Add backups to postgres-operator example (zarf-dev#52)

Signed-off-by: Jeff McCoy <code@jeffm.us>

Author: RothAndrew

examples/postgres-operator/README.md

@@ -20,6 +20,11 @@ After looking at several alternatives, Zalando's postgres operator felt like the
     - Connection // Username: `zarf`
     - Connection // Password: (run the command in the table below)
     - SSL // SSL mode: `Require`
+5. Create the backups bucket in MinIO (TODO: Figure out how to create the bucket automatically)
+   1. Navigate to [https://minio-console.localhost:8443](https://minio-console.localhost:8443)
+   2. Log in - Username: `minio` - Password: `minio123`
+   3. Buckets -> Create Bucket
+      - Bucket Name: `postgres-operator-backups`
 
 ## Logins
 
@@ -28,6 +33,7 @@ After looking at several alternatives, Zalando's postgres operator felt like the
 | Postgres Operator UI      | [https://postgres-operator-ui.localhost:8443](https://postgres-operator-ui.localhost:8443) | N/A                  | N/A                                                                                                                                                        |
 | PGAdmin                   | [https://pgadmin.localhost:8443](https://pgadmin.localhost:8443)                           | `zarf@example.local` | Run: `zarf tools get-admin-password`                                                                                                                       |
 | Example Postgres Database | `acid-zarf-test.postgres-operator.svc.cluster.local`                                       | `zarf`               | Run: `echo $(kubectl get secret zarf.acid-zarf-test.credentials.postgresql.acid.zalan.do -n postgres-operator --template={{.data.password}} \| base64 -d)` |
+| Minio Console             | [https://minio-console.localhost:8443](https://minio-console.localhost:8443)               | `minio`              | `minio123`                                                                                                                                                 |
 
 ## References
 - https://blog.flant.com/comparing-kubernetes-operators-for-postgresql/

examples/postgres-operator/manifests/minio-instance.yaml

@@ -0,0 +1,64 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: minio-instance
+  namespace: minio-operator
+spec:
+  chart: https://%{KUBERNETES_API}%/static/charts/minio-instance-4.2.3-bb.1.tgz
+  targetNamespace: minio-operator
+  # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/blob/4.2.3-bb.1/chart/values.yaml
+  valuesContent: |-
+    hostname: minio.localhost
+    tenants:
+      pools:
+          ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
+          ## For standalone mode, supply 1. For distributed mode, supply 4 or more.
+          ## Note that the operator does not support upgrading from standalone to distributed mode.
+        - servers: 1
+          ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
+          volumesPerServer: 4
+          ## size specifies the capacity per volume
+          size: 1Gi
+          ## storageClass specifies the storage class name to be used for this pool
+          storageClassName: local-path
+          ## Used to specify a toleration for a pod
+          tolerations: {}
+          ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
+          ## eligible to run on a node, the node must have each of the
+          ## indicated key-value pairs as labels.
+          ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+          nodeSelector: {}
+          ## Affinity settings for MinIO pods. Read more about affinity
+          ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
+          affinity: {}
+          ## Configure resource requests and limits for MinIO containers
+          resources:
+            requests:
+              cpu: "250m"
+              memory: "1Gi"
+            limits:
+              cpu: "500m"
+              memory: "1Gi"
+            ## Configure security context
+            ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1001
+            fsGroup: 1001
+    console:
+      enabled: true
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: minio-console-ingressroute
+  namespace: minio-operator
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`minio-console.localhost`)
+      kind: Rule
+      services:
+        - name: minio-instance-console
+          port: 9090

examples/postgres-operator/manifests/minio-operator.yaml

@@ -0,0 +1,23 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: minio-operator
+  namespace: minio-operator
+spec:
+  chart: https://%{KUBERNETES_API}%/static/charts/minio-operator-4.2.3-bb.1.tgz
+  targetNamespace: minio-operator
+  # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator/-/blob/2.0.9-bb.3/chart/values.yaml
+  valuesContent: |-
+    operator:
+      image:
+          repository: registry1.dso.mil/ironbank/opensource/minio/operator
+          tag: v4.2.3
+      resources:
+          requests:
+            cpu: 200m
+            memory: 256Mi
+            ephemeral-storage: 500Mi
+          limits:
+            cpu: 200m
+            memory: 256Mi
+

examples/postgres-operator/manifests/namespace.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgres-operator
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: minio-operator

examples/postgres-operator/manifests/namespaces.yaml

@@ -17,6 +17,8 @@ spec:
     zarf: []
   databases:
     zarf: zarf
+  enableLogicalBackup: true
+  logicalBackupSchedule: "*/2 * * * *"
   resources:
     requests:
       cpu: 100m

examples/postgres-operator/manifests/cluster.yaml examples/postgres-operator/manifests/postgres-cluster.yaml

@@ -28,6 +28,19 @@ spec:
       targetNamespace: "postgres-operator"
       teams:
         - "acid"
+    extraEnvs:
+      - name: WALE_S3_ENDPOINT
+        value: "http+path://minio.minio-operator.svc.cluster.local:80"
+      - name: AWS_ENDPOINT
+        value: "http://minio.minio-operator.svc.cluster.local"
+      - name: SPILO_S3_BACKUP_PREFIX
+        value: "spilo/"
+      - name: AWS_ACCESS_KEY_ID
+        value: "minio"
+      - name: AWS_SECRET_ACCESS_KEY
+        value: "minio123"
+      - name: SPILO_S3_BACKUP_BUCKET
+        value: "postgres-operator-backups"
     # We are defining our own Ingress manifest
     ingress:
       enabled: false

examples/postgres-operator/manifests/operator-ui.yaml examples/postgres-operator/manifests/postgres-operator-ui.yaml

@@ -22,12 +22,18 @@ spec:
       default_memory_limit: "500Mi"
       min_cpu_limit: "250m"
       min_memory_limit: "250Mi"
-    # configLogicalBackup:
+    configAwsOrGcp:
+      wal_s3_bucket: "postgres-operator-backups"
+    configLogicalBackup:
       # logical_backup_docker_image: "registry1.dso.mil/.../logical-backup:v1.7.0"
-      # logical_backup_s3_endpoint: ""
-      # logical_backup_s3_access_key_id: ""
-      # logical_backup_s3_secret_access_key : ""
-      # logical_backup_schedule: "30 00 * * *"
+      logical_backup_s3_endpoint: "http://minio.minio-operator.svc.cluster.local"
+      logical_backup_s3_access_key_id: "minio"
+      logical_backup_s3_bucket: "postgres-operator-backups"
+      logical_backup_s3_secret_access_key : "minio123"
+      logical_backup_s3_sse: ""
+      logical_backup_schedule: "*/2 * * * *"
+    configKubernetes:
+      pod_environment_configmap: "postgres-operator/postgres-pod-config"
     configConnectionPooler:
       # connection_pooler_image: "registry1.dso.mil/.../pgbouncer:master-18"
       connection_pooler_default_cpu_request: "100m"
@@ -46,3 +52,19 @@ spec:
       runAsNonRoot: true
       readOnlyRootFilesystem: true
       allowPrivilegeEscalation: false
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-pod-config
+  namespace: postgres-operator
+data:
+  AWS_ENDPOINT: http://minio.minio-operator.svc.cluster.local
+  AWS_ACCESS_KEY_ID: minio
+  AWS_SECRET_ACCESS_KEY: minio123
+  BACKUP_NUM_TO_RETAIN: "3"
+  BACKUP_SCHEDULE: "*/2 * * * *"
+  USE_WALG_BACKUP: "true"
+  WALG_DISABLE_S3_SSE: "true"
+  USE_WALG_RESTORE: "false"
+  AWS_S3_FORCE_PATH_STYLE: "true"

examples/postgres-operator/manifests/operator.yaml examples/postgres-operator/manifests/postgres-operator.yaml

@@ -2,6 +2,7 @@ kind: ZarfPackageConfig
 metadata:
   name: postgres-operator-demo
   description: "Demo of prod-like Postgres database(s) on an edge cluster"
+#  uncompressed: true
 
 local:
   manifests: manifests
@@ -16,6 +17,12 @@ local:
     - name: pgadmin4
       url: https://helm.runix.net
       version: 1.7.2
+    - name: minio-operator
+      url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
+      version: 4.2.3-bb.1
+    - name: minio-instance
+      url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
+      version: 4.2.3-bb.1
 
   images:
     - registry.opensource.zalan.do/acid/postgres-operator:v1.7.0
@@ -24,3 +31,5 @@ local:
     - registry.opensource.zalan.do/acid/pgbouncer:master-18
     - registry.opensource.zalan.do/acid/postgres-operator-ui:v1.7.0
     - docker.io/dpage/pgadmin4:5.5
+    - registry1.dso.mil/ironbank/opensource/minio/operator:v4.2.3
+    - registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2021-08-31T05-46-54Z