cnpg recovery options (#1926)

Co-authored-by: Ani Argjiri <[email protected]>
Co-authored-by: jeho <[email protected]>
(cherry picked from commit 98d8bfe)

Author: merll

charts/otomi-db/values.yaml

@@ -21,25 +21,8 @@ clusterAffinity:
     topologyKey: kubernetes.io/hostname
     podAntiAffinityType: preferred
 
-# Example for backups: 
-# clusterBackup:
-#   backup:
-#     barmanObjectStore:
-#       destinationPath: s3://bucket/
-#       endpointURL: "http://minio.minio.svc.cluster.local:9000"
-#       s3Credentials:
-#         accessKeyId:
-#           name: minio-creds
-#           key: MINIO_ACCESS_KEY
-#         secretAccessKey:
-#           name: minio-creds
-#           key: MINIO_SECRET_KEY
-
 clusterSpec:
-  bootstrap:
-    initdb:
-      database: app
-      owner: app
+  bootstrap: {}
 
 backup:
   enabled: false
@@ -53,4 +36,4 @@ backup:
   minioLocal:
     destinationPath: ""
   linode:
-    destinationPath: ""
+    destinationPath: ""

helmfile.d/helmfile-03.init.yaml

@@ -17,7 +17,7 @@ releases:
     namespace: argocd
     labels:
       app: core
-    <<: *default 
+    <<: *default
   - name: otomi-operator
     installed: true
     namespace: otomi-operator
@@ -57,6 +57,12 @@ releases:
       pkg: apl-gitea-operator
       app: core
     <<: *default
+  - name: harbor-artifacts
+    installed: {{ $a | get "harbor.enabled" }}
+    namespace: harbor
+    labels:
+      pkg: harbor
+    <<: *raw
   - name: apl-harbor-operator-artifacts
     installed: {{ $a | get "harbor.enabled" }}
     namespace: apl-harbor-operator

helmfile.d/helmfile-04.databases.yaml

@@ -27,7 +27,7 @@ releases:
       pkg: keycloak
     <<: *otomiDb
   - name: gitea-otomi-db
-    installed: {{ or $v.databases.gitea.useOtomiDB  $v.databases.gitea.imported }}
+    installed: true
     namespace: gitea
     labels:
       pkg: gitea

helmfile.d/helmfile-09.init.yaml

@@ -10,8 +10,6 @@ bases:
 {{ readFile "snippets/templates.gotmpl" }}
 {{- $v := .Values }}
 {{- $a := $v.apps }}
-{{- $h := $a.harbor }}
-{{- $k := $a.keycloak }}
 
 releases:
   - name: knative-serving-artifacts
@@ -40,12 +38,6 @@ releases:
     labels:
       pkg: minio
     <<: *default
-  - name: harbor-artifacts
-    installed: {{ $h | get "enabled" }}
-    namespace: harbor
-    labels:
-      pkg: harbor
-    <<: *raw
   - name: tekton-triggers
     installed: true
     namespace: tekton-pipelines
@@ -58,4 +50,4 @@ releases:
     namespace: otomi-pipelines
     labels:
       app: core
-    <<: *default
+    <<: *default

helmfile.d/snippets/defaults.yaml

@@ -14,7 +14,7 @@ environments:
                   memory: 64Mi
                 limits:
                   cpu: 200m
-                  memory: 256Mi              
+                  memory: 256Mi
             _rawValues: {}
           argocd:
             controllerStatusProcessors: 20
@@ -249,7 +249,7 @@ environments:
                     condition: (
                         container.image.repository in (
                           docker.io/gitea/gitea
-                        ) or (k8s.ns.name = "keycloak")  
+                        ) or (k8s.ns.name = "keycloak")
                       )
                   - macro: user_known_create_files_below_dev_activities
                     condition: (
@@ -881,7 +881,7 @@ environments:
                   cpu: 100m
                   memory: 256Mi
             persistence:
-                master: 
+                master:
                   size: 1Gi
                 sentinel:
                   size: 1Gi
@@ -1037,7 +1037,7 @@ environments:
                   memory: 24Mi
                 limits:
                   cpu: 100m
-                  memory: 128Mi              
+                  memory: 128Mi
             _rawValues: {}
           otel:
             enabled: false
@@ -1261,9 +1261,10 @@ environments:
         databases:
           keycloak:
             imageName: null
-            imported: false
             size: 5Gi
             replicas: 2
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1276,6 +1277,8 @@ environments:
             size: 5Gi
             replicas: 2
             coreDatabase: registry
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1285,10 +1288,10 @@ environments:
                 memory: 192Mi
           gitea:
             imageName: null
-            useOtomiDB: true
-            imported: false
             size: 5Gi
             replicas: 2
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1303,12 +1306,23 @@ environments:
           database:
             harbor:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: harbor
             gitea:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: gitea
             keycloak:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: keycloak
           gitea:
             enabled: false
+            retentionPolicy: 7d
+            schedule: 0 0 * * *
         cluster:
           provider: linode
           name: apl

values-changes.yaml

@@ -336,3 +336,8 @@ changes:
       - databases.harbor.resources.limits.cpu: '200m'
       - databases.harbor.resources.requests.memory: '192Mi'
       - databases.harbor.resources.requests.cpu: '200m'
+  - version: 33
+    deletions:
+      - 'databases.keycloak.imported'
+      - 'databases.gitea.imported'
+      - 'databases.gitea.useOtomiDB'

values-schema.yaml

@@ -1655,7 +1655,7 @@ properties:
             $ref: '#/definitions/email'
           issuer:
             description: |
-              Indicates the origin of the wildcard certificate. 
+              Indicates the origin of the wildcard certificate.
               The custom-ca - cert-manager uses the customRootCA to generate wildcard certificate.
               The letsencrypt - cert-manager requests certificate from letsencrypt endpoint.
               The byo-wildcard-cert allows users to bring their own trusted wildcard certificate (cert-manager not involved)
@@ -3168,6 +3168,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: harbor
           gitea:
             title: Gitea
             properties:
@@ -3180,6 +3184,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: gitea
           keycloak:
             title: Keycloak
             properties:
@@ -3192,6 +3200,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: keycloak
       persistentVolumes:
         type: object
         description: Create backups of persistent volumes
@@ -3293,9 +3305,16 @@ properties:
           replicas:
             type: integer
             default: 2
-          imported:
-            type: boolean
-            default: false
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
       harbor:
         title: Harbor
         properties:
@@ -3306,22 +3325,36 @@ properties:
           replicas:
             type: integer
             default: 2
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
       gitea:
         title: gitea
         properties:
-          useOtomiDB:
-            type: boolean
-            default: false
           size:
             type: string
           resources:
             $ref: '#/definitions/resources'
           replicas:
             type: integer
             default: 2
-          imported:
-            type: boolean
-            default: false
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
   teamConfig:
     additionalProperties: false
     patternProperties:

values/gitea/gitea-otomi-db.gotmpl

@@ -29,44 +29,21 @@ backup:
   type:  {{ $obj.type }}
 {{- if eq $obj.type "minioLocal" }}
   minioLocal:
-    destinationPath: "s3://cnpg/gitea"
+    destinationPath: "s3://cnpg/{{ $b.pathSuffix }}"
 {{- end }}
 {{- if eq $obj.type "linode" }}
   linode:
-    destinationPath: "s3://{{ $obj.linode.buckets.cnpg }}/gitea"
+    destinationPath: "s3://{{ $obj.linode.buckets.cnpg }}/{{ $b.pathSuffix }}"
     endpointURL: https://{{ $obj.linode.region }}.linodeobjects.com
 {{- end }}
 {{- end }}
 {{- end }}
 
-{{- if $gdb.imported }}
 clusterSpec:
   bootstrap:
-    initdb:
-      database: gitea
-      owner: gitea
-      secret:
-        name: gitea-db-secret
-      import:
-        type: microservice
-        databases:
-          - gitea
-        source:
-          externalCluster: gitea-postgresql
-  externalClusters:
-  - name: gitea-postgresql
-    connectionParameters:
-      host: gitea-postgresql.gitea.svc.cluster.local
-      user: gitea
-      dbname: gitea
-      sslmode: disable
-    password:
-      name: gitea-postgresql
-      key: postgresql-password
-
+{{- if $gdb.recovery }}
+    recovery: {{ toYaml $gdb.recovery | nindent 6 }}
 {{- else }}
-clusterSpec:  
-  bootstrap:
     initdb:
       database: gitea
       owner: gitea
@@ -75,5 +52,8 @@ clusterSpec:
       localeCollate: 'en_US.UTF-8'
       localeCType: 'en_US.UTF-8'
 {{- end }}
+{{- if $gdb.externalClusters }}
+  externalClusters: {{ toYaml $gdb.externalClusters | nindent 4 }}
+{{- end }}
 
 resources: {{- toYaml $gdb.resources | nindent 2 }}