diff --git a/e2e-tests/demand-backup-physical-sharded/run b/e2e-tests/demand-backup-physical-sharded/run index 4cfb61bc15..b418560e27 100755 --- a/e2e-tests/demand-backup-physical-sharded/run +++ b/e2e-tests/demand-backup-physical-sharded/run @@ -36,7 +36,7 @@ run_recovery_check() { # we don't wait for cluster readiness here because the annotation gets removed then wait_restore "${backup_name}" "${cluster}" "ready" "0" "3000" - kubectl_bin get psmdb ${cluster} -o yaml + if [ $(kubectl_bin get psmdb ${cluster} -o yaml | yq '.metadata.annotations."percona.com/resync-pbm"') == null ]; then echo "psmdb/${cluster} should be annotated with percona.com/resync-pbm after a physical restore" exit 1 diff --git a/e2e-tests/functions b/e2e-tests/functions index d7b4fde02e..41496829d4 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -1173,6 +1173,11 @@ cat_config() { | yq eval '.spec.upgradeOptions.apply="Never"' } +format_date() { + local timestamp=$1 + echo $(TZ=UTC $date -d@${timestamp} '+%Y-%m-%d %H:%M:%S') +} + apply_cluster() { if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then cat_config "$1" \ @@ -1681,6 +1686,37 @@ getUserData() { urlencode "$(getSecretData "$secretName" "$dataKey")" } +write_document() { + local cmp_postfix="$1" + local sleep_value=${2:-0} + + desc 'write initial data, read from all' + run_mongos \ + 'use myApp\n db.test.insert({ x: 100500 })' \ + "myApp:myPass@$cluster-mongos.$namespace" + sleep $sleep_value + + compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" ${cmp_postfix} +} + +write_initial_data() { + desc 'create user myApp' + run_mongos \ + 'db.createUser({user:"myApp",pwd:"myPass",roles:[{db:"myApp",role:"readWrite"}]})' \ + "userAdmin:userAdmin123456@$cluster-mongos.$namespace" + sleep 2 +} + +reset_collection() { + desc 'reset data' + + run_mongos \ + 'use myApp\n db.test.remove({})' \ + "myApp:myPass@$cluster-mongos.$namespace" + sleep 2 + write_document '' '120' +} + get_latest_oplog_chunk_ts() { local cluster=$1 echo $(kubectl_bin exec ${cluster}-rs0-0 -c backup-agent -- pbm status -o json | jq '.backups.pitrChunks.pitrChunks | last | .range.end') @@ -1691,6 +1727,92 @@ format_date() { echo $(TZ=UTC $date -d@${timestamp} '+%Y-%m-%d %H:%M:%S') } +get_bucket_name() { + local backup_name=$1 + + kubectl_bin get psmdb-backup $backup_name -o jsonpath='{.status.s3.bucket}' +} + +check_recovery() { + local backup_name=$1 + local restore_type=$2 + local restore_date=$3 + local cmp_postfix=$4 + local cluster_name=$5 + local backupSource=$6 + + local latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) + + desc "write more data before restore by $restore_type" + run_mongos \ + 'use myApp\n db.test.insert({ x: 100501 })' \ + "myApp:myPass@$cluster-mongos.$namespace" + + if [[ -n ${restore_date} ]]; then + desc "Restoring to time $(format_date ${restore_date})" + retries=0 + until [[ ${latest_ts} -gt ${restore_date} ]]; do + if [[ $retries -gt 30 ]]; then + echo "Last oplog chunk ($(format_date ${latest_ts})) is not greater than restore target ($(format_date ${restore_date}))" + exit 1 + fi + latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) + retries=$((retries + 1)) + echo "Waiting for last oplog chunk ($(format_date ${latest_ts})) to be greater than restore target ($(format_date ${restore_date}))" + sleep 10 + done + else + desc "Restoring to latest" + local current_ts=$(get_latest_oplog_chunk_ts $cluster_name) + retries=0 + until [[ ${latest_ts} -gt ${current_ts} ]]; do + if [[ $retries -gt 30 ]]; then + echo "Timeout while waiting for last oplog chunk ($(format_date ${latest_ts}))" + exit 1 + fi + latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) + retries=$((retries + 1)) + echo "Waiting for last oplog chunk ($(format_date ${latest_ts})) to be 120 seconds older than starting chunk ($(format_date ${current_ts}))" + sleep 10 + done + fi + + if [ -z "$backupSource" ]; then + desc "check restore by $restore_type" + cat $test_dir/conf/restore.yml \ + | $sed -e "s/name:/name: restore-$backup_name/" \ + | $sed -e "s/backupName:/backupName: $backup_name/" \ + | $sed -e "/backupSource/,+8d" \ + | $sed -e "s/pitrType:/type: $restore_type/" \ + | if [ -z "$restore_date" ]; then $sed -e "/date:/d"; else $sed -e "s/date:/date: $(format_date ${restore_date})/"; fi \ + | kubectl_bin apply -f - + else + desc "check restore by $restore_type $backupSource" + backup_dest=$(get_backup_dest "$backup_name") + cat $test_dir/conf/restore.yml \ + | $sed -e "s/name:/name: restore-$backup_name/" \ + | $sed -e "/backupName/d" \ + | $sed -e "s/pitrType:/type: $restore_type/" \ + | if [ -z "$restore_date" ]; then $sed -e "/date:/d"; else $sed -e "s/date:/date: $(format_date ${restore_date})"/; fi \ + | $sed -e "s|DESTINATION|$backup_dest|" \ + | $sed -e "s|BUCKET-NAME|$(get_bucket_name "$backup_name")|" \ + | if [ -n "$selective_collection" ]; then yq eval '.spec.selective = {"namespaces": ["myApp.test"], "withUsersAndRoles": true}'; else yq; fi \ + | kubectl_bin apply -f - + fi + + # fail faster if we don't reach requested status until some time + wait_restore "$backup_name" "$cluster_name" "requested" "0" "900" + echo + wait_restore "$backup_name" "$cluster_name" "ready" "0" "1600" + echo + set -o xtrace + + wait_for_running $cluster-mongos 3 + sleep 10 + + compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" "$cmp_postfix" +} + run_pitr_check() { local backup=$1 local cluster=$2 diff --git a/e2e-tests/multi-storage/run b/e2e-tests/multi-storage/run index 7e2aefee31..e30a176fe0 100755 --- a/e2e-tests/multi-storage/run +++ b/e2e-tests/multi-storage/run @@ -283,12 +283,18 @@ wait_for_advanced_restorable_time backup-minio-3 restore_time=$(get_latest_restorable_time backup-minio-3) check_recovery backup-minio-3 "$(format_pitr_target ${restore_time})" +log "sleeping for 60 seconds for resync to finish" +sleep 60 # minio buckets are basically empty, resync should finish very quickly + log "changing main storage from minio-1 to minio-2" kubectl patch psmdb ${cluster} --type=json -p='[ {"op": "remove", "path": "/spec/backup/storages/minio-1/main"}, {"op": "add", "path": "/spec/backup/storages/minio-2/main", "value": true} ]' +log "sleeping for 60 seconds for resync to finish" +sleep 60 # minio buckets are basically empty, resync should finish very quickly + run_backup minio-2 backup-minio-2-1 logical wait_backup backup-minio-2-1 diff --git a/e2e-tests/pitr-physical-backup-source/compare/find-2nd.json b/e2e-tests/pitr-physical-backup-source/compare/find-2nd.json new file mode 100644 index 0000000000..dfd9aecc47 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/find-2nd.json @@ -0,0 +1,4 @@ +switched to db myApp +{ "_id" : , "x" : 100500 } +{ "_id" : , "x" : 100500 } +bye diff --git a/e2e-tests/pitr-physical-backup-source/compare/find-3rd.json b/e2e-tests/pitr-physical-backup-source/compare/find-3rd.json new file mode 100644 index 0000000000..18186f71a4 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/find-3rd.json @@ -0,0 +1,5 @@ +switched to db myApp +{ "_id" : , "x" : 100500 } +{ "_id" : , "x" : 100500 } +{ "_id" : , "x" : 100501 } +bye diff --git a/e2e-tests/pitr-physical-backup-source/compare/find.json b/e2e-tests/pitr-physical-backup-source/compare/find.json new file mode 100644 index 0000000000..74495091bf --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/find.json @@ -0,0 +1,3 @@ +switched to db myApp +{ "_id" : , "x" : 100500 } +bye diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-4-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-4-oc.yml new file mode 100644 index 0000000000..5425a7a9ba --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-4-oc.yml @@ -0,0 +1,267 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + name: some-name-cfg + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + serviceName: some-name-cfg + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + topologyKey: kubernetes.io/hostname + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=cfg + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --configsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: cfg + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: cfg-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: cfg + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-oc.yml new file mode 100644 index 0000000000..5425a7a9ba --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-oc.yml @@ -0,0 +1,267 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + name: some-name-cfg + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + serviceName: some-name-cfg + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + topologyKey: kubernetes.io/hostname + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=cfg + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --configsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: cfg + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: cfg-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: cfg + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg.yml new file mode 100644 index 0000000000..72ec24d79a --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg.yml @@ -0,0 +1,270 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + name: some-name-cfg + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + serviceName: some-name-cfg + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + topologyKey: kubernetes.io/hostname + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=cfg + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --configsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: cfg + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: cfg-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: cfg + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-mongos.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-mongos.yml new file mode 100644 index 0000000000..1075eba587 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-mongos.yml @@ -0,0 +1,193 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + name: some-name-mongos + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + serviceName: "" + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + topologyKey: kubernetes.io/hostname + containers: + - args: + - mongos + - --bind_ip_all + - --port=27017 + - --sslAllowInvalidCertificates + - --configdb + - cfg/some-name-cfg-0.some-name-cfg.NAME_SPACE.svc.cluster.local:27017,some-name-cfg-1.some-name-cfg.NAME_SPACE.svc.cluster.local:27017,some-name-cfg-2.some-name-cfg.NAME_SPACE.svc.cluster.local:27017 + - --relaxPermChecks + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + command: + - /opt/percona/ps-entry.sh + env: + - name: MONGODB_PORT + value: "27017" + envFrom: + - secretRef: + name: some-users + optional: false + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "10" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongos + ports: + - containerPort: 27017 + name: mongos + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + readOnly: true + - mountPath: /opt/percona + name: bin + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: mongos-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - emptyDir: {} + name: mongod-data + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + - emptyDir: {} + name: bin + updateStrategy: + type: OnDelete diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-4-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-4-oc.yml new file mode 100644 index 0000000000..8edaebbb0c --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-4-oc.yml @@ -0,0 +1,267 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: some-name-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: some-name-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs0 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs0-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-oc.yml new file mode 100644 index 0000000000..8edaebbb0c --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-oc.yml @@ -0,0 +1,267 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: some-name-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: some-name-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs0 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs0-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0.yml new file mode 100644 index 0000000000..96fe3a97a7 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0.yml @@ -0,0 +1,270 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: some-name-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: some-name-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs0 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs0-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-4-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-4-oc.yml new file mode 100644 index 0000000000..d2be4d56f4 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-4-oc.yml @@ -0,0 +1,267 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + name: some-name-rs1 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + serviceName: some-name-rs1 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs1 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs1 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs1 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs1-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-oc.yml new file mode 100644 index 0000000000..c22d483a3a --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-oc.yml @@ -0,0 +1,261 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + name: some-name-rs1 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + serviceName: some-name-rs1 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs1 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs1 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs1 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs1-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1.yml new file mode 100644 index 0000000000..8a6a2819fe --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1.yml @@ -0,0 +1,270 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + name: some-name-rs1 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + serviceName: some-name-rs1 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs1 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs1 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs1 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs1 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs1-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-4-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-4-oc.yml new file mode 100644 index 0000000000..e976d52507 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-4-oc.yml @@ -0,0 +1,277 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + name: some-name-rs2 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + serviceName: some-name-rs2 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs2 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs2 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: rs-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs2 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs2-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-oc.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-oc.yml new file mode 100644 index 0000000000..56073c608c --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-oc.yml @@ -0,0 +1,271 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + name: some-name-rs2 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + serviceName: some-name-rs2 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs2 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs2 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: rs-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs2 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs2-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2.yml b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2.yml new file mode 100644 index 0000000000..575de5b7a5 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2.yml @@ -0,0 +1,280 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + name: some-name-rs2 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: some-name +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + serviceName: some-name-rs2 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs2 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27017 + - --replSet=rs2 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=preferTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerCacheSizeGB=0.25 + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: some-name + - name: MONGODB_PORT + value: "27017" + - name: MONGODB_REPLSET + value: rs2 + envFrom: + - secretRef: + name: internal-some-name-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27017 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: some-name-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: some-name-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - args: + - -c + - while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done + command: + - /bin/sh + imagePullPolicy: Always + name: rs-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs2 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: SHARDED + value: "TRUE" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: some-name-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: some-name-rs2-mongod + optional: true + name: config + - name: some-name-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: some-name-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: some-name-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: some-name-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-some-name-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/pitr-physical-backup-source/conf/backup-minio.yml b/e2e-tests/pitr-physical-backup-source/conf/backup-minio.yml new file mode 100644 index 0000000000..2109f4efd6 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/conf/backup-minio.yml @@ -0,0 +1,8 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDBBackup +metadata: + name: +spec: + clusterName: some-name + storageName: minio + type: diff --git a/e2e-tests/pitr-physical-backup-source/conf/restore.yml b/e2e-tests/pitr-physical-backup-source/conf/restore.yml new file mode 100644 index 0000000000..d6f81f7401 --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/conf/restore.yml @@ -0,0 +1,20 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDBRestore +metadata: + name: +spec: + clusterName: some-name + backupName: + pitr: + pitrType: + date: + backupSource: + type: physical + destination: s3://DESTINATION + s3: + credentialsSecret: minio-secret + bucket: BUCKET-NAME + endpointUrl: http://minio-service:9000/ + region: us-east-1 + insecureSkipTLSVerify: false + diff --git a/e2e-tests/pitr-physical-backup-source/conf/some-name-rs0.yml b/e2e-tests/pitr-physical-backup-source/conf/some-name-rs0.yml new file mode 100644 index 0000000000..8cb64bebae --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/conf/some-name-rs0.yml @@ -0,0 +1,151 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: some-name +spec: + #platform: openshift + image: + imagePullPolicy: Always + backup: + enabled: true + image: perconalab/percona-server-mongodb-operator:1.1.0-backup + storages: + minio: + type: s3 + s3: + credentialsSecret: minio-secret + region: us-east-1 + bucket: operator-testing + endpointUrl: http://minio-service:9000/ + insecureSkipTLSVerify: false + pitr: + enabled: true + oplogSpanMin: 2 + sharding: + enabled: true + + configsvrReplSet: + size: 3 + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 3Gi + + mongos: + size: 3 + expose: + type: ClusterIP + + replsets: + - name: rs0 + affinity: + antiAffinityTopologyKey: none + resources: + limits: + memory: 4G + requests: + memory: 1G + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 1Gi + size: 3 + configuration: | + operationProfiling: + mode: slowOp + slowOpThresholdMs: 100 + security: + enableEncryption: true + redactClientLogData: false + setParameter: + ttlMonitorSleepSecs: 60 + wiredTigerConcurrentReadTransactions: 128 + wiredTigerConcurrentWriteTransactions: 128 + storage: + engine: wiredTiger + wiredTiger: + collectionConfig: + blockCompressor: snappy + engineConfig: + directoryForIndexes: false + journalCompressor: snappy + indexConfig: + prefixCompression: true + - name: rs1 + affinity: + antiAffinityTopologyKey: none + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 0.1G + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 1Gi + size: 3 + configuration: | + operationProfiling: + mode: slowOp + slowOpThresholdMs: 100 + security: + enableEncryption: true + redactClientLogData: false + setParameter: + ttlMonitorSleepSecs: 60 + wiredTigerConcurrentReadTransactions: 128 + wiredTigerConcurrentWriteTransactions: 128 + storage: + engine: wiredTiger + wiredTiger: + collectionConfig: + blockCompressor: snappy + engineConfig: + directoryForIndexes: false + journalCompressor: snappy + indexConfig: + prefixCompression: true + - name: rs2 + affinity: + antiAffinityTopologyKey: none + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 100m + memory: 0.1G + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 1Gi + size: 3 + configuration: | + operationProfiling: + mode: slowOp + slowOpThresholdMs: 100 + security: + enableEncryption: true + redactClientLogData: false + setParameter: + ttlMonitorSleepSecs: 60 + wiredTigerConcurrentReadTransactions: 128 + wiredTigerConcurrentWriteTransactions: 128 + storage: + engine: wiredTiger + wiredTiger: + collectionConfig: + blockCompressor: snappy + engineConfig: + directoryForIndexes: false + journalCompressor: snappy + indexConfig: + prefixCompression: true + secrets: + users: some-users diff --git a/e2e-tests/pitr-physical-backup-source/run b/e2e-tests/pitr-physical-backup-source/run new file mode 100755 index 0000000000..47d161ec1b --- /dev/null +++ b/e2e-tests/pitr-physical-backup-source/run @@ -0,0 +1,107 @@ +#!/bin/bash + +set -o errexit + +test_dir=$(realpath $(dirname $0)) +. ${test_dir}/../functions +set_debug + +run_backup() { + local name=$1 + local idx=$2 + local type=$3 + + desc "run backup $name-$idx" + cat $test_dir/conf/$name.yml \ + | $sed -e "s/name:/name: $name-$idx/" \ + | $sed -e "s/type:/type: $type/" \ + | kubectl_bin apply -f - + + wait_backup "$name-$idx" +} + +main() { + create_infra $namespace + deploy_minio + + desc 'create secrets and start client' + kubectl_bin apply \ + -f "$conf_dir/secrets.yml" \ + -f "$conf_dir/client.yml" \ + -f $conf_dir/minio-secret.yml + + cluster="some-name" + desc "create first PSMDB cluster $cluster" + apply_cluster $test_dir/conf/$cluster-rs0.yml + + desc 'check if all 3 Pods started' + wait_for_running $cluster-rs0 3 + wait_for_running $cluster-cfg 3 "false" + sleep 10 + + write_initial_data + write_document + + wait_backup_agent $cluster-rs0-0 + wait_backup_agent $cluster-rs0-1 + wait_backup_agent $cluster-rs0-2 + wait_backup_agent $cluster-rs1-0 + wait_backup_agent $cluster-rs1-1 + wait_backup_agent $cluster-rs1-2 + wait_backup_agent $cluster-rs2-0 + wait_backup_agent $cluster-rs2-1 + wait_backup_agent $cluster-rs2-2 + + # The sleep is needed to workaround a bug in PBM, check PBM-1265 for more info + echo "Sleeping for 360 seconds" + sleep 360 + + backup_name_minio="backup-minio" + + desc 'restore pitr type date using backupSource' + run_backup $backup_name_minio 1 physical + compare_latest_restorable_time "${cluster}-rs0" "${backup_name_minio}-1" + reset_collection + + time_now=$(run_mongos 'new Date().getTime() / 1000' "myApp:myPass@$cluster-mongos.$namespace" "mongodb" "" "--quiet" | grep -E -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match' | cut -d'.' -f1) + + check_recovery "${backup_name_minio}-1" date "$time_now" "" "$cluster" backupSource + + desc "delete PSMDB cluster $cluster" + kubectl_bin delete psmdb $cluster + kubectl_bin delete pvc -l app.kubernetes.io/managed-by=percona-server-mongodb-operator + sleep 10 + + desc "recreate PSMDB cluster $cluster" + desc "create second PSMDB cluster $cluster" + apply_cluster $test_dir/conf/$cluster-rs0.yml + + desc 'check if all 3 Pods started' + wait_for_running $cluster-rs0 3 + wait_for_running $cluster-cfg 3 "false" + wait_for_running $cluster-rs1 3 + wait_for_running $cluster-rs2 3 + sleep 10 + + write_initial_data + write_document + + desc 'restore pitr type latest using backupSource' + write_document "-2nd" + run_backup $backup_name_minio 2 physical + compare_latest_restorable_time "${cluster}-rs0" "${backup_name_minio}-2" + check_recovery "${backup_name_minio}-2" latest "" "-3rd" "$cluster" backupSource + + desc 'disable pitr' + kubectl patch psmdb "$cluster" --type='merge' --patch '{"spec": {"backup": {"pitr": {"enabled": false}}}}' + sleep 20 + + desc 'delete all backups' + kubectl_bin delete psmdb-backup --all + + desc 'destroy cluster' + destroy $namespace + desc 'test passed' +} + +main diff --git a/e2e-tests/pitr-physical/conf/restore.yml b/e2e-tests/pitr-physical/conf/restore.yml index c5065be4ae..d6f81f7401 100644 --- a/e2e-tests/pitr-physical/conf/restore.yml +++ b/e2e-tests/pitr-physical/conf/restore.yml @@ -6,5 +6,15 @@ spec: clusterName: some-name backupName: pitr: - type: + pitrType: date: + backupSource: + type: physical + destination: s3://DESTINATION + s3: + credentialsSecret: minio-secret + bucket: BUCKET-NAME + endpointUrl: http://minio-service:9000/ + region: us-east-1 + insecureSkipTLSVerify: false + diff --git a/e2e-tests/pitr-physical/run b/e2e-tests/pitr-physical/run index 49ae125d4a..7a6905a00b 100755 --- a/e2e-tests/pitr-physical/run +++ b/e2e-tests/pitr-physical/run @@ -6,36 +6,6 @@ test_dir=$(realpath $(dirname $0)) . ${test_dir}/../functions set_debug -format_date() { - local timestamp=$1 - echo $(TZ=UTC $date -d@${timestamp} '+%Y-%m-%d %H:%M:%S') -} - -get_latest_oplog_chunk_ts() { - local cluster=$1 - echo $(kubectl_bin exec $cluster-rs0-0 -c backup-agent -- pbm status -o json | jq '.backups.pitrChunks.pitrChunks | last | .range.end') -} - -write_document() { - local cmp_postfix="$1" - - desc 'write initial data, read from all' - run_mongos \ - 'use myApp\n db.test.insert({ x: 100500 })' \ - "myApp:myPass@$cluster-mongos.$namespace" - minikube_sleep - compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" ${cmp_postfix} -} - -write_initial_data() { - desc 'create user myApp' - run_mongos \ - 'db.createUser({user:"myApp",pwd:"myPass",roles:[{db:"myApp",role:"readWrite"}]})' \ - "userAdmin:userAdmin123456@$cluster-mongos.$namespace" - sleep 2 - write_document -} - run_backup() { local name=$1 local idx=$2 @@ -52,70 +22,6 @@ run_backup() { sleep 5 } -check_recovery() { - local backup_name=$1 - local restore_type=$2 - local restore_date=$3 - local cmp_postfix=$4 - local cluster_name=$5 - - local latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) - - desc "write more data before restore by $restore_type" - run_mongos \ - 'use myApp\n db.test.insert({ x: 100501 })' \ - "myApp:myPass@$cluster-mongos.$namespace" - - if [[ -n ${restore_date} ]]; then - desc "Restoring to time $(format_date ${restore_date})" - retries=0 - until [[ ${latest_ts} -gt ${restore_date} ]]; do - if [[ $retries -gt 30 ]]; then - echo "Last oplog chunk ($(format_date ${latest_ts})) is not greater than restore target ($(format_date ${restore_date}))" - exit 1 - fi - latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) - retries=$((retries + 1)) - echo "Waiting for last oplog chunk ($(format_date ${latest_ts})) to be greater than restore target ($(format_date ${restore_date}))" - sleep 10 - done - else - desc "Restoring to latest" - local current_ts=$(get_latest_oplog_chunk_ts $cluster_name) - retries=0 - until [[ ${latest_ts} -gt ${current_ts} ]]; do - if [[ $retries -gt 30 ]]; then - echo "Timeout while waiting for last oplog chunk ($(format_date ${latest_ts}))" - exit 1 - fi - latest_ts=$(get_latest_oplog_chunk_ts $cluster_name) - retries=$((retries + 1)) - echo "Waiting for last oplog chunk ($(format_date ${latest_ts})) to be 120 seconds older than starting chunk ($(format_date ${current_ts}))" - sleep 10 - done - fi - - desc "check restore by $restore_type" - cat $test_dir/conf/restore.yml \ - | $sed -e "s/name:/name: restore-$backup_name/" \ - | $sed -e "s/backupName:/backupName: $backup_name/" \ - | $sed -e "s/type:/type: $restore_type/" \ - | if [ -z "$restore_date" ]; then $sed -e "/date:/d"; else $sed -e "s/date:/date: $(format_date ${restore_date})/"; fi \ - | kubectl_bin apply -f - - - # fail faster if we don't reach requested status until some time - wait_restore "$backup_name" "$cluster_name" "requested" "0" "900" - echo - wait_restore "$backup_name" "$cluster_name" "ready" "0" "1600" - echo - set -o xtrace - - wait_for_running $cluster-mongos 3 - sleep 10 - - compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" "$cmp_postfix" -} - main() { create_infra $namespace deploy_minio @@ -136,6 +42,7 @@ main() { sleep 10 write_initial_data + write_document wait_backup_agent $cluster-rs0-0 wait_backup_agent $cluster-rs0-1 @@ -154,7 +61,7 @@ main() { backup_name_minio="backup-minio" run_backup $backup_name_minio 2 physical - write_document "-2nd" + write_document "-2nd" '120' backup_last_write=$(kubectl_bin exec $cluster-rs0-0 -c backup-agent -- pbm status -o json | jq .backups.snapshot[0].restoreTo) last_chunk=$(get_latest_oplog_chunk_ts $cluster) diff --git a/e2e-tests/pitr-sharded/conf/restore.yml b/e2e-tests/pitr-sharded/conf/restore.yml index c5065be4ae..d6f81f7401 100644 --- a/e2e-tests/pitr-sharded/conf/restore.yml +++ b/e2e-tests/pitr-sharded/conf/restore.yml @@ -6,5 +6,15 @@ spec: clusterName: some-name backupName: pitr: - type: + pitrType: date: + backupSource: + type: physical + destination: s3://DESTINATION + s3: + credentialsSecret: minio-secret + bucket: BUCKET-NAME + endpointUrl: http://minio-service:9000/ + region: us-east-1 + insecureSkipTLSVerify: false + diff --git a/e2e-tests/pitr-sharded/run b/e2e-tests/pitr-sharded/run index c446c648f4..6c473f514f 100755 --- a/e2e-tests/pitr-sharded/run +++ b/e2e-tests/pitr-sharded/run @@ -6,26 +6,6 @@ test_dir=$(realpath $(dirname $0)) . ${test_dir}/../functions set_debug -write_document() { - local cmp_postfix="$1" - - desc 'write initial data, read from all' - run_mongos \ - 'use myApp\n db.test.insert({ x: 100500 })' \ - "myApp:myPass@$cluster-mongos.$namespace" - minikube_sleep - compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" ${cmp_postfix} -} - -write_initial_data() { - desc 'create user myApp' - run_mongos \ - 'db.createUser({user:"myApp",pwd:"myPass",roles:[{db:"myApp",role:"readWrite"}]})' \ - "userAdmin:userAdmin123456@$cluster-mongos.$namespace" - sleep 2 - write_document -} - run_backup() { local name=$1 local idx=$2 @@ -40,40 +20,6 @@ run_backup() { sleep 5 } -check_recovery() { - local backup_name=$1 - local restore_type=$2 - local restore_date=$3 - local cmp_postfix=$4 - local cluster_name=$5 - - desc "write more data before restore by $restore_type" - sleep 60 - run_mongos \ - 'use myApp\n db.test.insert({ x: 100501 })' \ - "myApp:myPass@$cluster-mongos.$namespace" - - desc 'waiting for chunks to be uploaded' - sleep 120 - - desc "check restore by $restore_type" - cat $test_dir/conf/restore.yml \ - | $sed -e "s/name:/name: restore-$backup_name/" \ - | $sed -e "s/backupName:/backupName: $backup_name/" \ - | $sed -e "s/type:/type: $restore_type/" \ - | if [ -z "$restore_date" ]; then $sed -e "/date:/d"; else $sed -e "s/date:/date: $restore_date/"; fi \ - | kubectl_bin apply -f - - - wait_restore "$backup_name" "$cluster_name" "ready" 1 - echo - set -o xtrace - - wait_for_running $cluster-mongos 3 - sleep 10 - - compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace" "$cmp_postfix" -} - main() { create_infra $namespace deploy_minio @@ -114,6 +60,7 @@ main() { compare_kubectl statefulset/$cluster-mongos "" write_initial_data + write_document wait_backup_agent $cluster-rs0-0 wait_backup_agent $cluster-rs0-1 @@ -143,7 +90,7 @@ main() { write_document "-2nd" sleep 2 - time_now=$(run_mongos 'new Date().toISOString()' "myApp:myPass@$cluster-mongos.$namespace" "mongodb" "" "--quiet" | grep -E -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:' | cut -c1-19 | tr T " ") + time_now=$(run_mongos 'new Date().getTime() / 1000' "myApp:myPass@$cluster-mongos.$namespace" "mongodb" "" "--quiet" | grep -E -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:' | cut -d'.' -f1) check_recovery $backup_name-0 date "$time_now" "-2nd" "$cluster" run_backup $backup_name 1 diff --git a/e2e-tests/run-pr.csv b/e2e-tests/run-pr.csv index 6c7d36a169..93411ab73f 100644 --- a/e2e-tests/run-pr.csv +++ b/e2e-tests/run-pr.csv @@ -34,6 +34,7 @@ operator-self-healing-chaos pitr pitr-physical pitr-sharded +pitr-physical-backup-source preinit-updates pvc-resize recover-no-primary diff --git a/e2e-tests/run-release.csv b/e2e-tests/run-release.csv index e520e6a7d6..8c49568126 100644 --- a/e2e-tests/run-release.csv +++ b/e2e-tests/run-release.csv @@ -34,6 +34,7 @@ operator-self-healing-chaos pitr pitr-physical pitr-sharded +pitr-physical-backup-source preinit-updates pvc-resize recover-no-primary diff --git a/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go b/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go index 67bd4225b2..7ee08855cc 100644 --- a/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go +++ b/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go @@ -304,6 +304,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) getBackup(ctx context.Context, cr Namespace: cr.Namespace, }, Spec: psmdbv1.PerconaServerMongoDBBackupSpec{ + Type: cr.Spec.BackupSource.Type, ClusterName: cr.Spec.ClusterName, StorageName: cr.Spec.StorageName, }, diff --git a/pkg/controller/perconaservermongodbrestore/physical.go b/pkg/controller/perconaservermongodbrestore/physical.go index 82e18b91e5..c4de434a01 100644 --- a/pkg/controller/perconaservermongodbrestore/physical.go +++ b/pkg/controller/perconaservermongodbrestore/physical.go @@ -191,6 +191,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) reconcilePhysicalRestore( err = retry.OnError(retry.DefaultBackoff, func(err error) bool { return (strings.Contains(err.Error(), "container is not created or running") || strings.Contains(err.Error(), "error dialing backend: No agent available") || + strings.Contains(err.Error(), "unable to upgrade connection") || strings.Contains(err.Error(), "unmarshal PBM describe-restore output")) }, func() error { stdoutBuf.Reset() @@ -318,6 +319,10 @@ func (r *ReconcilePerconaServerMongoDBRestore) reconcilePhysicalRestore( } orig := c.DeepCopy() + + if c.Annotations == nil { + c.Annotations = make(map[string]string) + } c.Annotations[psmdbv1.AnnotationResyncPBM] = "true" return r.client.Patch(ctx, c, client.MergeFrom(orig)) @@ -349,6 +354,9 @@ func (r *ReconcilePerconaServerMongoDBRestore) updateStatefulSetForPhysicalResto } // Annotating statefulset to stop reconciliation in psmdb_controller + if sts.Annotations == nil { + sts.Annotations = make(map[string]string) + } sts.Annotations[psmdbv1.AnnotationRestoreInProgress] = "true" cmd := []string{ @@ -476,6 +484,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) prepareStatefulSetsForPhysicalRes if err != nil { return err } + _, ok := sts.Annotations[psmdbv1.AnnotationRestoreInProgress] if ok { continue @@ -527,6 +536,10 @@ func (r *ReconcilePerconaServerMongoDBRestore) prepareStatefulSetsForPhysicalRes zero := int32(0) sts.Spec.Replicas = &zero + + if sts.Annotations == nil { + sts.Annotations = make(map[string]string) + } sts.Annotations[psmdbv1.AnnotationRestoreInProgress] = "true" return r.client.Patch(ctx, &sts, client.MergeFrom(orig)) @@ -579,8 +592,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) runMongosh(ctx context.Context, c stderrBuf := &bytes.Buffer{} if err := r.clientcmd.Exec(ctx, pod, "mongod", cmd, nil, stdoutBuf, stderrBuf, false); err != nil { - log.V(1).Info("Cmd failed", "stdout", stdoutBuf.String(), "stderr", stderrBuf.String()) - return stdoutBuf, stderrBuf, errors.Wrap(err, "cmd failed") + return stdoutBuf, stderrBuf, errors.Wrapf(err, "cmd failed (stdout: %s, stderr: %s)", stdoutBuf.String(), stderrBuf.String()) } log.V(1).Info("Cmd succeeded", "stdout", stdoutBuf.String(), "stderr", stderrBuf.String())