Allow pgbackrest in instance pod to log to an additional volumes.

Add maxlength to log path and optional tag to volumes.

Author: dsessler7

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -1435,6 +1435,7 @@ spec:
                               running in Backup Job Pods.
                             properties:
                               path:
+                                maxLength: 4096
                                 type: string
                             type: object
                           priorityClassName:
@@ -1609,6 +1610,7 @@ spec:
                           running in postgres instance pods.
                         properties:
                           path:
+                            maxLength: 4096
                             type: string
                         type: object
                       manual:
@@ -2584,6 +2586,7 @@ spec:
                               running in the repo host pod.
                             properties:
                               path:
+                                maxLength: 4096
                                 type: string
                             type: object
                           priorityClassName:
@@ -4610,6 +4613,8 @@ spec:
                     - repos
                     type: object
                     x-kubernetes-validations:
+                    - message: log path is restricted to an existing additional volume
+                      rule: '!has(self.log) || !has(self.log.path) || self.log.path.startsWith("/volumes/")'
                     - message: log path is restricted to an existing additional volume
                       rule: '!has(self.repoHost) || !has(self.repoHost.log) || !has(self.repoHost.log.path)
                         || self.repoHost.volumes.additional.exists(x, self.repoHost.log.path.startsWith("/volumes/"+x.name))'
@@ -11309,6 +11314,7 @@ spec:
                         type: object
                       type: array
                     volumes:
+                      description: Volumes to be added to the instance set.
                       properties:
                         additional:
                           description: Additional pre-existing volumes to add to the
@@ -20396,6 +20402,7 @@ spec:
                               running in Backup Job Pods.
                             properties:
                               path:
+                                maxLength: 4096
                                 type: string
                             type: object
                           priorityClassName:
@@ -20570,6 +20577,7 @@ spec:
                           running in postgres instance pods.
                         properties:
                           path:
+                            maxLength: 4096
                             type: string
                         type: object
                       manual:
@@ -21545,6 +21553,7 @@ spec:
                               running in the repo host pod.
                             properties:
                               path:
+                                maxLength: 4096
                                 type: string
                             type: object
                           priorityClassName:
@@ -30263,6 +30272,7 @@ spec:
                         type: object
                       type: array
                     volumes:
+                      description: Volumes to be added to the instance set.
                       properties:
                         additional:
                           description: Additional pre-existing volumes to add to the

internal/collector/postgres.go

@@ -16,6 +16,7 @@ import (
 
 	"github.com/crunchydata/postgres-operator/internal/naming"
 	"github.com/crunchydata/postgres-operator/internal/postgres"
+	"github.com/crunchydata/postgres-operator/internal/util"
 	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
@@ -247,8 +248,9 @@ func EnablePostgresLogging(
 		}
 
 		// pgBackRest pipeline
+		pgbackrestLogPath := util.GetPGBackRestLogPathForInstance(inCluster)
 		outConfig.Extensions["file_storage/pgbackrest_logs"] = map[string]any{
-			"directory":        naming.PGBackRestPGDataLogPath + "/receiver",
+			"directory":        pgbackrestLogPath + "/receiver",
 			"create_directory": false,
 			"fsync":            true,
 		}
@@ -261,8 +263,8 @@ func EnablePostgresLogging(
 			// a log record or two to the old file while rotation is occurring.
 			// The collector knows not to create duplicate logs.
 			"include": []string{
-				naming.PGBackRestPGDataLogPath + "/*.log",
-				naming.PGBackRestPGDataLogPath + "/*.log.1",
+				pgbackrestLogPath + "/*.log",
+				pgbackrestLogPath + "/*.log.1",
 			},
 			"storage": "file_storage/pgbackrest_logs",
 

internal/controller/postgrescluster/instance.go

@@ -1184,7 +1184,7 @@ func (r *Reconciler) reconcileInstance(
 		includeLogrotate := backupsSpecFound && pgbackrest.RepoHostVolumeDefined(cluster)
 		collector.AddToPod(ctx, cluster.Spec.Instrumentation, cluster.Spec.ImagePullPolicy, instanceConfigMap, &instance.Spec.Template,
 			[]corev1.VolumeMount{postgres.DataVolumeMount()}, pgPassword,
-			[]string{naming.PGBackRestPGDataLogPath}, includeLogrotate, true)
+			[]string{util.GetPGBackRestLogPathForInstance(cluster)}, includeLogrotate, true)
 	}
 
 	// Add postgres-exporter to the instance Pod spec
@@ -1412,7 +1412,7 @@ func (r *Reconciler) reconcileInstanceConfigMap(
 			collector.AddLogrotateConfigs(ctx, cluster.Spec.Instrumentation,
 				instanceConfigMap,
 				[]collector.LogrotateConfig{{
-					LogFiles: []string{naming.PGBackRestPGDataLogPath + "/*.log"},
+					LogFiles: []string{util.GetPGBackRestLogPathForInstance(cluster) + "/*.log"},
 				}})
 		}
 	}

internal/pgbackrest/config.go

@@ -21,6 +21,7 @@ import (
 	"github.com/crunchydata/postgres-operator/internal/naming"
 	"github.com/crunchydata/postgres-operator/internal/postgres"
 	"github.com/crunchydata/postgres-operator/internal/shell"
+	"github.com/crunchydata/postgres-operator/internal/util"
 	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
@@ -70,8 +71,8 @@ const (
 
 // CreatePGBackRestConfigMapIntent creates a configmap struct with pgBackRest pgbackrest.conf settings in the data field.
 // The keys within the data field correspond to the use of that configuration.
-// pgbackrest_job.conf is used by certain jobs, such as stanza create and backup
-// pgbackrest_primary.conf is used by the primary database pod
+// pgbackrest-server.conf is used by the pgBackRest TLS server
+// pgbackrest_instance.conf is used by the primary database pod
 // pgbackrest_repo.conf is used by the pgBackRest repository pod
 // pgbackrest_cloud.conf is used by cloud repo backup jobs
 func CreatePGBackRestConfigMapIntent(ctx context.Context, postgresCluster *v1beta1.PostgresCluster,
@@ -111,6 +112,7 @@ func CreatePGBackRestConfigMapIntent(ctx context.Context, postgresCluster *v1bet
 			strconv.Itoa(postgresCluster.Spec.PostgresVersion),
 			pgPort, postgresCluster.Spec.Backups.PGBackRest.Repos,
 			postgresCluster.Spec.Backups.PGBackRest.Global,
+			util.GetPGBackRestLogPathForInstance(postgresCluster),
 		).String()
 
 	// As the cluster transitions from having a repository host to having none,
@@ -370,7 +372,7 @@ func populatePGInstanceConfigurationMap(
 	serviceName, serviceNamespace, repoHostName, pgdataDir,
 	fetchKeyCommand, postgresVersion string,
 	pgPort int32, repos []v1beta1.PGBackRestRepo,
-	globalConfig map[string]string,
+	globalConfig map[string]string, pgbackrestLogPath string,
 ) iniSectionSet {
 
 	// TODO(cbandy): pass a FQDN in already.
@@ -386,7 +388,7 @@ func populatePGInstanceConfigurationMap(
 	// pgBackRest spool-path should always be co-located with the Postgres WAL path.
 	global.Set("spool-path", "/pgdata/pgbackrest-spool")
 	// pgBackRest will log to the pgData volume for commands run on the PostgreSQL instance
-	global.Set("log-path", naming.PGBackRestPGDataLogPath)
+	global.Set("log-path", pgbackrestLogPath)
 
 	for _, repo := range repos {
 		global.Set(repo.Name+"-path", defaultRepo1Path+repo.Name)

internal/postgres/config.go

@@ -18,6 +18,7 @@ import (
 	"github.com/crunchydata/postgres-operator/internal/feature"
 	"github.com/crunchydata/postgres-operator/internal/naming"
 	"github.com/crunchydata/postgres-operator/internal/shell"
+	"github.com/crunchydata/postgres-operator/internal/util"
 	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
@@ -406,8 +407,8 @@ func startupCommand(
 		`(`+shell.MakeDirectories(dataMountPath, naming.PatroniPGDataLogPath)+`) ||`,
 		`halt "$(permissions `+shell.QuoteWord(naming.PatroniPGDataLogPath)+` ||:)"`,
 
-		`(`+shell.MakeDirectories(dataMountPath, naming.PGBackRestPGDataLogPath)+`) ||`,
-		`halt "$(permissions `+shell.QuoteWord(naming.PGBackRestPGDataLogPath)+` ||:)"`,
+		`(`+shell.MakeDirectories(dataMountPath, util.GetPGBackRestLogPathForInstance(cluster))+`) ||`,
+		`halt "$(permissions `+shell.QuoteWord(util.GetPGBackRestLogPathForInstance(cluster))+` ||:)"`,
 	)
 
 	pg_rewind_override := ""

internal/util/pgbackrest.go

@@ -0,0 +1,26 @@
+// Copyright 2017 - 2025 Crunchy Data Solutions, Inc.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package util
+
+import (
+	"path/filepath"
+
+	"github.com/crunchydata/postgres-operator/internal/naming"
+	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
+)
+
+// GetInstanceLogPath is responsible for determining the appropriate log path for pgbackrest
+// in instance pods. If the user has set a log path via the spec, use that. Otherwise, use
+// the default log path set in the naming package. Ensure trailing slashes are trimmed.
+//
+// This function assumes that the backups/pgbackrest spec is present in postgresCluster.
+func GetPGBackRestLogPathForInstance(postgresCluster *v1beta1.PostgresCluster) string {
+	logPath := naming.PGBackRestPGDataLogPath
+	if postgresCluster.Spec.Backups.PGBackRest.Log != nil &&
+		postgresCluster.Spec.Backups.PGBackRest.Log.Path != "" {
+		logPath = postgresCluster.Spec.Backups.PGBackRest.Log.Path
+	}
+	return filepath.Clean(logPath)
+}

internal/util/pgbackrest_test.go

@@ -0,0 +1,42 @@
+// Copyright 2021 - 2025 Crunchy Data Solutions, Inc.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package util
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+
+	"github.com/crunchydata/postgres-operator/internal/naming"
+	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
+)
+
+func TestGetPGBackRestLogPathForInstance(t *testing.T) {
+	t.Run("NoSpecPath", func(t *testing.T) {
+		postgrescluster := &v1beta1.PostgresCluster{
+			Spec: v1beta1.PostgresClusterSpec{
+				Backups: v1beta1.Backups{
+					PGBackRest: v1beta1.PGBackRestArchive{},
+				},
+			},
+		}
+		assert.Equal(t, GetPGBackRestLogPathForInstance(postgrescluster), naming.PGBackRestPGDataLogPath)
+	})
+
+	t.Run("SpecPathSet", func(t *testing.T) {
+		postgrescluster := &v1beta1.PostgresCluster{
+			Spec: v1beta1.PostgresClusterSpec{
+				Backups: v1beta1.Backups{
+					PGBackRest: v1beta1.PGBackRestArchive{
+						Log: &v1beta1.LoggingConfiguration{
+							Path: "/volumes/test/log",
+						},
+					},
+				},
+			},
+		}
+		assert.Equal(t, GetPGBackRestLogPathForInstance(postgrescluster), "/volumes/test/log")
+	})
+}

pkg/apis/postgres-operator.crunchydata.com/v1/pgbackrest_types.go

@@ -9,6 +9,7 @@ import (
 )
 
 // PGBackRestArchive defines a pgBackRest archive configuration
+// +kubebuilder:validation:XValidation:rule=`!has(self.log) || !has(self.log.path) || self.log.path.startsWith("/volumes/")`,message=`log path is restricted to an existing additional volume`
 // +kubebuilder:validation:XValidation:rule=`!has(self.repoHost) || !has(self.repoHost.log) || !has(self.repoHost.log.path) || self.repoHost.volumes.additional.exists(x, self.repoHost.log.path.startsWith("/volumes/"+x.name))`,message=`log path is restricted to an existing additional volume`
 // +kubebuilder:validation:XValidation:rule=`!has(self.jobs) || !has(self.jobs.log) || !has(self.jobs.log.path) || self.jobs.volumes.additional.exists(x, self.jobs.log.path.startsWith("/volumes/"+x.name))`,message=`log path is restricted to an existing additional volume`
 type PGBackRestArchive struct {

pkg/apis/postgres-operator.crunchydata.com/v1/postgrescluster_types.go

@@ -530,6 +530,8 @@ type PostgresInstanceSetSpec struct {
 	// +optional
 	TablespaceVolumes []TablespaceVolume `json:"tablespaceVolumes,omitempty"`
 
+	// Volumes to be added to the instance set.
+	// +optional
 	Volumes *v1beta1.PostgresVolumesSpec `json:"volumes,omitempty"`
 }
 

pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgrescluster_types.go

@@ -59,6 +59,7 @@ type PostgresClusterSpec struct {
 	// namespace as the cluster.
 	// +optional
 	DatabaseInitSQL *DatabaseInitSQL `json:"databaseInitSQL,omitempty"`
+
 	// Whether or not the PostgreSQL cluster should use the defined default
 	// scheduling constraints. If the field is unset or false, the default
 	// scheduling constraints will be used in addition to any custom constraints
@@ -526,6 +527,8 @@ type PostgresInstanceSetSpec struct {
 	// +optional
 	TablespaceVolumes []TablespaceVolume `json:"tablespaceVolumes,omitempty"`
 
+	// Volumes to be added to the instance set.
+	// +optional
 	Volumes *PostgresVolumesSpec `json:"volumes,omitempty"`
 }