Use dedicated objectStorage section for backups, dynamically detect s…

…upported providers via providerSettings

Signed-off-by: Dmitriy Alekseev <[email protected]>

charts/cluster/README.md

@@ -75,10 +75,10 @@ The chart has three modes of operation. These are configured via the `mode` para
 
 CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object
 store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are
-stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following
-providers are supported:
+stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter.
+The following providers are supported:
 
-* S3 or S3-compatible stores, like MinIO
+* S3 or S3-compatible stores, like MinIO or Ceph Rados
 * Microsoft Azure Blob Storage
 * Google Cloud Storage
 
@@ -94,8 +94,8 @@ backups:
 ```
 
 Each backup adapter takes it's own set of parameters, listed in the [Configuration options](#Configuration-options) section
-below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`,
-`backup.azure`, or `backup.google`.
+below. Refer to the table for the full list of parameters and place the configuration under the appropriate key:
+`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`.
 
 Recovery
 --------
@@ -112,42 +112,48 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backups.azure.connectionString | string | `""` |  |
-| backups.azure.containerName | string | `""` |  |
-| backups.azure.inheritFromAzureAD | bool | `false` |  |
-| backups.azure.path | string | `"/"` |  |
-| backups.azure.serviceName | string | `"blob"` |  |
-| backups.azure.storageAccount | string | `""` |  |
-| backups.azure.storageKey | string | `""` |  |
-| backups.azure.storageSasToken | string | `""` |  |
-| backups.data.compression | string | `"gzip"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backups.data.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backups.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. |
-| backups.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
-| backups.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
-| backups.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. |
-| backups.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
-| backups.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
-| backups.google.applicationCredentials | string | `""` |  |
-| backups.google.bucket | string | `""` |  |
-| backups.google.gkeEnvironment | bool | `false` |  |
-| backups.google.path | string | `"/"` |  |
-| backups.provider | string | `"s3"` | One of `s3`, `azure` or `google` |
+| backups.objectStorage.data.compression | string | `"gzip"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backups.objectStorage.data.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backups.objectStorage.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. |
+| backups.objectStorage.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
+| backups.objectStorage.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| backups.objectStorage.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| backups.objectStorage.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
+| backups.objectStorage.provider | string | `""` | Enables objectStorage provider. One of providers from `providerSettings`, empty string - disables objectStorage backups. |
+| backups.objectStorage.providerSettings.azure.connectionString | string | `""` | Configures `AZURE_CONNECTION_STRING` in secret |
+| backups.objectStorage.providerSettings.azure.containerName | string | `""` |  |
+| backups.objectStorage.providerSettings.azure.inheritFromAzureAD | bool | `false` |  |
+| backups.objectStorage.providerSettings.azure.path | string | `"/"` |  |
+| backups.objectStorage.providerSettings.azure.serviceName | string | `"blob"` |  |
+| backups.objectStorage.providerSettings.azure.storageAccount | string | `""` | Configures `AZURE_STORAGE_ACCOUNT` in secret |
+| backups.objectStorage.providerSettings.azure.storageKey | string | `""` | Configures `AZURE_STORAGE_KEY` in secret |
+| backups.objectStorage.providerSettings.azure.storageSasToken | string | `""` | Configures `AZURE_STORAGE_SAS_TOKEN` in secret |
+| backups.objectStorage.providerSettings.google.applicationCredentials | string | `""` | Configures `APPLICATION_CREDENTIALS` in secret |
+| backups.objectStorage.providerSettings.google.bucket | string | `""` |  |
+| backups.objectStorage.providerSettings.google.gkeEnvironment | bool | `false` |  |
+| backups.objectStorage.providerSettings.google.path | string | `"/"` |  |
+| backups.objectStorage.providerSettings.s3.accessKey | string | `""` | Configures `ACCESS_KEY_ID` in secret |
+| backups.objectStorage.providerSettings.s3.bucket | string | `""` |  |
+| backups.objectStorage.providerSettings.s3.path | string | `"/"` |  |
+| backups.objectStorage.providerSettings.s3.region | string | `""` |  |
+| backups.objectStorage.providerSettings.s3.secretKey | string | `""` | Configures `ACCESS_SECRET_KEY` in secret |
+| backups.objectStorage.secret.create | bool | `true` | Whether to create a secret for the backup credentials or use existing one, note: existing secret should contains all required veriables for chosen provider |
+| backups.objectStorage.secret.name | string | `""` | Name of the backup credentials secret |
+| backups.objectStorage.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backups.objectStorage.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backups.objectStorage.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | backups.retentionPolicy | string | `"30d"` | Retention policy for backups |
-| backups.s3.accessKey | string | `""` |  |
-| backups.s3.bucket | string | `""` |  |
-| backups.s3.path | string | `"/"` |  |
-| backups.s3.region | string | `""` |  |
-| backups.s3.secretKey | string | `""` |  |
 | backups.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
 | backups.scheduledBackups[0].method | string | `"barmanObjectStore"` | Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot` |
 | backups.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
 | backups.scheduledBackups[0].schedule | string | `"0 0 0 * * *"` | Schedule in cron format |
-| backups.secret.create | bool | `true` | Whether to create a secret for the backup credentials |
-| backups.secret.name | string | `""` | Name of the backup credentials secret |
-| backups.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backups.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backups.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| backups.target | string | `"prefer-standby"` | Backup target configuration. One of `prefer-standby`, `primary`. |
+| backups.volumeSnapshot.className | string | `""` | Storage snapshots class name, required to be set |
+| backups.volumeSnapshot.walClassName | string | `""` | WAL snapshots class name, if unset - defaults to the same value as `className` |
+| backups.volumeSnapshot.online | bool | `true` | Enables online/hot backups on volume snapshots |
+| backups.volumeSnapshot.onlineConfiguration.immediateCheckpoint | bool | `true` | Request an immediate checkpoint before you start the backup procedure |
+| backups.volumeSnapshot.onlineConfiguration.waitForArchive | bool | `true` | Wait for the archiver to process the last segment of the backup |procedure |
+| backups.volumeSnapshot.snapshotOwnerReference | string | `"backup"` | Persistence of volume snapshot objects. One of `none`, `backup`, `cluster`, note: `retentionPolicy` will work only with `backup`. |
 | cluster.additionalLabels | object | `{}` |  |
 | cluster.affinity | object | `{"topologyKey":"topology.kubernetes.io/zone"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.annotations | object | `{}` |  |
@@ -188,33 +194,33 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | pooler.poolMode | string | `"transaction"` | PgBouncer pooling mode |
 | pooler.template | object | `{}` | Custom PgBouncer deployment template. Use to override image, specify resources, etc. |
 | pooler.type | string | `"rw"` | PgBouncer type of service to forward traffic to. |
-| recovery.azure.connectionString | string | `""` |  |
+| recovery.azure.connectionString | string | `""` | Configures `AZURE_CONNECTION_STRING` in secret |
 | recovery.azure.containerName | string | `""` |  |
 | recovery.azure.inheritFromAzureAD | bool | `false` |  |
 | recovery.azure.path | string | `"/"` |  |
 | recovery.azure.serviceName | string | `"blob"` |  |
-| recovery.azure.storageAccount | string | `""` |  |
-| recovery.azure.storageKey | string | `""` |  |
-| recovery.azure.storageSasToken | string | `""` |  |
+| recovery.azure.storageAccount | string | `""` | Configures `AZURE_STORAGE_ACCOUNT` in secret |
+| recovery.azure.storageKey | string | `""` | Configures `AZURE_STORAGE_KEY` in secret |
+| recovery.azure.storageSasToken | string | `""` | Configures `AZURE_STORAGE_SAS_TOKEN` in secret |
 | recovery.backupName | string | `""` | Backup Recovery Method |
 | recovery.clusterName | string | `""` | The original cluster name when used in backups. Also known as serverName. |
 | recovery.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
 | recovery.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
-| recovery.google.applicationCredentials | string | `""` |  |
+| recovery.google.applicationCredentials | string | `""` | Configures `APPLICATION_CREDENTIALS` in secret |
 | recovery.google.bucket | string | `""` |  |
 | recovery.google.gkeEnvironment | bool | `false` |  |
 | recovery.google.path | string | `"/"` |  |
 | recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. # TODO |
 | recovery.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.provider | string | `"s3"` | One of `s3`, `azure` or `google` |
-| recovery.s3.accessKey | string | `""` |  |
+| recovery.s3.accessKey | string | `""` | Configures `ACCESS_KEY_ID` in secret |
 | recovery.s3.bucket | string | `""` |  |
 | recovery.s3.path | string | `"/"` |  |
 | recovery.s3.region | string | `""` |  |
-| recovery.s3.secretKey | string | `""` |  |
-| recovery.secret.create | bool | `true` | Whether to create a secret for the backup credentials |
+| recovery.s3.secretKey | string | `""` | Configures `ACCESS_SECRET_KEY` in secret |
+| recovery.secret.create | bool | `true` | Whether to create a secret for the restore credentials or use existing one, note: existing secret should contains all required veriables for chosen provider |
 | recovery.secret.name | string | `""` | Name of the backup credentials secret |
 | type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` |
 

charts/cluster/README.md.gotmpl

@@ -83,10 +83,10 @@ The chart has three modes of operation. These are configured via the `mode` para
 
 CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object
 store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are
-stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following
-providers are supported:
+stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter.
+The following providers are supported:
 
-* S3 or S3-compatible stores, like MinIO
+* S3 or S3-compatible stores, like MinIO or Ceph Rados
 * Microsoft Azure Blob Storage
 * Google Cloud Storage
 
@@ -102,8 +102,8 @@ backups:
 ```
 
 Each backup adapter takes it's own set of parameters, listed in the [Configuration options](#Configuration-options) section
-below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`,
-`backup.azure`, or `backup.google`.
+below. Refer to the table for the full list of parameters and place the configuration under the appropriate key:
+`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`.
 
 
 Recovery

charts/cluster/docs/Getting Started.md

@@ -48,10 +48,10 @@ Most importantly you should configure your backup storage.
 
 CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object
 store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are
-stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following
-providers are supported:
+stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter.
+The following providers are supported:
 
-* S3 or S3-compatible stores, like MinIO
+* S3 or S3-compatible stores, like MinIO or Ceph Rados
 * Microsoft Azure Blob Storage
 * Google Cloud Storage
 
@@ -67,8 +67,8 @@ Additionally you can specify the following parameters:
   ```
 
 Each backup adapter takes it's own set of parameters, listed in the [Configuration options](../README.md#Configuration-options) section
-below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`,
-`backup.azure`, or `backup.google`.
+below. Refer to the table for the full list of parameters and place the configuration under the appropriate key:
+`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`.
 
 ### Cluster configuration
 

charts/cluster/examples/basic.yaml

@@ -1,5 +1,3 @@
 mode: standalone
 cluster:
   instances: 1
-backups:
-  enabled: false

charts/cluster/examples/custom-queries.yaml

@@ -19,6 +19,3 @@ cluster:
           - ratio:
               usage: GAUGE
               description: "Cache hit ratio"
-
-backups:
-  enabled: false

charts/cluster/examples/pgbouncer.yaml

@@ -1,8 +1,6 @@
 mode: standalone
 cluster:
   instances: 1
-backups:
-  enabled: false
 pooler:
   enabled: true
   instances: 1

charts/cluster/examples/postgis.yaml

@@ -2,5 +2,3 @@ type: postgis
 mode: standalone
 cluster:
   instances: 1
-backups:
-  enabled: false

charts/cluster/examples/recovery-backup.yaml

@@ -8,15 +8,17 @@ cluster:
   instances: 1
 
 backups:
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1-restore"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  objectStorage:
+    provider: s3
+    providerSettings:
+      s3:
+        region: "eu-west-1"
+        bucket: "db-backups"
+        path: "/v1-restore"
+        accessKey: "AWS_S3_ACCESS_KEY"
+        secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"

charts/cluster/examples/recovery-object_store.yaml

@@ -15,16 +15,18 @@ cluster:
   instances: 1
 
 backups:
-  endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com"
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1-restore"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  objectStorage:
+    endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com"
+    provider: s3
+    providerSettings:
+      s3:
+        region: "eu-west-1"
+        bucket: "db-backups"
+        path: "/v1-restore"
+        accessKey: "AWS_S3_ACCESS_KEY"
+        secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"

charts/cluster/examples/standalone-s3.yaml

@@ -4,16 +4,17 @@ cluster:
   instances: 1
 
 backups:
-  enabled: true
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  objectStorage:
+    provider: s3
+    providerSettings:
+      s3:
+        region: "eu-west-1"
+        bucket: "db-backups"
+        path: "/v1"
+        accessKey: "AWS_S3_ACCESS_KEY"
+        secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"