apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: sgbackups.stackgres.io spec: group: stackgres.io scope: Namespaced names: kind: SGBackup listKind: SGBackupList plural: sgbackups singular: sgbackup shortNames: - sgbkp versions: - name: v1 served: true storage: true additionalPrinterColumns: - name: cluster type: string jsonPath: .spec.sgCluster - name: managed type: string jsonPath: .spec.managedLifecycle - name: status type: string jsonPath: .status.process.status - name: pg-version type: string jsonPath: .status.backupInformation.postgresVersion priority: 1 - name: compressed-size type: integer format: byte jsonPath: .status.backupInformation.size.compressed priority: 1 - name: timeline type: string jsonPath: .status.backupInformation.timeline priority: 1 schema: openAPIV3Schema: type: object required: [metadata, spec] description: | A manual or automatically generated backup of an SGCluster configured with backups. When a SGBackup is created a Job will perform a full backup of the database and update the status of the SGBackup with the all the information required to restore it and some stats (or a failure message in case something unexpected happened). Backup generated by SGBackup are stored in the object storage configured with an SGObjectStorage together with the WAL files or in a [VolumeSnapshot](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) (separated from the WAL files that will be still stored in an object storage) depending on the backup configuration of the targeted SGCluster. After an SGBackup is created the same Job performs a reconciliation of the backups by applying the retention window that has been configured in the SGCluster and removing the backups with managed lifecycle and the WAL files older than the ones that fit in the retention window. The reconciliation also removes backups (excluding WAL files) that do not belongs to any SGBackup (including copies). If the target storage is changed deletion of an SGBackup backups with managed lifecycle and the WAL files older than the ones that fit in the retention window and of backups that do not belongs to any SGBackup will not be performed anymore on the previous storage, only on the new target storage. If the reconciliation of backups fails the backup itself do not fail and will be re-tried the next time a SGBackup or shecduled backup Job take place. properties: metadata: type: object properties: name: type: string maxLength: 56 pattern: "^[a-z]([-a-z0-9]*[a-z0-9])?$" description: | Name of the backup. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters consisting of one or more lowercase labels separated by `.`. Where each label is an alphanumeric (a-z, and 0-9) string, with the `-` character allowed anywhere except the first or last character. The name must be unique across all StackGres backups in the same namespace. spec: type: object properties: sgCluster: type: string description: | The name of the `SGCluster` from which this backup is/will be taken. If this is a copy of an existing completed backup in a different namespace the value must be prefixed with the namespace of the source backup and a dot `.` (e.g. `.`) or have the same value if the source backup is also a copy. managedLifecycle: type: boolean description: | Indicate if this backup is not permanent and should be removed by the automated retention policy. Default is `false`. timeout: type: integer description: | Allow to set a timeout for the backup creation. If not set it will be disabled and the backup operation will continue until the backup completes or fail. If set to 0 is the same as not being set. Make sure to set a reasonable high value in order to allow for any unexpected delays during backup creation (network low bandwidth, disk low throughput and so forth). reconciliationTimeout: type: integer default: 300 description: | Allow to set a timeout for the reconciliation process that take place after the backup. If not set defaults to 300 (5 minutes). If set to 0 it will disable timeout. Failure of reconciliation will not make the backup fail and will be re-tried the next time a SGBackup or shecduled backup Job take place. maxRetries: type: integer description: | The maximum number of retries the backup operation is allowed to do after a failure. A value of `0` (zero) means no retries are made. Defaults to: `3`. status: type: object properties: internalName: type: string description: | The name of the backup. backupPath: type: string description: | The path were the backup is stored. process: type: object properties: status: type: string description: | Status of the backup. failure: type: string description: | If the status is `failed` this field will contain a message indicating the failure reason. jobPod: type: string description: | Name of the pod assigned to the backup. StackGres utilizes internally a locking mechanism based on the pod name of the job that creates the backup. managedLifecycle: type: boolean description: | Status (may be transient) until converging to `spec.managedLifecycle`. timing: type: object properties: start: type: string # format: date-time description: | Start time of backup. end: type: string # format: date-time description: | End time of backup. stored: type: string # format: date-time description: | Time at which the backup is safely stored in the object storage. backupInformation: type: object properties: hostname: type: string description: | Hostname of the instance where the backup is taken from. sourcePod: type: string description: | Pod where the backup is taken from. systemIdentifier: type: string description: | Postgres *system identifier* of the cluster this backup is taken from. postgresVersion: type: string description: | Postgres version of the server where the backup is taken from. pgData: type: string description: | Data directory where the backup is taken from. size: type: object properties: uncompressed: type: integer format: int64 description: | Size (in bytes) of the uncompressed backup. compressed: type: integer format: int64 description: | Size (in bytes) of the compressed backup. lsn: type: object properties: start: type: string description: | LSN of when the backup started. end: type: string description: | LSN of when the backup finished. startWalFile: type: string description: | WAL segment file name when the backup was started. timeline: type: string description: | Backup timeline. controlData: type: object description: | An object containing data from the output of pg_controldata on the backup. properties: pg_control version number: type: string Catalog version number: type: string Database system identifier: type: string Database cluster state: type: string pg_control last modified: type: string Latest checkpoint location: type: string Latest checkpoint's REDO location: type: string Latest checkpoint's REDO WAL file: type: string Latest checkpoint's TimeLineID: type: string Latest checkpoint's PrevTimeLineID: type: string Latest checkpoint's full_page_writes: type: string Latest checkpoint's NextXID: type: string Latest checkpoint's NextOID: type: string Latest checkpoint's NextMultiXactId: type: string Latest checkpoint's NextMultiOffset: type: string Latest checkpoint's oldestXID: type: string Latest checkpoint's oldestXID's DB: type: string Latest checkpoint's oldestActiveXID: type: string Latest checkpoint's oldestMultiXid: type: string Latest checkpoint's oldestMulti's DB: type: string "Latest checkpoint's oldestCommitTsXid": type: string "Latest checkpoint's newestCommitTsXid": type: string Time of latest checkpoint: type: string Fake LSN counter for unlogged rels: type: string Minimum recovery ending location: type: string Min recovery ending loc's timeline: type: string Backup start location: type: string Backup end location: type: string End-of-backup record required: type: string wal_level setting: type: string wal_log_hints setting: type: string max_connections setting: type: string max_worker_processes setting: type: string max_wal_senders setting: type: string max_prepared_xacts setting: type: string max_locks_per_xact setting: type: string track_commit_timestamp setting: type: string Maximum data alignment: type: string Database block size: type: string Blocks per segment of large relation: type: string WAL block size: type: string Bytes per WAL segment: type: string Maximum length of identifiers: type: string Maximum columns in an index: type: string Maximum size of a TOAST chunk: type: string Size of a large-object chunk: type: string Date/time type storage: type: string Float4 argument passing: type: string Float8 argument passing: type: string Data page checksum version: type: string Mock authentication nonce: type: string sgBackupConfig: type: object description: The backup configuration used to perform this backup. properties: baseBackups: type: object description: | Back backups configuration. properties: cronSchedule: type: string description: | Continuous Archiving backups are composed of periodic *base backups* and all the WAL segments produced in between those base backups. This parameter specifies at what time and with what frequency to start performing a new base backup. Use cron syntax (`m h dom mon dow`) for this parameter, i.e., 5 values separated by spaces: * `m`: minute, 0 to 59 * `h`: hour, 0 to 23 * `dom`: day of month, 1 to 31 (recommended not to set it higher than 28) * `mon`: month, 1 to 12 * `dow`: day of week, 0 to 7 (0 and 7 both represent Sunday) Also ranges of values (`start-end`), the symbol `*` (meaning `first-last`) or even `*/N`, where `N` is a number, meaning every `N`, may be used. All times are UTC. It is recommended to avoid 00:00 as base backup time, to avoid overlapping with any other external operations happening at this time. retention: type: integer minimum: 1 description: | Based on this parameter, an automatic retention policy is defined to delete old base backups. This parameter specifies the number of base backups to keep, in a sliding window. Consequently, the time range covered by backups is `periodicity*retention`, where `periodicity` is the separation between backups as specified by the `cronSchedule` property. Default is 5. compression: type: string description: | Select the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4. enum: [ lz4, lzma, brotli ] performance: type: object properties: maxNetworkBandwitdh: type: integer description: | **Deprecated**: use instead maxNetworkBandwidth. Maximum storage upload bandwidth to be used when storing the backup. In bytes (per second). maxDiskBandwitdh: type: integer description: | **Deprecated**: use instead maxDiskBandwidth. Maximum disk read I/O when performing a backup. In bytes (per second). maxNetworkBandwidth: type: integer description: | Maximum storage upload bandwidth to be used when storing the backup. In bytes (per second). maxDiskBandwidth: type: integer description: | Maximum disk read I/O when performing a backup. In bytes (per second). uploadDiskConcurrency: type: integer minimum: 1 description: | Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use to reading from disk. By default, it's set to 1 (use one stream). uploadConcurrency: type: integer minimum: 1 description: | Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use. By default, it's set to 1 (use one stream). compression: type: string description: | Select the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4. enum: [lz4, lzma, brotli] storage: type: object description: | Backup storage configuration. properties: type: type: string enum: [s3, s3Compatible, gcs, azureBlob] description: | Specifies the type of object storage used for storing the base backups and WAL segments. Possible values: * `s3`: Amazon Web Services S3 (Simple Storage Service). * `s3Compatible`: non-AWS services that implement a compatibility API with AWS S3. * `gcs`: Google Cloud Storage. * `azureBlob`: Microsoft Azure Blob Storage. s3: type: object description: | Amazon Web Services S3 configuration. properties: bucket: type: string pattern: ^[^/]+(/[^/]*)*$ description: | AWS S3 bucket name. path: type: string pattern: ^(/[^/]*)*$ description: | Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. region: type: string description: | AWS S3 region. The Region may be detected using s3:GetBucketLocation, but to avoid giving permissions to this API call or forbid it from the applicable IAM policy, this property must be explicitely specified. storageClass: type: string description: | [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) used for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`. awsCredentials: type: object description: | Credentials to access AWS S3 for writing and reading. properties: secretKeySelectors: type: object description: | Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)s to reference the Secrets that contain the information about the `awsCredentials`. properties: accessKeyId: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Access Key ID secret. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] secretAccessKey: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Secret Access Key secret. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] required: [accessKeyId, secretAccessKey] required: [secretKeySelectors] required: [bucket, awsCredentials] s3Compatible: type: object description: AWS S3-Compatible API configuration properties: bucket: type: string pattern: ^[^/]+(/[^/]*)*$ description: | Bucket name. path: type: string pattern: ^(/[^/]*)*$ description: | Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. enablePathStyleAddressing: type: boolean description: | Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) when connecting to an S3-compatible service that lacks support for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). Defaults to false. endpoint: type: string description: | Overrides the default url to connect to an S3-compatible service. For example: `http://s3-like-service:9000`. region: type: string description: | AWS S3 region. The Region may be detected using s3:GetBucketLocation, but to avoid giving permissions to this API call or forbid it from the applicable IAM policy, this property must be explicitely specified. storageClass: type: string description: | [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) used for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`. awsCredentials: type: object description: | Credentials to access AWS S3 for writing and reading. properties: secretKeySelectors: type: object description: | A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the `awsCredentials`. properties: accessKeyId: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Access Key ID secret. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] secretAccessKey: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Secret Access Key secret. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] required: [accessKeyId, secretAccessKey] required: [secretKeySelectors] required: [bucket, awsCredentials] gcs: type: object description: | Google Cloud Storage configuration. properties: bucket: type: string pattern: ^[^/]+(/[^/]*)*$ description: | GCS bucket name. path: type: string pattern: ^(/[^/]*)*$ description: | Optional path within the GCS bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. gcpCredentials: type: object description: | Credentials to access GCS for writing and reading. properties: fetchCredentialsFromMetadataService: type: boolean description: | If true, the credentials will be fetched from the GCE/GKE metadata service and the credentials from `secretKeySelectors` field will not be used. This is useful when running StackGres inside a GKE cluster using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). secretKeySelectors: type: object description: | A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the Service Account to access GCS. properties: serviceAccountJSON: type: object description: | A service account key from GCP. In JSON format, as downloaded from the GCP Console. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] required: [serviceAccountJSON] required: [bucket, gcpCredentials] azureBlob: type: object description: | Azure Blob Storage configuration. properties: bucket: type: string pattern: ^[^/]+(/[^/]*)*$ description: | Azure Blob Storage bucket name. path: type: string pattern: ^(/[^/]*)*$ description: | Optional path within the Azure Blobk bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. azureCredentials: type: object description: | Credentials to access Azure Blob Storage for writing and reading. properties: secretKeySelectors: type: object description: | Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)s to reference the Secrets that contain the information about the `azureCredentials`. properties: storageAccount: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the name of the storage account. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] accessKey: type: object description: | [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the primary or secondary access key for the storage account. properties: key: type: string description: | The key of the secret to select from. Must be a valid secret key. name: type: string description: | Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). required: [key, name] required: [storageAccount, accessKey] required: [bucket, azureCredentials] required: [type] required: [storage] volumeSnapshot: type: object description: The volume snapshot configuration used to restore this backup. properties: name: type: string description: | The volume snapshot used to store this backup. backupLabel: type: string description: | The content of `backup_label` column returned by `pg_backup_stop` encoded in Base64 tablespaceMap: type: string description: | The content of `tablespace_map` column returned by `pg_backup_stop` encoded in Base64