From a612d8fb9c542bd661c7c60784e983aea1e0d6ca Mon Sep 17 00:00:00 2001 From: Prasad Ghangal Date: Wed, 28 Aug 2019 14:37:54 +0530 Subject: [PATCH] Example for PostgreSQL integration with Kanister Signed-off-by: Prasad Ghangal --- examples/stable/postgresql/README.md | 656 ++++++++++++++++++ .../stable/postgresql/ci/lint-values.yaml | 7 + .../kanister/postgresql-blueprint.yaml | 336 +++++++++ 3 files changed, 999 insertions(+) create mode 100755 examples/stable/postgresql/README.md create mode 100644 examples/stable/postgresql/ci/lint-values.yaml create mode 100644 examples/stable/postgresql/kanister/postgresql-blueprint.yaml diff --git a/examples/stable/postgresql/README.md b/examples/stable/postgresql/README.md new file mode 100755 index 00000000000..324136b57f5 --- /dev/null +++ b/examples/stable/postgresql/README.md @@ -0,0 +1,656 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.10+ +- PV provisioner support in the underlying infrastructure +- Kanister version 0.20.0 installed +- Kanctl CLI installed (https://docs.kanister.io/tooling.html#kanctl) + +## Installing the Chart +To install the chart with the release name `my-release`: + +```bash +$ helm repo add stable https://kubernetes-charts.storage.googleapis.com/ +$ helm repo update + +$ helm install stable/postgresql --name my-release \ + --namespace postgres-test \ + --set image.repository=kanisterio/postgresql \ + --set image.tag=0.20.0 \ + --set postgresqlPassword=postgres-12345 +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +In case, if you don't have `Kanister` installed already, you can use following commands to do that. +Add Kanister Helm repository and install Kanister operator +```bash +$ helm repo add kanister https://charts.kanister.io +$ helm install --name kanister --namespace kasten-io kanister/kanister-operator --set image.tag=0.20.0 +``` + +## Integrating with Kanister + +If you have deployed postgresql application with other name than `my-release` and namespace other than `postgres-test`, you need to modify the commands used below to use the correct name and namespace + +### Create Profile + +Create Profile CR if not created already + +```bash +$ kanctl create profile s3compliant --access-key 'AKIAIOSFODNN7EXAMPLE' \ + --secret-key 'wJalrXUtnFEMI%K7MDENG%bPxRfiCYEXAMPLEKEY' \ + --bucket --region ap-south-1 \ + --namespace postgres-test +``` + +**NOTE:** + +The command will configure a location where artifacts resulting from Kanister +data operations such as backup should go. This is stored as a `profiles.cr.kanister.io` +*CustomResource (CR)* which is then referenced in Kanister ActionSets. Every ActionSet +requires a Profile reference whether one created as part of the application install or +not. Support for creating an ActionSet as part of install is simply for convenience. +This CR can be shared between Kanister-enabled application instances so one option is to +only create as part of the first instance. + +### Create Blueprint +Create Blueprint in the same namespace as the controller + +```bash +$ kubectl create -f kanister/postgresql-blueprint.yaml -n kasten-io +``` + +Once Postgres is running, you can populate it with some data. Let's add a table called "company" to a "test" database: +``` +## Log in into postgresql container and get shell access +$ kubectl exec -ti my-release-postgresql-0 -n postgres-test -- bash + +## use psql cli to add entries in postgresql database +$ PGPASSWORD=${POSTGRES_PASSWORD} psql +psql (11.5) +Type "help" for help. + +## Create DATABASE +postgres=# CREATE DATABASE test; +CREATE DATABASE +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+-------------+-------------+----------------------- + postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | + template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + test | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | +(4 rows) + +## Create table COMPANY in test database +postgres=# \c test +You are now connected to database "test" as user "postgres". +test=# CREATE TABLE COMPANY( +test(# ID INT PRIMARY KEY NOT NULL, +test(# NAME TEXT NOT NULL, +test(# AGE INT NOT NULL, +test(# ADDRESS CHAR(50), +test(# SALARY REAL +test(# ); +CREATE TABLE + +## Insert data into the table +test=# INSERT INTO COMPANY (ID,NAME,AGE,ADDRESS,SALARY) VALUES (1, 'Paul', 32, 'California', 20000.00); +INSERT 0 1 +test=# select * from company; + id | name | age | address | salary +----+------+-----+----------------------------------------------------+-------- + 1 | Paul | 32 | California | 20000 +(1 row) +``` + +### Protect the Application + +You can now take a backup of the PostgreSQL data using an ActionSet defining backup for this application. Create an ActionSet in the same namespace as the controller. + +```bash +# Find profile name +$ kubectl get profile -n postgres-test +NAME AGE +s3-profile-zvrg9 109m + +# Create Actionset +$ kanctl create actionset --action backup --namespace kasten-io --blueprint postgresql-blueprint --statefulset postgres-test/my-release-postgresql --profile postgres-test/s3-profile-zvrg9 --secrets postgresql=postgres-test/my-release-postgresql +actionset backup-md6gb created + +# View the status of the actionset +$ kubectl --namespace kasten-io describe actionset backup-md6gb +``` + +### Disaster strikes! + +Let's say someone accidentally deleted the test database using the following command: + +```bash +## Log in into postgresql container and get shell access +$ kubectl exec -ti my-release-postgresql-0 -n postgres-test -- bash + +## use psql cli to add entries in postgresql database +$ PGPASSWORD=${POSTGRES_PASSWORD} psql +psql (11.5) +Type "help" for help. + +## Drop database +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+-------------+-------------+----------------------- + postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | + template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + test | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | +(4 rows) + +postgres=# DROP DATABASE test; +DROP DATABASE +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+-------------+-------------+----------------------- + postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | + template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres +(3 rows) +``` + +### Restore the Application +To restore the missing data, you should use the backup that you created before. An easy way to do this is to leverage `kanctl`, a command-line tool that helps create ActionSets that depend on other ActionSets: + +```bash +$ kanctl --namespace kasten-io create actionset --action restore --from backup-md6gb +actionset restore-backup-md6gb-d7g7w created + +## Check status +$ kubectl --namespace kasten-io describe actionset restore-backup-md6gb-d7g7w +``` +Once the ActionSet status is set to "complete", you can see that the data has been successfully restored to PostgreSQL + +```bash +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+-------------+-------------+----------------------- + postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | + template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + + | | | | | postgres=CTc/postgres + test | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | +(4 rows) + +postgres=# \c test; +You are now connected to database "test" as user "postgres". +test=# select * from company; + id | name | age | address | salary +----+------+-----+----------------------------------------------------+-------- + 1 | Paul | 32 | California | 20000 +(1 row) + + +``` + +## Cleanup + +### Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. +To completely remove the release include the `--purge` flag. + +### Delete CRs +Remove Blueprint and Profile CR + +```bash +$ kubectl delete blueprints.cr.kanister.io postgresql-blueprint -n kasten-io + +$ kubectl get profiles.cr.kanister.io -n postgres-test +NAME AGE +s3-profile-zvrg9 125m +$ kubectl delete profiles.cr.kanister.io s3-profile-zvrg9 -n postgres-test +``` + +## Configuration + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | Name of existing secret to use for PostgreSQL passwords (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolume` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolume` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAcccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `{}` | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install --name my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + stable/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml stable/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### Production configuration + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. + +```console +$ helm install --name my-release -f ./values-production.yaml stable/postgresql +``` + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, first download the [values-production.yaml](values-production.yaml) file to your local folder, then: + +```console +$ helm install --name my-release -f ./values-production.yaml stable/postgresql +$ kubectl scale statefulset my-postgresql-slave --replicas=3 +``` + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +## Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Configuration](#configuration) section to configure the PVC or to disable persistence. + +## Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +helm install --name postgres \ + --set image.repository=postgres \ + --set image.tag=10.6 \ + --set postgresqlDataDir=/data/pgdata \ + --set persistence.mountPath=/data/ \ + stable/postgresql +``` + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. + +## Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be: + +``` +helm install chart1 --set postgresql.postgresqlPassword=testtest --set subchart1.postgresql.postgresqlPassword=testtest --set subchart2.postgresql.postgresqlPassword=testtest --set postgresql.postgresqlDatabase=db1 --set subchart1.postgresql.postgresqlDatabase=db1 --set subchart1.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, executing `helm install` can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +helm install chart1 --set global.postgresql.postgresqlPassword=testtest --set global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Upgrade + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```bash +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + + ```console +$ kubectl get svc + ``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install --name my-release stable/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` + diff --git a/examples/stable/postgresql/ci/lint-values.yaml b/examples/stable/postgresql/ci/lint-values.yaml new file mode 100644 index 00000000000..4a3f57108ea --- /dev/null +++ b/examples/stable/postgresql/ci/lint-values.yaml @@ -0,0 +1,7 @@ +profile: + create: true + defaultProfile: true + s3: + accessKey: SomeBogusTestKey= + secretKey: SomeTestSecrest== + bucket: linttestname diff --git a/examples/stable/postgresql/kanister/postgresql-blueprint.yaml b/examples/stable/postgresql/kanister/postgresql-blueprint.yaml new file mode 100644 index 00000000000..0a647369fef --- /dev/null +++ b/examples/stable/postgresql/kanister/postgresql-blueprint.yaml @@ -0,0 +1,336 @@ +apiVersion: cr.kanister.io/v1alpha1 +kind: Blueprint +metadata: + name: postgresql-blueprint +actions: + backup: + type: StatefulSet + outputArtifacts: + manifest: + keyValue: + prefix: 'postgres-backups/{{ .StatefulSet.Name }}' + path: 'postgres-backups/{{ .StatefulSet.Name }}/{{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15-04-05" }}/manifest.txt' + secretNames: + - postgresql + phases: + - func: KubeExec + name: baseBackup + args: + namespace: "{{ .StatefulSet.Namespace }}" + pod: "{{ index .StatefulSet.Pods 0 }}" + container: "{{ .StatefulSet.Name }}" + command: + - bash + - -o + - errexit + - -o + - pipefail + - -o + - nounset + - -o + - xtrace + - -c + - | + env_dir="${PGDATA}/env" + mkdir -p "${env_dir}" + env_wal_prefix="${env_dir}/WALE_S3_PREFIX" + + # We check for an existing timeline. If one does not exist, we create it based on the current time. + if [[ ! -e "${env_wal_prefix}" ]] + then + # Setup wal-e s3 connection parameters. + timeline={{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15-04-05" }} + wale_s3_prefix="s3://{{ .Profile.Location.Bucket }}/postgres-backups/{{ .StatefulSet.Name }}/${timeline}" + echo "${wale_s3_prefix}" > "${env_wal_prefix}" + fi + + # Setup the other S3 parameters for wal-e + env_wal_endpoint="${env_dir}/WALE_S3_ENDPOINT" + env_wal_region="${env_dir}/AWS_REGION" + env_wal_access_key_id="${env_dir}/AWS_ACCESS_KEY_ID" + env_wal_secret_access_key="${env_dir}/AWS_SECRET_ACCESS_KEY" + + {{- if .Profile.Location.Endpoint }} + wale_s3_endpoint="{{ .Profile.Location.Endpoint | quote }}" + wale_s3_endpoint=${wale_s3_endpoint,,} + {{- if .Profile.SkipSSLVerify }} + # Since wal-e does not support skip-ssl-verify switch to http:// + wale_s3_endpoint="${wale_s3_endpoint/https/http}" + {{- end }} + + #add the scheme that wal-e requires + wale_s3_endpoint="${wale_s3_endpoint//https\:\/\//https+path://}" + wale_s3_endpoint="${wale_s3_endpoint//http\:\/\//http+path://}" + + echo "${wale_s3_endpoint}" > "${env_wal_endpoint}" + + # Region will be ignored for S3 compatible object store so skipping. + rm -rf ${env_wal_region} + {{- else }} + # Region is required when no endpoint is used (AWS S3). + wale_s3_region="us-east-1" + {{- if .Profile.Location.Region }} + wale_s3_region="{{ .Profile.Location.Region | quote}}" + {{- end }} + echo "${wale_s3_region}" > "${env_wal_region}" + {{- end }} + + set +o xtrace + echo "{{ .Profile.Credential.KeyPair.Secret }}" > "${env_wal_secret_access_key}" + echo "{{ .Profile.Credential.KeyPair.ID }}" > "${env_wal_access_key_id}" + set -o xtrace + + # Copy postgresql.conf to PGDATA + cp /opt/bitnami/postgresql/conf/postgresql.conf ${PGDATA} + cp /opt/bitnami/postgresql/conf/pg_hba.conf ${PGDATA} + cp -r /opt/bitnami/postgresql/conf/conf.d ${PGDATA} + # Create and push a base-backup to the object store. + PGPASSWORD="{{ index .Secrets.postgresql.Data "postgresql-password" | toString }}" envdir "${env_dir}" wal-e backup-push "${PGDATA}" + backup_name=$(envdir "${env_dir}" wal-e backup-list | tail -n +2 | sort -k2 | tail -n 1 | awk '{print $1}') + + # Create a manifest that references the backup we created and the current timeline. + s3_cmd=(aws) + {{- if .Profile.SkipSSLVerify }} + s3_cmd+=("--no-verify-ssl") + {{- end }} + {{- if .Profile.Location.Endpoint }} + s3_cmd+=(--endpoint "{{ .Profile.Location.Endpoint }}") + {{- end }} + {{- if .Profile.Location.Region }} + s3_cmd+=(--region "{{ .Profile.Location.Region | quote}}") + {{- end }} + s3_path="s3://{{ .Profile.Location.Bucket }}/postgres-backups/{{ .StatefulSet.Name }}/{{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15-04-05" }}/manifest.txt" + s3_cmd+=(s3 cp - "${s3_path}") + + set +o xtrace + export AWS_SECRET_ACCESS_KEY="{{ .Profile.Credential.KeyPair.Secret }}" + export AWS_ACCESS_KEY_ID="{{ .Profile.Credential.KeyPair.ID }}" + set -o xtrace + + cat << EOF | ${s3_cmd[@]} + backup_name=${backup_name} + wale_s3_prefix=$(cat "${env_wal_prefix}") + EOF + restore: + type: StatefulSet + inputArtifactNames: + - manifest + phases: + - func: ScaleWorkload + name: shutdownPod + args: + namespace: "{{ .StatefulSet.Namespace }}" + name: "{{ .StatefulSet.Name }}" + kind: statefulset + replicas: 0 + - func: PrepareData + name: performRestore + args: + image: "kanisterio/postgresql:0.20.0" + namespace: "{{ .StatefulSet.Namespace }}" + volumes: + "data-{{ .StatefulSet.Name }}-0": "/pg" + command: + - bash + - -o + - errexit + - -o + - pipefail + - -o + - nounset + - -o + - xtrace + - -c + - | + # The PG PVC maybe mounted under a subpath + pgdata="/pg/data" + + # Prepare the environment variable directory. + # Bring the backup to a separate folder first + recover_dir="${pgdata}/kanister-restore" + env_dir="${recover_dir}/env" + mkdir -p "${env_dir}" + + # Get and parse artifact manifest to discover the timeline and the base-backup name. + s3_cmd=(aws) + {{- if .Profile.SkipSSLVerify }} + s3_cmd+=(" --no-verify-ssl") + {{- end }} + {{- if .Profile.Location.Endpoint }} + s3_cmd+=(--endpoint "{{ .Profile.Location.Endpoint }}") + {{- end }} + {{- if .Profile.Location.Region }} + s3_cmd+=(--region "{{ .Profile.Location.Region | quote}}") + {{- end }} + s3_path="s3://{{ .Profile.Location.Bucket }}/{{ .ArtifactsIn.manifest.KeyValue.path }}" + s3_cmd+=(s3 cp "${s3_path}" -) + + set +o xtrace + export AWS_SECRET_ACCESS_KEY="{{ .Profile.Credential.KeyPair.Secret }}" + export AWS_ACCESS_KEY_ID="{{ .Profile.Credential.KeyPair.ID }}" + set -o xtrace + + backup_name=$(${s3_cmd[@]} | grep 'backup_name' | cut -d'=' -f2) + old_wale_prefix=$(${s3_cmd[@]} | grep 'wale_s3_prefix' | cut -d'=' -f2) + + # Fetch base backup using the old WALE_S3_PREFIX. + # First need to setup wal-e conf as env vars + {{- if .Profile.Location.Endpoint }} + wale_s3_endpoint="{{ .Profile.Location.Endpoint | quote}}" + wale_s3_endpoint=${wale_s3_endpoint,,} + {{- if .Profile.SkipSSLVerify }} + # Since wal-e does not support skip-ssl-verify switch to http:// + wale_s3_endpoint="${wale_s3_endpoint/https/http}" + {{- end }} + + # Add the scheme that wal-e requires + wale_s3_endpoint="${wale_s3_endpoint/https\:\/\//https+path://}" + wale_s3_endpoint="${wale_s3_endpoint/http\:\/\//http+path://}" + + export WALE_S3_ENDPOINT="${wale_s3_endpoint}" + + # Region will be ignored for S3 compatible object store so skipping. + {{- else }} + # Region is required when no endpoint is used (AWS S3). + {{- if .Profile.Location.Region }} + wale_s3_region="{{ .Profile.Location.Region | quote}}" + {{- else }} + wale_s3_region="us-east-1" + {{- end }} + export AWS_REGION="${wale_s3_region}" + {{- end }} + + # Can now get the backup with the old prefix + wal-e --s3-prefix "${old_wale_prefix}" backup-fetch "${recover_dir}" "${backup_name}" + + # Move the files to the data directory + + # TODO: Currently .conf files unchanged. Include in backup in future + ls -d ${pgdata}/kanister-restore/* | sed 's/kanister-restore\///' | xargs -t rm -fr + mv ${pgdata}/kanister-restore/* ${pgdata}/ + rm -fr ${pgdata}/kanister-restore + chown postgres:root -R ${pgdata}/* + + # Create the recovery file that will apply the WAL files. + cat << EOF > "${pgdata}"/recovery.conf + restore_command = 'wal-e --s3-prefix ${old_wale_prefix} wal-fetch "%f" "%p"' + {{- if .Options }} + {{- if .Options.pitr }} + recovery_target_time = '{{ toDate "2006-01-02T15:04:05.000Z07:00" .Options.pitr | date "2006-01-02 15:04:05 MST" }}' + {{- end }} + {{- end }} + EOF + sync + + # Complete the recovery based on recovery.conf. + # The timeout for applying the WALs is currently 10 hours. + # Starting this instance with WAL archival off so that we don't pollute the current timeline + # Once the WALs have been applied, we shutdown the database. + chown postgres:root ${pgdata}/recovery.conf + cat ${pgdata}/recovery.conf + PG_CTL="$(which pg_ctl)" + ${PG_CTL} -D ${pgdata} -w start -t 36000 -o '-c archive_mode=off --config-file=/pg/data/postgresql.conf --hba_file=/pg/data/pg_hba.conf' + + echo "Recovery succeeded!" + # Gracefully shutdown to complete + ${PG_CTL} -D ${pgdata} -w stop -t 300 --mode fast + + # Recovery is now complete and can switch to new WAL timeline + env_wal_prefix="${pgdata}/env/WALE_S3_PREFIX" + timeline={{ toDate "2006-01-02T15:04:05.999999999Z07:00" .Time | date "2006-01-02T15-04-05" }} + wale_s3_prefix="s3://{{ .Profile.Location.Bucket }}/{{ .ArtifactsIn.manifest.KeyValue.prefix }}/${timeline}" + echo "${wale_s3_prefix}" > "${env_wal_prefix}" + - func: ScaleWorkload + name: restartPod + args: + kind: statefulset + name: '{{ .StatefulSet.Name }}' + namespace: '{{ .StatefulSet.Namespace }}' + replicas: 1 + delete: + type: StatefulSet + inputArtifactNames: + - manifest + phases: + - func: KubeTask + name: deleteArtifact + args: + namespace: "{{ .StatefulSet.Namespace }}" + image: "kanisterio/postgresql:0.20.0" + command: + - bash + - -o + - errexit + - -o + - xtrace + - -o + - pipefail + - -c + - | + # Set S3 access keys. + set +o xtrace + export AWS_SECRET_ACCESS_KEY="{{ .Profile.Credential.KeyPair.Secret }}" + export AWS_ACCESS_KEY_ID="{{ .Profile.Credential.KeyPair.ID }}" + set -o xtrace + + # Setup configuration for the S3 client. + s3_path="${S3_BUCKET}{{ .ArtifactsIn.manifest.KeyValue.path }}" + declare -a aws_args + {{- if .Profile.SkipSSLVerify }} + aws_args+=(" --no-verify-ssl") + {{- end }} + {{- if .Profile.Location.Endpoint }} + aws_args+=(--endpoint "{{ .Profile.Location.Endpoint }}") + {{- end }} + {{- if .Profile.Location.Region }} + aws_args+=(--region "{{ .Profile.Location.Region | quote}}") + {{- end }} + s3_path="s3://{{ .Profile.Location.Bucket }}/{{ .ArtifactsIn.manifest.KeyValue.path }}" + + + # Get and parse artifact manifest to discover the timeline and the base-backup name. + manifest_s3_cmd=(aws "${aws_args[@]}" s3 cp "${s3_path}" -) + backup_name=$(${manifest_s3_cmd[@]} | grep 'backup_name' | cut -d'=' -f2) + wale_prefix=$(${manifest_s3_cmd[@]} | grep 'wale_s3_prefix' | cut -d'=' -f2) + + # Use the AWS cli to remove the basebackup. + base_backup_path="${wale_prefix}/basebackup_005/${backup_name}" + aws "${aws_args[@]}" s3 rm --recursive "${base_backup_path}" + + # Setup configuration for wal-e. + {{- if .Profile.Location.Endpoint }} + wale_s3_endpoint="{{ .Profile.Location.Endpoint | quote}}" + wale_s3_endpoint-${wale_s3_endpoint,,} + {{- if .Profile.SkipSSLVerify }} + # Since wal-e does not support skip-ssl-verify switch to http:// + wale_s3_endpoint="${wale_s3_endpoint/https/http}" + {{- end }} + + # Add the scheme that wal-e requires + wale_s3_endpoint="${wale_s3_endpoint/https\:\/\//https+path://}" + wale_s3_endpoint="${wale_s3_endpoint/http\:\/\//http+path://}" + + export WALE_S3_ENDPOINT="${wale_s3_endpoint}" + + # Region will be ignored for S3 compatible object store so skipping. + {{- else }} + # Region is required when no endpoint is used (AWS S3). + {{- if .Profile.Location.Region }} + wale_s3_region="{{ .Profile.Location.Region | quote}}" + {{- else }} + wale_s3_region="us-east-1" + {{- end }} + export AWS_REGION="${wale_s3_region}" + {{- end }} + + # Count the number of backups. If there are none left, delete the WALs as well. + wal-e --s3-prefix "${wale_prefix}" backup-list + num_base_backups=$(( $(wal-e --s3-prefix "${wale_prefix}" backup-list | grep -v name | wc -l ) - 1 )) + if (( $num_base_backups == 0 )) + then + wal-e --s3-prefix "${wale_prefix}" delete --confirm everything + fi + + # Remove manifest. + base_backup_path="${wale_prefix}/basebackup_005/${backup_name}" + aws "${aws_args[@]}" s3 rm --recursive "${base_backup_path}"