| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671 |
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- name: sgbackups.stackgres.io
- spec:
- group: stackgres.io
- scope: Namespaced
- names:
- kind: SGBackup
- listKind: SGBackupList
- plural: sgbackups
- singular: sgbackup
- shortNames:
- - sgbkp
- versions:
- - name: v1
- served: true
- storage: true
- additionalPrinterColumns:
- - name: cluster
- type: string
- jsonPath: .spec.sgCluster
- - name: managed
- type: string
- jsonPath: .spec.managedLifecycle
- - name: status
- type: string
- jsonPath: .status.process.status
- - name: pg-version
- type: string
- jsonPath: .status.backupInformation.postgresVersion
- priority: 1
- - name: compressed-size
- type: integer
- format: byte
- jsonPath: .status.backupInformation.size.compressed
- priority: 1
- - name: timeline
- type: string
- jsonPath: .status.backupInformation.timeline
- priority: 1
- schema:
- openAPIV3Schema:
- type: object
- required: [metadata, spec]
- description: |
- A manual or automatically generated backup of an SGCluster configured with backups.
- When a SGBackup is created a Job will perform a full backup of the database and update the status of the SGBackup
- with the all the information required to restore it and some stats (or a failure message in case something unexpected
- happened).
- Backup generated by SGBackup are stored in the object storage configured with an SGObjectStorage together with the WAL
- files or in a [VolumeSnapshot](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) (separated from the WAL files that will be still stored in an object storage)
- depending on the backup configuration of the targeted SGCluster.
- After an SGBackup is created the same Job performs a reconciliation of the backups by applying the retention window
- that has been configured in the SGCluster and removing the backups with managed lifecycle and the WAL files older
- than the ones that fit in the retention window. The reconciliation also removes backups (excluding WAL files) that do
- not belongs to any SGBackup (including copies). If the target storage is changed deletion of an SGBackup backups with
- managed lifecycle and the WAL files older than the ones that fit in the retention window and of backups that do not
- belongs to any SGBackup will not be performed anymore on the previous storage, only on the new target storage.
- If the reconciliation of backups fails the backup itself do not fail and will be re-tried the next time a SGBackup
- or shecduled backup Job take place.
- properties:
- metadata:
- type: object
- properties:
- name:
- type: string
- maxLength: 56
- pattern: "^[a-z]([-a-z0-9]*[a-z0-9])?$"
- description: |
- Name of the backup. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters consisting of one or more lowercase labels separated by `.`. Where each label is an alphanumeric (a-z, and 0-9) string, with the `-` character allowed anywhere except the first or last character.
- The name must be unique across all StackGres backups in the same namespace.
- spec:
- type: object
- properties:
- sgCluster:
- type: string
- description: |
- The name of the `SGCluster` from which this backup is/will be taken.
- If this is a copy of an existing completed backup in a different namespace
- the value must be prefixed with the namespace of the source backup and a
- dot `.` (e.g. `<cluster namespace>.<cluster name>`) or have the same value
- if the source backup is also a copy.
- managedLifecycle:
- type: boolean
- description: |
- Indicate if this backup is not permanent and should be removed by the automated
- retention policy. Default is `false`.
- timeout:
- type: integer
- description: |
- Allow to set a timeout for the backup creation.
-
- If not set it will be disabled and the backup operation will continue until the backup completes or fail. If set to 0 is the same as not being set.
-
- Make sure to set a reasonable high value in order to allow for any unexpected delays during backup creation (network low bandwidth, disk low throughput and so forth).
- reconciliationTimeout:
- type: integer
- default: 300
- description: |
- Allow to set a timeout for the reconciliation process that take place after the backup.
-
- If not set defaults to 300 (5 minutes). If set to 0 it will disable timeout.
-
- Failure of reconciliation will not make the backup fail and will be re-tried the next time a SGBackup
- or shecduled backup Job take place.
- maxRetries:
- type: integer
- description: |
- The maximum number of retries the backup operation is allowed to do after a failure.
-
- A value of `0` (zero) means no retries are made. Defaults to: `3`.
- status:
- type: object
- properties:
- internalName:
- type: string
- description: |
- The name of the backup.
- backupPath:
- type: string
- description: |
- The path were the backup is stored.
- process:
- type: object
- properties:
- status:
- type: string
- description: |
- Status of the backup.
- failure:
- type: string
- description: |
- If the status is `failed` this field will contain a message indicating the failure reason.
- jobPod:
- type: string
- description: |
- Name of the pod assigned to the backup. StackGres utilizes internally a locking mechanism based on the pod name of the job that creates the backup.
- managedLifecycle:
- type: boolean
- description: |
- Status (may be transient) until converging to `spec.managedLifecycle`.
- timing:
- type: object
- properties:
- start:
- type: string
- # format: date-time
- description: |
- Start time of backup.
- end:
- type: string
- # format: date-time
- description: |
- End time of backup.
- stored:
- type: string
- # format: date-time
- description: |
- Time at which the backup is safely stored in the object storage.
- backupInformation:
- type: object
- properties:
- hostname:
- type: string
- description: |
- Hostname of the instance where the backup is taken from.
- sourcePod:
- type: string
- description: |
- Pod where the backup is taken from.
- systemIdentifier:
- type: string
- description: |
- Postgres *system identifier* of the cluster this backup is taken from.
- postgresVersion:
- type: string
- description: |
- Postgres version of the server where the backup is taken from.
- pgData:
- type: string
- description: |
- Data directory where the backup is taken from.
- size:
- type: object
- properties:
- uncompressed:
- type: integer
- format: int64
- description: |
- Size (in bytes) of the uncompressed backup.
- compressed:
- type: integer
- format: int64
- description: |
- Size (in bytes) of the compressed backup.
- lsn:
- type: object
- properties:
- start:
- type: string
- description: |
- LSN of when the backup started.
- end:
- type: string
- description: |
- LSN of when the backup finished.
- startWalFile:
- type: string
- description: |
- WAL segment file name when the backup was started.
- timeline:
- type: string
- description: |
- Backup timeline.
- controlData:
- type: object
- description: |
- An object containing data from the output of pg_controldata on the backup.
- properties:
- pg_control version number:
- type: string
- Catalog version number:
- type: string
- Database system identifier:
- type: string
- Database cluster state:
- type: string
- pg_control last modified:
- type: string
- Latest checkpoint location:
- type: string
- Latest checkpoint's REDO location:
- type: string
- Latest checkpoint's REDO WAL file:
- type: string
- Latest checkpoint's TimeLineID:
- type: string
- Latest checkpoint's PrevTimeLineID:
- type: string
- Latest checkpoint's full_page_writes:
- type: string
- Latest checkpoint's NextXID:
- type: string
- Latest checkpoint's NextOID:
- type: string
- Latest checkpoint's NextMultiXactId:
- type: string
- Latest checkpoint's NextMultiOffset:
- type: string
- Latest checkpoint's oldestXID:
- type: string
- Latest checkpoint's oldestXID's DB:
- type: string
- Latest checkpoint's oldestActiveXID:
- type: string
- Latest checkpoint's oldestMultiXid:
- type: string
- Latest checkpoint's oldestMulti's DB:
- type: string
- "Latest checkpoint's oldestCommitTsXid":
- type: string
- "Latest checkpoint's newestCommitTsXid":
- type: string
- Time of latest checkpoint:
- type: string
- Fake LSN counter for unlogged rels:
- type: string
- Minimum recovery ending location:
- type: string
- Min recovery ending loc's timeline:
- type: string
- Backup start location:
- type: string
- Backup end location:
- type: string
- End-of-backup record required:
- type: string
- wal_level setting:
- type: string
- wal_log_hints setting:
- type: string
- max_connections setting:
- type: string
- max_worker_processes setting:
- type: string
- max_wal_senders setting:
- type: string
- max_prepared_xacts setting:
- type: string
- max_locks_per_xact setting:
- type: string
- track_commit_timestamp setting:
- type: string
- Maximum data alignment:
- type: string
- Database block size:
- type: string
- Blocks per segment of large relation:
- type: string
- WAL block size:
- type: string
- Bytes per WAL segment:
- type: string
- Maximum length of identifiers:
- type: string
- Maximum columns in an index:
- type: string
- Maximum size of a TOAST chunk:
- type: string
- Size of a large-object chunk:
- type: string
- Date/time type storage:
- type: string
- Float4 argument passing:
- type: string
- Float8 argument passing:
- type: string
- Data page checksum version:
- type: string
- Mock authentication nonce:
- type: string
- sgBackupConfig:
- type: object
- description: The backup configuration used to perform this backup.
- properties:
- baseBackups:
- type: object
- description: |
- Back backups configuration.
- properties:
- cronSchedule:
- type: string
- description: |
- Continuous Archiving backups are composed of periodic *base backups* and all the WAL segments produced in between those base backups. This parameter specifies at what time and with what frequency to start performing a new base backup.
- Use cron syntax (`m h dom mon dow`) for this parameter, i.e., 5 values separated by spaces:
- * `m`: minute, 0 to 59
- * `h`: hour, 0 to 23
- * `dom`: day of month, 1 to 31 (recommended not to set it higher than 28)
- * `mon`: month, 1 to 12
- * `dow`: day of week, 0 to 7 (0 and 7 both represent Sunday)
- Also ranges of values (`start-end`), the symbol `*` (meaning `first-last`) or even `*/N`, where `N` is a number, meaning every `N`, may be used. All times are UTC. It is recommended to avoid 00:00 as base backup time, to avoid overlapping with any other external operations happening at this time.
- retention:
- type: integer
- minimum: 1
- description: |
- Based on this parameter, an automatic retention policy is defined to delete old base backups.
- This parameter specifies the number of base backups to keep, in a sliding window.
- Consequently, the time range covered by backups is `periodicity*retention`, where `periodicity` is the separation between backups as specified by the `cronSchedule` property.
- Default is 5.
- compression:
- type: string
- description: |
- Select the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4.
- enum: [ lz4, lzma, brotli ]
- performance:
- type: object
- properties:
- maxNetworkBandwitdh:
- type: integer
- description: |
- **Deprecated**: use instead maxNetworkBandwidth.
- Maximum storage upload bandwidth to be used when storing the backup. In bytes (per second).
- maxDiskBandwitdh:
- type: integer
- description: |
- **Deprecated**: use instead maxDiskBandwidth.
- Maximum disk read I/O when performing a backup. In bytes (per second).
- maxNetworkBandwidth:
- type: integer
- description: |
- Maximum storage upload bandwidth to be used when storing the backup. In bytes (per second).
- maxDiskBandwidth:
- type: integer
- description: |
- Maximum disk read I/O when performing a backup. In bytes (per second).
- uploadDiskConcurrency:
- type: integer
- minimum: 1
- description: |
- Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use to reading from disk. By default, it's set to 1 (use one stream).
- uploadConcurrency:
- type: integer
- minimum: 1
- description: |
- Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use. By default, it's set to 1 (use one stream).
- compression:
- type: string
- description: |
- Select the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4.
- enum: [lz4, lzma, brotli]
- storage:
- type: object
- description: |
- Backup storage configuration.
- properties:
- type:
- type: string
- enum: [s3, s3Compatible, gcs, azureBlob]
- description: |
- Specifies the type of object storage used for storing the base backups and WAL segments.
- Possible values:
- * `s3`: Amazon Web Services S3 (Simple Storage Service).
- * `s3Compatible`: non-AWS services that implement a compatibility API with AWS S3.
- * `gcs`: Google Cloud Storage.
- * `azureBlob`: Microsoft Azure Blob Storage.
- s3:
- type: object
- description: |
- Amazon Web Services S3 configuration.
- properties:
- bucket:
- type: string
- pattern: ^[^/]+(/[^/]*)*$
- description: |
- AWS S3 bucket name.
- path:
- type: string
- pattern: ^(/[^/]*)*$
- description: |
- Optional path within the S3 bucket. Note that StackGres generates in any case a folder per
- StackGres cluster, using the `SGCluster.metadata.name`.
- region:
- type: string
- description: |
- AWS S3 region. The Region may be detected using s3:GetBucketLocation, but to avoid giving permissions to this API call or forbid it from the applicable IAM policy, this property must be explicitely specified.
- storageClass:
- type: string
- description: |
- [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) used for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
- awsCredentials:
- type: object
- description: |
- Credentials to access AWS S3 for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)s to reference the Secrets that contain the information about the `awsCredentials`.
- properties:
- accessKeyId:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Access Key ID secret.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- secretAccessKey:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Secret Access Key secret.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- required: [accessKeyId, secretAccessKey]
- required: [secretKeySelectors]
- required: [bucket, awsCredentials]
- s3Compatible:
- type: object
- description: AWS S3-Compatible API configuration
- properties:
- bucket:
- type: string
- pattern: ^[^/]+(/[^/]*)*$
- description: |
- Bucket name.
- path:
- type: string
- pattern: ^(/[^/]*)*$
- description: |
- Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`.
- enablePathStyleAddressing:
- type: boolean
- description: |
- Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) when connecting to an S3-compatible service that lacks support for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). Defaults to false.
- endpoint:
- type: string
- description: |
- Overrides the default url to connect to an S3-compatible service.
- For example: `http://s3-like-service:9000`.
- region:
- type: string
- description: |
- AWS S3 region. The Region may be detected using s3:GetBucketLocation, but to avoid giving permissions to this API call or forbid it from the applicable IAM policy, this property must be explicitely specified.
- storageClass:
- type: string
- description: |
- [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) used for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
- awsCredentials:
- type: object
- description: |
- Credentials to access AWS S3 for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the `awsCredentials`.
- properties:
- accessKeyId:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Access Key ID secret.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- secretAccessKey:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the AWS Secret Access Key secret.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- required: [accessKeyId, secretAccessKey]
- required: [secretKeySelectors]
- required: [bucket, awsCredentials]
- gcs:
- type: object
- description: |
- Google Cloud Storage configuration.
- properties:
- bucket:
- type: string
- pattern: ^[^/]+(/[^/]*)*$
- description: |
- GCS bucket name.
- path:
- type: string
- pattern: ^(/[^/]*)*$
- description: |
- Optional path within the GCS bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`.
- gcpCredentials:
- type: object
- description: |
- Credentials to access GCS for writing and reading.
- properties:
- fetchCredentialsFromMetadataService:
- type: boolean
- description: |
- If true, the credentials will be fetched from the GCE/GKE metadata service and the credentials from `secretKeySelectors` field will not be used.
- This is useful when running StackGres inside a GKE cluster using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity).
- secretKeySelectors:
- type: object
- description: |
- A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the Service Account to access GCS.
- properties:
- serviceAccountJSON:
- type: object
- description: |
- A service account key from GCP. In JSON format, as downloaded from the GCP Console.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- required: [serviceAccountJSON]
- required: [bucket, gcpCredentials]
- azureBlob:
- type: object
- description: |
- Azure Blob Storage configuration.
- properties:
- bucket:
- type: string
- pattern: ^[^/]+(/[^/]*)*$
- description: |
- Azure Blob Storage bucket name.
- path:
- type: string
- pattern: ^(/[^/]*)*$
- description: |
- Optional path within the Azure Blobk bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`.
- azureCredentials:
- type: object
- description: |
- Credentials to access Azure Blob Storage for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)s to reference the Secrets that contain the information about the `azureCredentials`.
- properties:
- storageAccount:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the name of the storage account.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- accessKey:
- type: object
- description: |
- [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) containing the primary or secondary access key for the storage account.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [key, name]
- required: [storageAccount, accessKey]
- required: [bucket, azureCredentials]
- required: [type]
- required: [storage]
- volumeSnapshot:
- type: object
- description: The volume snapshot configuration used to restore this backup.
- properties:
- name:
- type: string
- description: |
- The volume snapshot used to store this backup.
- backupLabel:
- type: string
- description: |
- The content of `backup_label` column returned by `pg_backup_stop` encoded in Base64
- tablespaceMap:
- type: string
- description: |
- The content of `tablespace_map` column returned by `pg_backup_stop` encoded in Base64
|
