From 6aa637a8db2b535ed2a2bfde375c6c018a0a8393 Mon Sep 17 00:00:00 2001 From: Daniil Fedotov Date: Tue, 10 Dec 2024 16:24:37 -0500 Subject: [PATCH 1/3] docs: Rework blueprints to separate DB tools image and kanister-tools image Follow up to #3284 Signed-off-by: Daniil Fedotov --- .../blueprint-v2/elasticsearch-blueprint.yaml | 58 +++++++++++++++---- .../k8s/etcd-incluster-blueprint.yaml | 31 +++++++--- .../hook-blueprint/postgres-ha-hook.yaml | 4 +- 3 files changed, 72 insertions(+), 21 deletions(-) diff --git a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml index 59334d3dd9..bc8543d590 100644 --- a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml +++ b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml @@ -11,17 +11,23 @@ actions: # `kopiaOutput` is the name provided to kando using `--output-name` flag kopiaSnapshot: "{{ .Phases.backupToStore.Output.kopiaOutput }}" phases: - - func: KubeTask + - func: MultiContainerRun name: backupToStore objects: esMasterCredSecret: kind: Secret name: "{{ index .Object.metadata.labels.app }}-credentials" namespace: "{{ .StatefulSet.Namespace }}" + args: namespace: "{{ .StatefulSet.Namespace }}" - image: "ghcr.io/kanisterio/es-sidecar:0.112.0" - command: + sharedVolumeMedium: Memory + + initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + + backgroundImage: elasticdump/elasticsearch-dump:latest + backgroundCommand: - bash - -o - errexit @@ -33,25 +39,41 @@ actions: backup_file_path='backup.gz' master_username="{{ index .Phases.backupToStore.Secrets.esMasterCredSecret.Data "username" | toString }}" master_password="{{ index .Phases.backupToStore.Secrets.esMasterCredSecret.Data "password" | toString }}" - NODE_TLS_REJECT_UNAUTHORIZED=0 elasticdump --bulk=true --input=https://${master_username}:${master_password}@${host_name}:9200 --output=/backup - gzip -c /backup | kando location push --profile '{{ toJson .Profile }}' --path "${backup_file_path}" --output-name "kopiaOutput" - + NODE_TLS_REJECT_UNAUTHORIZED=0 elasticdump --bulk=true --input=https://${master_username}:${master_password}@${host_name}:9200 --output=$ > /tmp/data + + outputImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + outputCommand: + - bash + - -o + - errexit + - -o + - pipefail + - -c + - | + cat /tmp/data | gzip -c | kando location push --profile '{{ toJson .Profile }}' --path "${backup_file_path}" --output-name "kopiaOutput" - + + restore: inputArtifactNames: # The kopia snapshot info created in backup phase can be used here # Use the `--kopia-snapshot` flag in kando to pass in `esBackup.KopiaSnapshot` - esBackup phases: - - func: KubeTask + - func: MultiContainerRun name: restoreFromObjectStore objects: esMasterCredSecret: kind: Secret name: "{{ index .Object.metadata.labels.app }}-credentials" - namespace: "{{ .StatefulSet.Namespace }}" + namespace: "{{ .StatefulSet.Namespace }}" args: namespace: "{{ .StatefulSet.Namespace }}" - image: "ghcr.io/kanisterio/es-sidecar:0.112.0" - command: + + initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + + backgroundImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + backgroundCommand: - bash - -o - errexit @@ -59,12 +81,24 @@ actions: - pipefail - -c - | - host_name="{{ .Object.spec.serviceName }}.{{ .StatefulSet.Namespace }}.svc.cluster.local" backup_file_path='backup.gz' kopia_snap='{{ .ArtifactsIn.esBackup.KopiaSnapshot }}' + kando location pull --profile '{{ toJson .Profile }}' --path "${backup_file_path}" --kopia-snapshot "${kopia_snap}" - | gunzip -c > /tmp/data + + outputImage: elasticdump/elasticsearch-dump:latest + outputCommand: + - bash + - -o + - errexit + - -o + - pipefail + - -c + - | + host_name="{{ .Object.spec.serviceName }}.{{ .StatefulSet.Namespace }}.svc.cluster.local" master_username="{{ index .Phases.restoreFromObjectStore.Secrets.esMasterCredSecret.Data "username" | toString }}" master_password="{{ index .Phases.restoreFromObjectStore.Secrets.esMasterCredSecret.Data "password" | toString }}" - kando location pull --profile '{{ toJson .Profile }}' --path "${backup_file_path}" --kopia-snapshot "${kopia_snap}" - | gunzip -c | NODE_TLS_REJECT_UNAUTHORIZED=0 elasticdump --bulk=true --input=$ --output=https://${master_username}:${master_password}@${host_name}:9200 + cat /tmp/data | NODE_TLS_REJECT_UNAUTHORIZED=0 elasticdump --bulk=true --input=$ --output=https://${master_username}:${master_password}@${host_name}:9200 + delete: inputArtifactNames: # The kopia snapshot info created in backup phase can be used here @@ -75,7 +109,7 @@ actions: name: deleteFromStore args: namespace: "{{ .Namespace.Name }}" - image: "ghcr.io/kanisterio/es-sidecar:0.112.0" + image: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' command: - bash - -o diff --git a/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml b/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml index e57dc70164..4a9c697f8a 100644 --- a/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml +++ b/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml @@ -34,11 +34,16 @@ actions: kando output etcdPod $ETCD_POD kando output etcdNS $ETCDNS - - func: KubeTask + - func: MultiContainerRun name: uploadSnapshot args: - image: ghcr.io/kanisterio/kanister-kubectl-1.18:0.112.0 - command: + sharedVolumeMedium: Memory + + initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + + backgroundImage: ghcr.io/kanisterio/kanister-kubectl-1.18:0.112.0 + backgroundCommand: - sh - -o - errexit @@ -46,10 +51,22 @@ actions: - pipefail - -c - | - BACKUP_LOCATION=etcd_backups/{{ .Object.metadata.namespace }}/{{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15:04:05Z07:00" }}/etcd-backup.db.gz kubectl cp {{ .Phases.takeSnapshot.Output.etcdNS }}/{{ .Phases.takeSnapshot.Output.etcdPod }}:/tmp/etcd-backup.db /tmp/etcd-backup.db - gzip /tmp/etcd-backup.db - kando location push --profile '{{ toJson .Profile }}' /tmp/etcd-backup.db.gz --path $BACKUP_LOCATION + gzip -c /tmp/etcd-backup.db > /tmp/data + + + outputImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' + outputCommand: + - sh + - -o + - errexit + - -o + - pipefail + - -c + - | + BACKUP_LOCATION=etcd_backups/{{ .Object.metadata.namespace }}/{{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15:04:05Z07:00" }}/etcd-backup.db.gz + + cat /tmp/data | kando location push --profile '{{ toJson .Profile }}' --path $BACKUP_LOCATION - kando output backupLocation $BACKUP_LOCATION - func: KubeTask @@ -74,7 +91,7 @@ actions: name: deleteFromObjectStore args: namespace: "{{ .Namespace.Name }}" - image: "ghcr.io/kanisterio/kanister-tools:0.112.0" + image: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' command: - bash - -o diff --git a/examples/postgresql-ha/hook-blueprint/postgres-ha-hook.yaml b/examples/postgresql-ha/hook-blueprint/postgres-ha-hook.yaml index 3dcf4b9324..a7d8d223a9 100644 --- a/examples/postgresql-ha/hook-blueprint/postgres-ha-hook.yaml +++ b/examples/postgresql-ha/hook-blueprint/postgres-ha-hook.yaml @@ -26,7 +26,7 @@ actions: namespace: '{{ .StatefulSet.Namespace }}' args: namespace: '{{ .StatefulSet.Namespace }}' - image: ghcr.io/kanisterio/postgres-kanister-tools:0.112.0 + image: '{{if index .Options "psqlImage" }} {{- .Options.psqlImage -}} {{else -}} bitnami/postgresql-repmgr {{- end}}' command: - bash - -o @@ -41,7 +41,7 @@ actions: postgresMaster=$(psql -U postgres -h $PGHOST -d repmgr -t -c "select node_name from repmgr.nodes where type='primary'") postgresStandby=$(psql -U postgres -h $PGHOST -d repmgr -t -c "select node_name from repmgr.nodes where type='standby'") primaryHost=''${postgresMaster}'.{{ .StatefulSet.Name }}-headless.{{ .StatefulSet.Namespace }}.svc.cluster.local' - secondaryHost=''${postgresStandby}'.{{ .StatefulSet.Name }}-headless.{{ .StatefulSet.Namespace }}.svc.cluster.local' + secondaryHost=''${postgresStandby}'.{{ .StatefulSet.Name }}-headless.{{ .StatefulSet.Namespace }}.svc.cluster.local' export conn_info_primary='user=repmgr password='${PGREPL}' host='${primaryHost}' dbname=repmgr port=5432 connect_timeout=5' export conn_info_standby='user=repmgr password='${PGREPL}' host='${secondaryHost}' dbname=repmgr port=5432 connect_timeout=5' psql -U postgres -h $PGHOST -d repmgr -c "update repmgr.nodes set conninfo='${conn_info_primary}' where type='primary'" From 08a2dd2aaac18684b3d2f5e92bf46a21b19f38c4 Mon Sep 17 00:00:00 2001 From: Daniil Fedotov Date: Fri, 13 Dec 2024 15:42:14 -0500 Subject: [PATCH 2/3] Use 666 instead of 777 for access to pipefile --- .../elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml | 4 ++-- .../etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml index bc8543d590..910547d313 100644 --- a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml +++ b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml @@ -24,7 +24,7 @@ actions: sharedVolumeMedium: Memory initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' - initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 666 /tmp/data"] backgroundImage: elasticdump/elasticsearch-dump:latest backgroundCommand: @@ -70,7 +70,7 @@ actions: namespace: "{{ .StatefulSet.Namespace }}" initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' - initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 666 /tmp/data"] backgroundImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' backgroundCommand: diff --git a/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml b/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml index 4a9c697f8a..fa95581192 100644 --- a/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml +++ b/examples/etcd/etcd-in-cluster/k8s/etcd-incluster-blueprint.yaml @@ -40,7 +40,7 @@ actions: sharedVolumeMedium: Memory initImage: '{{if index .Options "kanisterImage" }} {{- .Options.kanisterImage -}} {{else -}} ghcr.io/kanisterio/kanister-tools:0.112.0 {{- end}}' - initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 777 /tmp/data"] + initCommand: ["bash", "-o", "errexit", "-o", "pipefail", "-c", "mkfifo /tmp/data; chmod 666 /tmp/data"] backgroundImage: ghcr.io/kanisterio/kanister-kubectl-1.18:0.112.0 backgroundCommand: From 4f041918e3e55fe7bd740ac44b5da6bf02c26b28 Mon Sep 17 00:00:00 2001 From: Daniil Fedotov Date: Thu, 19 Dec 2024 14:13:41 -0500 Subject: [PATCH 3/3] Fix variables --- .../elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml index 910547d313..758608496f 100644 --- a/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml +++ b/examples/elasticsearch/blueprint-v2/elasticsearch-blueprint.yaml @@ -36,7 +36,6 @@ actions: - -c - | host_name="{{ .Object.spec.serviceName }}.{{ .StatefulSet.Namespace }}.svc.cluster.local" - backup_file_path='backup.gz' master_username="{{ index .Phases.backupToStore.Secrets.esMasterCredSecret.Data "username" | toString }}" master_password="{{ index .Phases.backupToStore.Secrets.esMasterCredSecret.Data "password" | toString }}" NODE_TLS_REJECT_UNAUTHORIZED=0 elasticdump --bulk=true --input=https://${master_username}:${master_password}@${host_name}:9200 --output=$ > /tmp/data @@ -50,9 +49,9 @@ actions: - pipefail - -c - | + backup_file_path='backup.gz' cat /tmp/data | gzip -c | kando location push --profile '{{ toJson .Profile }}' --path "${backup_file_path}" --output-name "kopiaOutput" - - restore: inputArtifactNames: # The kopia snapshot info created in backup phase can be used here