diff --git a/charts/cluster/README.md b/charts/cluster/README.md index b8afdc5ef7..1ae9391fa9 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -75,10 +75,10 @@ The chart has three modes of operation. These are configured via the `mode` para CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are -stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following -providers are supported: +stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter. +The following providers are supported: -* S3 or S3-compatible stores, like MinIO +* S3 or S3-compatible stores, like MinIO or Ceph Rados * Microsoft Azure Blob Storage * Google Cloud Storage @@ -94,8 +94,8 @@ backups: ``` Each backup adapter takes it's own set of parameters, listed in the [Configuration options](#Configuration-options) section -below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`, -`backup.azure`, or `backup.google`. +below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: +`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`. Recovery -------- @@ -112,42 +112,48 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | Key | Type | Default | Description | |-----|------|---------|-------------| -| backups.azure.connectionString | string | `""` | | -| backups.azure.containerName | string | `""` | | -| backups.azure.inheritFromAzureAD | bool | `false` | | -| backups.azure.path | string | `"/"` | | -| backups.azure.serviceName | string | `"blob"` | | -| backups.azure.storageAccount | string | `""` | | -| backups.azure.storageKey | string | `""` | | -| backups.azure.storageSasToken | string | `""` | | -| backups.data.compression | string | `"gzip"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. | -| backups.data.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. | -| backups.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. | -| backups.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3:// Azure: https://..core.windows.net/ Google: gs:// | -| backups.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. | -| backups.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | -| backups.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | -| backups.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3..amazonaws.com" | -| backups.google.applicationCredentials | string | `""` | | -| backups.google.bucket | string | `""` | | -| backups.google.gkeEnvironment | bool | `false` | | -| backups.google.path | string | `"/"` | | -| backups.provider | string | `"s3"` | One of `s3`, `azure` or `google` | +| backups.objectStorage.data.compression | string | `"gzip"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. | +| backups.objectStorage.data.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. | +| backups.objectStorage.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. | +| backups.objectStorage.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3:// Azure: https://..core.windows.net/ Google: gs:// | +| backups.objectStorage.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | +| backups.objectStorage.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | +| backups.objectStorage.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3..amazonaws.com" | +| backups.objectStorage.provider | string | `""` | Enables objectStorage provider. One of providers from `providerSettings`, empty string - disables objectStorage backups. | +| backups.objectStorage.providerSettings.azure.connectionString | string | `""` | Configures `AZURE_CONNECTION_STRING` in secret | +| backups.objectStorage.providerSettings.azure.containerName | string | `""` | | +| backups.objectStorage.providerSettings.azure.inheritFromAzureAD | bool | `false` | | +| backups.objectStorage.providerSettings.azure.path | string | `"/"` | | +| backups.objectStorage.providerSettings.azure.serviceName | string | `"blob"` | | +| backups.objectStorage.providerSettings.azure.storageAccount | string | `""` | Configures `AZURE_STORAGE_ACCOUNT` in secret | +| backups.objectStorage.providerSettings.azure.storageKey | string | `""` | Configures `AZURE_STORAGE_KEY` in secret | +| backups.objectStorage.providerSettings.azure.storageSasToken | string | `""` | Configures `AZURE_STORAGE_SAS_TOKEN` in secret | +| backups.objectStorage.providerSettings.google.applicationCredentials | string | `""` | Configures `APPLICATION_CREDENTIALS` in secret | +| backups.objectStorage.providerSettings.google.bucket | string | `""` | | +| backups.objectStorage.providerSettings.google.gkeEnvironment | bool | `false` | | +| backups.objectStorage.providerSettings.google.path | string | `"/"` | | +| backups.objectStorage.providerSettings.s3.accessKey | string | `""` | Configures `ACCESS_KEY_ID` in secret | +| backups.objectStorage.providerSettings.s3.bucket | string | `""` | | +| backups.objectStorage.providerSettings.s3.path | string | `"/"` | | +| backups.objectStorage.providerSettings.s3.region | string | `""` | | +| backups.objectStorage.providerSettings.s3.secretKey | string | `""` | Configures `ACCESS_SECRET_KEY` in secret | +| backups.objectStorage.secret.create | bool | `true` | Whether to create a secret for the backup credentials or use existing one, note: existing secret should contains all required veriables for chosen provider | +| backups.objectStorage.secret.name | string | `""` | Name of the backup credentials secret | +| backups.objectStorage.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. | +| backups.objectStorage.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. | +| backups.objectStorage.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. | | backups.retentionPolicy | string | `"30d"` | Retention policy for backups | -| backups.s3.accessKey | string | `""` | | -| backups.s3.bucket | string | `""` | | -| backups.s3.path | string | `"/"` | | -| backups.s3.region | string | `""` | | -| backups.s3.secretKey | string | `""` | | | backups.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference | | backups.scheduledBackups[0].method | string | `"barmanObjectStore"` | Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot` | | backups.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name | | backups.scheduledBackups[0].schedule | string | `"0 0 0 * * *"` | Schedule in cron format | -| backups.secret.create | bool | `true` | Whether to create a secret for the backup credentials | -| backups.secret.name | string | `""` | Name of the backup credentials secret | -| backups.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. | -| backups.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. | -| backups.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. | +| backups.target | string | `"prefer-standby"` | Backup target configuration. One of `prefer-standby`, `primary`. | +| backups.volumeSnapshot.className | string | `""` | Storage snapshots class name, required to be set | +| backups.volumeSnapshot.walClassName | string | `""` | WAL snapshots class name, if unset - defaults to the same value as `className` | +| backups.volumeSnapshot.online | bool | `true` | Enables online/hot backups on volume snapshots | +| backups.volumeSnapshot.onlineConfiguration.immediateCheckpoint | bool | `true` | Request an immediate checkpoint before you start the backup procedure | +| backups.volumeSnapshot.onlineConfiguration.waitForArchive | bool | `true` | Wait for the archiver to process the last segment of the backup |procedure | +| backups.volumeSnapshot.snapshotOwnerReference | string | `"backup"` | Persistence of volume snapshot objects. One of `none`, `backup`, `cluster`, note: `retentionPolicy` will work only with `backup`. | | cluster.additionalLabels | object | `{}` | | | cluster.affinity | object | `{"topologyKey":"topology.kubernetes.io/zone"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration | | cluster.annotations | object | `{}` | | @@ -188,33 +194,33 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | pooler.poolMode | string | `"transaction"` | PgBouncer pooling mode | | pooler.template | object | `{}` | Custom PgBouncer deployment template. Use to override image, specify resources, etc. | | pooler.type | string | `"rw"` | PgBouncer type of service to forward traffic to. | -| recovery.azure.connectionString | string | `""` | | +| recovery.azure.connectionString | string | `""` | Configures `AZURE_CONNECTION_STRING` in secret | | recovery.azure.containerName | string | `""` | | | recovery.azure.inheritFromAzureAD | bool | `false` | | | recovery.azure.path | string | `"/"` | | | recovery.azure.serviceName | string | `"blob"` | | -| recovery.azure.storageAccount | string | `""` | | -| recovery.azure.storageKey | string | `""` | | -| recovery.azure.storageSasToken | string | `""` | | +| recovery.azure.storageAccount | string | `""` | Configures `AZURE_STORAGE_ACCOUNT` in secret | +| recovery.azure.storageKey | string | `""` | Configures `AZURE_STORAGE_KEY` in secret | +| recovery.azure.storageSasToken | string | `""` | Configures `AZURE_STORAGE_SAS_TOKEN` in secret | | recovery.backupName | string | `""` | Backup Recovery Method | | recovery.clusterName | string | `""` | The original cluster name when used in backups. Also known as serverName. | | recovery.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3:// Azure: https://..core.windows.net/ Google: gs:// | | recovery.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | | recovery.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | | recovery.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3..amazonaws.com" Leave empty if using the default S3 endpoint | -| recovery.google.applicationCredentials | string | `""` | | +| recovery.google.applicationCredentials | string | `""` | Configures `APPLICATION_CREDENTIALS` in secret | | recovery.google.bucket | string | `""` | | | recovery.google.gkeEnvironment | bool | `false` | | | recovery.google.path | string | `"/"` | | | recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to migrate databases to CloudNativePG, even from outside Kubernetes. # TODO | | recovery.pitrTarget.time | string | `""` | Time in RFC3339 format | | recovery.provider | string | `"s3"` | One of `s3`, `azure` or `google` | -| recovery.s3.accessKey | string | `""` | | +| recovery.s3.accessKey | string | `""` | Configures `ACCESS_KEY_ID` in secret | | recovery.s3.bucket | string | `""` | | | recovery.s3.path | string | `"/"` | | | recovery.s3.region | string | `""` | | -| recovery.s3.secretKey | string | `""` | | -| recovery.secret.create | bool | `true` | Whether to create a secret for the backup credentials | +| recovery.s3.secretKey | string | `""` | Configures `ACCESS_SECRET_KEY` in secret | +| recovery.secret.create | bool | `true` | Whether to create a secret for the restore credentials or use existing one, note: existing secret should contains all required veriables for chosen provider | | recovery.secret.name | string | `""` | Name of the backup credentials secret | | type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` | diff --git a/charts/cluster/README.md.gotmpl b/charts/cluster/README.md.gotmpl index e1a4d2f056..08b05281ec 100644 --- a/charts/cluster/README.md.gotmpl +++ b/charts/cluster/README.md.gotmpl @@ -83,10 +83,10 @@ The chart has three modes of operation. These are configured via the `mode` para CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are -stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following -providers are supported: +stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter. +The following providers are supported: -* S3 or S3-compatible stores, like MinIO +* S3 or S3-compatible stores, like MinIO or Ceph Rados * Microsoft Azure Blob Storage * Google Cloud Storage @@ -102,8 +102,8 @@ backups: ``` Each backup adapter takes it's own set of parameters, listed in the [Configuration options](#Configuration-options) section -below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`, -`backup.azure`, or `backup.google`. +below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: +`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`. Recovery diff --git a/charts/cluster/docs/Getting Started.md b/charts/cluster/docs/Getting Started.md index 54dad419d2..e2dae60d37 100644 --- a/charts/cluster/docs/Getting Started.md +++ b/charts/cluster/docs/Getting Started.md @@ -48,10 +48,10 @@ Most importantly you should configure your backup storage. CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are -stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following -providers are supported: +stored in the specified location. The backup provider is configured via the `backups.objectStorage.provider` parameter. +The following providers are supported: -* S3 or S3-compatible stores, like MinIO +* S3 or S3-compatible stores, like MinIO or Ceph Rados * Microsoft Azure Blob Storage * Google Cloud Storage @@ -67,8 +67,8 @@ Additionally you can specify the following parameters: ``` Each backup adapter takes it's own set of parameters, listed in the [Configuration options](../README.md#Configuration-options) section -below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`, -`backup.azure`, or `backup.google`. +below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: +`backups.objectStorage.providerSettings.s3`, `backups.objectStorage.providerSettings.azure` or `backups.objectStorage.providerSettings.google`. ### Cluster configuration diff --git a/charts/cluster/examples/basic.yaml b/charts/cluster/examples/basic.yaml index 5b608c2675..e2c1b4c2ba 100644 --- a/charts/cluster/examples/basic.yaml +++ b/charts/cluster/examples/basic.yaml @@ -1,5 +1,3 @@ mode: standalone cluster: instances: 1 -backups: - enabled: false diff --git a/charts/cluster/examples/custom-queries.yaml b/charts/cluster/examples/custom-queries.yaml index 7995202d8a..fc139806cb 100644 --- a/charts/cluster/examples/custom-queries.yaml +++ b/charts/cluster/examples/custom-queries.yaml @@ -19,6 +19,3 @@ cluster: - ratio: usage: GAUGE description: "Cache hit ratio" - -backups: - enabled: false diff --git a/charts/cluster/examples/pgbouncer.yaml b/charts/cluster/examples/pgbouncer.yaml index 1da9662750..89c88feb5c 100644 --- a/charts/cluster/examples/pgbouncer.yaml +++ b/charts/cluster/examples/pgbouncer.yaml @@ -1,8 +1,6 @@ mode: standalone cluster: instances: 1 -backups: - enabled: false pooler: enabled: true instances: 1 diff --git a/charts/cluster/examples/postgis.yaml b/charts/cluster/examples/postgis.yaml index 6c686dc629..c4798e8f7b 100644 --- a/charts/cluster/examples/postgis.yaml +++ b/charts/cluster/examples/postgis.yaml @@ -2,5 +2,3 @@ type: postgis mode: standalone cluster: instances: 1 -backups: - enabled: false \ No newline at end of file diff --git a/charts/cluster/examples/recovery-backup.yaml b/charts/cluster/examples/recovery-backup.yaml index d11187f5cd..d1f85c4e1f 100644 --- a/charts/cluster/examples/recovery-backup.yaml +++ b/charts/cluster/examples/recovery-backup.yaml @@ -8,15 +8,17 @@ cluster: instances: 1 backups: - provider: s3 - s3: - region: "eu-west-1" - bucket: "db-backups" - path: "/v1-restore" - accessKey: "AWS_S3_ACCESS_KEY" - secretKey: "AWS_S3_SECRET_KEY" - scheduledBackups: - - name: daily-backup # Daily at midnight - schedule: "0 0 0 * * *" # Daily at midnight - backupOwnerReference: self - retentionPolicy: "30d" \ No newline at end of file + objectStorage: + provider: s3 + providerSettings: + s3: + region: "eu-west-1" + bucket: "db-backups" + path: "/v1-restore" + accessKey: "AWS_S3_ACCESS_KEY" + secretKey: "AWS_S3_SECRET_KEY" + scheduledBackups: + - name: daily-backup # Daily at midnight + schedule: "0 0 0 * * *" # Daily at midnight + backupOwnerReference: self + retentionPolicy: "30d" diff --git a/charts/cluster/examples/recovery-object_store.yaml b/charts/cluster/examples/recovery-object_store.yaml index 742d5341c2..e167769539 100644 --- a/charts/cluster/examples/recovery-object_store.yaml +++ b/charts/cluster/examples/recovery-object_store.yaml @@ -15,16 +15,18 @@ cluster: instances: 1 backups: - endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com" - provider: s3 - s3: - region: "eu-west-1" - bucket: "db-backups" - path: "/v1-restore" - accessKey: "AWS_S3_ACCESS_KEY" - secretKey: "AWS_S3_SECRET_KEY" - scheduledBackups: - - name: daily-backup # Daily at midnight - schedule: "0 0 0 * * *" # Daily at midnight - backupOwnerReference: self - retentionPolicy: "30d" + objectStorage: + endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com" + provider: s3 + providerSettings: + s3: + region: "eu-west-1" + bucket: "db-backups" + path: "/v1-restore" + accessKey: "AWS_S3_ACCESS_KEY" + secretKey: "AWS_S3_SECRET_KEY" + scheduledBackups: + - name: daily-backup # Daily at midnight + schedule: "0 0 0 * * *" # Daily at midnight + backupOwnerReference: self + retentionPolicy: "30d" diff --git a/charts/cluster/examples/standalone-s3.yaml b/charts/cluster/examples/standalone-s3.yaml index bf1794d069..f659ddeef0 100644 --- a/charts/cluster/examples/standalone-s3.yaml +++ b/charts/cluster/examples/standalone-s3.yaml @@ -4,16 +4,17 @@ cluster: instances: 1 backups: - enabled: true - provider: s3 - s3: - region: "eu-west-1" - bucket: "db-backups" - path: "/v1" - accessKey: "AWS_S3_ACCESS_KEY" - secretKey: "AWS_S3_SECRET_KEY" - scheduledBackups: - - name: daily-backup # Daily at midnight - schedule: "0 0 0 * * *" # Daily at midnight - backupOwnerReference: self - retentionPolicy: "30d" + objectStorage: + provider: s3 + providerSettings: + s3: + region: "eu-west-1" + bucket: "db-backups" + path: "/v1" + accessKey: "AWS_S3_ACCESS_KEY" + secretKey: "AWS_S3_SECRET_KEY" + scheduledBackups: + - name: daily-backup # Daily at midnight + schedule: "0 0 0 * * *" # Daily at midnight + backupOwnerReference: self + retentionPolicy: "30d" diff --git a/charts/cluster/templates/NOTES.txt b/charts/cluster/templates/NOTES.txt index c35a6a1984..6397053274 100644 --- a/charts/cluster/templates/NOTES.txt +++ b/charts/cluster/templates/NOTES.txt @@ -50,7 +50,7 @@ Configuration │ Image │ {{ include "cluster.color-info" (printf "%-54s" (include "cluster.imageName" .)) }} │ │ Instances │ {{ include (printf "%s%s" "cluster.color-" $redundancyColor) (printf "%-54s" (toString .Values.cluster.instances)) }} │ │ Backups │ {{ include (printf "%s%s" "cluster.color-" (ternary "ok" "error" (eq (include "cluster.backupsEnabled" .) "true"))) (printf "%-54s" (ternary "Enabled" "Disabled" (eq (include "cluster.backupsEnabled" .) "true"))) }} │ -│ Backup Provider │ {{ (printf "%-54s" (title .Values.backups.provider)) }} │ +│ Backup Provider │ {{ (printf "%-54s" (title .Values.backups.objectStorage.provider)) }} │ │ Scheduled Backups │ {{ (printf "%-54s" $scheduledBackups) }} │ │ Storage │ {{ (printf "%-54s" .Values.cluster.storage.size) }} │ │ Storage Class │ {{ (printf "%-54s" (default "Default" .Values.cluster.storage.storageClass)) }} │ diff --git a/charts/cluster/templates/_backup.tpl b/charts/cluster/templates/_backup.tpl index e9f7b1c145..699117f601 100644 --- a/charts/cluster/templates/_backup.tpl +++ b/charts/cluster/templates/_backup.tpl @@ -3,18 +3,18 @@ backup: target: {{ .Values.backups.target }} retentionPolicy: {{ .Values.backups.retentionPolicy }} - {{- if eq (include "cluster.cloudBackupsEnabled" .) "true" }} + {{- if eq (include "cluster.objectStorageBackupsEnabled" .) "true" }} barmanObjectStore: wal: - compression: {{ .Values.backups.wal.compression }} - encryption: {{ .Values.backups.wal.encryption }} - maxParallel: {{ .Values.backups.wal.maxParallel }} + compression: {{ .Values.backups.objectStorage.wal.compression }} + encryption: {{ .Values.backups.objectStorage.wal.encryption }} + maxParallel: {{ .Values.backups.objectStorage.wal.maxParallel }} data: - compression: {{ .Values.backups.data.compression }} - encryption: {{ .Values.backups.data.encryption }} - jobs: {{ .Values.backups.data.jobs }} + compression: {{ .Values.backups.objectStorage.data.compression }} + encryption: {{ .Values.backups.objectStorage.data.encryption }} + jobs: {{ .Values.backups.objectStorage.data.jobs }} - {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups "secretPrefix" "backup" }} + {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups.objectStorage "secretPrefix" "backup" }} {{- include "cluster.barmanObjectStoreConfig" $d | nindent 2 }} {{- end }} {{- if (not (empty .Values.backups.volumeSnapshot.className )) }} diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 881047655d..36fe620c3b 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -16,10 +16,10 @@ {{- if eq .scope.provider "s3" }} {{- if empty .scope.endpointURL }} - endpointURL: "https://s3.{{ required "You need to specify S3 region if endpointURL is not specified." .scope.s3.region }}.amazonaws.com" + endpointURL: "https://s3.{{ required "You need to specify S3 region if endpointURL is not specified." .scope.providerSettings.s3.region }}.amazonaws.com" {{- end }} {{- if empty .scope.destinationPath }} - destinationPath: "s3://{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.s3.bucket }}{{ .scope.s3.path }}" + destinationPath: "s3://{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.providerSettings.s3.bucket }}{{ .scope.providerSettings.s3.path }}" {{- end }} {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-s3-creds" .chartFullname .secretPrefix) }} s3Credentials: @@ -31,13 +31,13 @@ key: ACCESS_SECRET_KEY {{- else if eq .scope.provider "azure" }} {{- if empty .scope.destinationPath }} - destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}" + destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.providerSettings.azure.storageAccount }}.{{ .scope.providerSettings.azure.serviceName }}.core.windows.net/{{ .scope.providerSettings.azure.containerName }}{{ .scope.providerSettings.azure.path }}" {{- end }} {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-azure-creds" .chartFullname .secretPrefix) }} azureCredentials: - {{- if .scope.azure.inheritFromAzureAD }} + {{- if .scope.providerSettings.azure.inheritFromAzureAD }} inheritFromAzureAD: true - {{- else if .scope.azure.connectionString }} + {{- else if .scope.providerSettings.azure.connectionString }} connectionString: name: {{ $secretName }} key: AZURE_CONNECTION_STRING @@ -45,7 +45,7 @@ storageAccount: name: {{ $secretName }} key: AZURE_STORAGE_ACCOUNT - {{- if .scope.azure.storageKey }} + {{- if .scope.providerSettings.azure.storageKey }} storageKey: name: {{ $secretName }} key: AZURE_STORAGE_KEY @@ -57,12 +57,12 @@ {{- end }} {{- else if eq .scope.provider "google" }} {{- if empty .scope.destinationPath }} - destinationPath: "gs://{{ required "You need to specify Google storage bucket if destinationPath is not specified." .scope.google.bucket }}{{ .scope.google.path }}" + destinationPath: "gs://{{ required "You need to specify Google storage bucket if destinationPath is not specified." .scope.providerSettings.google.bucket }}{{ .scope.providerSettings.google.path }}" {{- end }} {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-google-creds" .chartFullname .secretPrefix) }} googleCredentials: - gkeEnvironment: {{ .scope.google.gkeEnvironment }} -{{- if not .scope.google.gkeEnvironment }} + gkeEnvironment: {{ .scope.providerSettings.google.gkeEnvironment }} +{{- if not .scope.providerSettings.google.gkeEnvironment }} applicationCredentials: name: {{ $secretName }} key: APPLICATION_CREDENTIALS diff --git a/charts/cluster/templates/_helpers.tpl b/charts/cluster/templates/_helpers.tpl index 6964240188..47f8ecddcf 100644 --- a/charts/cluster/templates/_helpers.tpl +++ b/charts/cluster/templates/_helpers.tpl @@ -70,16 +70,25 @@ If a custom imageName is available, use it, otherwise use the defaults based on {{- end -}} {{/* -Cloud backups enabled +objectStorage backups enabled +Check that provider is set to one of supported providers in providerSettings */}} -{{- define "cluster.cloudBackupsEnabled" -}} -{{- $cloudProviders := list "s3" "azure" "google" -}} -{{- and .Values.backups.provider (has .Values.backups.provider $cloudProviders) -}} +{{- define "cluster.objectStorageBackupsEnabled" -}} +{{- $provider := .Values.backups.objectStorage.provider -}} +{{- $providerSettings := .Values.backups.objectStorage.providerSettings -}} +{{- if and $provider (hasKey $providerSettings $provider) }} + {{- (printf "%s" "true") }} +{{- else if and $provider (not (hasKey $providerSettings $provider)) }} +{{- fail (printf "The specified provider '%s' is does not have corresponding to one of supported in providerSettings" $provider) }} + {{- (printf "%s" "false") }} +{{- else }} + {{- (printf "%s" "false") }} +{{- end }} {{- end }} {{/* Backups enabled */}} {{- define "cluster.backupsEnabled" -}} -{{- or (eq (include "cluster.cloudBackupsEnabled" .) "true") (not (empty .Values.backups.volumeSnapshot.className )) -}} +{{- or (eq (include "cluster.objectStorageBackupsEnabled" .) "true") (not (empty .Values.backups.volumeSnapshot.className )) -}} {{- end }} diff --git a/charts/cluster/templates/backup-azure-creds.yaml b/charts/cluster/templates/backup-azure-creds.yaml index 471ce906c3..ec7c2189ee 100644 --- a/charts/cluster/templates/backup-azure-creds.yaml +++ b/charts/cluster/templates/backup-azure-creds.yaml @@ -1,11 +1,11 @@ -{{- if and (eq .Values.backups.provider "azure") .Values.backups.secret.create }} +{{- if and (eq .Values.backups.objectStorage.provider "azure") .Values.backups.objectStorage.secret.create }} apiVersion: v1 kind: Secret metadata: - name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} + name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.objectStorage.secret.name }} data: - AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }} - AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }} - AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }} - AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }} + AZURE_CONNECTION_STRING: {{ .Values.backups.objectStorage.providerSettings.azure.connectionString | b64enc | quote }} + AZURE_STORAGE_ACCOUNT: {{ .Values.backups.objectStorage.providerSettings.azure.storageAccount | b64enc | quote }} + AZURE_STORAGE_KEY: {{ .Values.backups.objectStorage.providerSettings.azure.storageKey | b64enc | quote }} + AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.objectStorage.providerSettings.azure.storageSasToken | b64enc | quote }} {{- end }} diff --git a/charts/cluster/templates/backup-google-creds.yaml b/charts/cluster/templates/backup-google-creds.yaml index 923af678ad..4b832f1b01 100644 --- a/charts/cluster/templates/backup-google-creds.yaml +++ b/charts/cluster/templates/backup-google-creds.yaml @@ -1,8 +1,8 @@ -{{- if and (eq .Values.backups.provider "google") .Values.backups.secret.create }} +{{- if and (eq .Values.backups.objectStorage.provider "google") .Values.backups.objectStorage.secret.create }} apiVersion: v1 kind: Secret metadata: - name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} + name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.objectStorage.secret.name }} data: - APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }} + APPLICATION_CREDENTIALS: {{ .Values.backups.objectStorage.providerSettings.google.applicationCredentials | b64enc | quote }} {{- end }} diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml index c32ce7dd91..e485bedca2 100644 --- a/charts/cluster/templates/backup-s3-creds.yaml +++ b/charts/cluster/templates/backup-s3-creds.yaml @@ -1,9 +1,9 @@ -{{- if and (eq .Values.backups.provider "s3") .Values.backups.secret.create }} +{{- if and (eq .Values.backups.objectStorage.provider "s3") .Values.backups.objectStorage.secret.create }} apiVersion: v1 kind: Secret metadata: - name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} + name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.objectStorage.secret.name }} data: - ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }} - ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }} + ACCESS_KEY_ID: {{ required ".Values.backups.objectStorage.providerSettings.s3.accessKey is required, but not specified." .Values.backups.objectStorage.providerSettings.s3.accessKey | b64enc | quote }} + ACCESS_SECRET_KEY: {{ required ".Values.backups.objectStorage.providerSettings.s3.secretKey is required, but not specified." .Values.backups.objectStorage.providerSettings.s3.secretKey | b64enc | quote }} {{- end }} diff --git a/charts/cluster/templates/ca-bundle.yaml b/charts/cluster/templates/ca-bundle.yaml index 12991c1638..ba843743fe 100644 --- a/charts/cluster/templates/ca-bundle.yaml +++ b/charts/cluster/templates/ca-bundle.yaml @@ -1,9 +1,9 @@ -{{- if .Values.backups.endpointCA.create }} +{{- if .Values.backups.objectStorage.endpointCA.create }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.backups.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }} + name: {{ .Values.backups.objectStorage.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }} data: - {{ .Values.backups.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.endpointCA.value }} + {{ .Values.backups.objectStorage.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.objectStorage.endpointCA.value }} {{- end }} diff --git a/charts/cluster/test/monitoring/01-monitoring_cluster.yaml b/charts/cluster/test/monitoring/01-monitoring_cluster.yaml index 62559eeaad..bfdadb2403 100644 --- a/charts/cluster/test/monitoring/01-monitoring_cluster.yaml +++ b/charts/cluster/test/monitoring/01-monitoring_cluster.yaml @@ -16,8 +16,6 @@ cluster: - ratio: usage: GAUGE description: "Cache hit ratio" -backups: - enabled: false pooler: enabled: true instances: 1 diff --git a/charts/cluster/test/pooler/01-pooler_cluster.yaml b/charts/cluster/test/pooler/01-pooler_cluster.yaml index 307f697065..f4d2cbfff9 100644 --- a/charts/cluster/test/pooler/01-pooler_cluster.yaml +++ b/charts/cluster/test/pooler/01-pooler_cluster.yaml @@ -4,8 +4,6 @@ cluster: storage: size: 256Mi storageClass: standard -backups: - enabled: false pooler: enabled: true instances: 2 diff --git a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml index a68ef8df2d..06e0285874 100644 --- a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml +++ b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml @@ -67,6 +67,3 @@ cluster: foo: bar annotations: foo: bar - -backups: - enabled: false diff --git a/charts/cluster/test/postgresql-minio-backup-restore/01-standalone_cluster.yaml b/charts/cluster/test/postgresql-minio-backup-restore/01-standalone_cluster.yaml index efebd75ec9..fbd70cdd2c 100644 --- a/charts/cluster/test/postgresql-minio-backup-restore/01-standalone_cluster.yaml +++ b/charts/cluster/test/postgresql-minio-backup-restore/01-standalone_cluster.yaml @@ -6,21 +6,22 @@ cluster: size: 256Mi backups: - enabled: true - provider: s3 - endpointURL: "https://minio.minio.svc.cluster.local" - endpointCA: - name: kube-root-ca.crt - key: ca.crt - wal: - encryption: "" - data: - encryption: "" - s3: - bucket: "mybucket" - path: "/v1" - accessKey: "minio" - secretKey: "minio123" - region: "local" + objectStorage: + provider: s3 + providerSettings: + s3: + bucket: "mybucket" + path: "/v1" + accessKey: "minio" + secretKey: "minio123" + region: "local" + endpointURL: "https://minio.minio.svc.cluster.local" + endpointCA: + name: kube-root-ca.crt + key: ca.crt + wal: + encryption: "" + data: + encryption: "" scheduledBackups: [] retentionPolicy: "30d" diff --git a/charts/cluster/test/postgresql-minio-backup-restore/05-recovery_backup_cluster.yaml b/charts/cluster/test/postgresql-minio-backup-restore/05-recovery_backup_cluster.yaml index 7279e1e819..a14f1a87b3 100644 --- a/charts/cluster/test/postgresql-minio-backup-restore/05-recovery_backup_cluster.yaml +++ b/charts/cluster/test/postgresql-minio-backup-restore/05-recovery_backup_cluster.yaml @@ -27,21 +27,22 @@ recovery: retentionPolicy: "30d" backups: - enabled: true - provider: s3 - endpointURL: "https://minio.minio.svc.cluster.local" - endpointCA: - name: kube-root-ca.crt - key: ca.crt - wal: - encryption: "" - data: - encryption: "" - s3: - bucket: "mybucket" - path: "/v1" - accessKey: "minio" - secretKey: "minio123" - region: "local" + objectStorage: + provider: s3 + providerSettings: + s3: + bucket: "mybucket" + path: "/v1" + accessKey: "minio" + secretKey: "minio123" + region: "local" + endpointURL: "https://minio.minio.svc.cluster.local" + endpointCA: + name: kube-root-ca.crt + key: ca.crt + wal: + encryption: "" + data: + encryption: "" scheduledBackups: [] retentionPolicy: "30d" diff --git a/charts/cluster/test/postgresql-minio-backup-restore/07-recovery_object_store_cluster.yaml b/charts/cluster/test/postgresql-minio-backup-restore/07-recovery_object_store_cluster.yaml index d6dafdc640..4b9ba69204 100644 --- a/charts/cluster/test/postgresql-minio-backup-restore/07-recovery_object_store_cluster.yaml +++ b/charts/cluster/test/postgresql-minio-backup-restore/07-recovery_object_store_cluster.yaml @@ -27,21 +27,22 @@ recovery: retentionPolicy: "30d" backups: - enabled: true - provider: s3 - endpointURL: "https://minio.minio.svc.cluster.local" - endpointCA: - name: kube-root-ca.crt - key: ca.crt - wal: - encryption: "" - data: - encryption: "" - s3: - bucket: "mybucket" - path: "/v1" - accessKey: "minio" - secretKey: "minio123" - region: "local" + objectStorage: + provider: s3 + providerSettings: + s3: + bucket: "mybucket" + path: "/v1" + accessKey: "minio" + secretKey: "minio123" + region: "local" + endpointURL: "https://minio.minio.svc.cluster.local" + endpointCA: + name: kube-root-ca.crt + key: ca.crt + wal: + encryption: "" + data: + encryption: "" scheduledBackups: [] retentionPolicy: "30d" diff --git a/charts/cluster/test/postgresql-minio-backup-restore/09-recovery_backup_pitr_cluster.yaml b/charts/cluster/test/postgresql-minio-backup-restore/09-recovery_backup_pitr_cluster.yaml index 3fa2bbd03a..2c531dd4c8 100644 --- a/charts/cluster/test/postgresql-minio-backup-restore/09-recovery_backup_pitr_cluster.yaml +++ b/charts/cluster/test/postgresql-minio-backup-restore/09-recovery_backup_pitr_cluster.yaml @@ -27,21 +27,22 @@ recovery: retentionPolicy: "30d" backups: - enabled: true - provider: s3 - endpointURL: "https://minio.minio.svc.cluster.local" - endpointCA: - name: kube-root-ca.crt - key: ca.crt - wal: - encryption: "" - data: - encryption: "" - s3: - bucket: "mybucket" - path: "/v2" - accessKey: "minio" - secretKey: "minio123" - region: "local" + objectStorage: + provider: s3 + providerSettings: + s3: + bucket: "mybucket" + path: "/v2" + accessKey: "minio" + secretKey: "minio123" + region: "local" + endpointURL: "https://minio.minio.svc.cluster.local" + endpointCA: + name: kube-root-ca.crt + key: ca.crt + wal: + encryption: "" + data: + encryption: "" scheduledBackups: [] retentionPolicy: "30d" diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index ac00f4b817..02c102181b 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -5,118 +5,147 @@ "backups": { "type": "object", "properties": { - "azure": { - "type": "object", - "properties": { - "connectionString": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "inheritFromAzureAD": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "storageAccount": { - "type": "string" - }, - "storageKey": { - "type": "string" - }, - "storageSasToken": { - "type": "string" - } - } - }, - "data": { + "objectStorage": { "type": "object", "properties": { - "compression": { - "type": "string" - }, - "encryption": { - "type": "string" - }, - "jobs": { - "type": "integer" - } - } - }, - "destinationPath": { - "type": "string" - }, - "endpointCA": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "endpointURL": { - "type": "string" - }, - "google": { - "type": "object", - "properties": { - "applicationCredentials": { - "type": "string" + "data": { + "type": "object", + "properties": { + "compression": { + "type": "string" + }, + "encryption": { + "type": "string" + }, + "jobs": { + "type": "integer" + } + } }, - "bucket": { + "destinationPath": { "type": "string" }, - "gkeEnvironment": { - "type": "boolean" + "endpointCA": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } }, - "path": { - "type": "string" - } - } - }, - "provider": { - "type": "string" - }, - "retentionPolicy": { - "type": "string" - }, - "s3": { - "type": "object", - "properties": { - "accessKey": { + "endpointURL": { "type": "string" }, - "bucket": { + "provider": { "type": "string" }, - "path": { - "type": "string" + "providerSettings": { + "type": "object", + "properties": { + "s3": { + "type": "object", + "properties": { + "accessKey": { + "type": "string" + }, + "bucket": { + "type": "string" + }, + "path": { + "type": "string" + }, + "region": { + "type": "string" + }, + "secretKey": { + "type": "string" + } + } + }, + "azure": { + "type": "object", + "properties": { + "connectionString": { + "type": "string" + }, + "containerName": { + "type": "string" + }, + "inheritFromAzureAD": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "serviceName": { + "type": "string" + }, + "storageAccount": { + "type": "string" + }, + "storageKey": { + "type": "string" + }, + "storageSasToken": { + "type": "string" + } + } + }, + "google": { + "type": "object", + "properties": { + "applicationCredentials": { + "type": "string" + }, + "bucket": { + "type": "string" + }, + "gkeEnvironment": { + "type": "boolean" + }, + "path": { + "type": "string" + } + } + } + } }, - "region": { - "type": "string" + "secret": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } }, - "secretKey": { - "type": "string" + "wal": { + "type": "object", + "properties": { + "compression": { + "type": "string" + }, + "encryption": { + "type": "string" + }, + "maxParallel": { + "type": "integer" + } + } } } }, - "target": { - "type": "string" - }, "volumeSnapshot": { "type": "object", "properties": { @@ -145,6 +174,12 @@ } } }, + "target": { + "type": "string" + }, + "retentionPolicy": { + "type": "string" + }, "scheduledBackups": { "type": "array", "items": { @@ -164,31 +199,6 @@ } } } - }, - "secret": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "wal": { - "type": "object", - "properties": { - "compression": { - "type": "string" - }, - "encryption": { - "type": "string" - }, - "maxParallel": { - "type": "integer" - } - } } } }, diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index f2db06b4a5..9d21da7a86 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -44,13 +44,19 @@ recovery: region: "" bucket: "" path: "/" + # -- Configures `ACCESS_KEY_ID` in secret accessKey: "" + # -- Configures `ACCESS_SECRET_KEY` in secret secretKey: "" azure: path: "/" + # -- Configures `AZURE_CONNECTION_STRING` in secret connectionString: "" + # -- Configures `AZURE_STORAGE_ACCOUNT` in secret storageAccount: "" + # -- Configures `AZURE_STORAGE_KEY` in secret storageKey: "" + # -- Configures `AZURE_STORAGE_SAS_TOKEN` in secret storageSasToken: "" containerName: "" serviceName: blob @@ -59,9 +65,11 @@ recovery: path: "/" bucket: "" gkeEnvironment: false + # -- Configures `APPLICATION_CREDENTIALS` in secret applicationCredentials: "" secret: - # -- Whether to create a secret for the backup credentials + # -- Whether to create a secret for the restore credentials or use existing one, + # note: existing secret should contains all required veriables for chosen provider create: true # -- Name of the backup credentials secret name: "" @@ -215,68 +223,74 @@ cluster: backups: - # -- Backup target configuration. One of `prefer-standby`, `primary`. - # https://cloudnative-pg.io/documentation/current/backup_recovery/#backup-from-a-standby - target: prefer-standby - - # -- Configure backup cloud provider. One of `s3`, `azure` or `google`, disabled by default + objectStorage: + # -- Enables objectStorage provider. One of providers from `providerSettings`, empty string - disables objectStorage backups. # https://cloudnative-pg.io/documentation/1.19/backup_recovery/#cloud-provider-support - provider: "" - s3: - region: "" - bucket: "" - path: "/" - accessKey: "" - secretKey: "" - azure: - path: "/" - connectionString: "" - storageAccount: "" - storageKey: "" - storageSasToken: "" - containerName: "" - serviceName: blob - inheritFromAzureAD: false - google: - path: "/" - bucket: "" - gkeEnvironment: false - applicationCredentials: "" - secret: - # -- Whether to create a secret for the backup credentials - create: true - # -- Name of the backup credentials secret - name: "" - # -- Overrides the provider specific default endpoint. Defaults to: - # S3: https://s3..amazonaws.com" - endpointURL: "" # Leave empty if using the default S3 endpoint - # -- Specifies a CA bundle to validate a privately signed certificate. - endpointCA: - # -- Creates a secret with the given value if true, otherwise uses an existing secret. - create: false - name: "" - key: "" - value: "" - # -- Overrides the provider specific default path. Defaults to: - # S3: s3:// - # Azure: https://..core.windows.net/ - # Google: gs:// - destinationPath: "" - - wal: - # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. - compression: gzip - # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. - encryption: AES256 - # -- Number of WAL files to be archived or restored in parallel. - maxParallel: 1 - data: - # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. - compression: gzip - # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. - encryption: AES256 - # -- Number of data files to be archived or restored in parallel. - jobs: 2 + provider: "" + providerSettings: + s3: + region: "" + bucket: "" + path: "/" + # -- Configures `ACCESS_KEY_ID` in secret + accessKey: "" + # -- Configures `ACCESS_SECRET_KEY` in secret + secretKey: "" + azure: + path: "/" + # -- Configures `AZURE_CONNECTION_STRING` in secret + connectionString: "" + # -- Configures `AZURE_STORAGE_ACCOUNT` in secret + storageAccount: "" + # -- Configures `AZURE_STORAGE_KEY` in secret + storageKey: "" + # -- Configures `AZURE_STORAGE_SAS_TOKEN` in secret + storageSasToken: "" + containerName: "" + serviceName: blob + inheritFromAzureAD: false + google: + path: "/" + bucket: "" + gkeEnvironment: false + # -- Configures `APPLICATION_CREDENTIALS` in secret + applicationCredentials: "" + secret: + # -- Whether to create a secret for the backup credentials or use existing one, + # note: existing secret should contains all required veriables for chosen provider + create: true + # -- Name of the backup credentials secret + name: "" + # -- Overrides the provider specific default endpoint. Defaults to: + # S3: https://s3..amazonaws.com" + endpointURL: "" # Leave empty if using the default S3 endpoint + # -- Specifies a CA bundle to validate a privately signed certificate. + endpointCA: + # -- Creates a secret with the given value if true, otherwise uses an existing secret. + create: false + name: "" + key: "" + value: "" + # -- Overrides the provider specific default path. Defaults to: + # S3: s3:// + # Azure: https://..core.windows.net/ + # Google: gs:// + destinationPath: "" + + wal: + # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. + compression: gzip + # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. + encryption: AES256 + # -- Number of WAL files to be archived or restored in parallel. + maxParallel: 1 + data: + # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. + compression: gzip + # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. + encryption: AES256 + # -- Number of data files to be archived or restored in parallel. + jobs: 2 # -- To enable volumeSnapshot configure className and add scheduledBackup with method `volumeSnapshot` volumeSnapshot: @@ -293,9 +307,17 @@ backups: waitForArchive: true # -- Persistence of volume snapshot objects # https://cloudnative-pg.io/documentation/current/backup_volumesnapshot/#persistence-of-volume-snapshot-objects - # One of `none`, `backup`, `cluster` + # One of `none`, `backup`, `cluster`, + # note: `retentionPolicy` will work only with `backup` snapshotOwnerReference: backup + # -- Backup target configuration. One of `prefer-standby`, `primary`. + # https://cloudnative-pg.io/documentation/current/backup/#backup-from-a-standby + target: prefer-standby + + # -- Retention policy for backups + retentionPolicy: "30d" + scheduledBackups: - # -- Scheduled backup name @@ -307,9 +329,6 @@ backups: # -- Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot` method: barmanObjectStore - # -- Retention policy for backups - retentionPolicy: "30d" - pooler: # -- Whether to enable PgBouncer