Merge pull request #98 from vshn/add/restore

Add PostgreSQL Restore Ability
vshn · Feb 22, 2023 · bdea55d · bdea55d
2 parents 431949e + 76af4dd
commit bdea55d
Show file tree

Hide file tree

Showing 20 changed files with 1,781 additions and 473 deletions.
diff --git a/apis/vshn/v1/dbaas_vshn_postgresql.go b/apis/vshn/v1/dbaas_vshn_postgresql.go
@@ -52,6 +52,9 @@ type VSHNPostgreSQLParameters struct {
 
 	// Backup contains settings to control the backups of an instance.
 	Backup VSHNPostgreSQLBackup `json:"backup,omitempty"`
+
+	// Restore contains settings to control the restore of an instance.
+	Restore VSHNPostgreSQLRestore `json:"restore,omitempty"`
 }
 
 // VSHNPostgreSQLServiceSpec contains PostgreSQL DBaaS specific properties
@@ -129,8 +132,26 @@ type VSHNPostgreSQLBackup struct {
 	Retention int `json:"retention,omitempty"`
 }
 
+// VSHNPostgreSQLRestore contains restore specific parameters.
+type VSHNPostgreSQLRestore struct {
+
+	// ClaimName specifies the name of the instance you want to restore from.
+	// The claim has to be in the same namespace as this new instance.
+	ClaimName string `json:"claimName,omitempty"`
+
+	// BackupName is the name of the specific backup you want to restore.
+	BackupName string `json:"backupName,omitempty"`
+
+	// RecoveryTimeStamp an ISO 8601 date, that holds UTC date indicating at which point-in-time the database has to be restored.
+	// This is optional and if no PIT recovery is required, it can be left empty.
+	// +kubebuilder:validation:Pattern=`^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)$`
+	RecoveryTimeStamp string `json:"recoveryTimeStamp,omitempty"`
+}
+
 // VSHNPostgreSQLStatus reflects the observed state of a VSHNPostgreSQL.
 type VSHNPostgreSQLStatus struct {
+	// InstanceNamespace contains the name of the namespace where the instance resides
+	InstanceNamespace string `json:"instanceNamespace,omitempty"`
 	// PostgreSQLConditions contains the status conditions of the backing object.
 	PostgreSQLConditions []v1.Condition `json:"postgresqlConditions,omitempty"`
 	NamespaceDebug       []v1.Condition `json:"namespaceDebug,omitempty"`

diff --git a/class/defaults.yml b/class/defaults.yml
@@ -96,6 +96,8 @@ parameters:
           enabled: true
           enableNetworkPolicy: true
           secretNamespace: ${appcat:services:vshn:secretNamespace}
+          # Used for deploying jobs during restores
+          controlNamespace: 'syn-appcat-control'
         redis:
           enabled: true
           enableNetworkPolicy: true

diff --git a/component/appcat_apiserver.jsonnet b/component/appcat_apiserver.jsonnet
@@ -18,16 +18,16 @@ local namespace = loadManifest('namespace.yaml') {
 local clusterRoleUsers = kube.ClusterRole('system:' + inv.parameters.facts.distribution + ':aggregate-appcat-to-basic-user') {
   metadata+: {
     labels+: {
-      "authorization.openshift.io/aggregate-to-basic-user": "true"
+      'authorization.openshift.io/aggregate-to-basic-user': 'true',
     },
   },
   rules+: [
     {
-      apiGroups: ["api.appcat.vshn.io"],
-      resources: ["appcats"],
-      verbs: ["get", "list", "watch"],
-    }
-  ]
+      apiGroups: [ 'api.appcat.vshn.io' ],
+      resources: [ 'appcats' ],
+      verbs: [ 'get', 'list', 'watch' ],
+    },
+  ],
 };
 
 local serviceAccount = loadManifest('service-account.yaml') {
@@ -138,11 +138,11 @@ local apiService = loadManifest('apiservice.yaml') {
       then
         {
           caBundle: std.base64(params.apiserver.tls.serverCert),
-          insecureSkipTLSVerify:: null
+          insecureSkipTLSVerify:: null,
         }
       else
         {}
-    )
+    ),
 };
 
 

diff --git a/component/common.libsonnet b/component/common.libsonnet
@@ -42,7 +42,7 @@ local vshnMetaDBaaSExoscale(dbname) = {
   },
 };
 
-local vshnMetaVshn(dbname, flavor) = {
+local vshnMetaVshn(dbname, flavor, offered) = {
   metadata+: {
     annotations+: {
       'metadata.appcat.vshn.io/displayname': 'VSHN Managed ' + dbname,
@@ -53,7 +53,7 @@ local vshnMetaVshn(dbname, flavor) = {
       'metadata.appcat.vshn.io/product-description': 'https://products.docs.vshn.ch/products/appcat/' + std.asciiLower(dbname) + '.html',
     },
     labels+: {
-      'metadata.appcat.vshn.io/offered': 'true',
+      'metadata.appcat.vshn.io/offered': offered,
       'metadata.appcat.vshn.io/serviceID': 'vshn-' + std.asciiLower(dbname),
     },
   },
@@ -92,8 +92,8 @@ local mergeArgs(args, additional) =
     vshnMetaDBaaSExoscale(dbname),
   VshnMetaObjectStorage(provider):
     vshnMetaObjectStorage(provider),
-  VshnMetaVshn(dbname, flavor):
-    vshnMetaVshn(dbname, flavor),
   MergeArgs(args, additional):
     mergeArgs(args, additional),
+  VshnMetaVshn(dbname, flavor, offered='true'):
+    vshnMetaVshn(dbname, flavor, offered),
 }
diff --git a/component/provider.jsonnet b/component/provider.jsonnet
@@ -130,12 +130,12 @@ local controllerConfigRef(config) =
         },
         {
           apiGroups: [ '' ],
-          resources: [ 'namespaces' ],
+          resources: [ 'namespaces', 'serviceaccounts', 'secrets' ],
           verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ],
         },
         {
           apiGroups: [ 'stackgres.io' ],
-          resources: [ 'sginstanceprofiles', 'sgclusters', 'sgpgconfigs', 'sgobjectstorages' ],
+          resources: [ 'sginstanceprofiles', 'sgclusters', 'sgpgconfigs', 'sgobjectstorages', 'sgbackups' ],
           verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
         },
         {
@@ -153,6 +153,21 @@ local controllerConfigRef(config) =
           resources: [ 'issuers', 'certificates' ],
           verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
         },
+        {
+          apiGroups: [ 'batch' ],
+          resources: [ 'jobs' ],
+          verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+        },
+        {
+          apiGroups: [ 'rbac.authorization.k8s.io' ],
+          resources: [ 'clusterrolebindings' ],
+          verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+        },
+        {
+          apiGroups: [ 'vshn.appcat.vshn.io' ],
+          resources: [ 'vshnpostgresqls' ],
+          verbs: [ 'get' ],
+        },
       ],
     };
     local rolebinding = kube.ClusterRoleBinding('crossplane:provider:provider-kubernetes:system:custom') {

diff --git a/component/scripts/copy-pg-backup.sh b/component/scripts/copy-pg-backup.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+xrdname=$(kubectl -n "${CLAIM_NAMESPACE}" get vshnpostgresqls "${CLAIM_NAME}" -ojson | jq -r '.spec.resourceRef.name')
+
+source_namespace=$(kubectl -n "${CLAIM_NAMESPACE}" get vshnpostgresqls "${CLAIM_NAME}" -ojson | jq -r '.status.instanceNamespace')
+
+echo "copy secret"
+kubectl -n "${source_namespace}" get secret "pgbucket-${xrdname}" -ojson | jq 'del(.metadata.namespace) | del(.metadata.ownerReferences)' | kubectl -n "${TARGET_NAMESPACE}" apply -f -
+echo "copy sgObjectStorage"
+kubectl -n "${source_namespace}" get sgobjectstorages.stackgres.io "sgbackup-${xrdname}" -ojson | jq 'del(.metadata.namespace) | del(.metadata.ownerReferences)' | kubectl -n "$TARGET_NAMESPACE" apply -f -
+echo "copy sgBackup"
+kubectl -n "${source_namespace}" get sgbackups.stackgres.io "${BACKUP_NAME}" -ojson | jq '.spec.sgCluster = .metadata.namespace + "." + .spec.sgCluster | del(.metadata.namespace) | del(.metadata.ownerReferences)' | kubectl -n "${TARGET_NAMESPACE}" apply -f -