cloudnative-pg · m4s-b3n · Feb 19, 2025
@@ -37,6 +37,15 @@ jobs:
       - name: Setup kind
         uses: ./.github/actions/setup-kind
 
+      - name: Install VolumeSnapShot CRDs
+        run: |
+          kubectl apply -f \
+            https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-5.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
+          kubectl apply -f \
+            https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-5.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
+          kubectl apply -f \
+            https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-5.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml
+
       - name: Deploy the operator
         uses: ./.github/actions/deploy-operator
 

@@ -80,3 +80,5 @@ CloudNativePG Operator Helm Chart
 | updateStrategy | object | `{}` | Update strategy for the operator. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy For example:  type: RollingUpdate  rollingUpdate:    maxSurge: 25%    maxUnavailable: 25% |
 | webhook | object | `{"livenessProbe":{"initialDelaySeconds":3},"mutating":{"create":true,"failurePolicy":"Fail"},"port":9443,"readinessProbe":{"initialDelaySeconds":3},"startupProbe":{"failureThreshold":6,"periodSeconds":5},"validating":{"create":true,"failurePolicy":"Fail"}}` | The webhook configuration. |
 
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -18,7 +18,7 @@ name: cluster
 description: Deploys and manages a CloudNativePG cluster and its associated resources.
 icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg
 type: application
-version: 0.2.1
+version: 0.2.2
 sources:
   - https://github.com/cloudnative-pg/charts
 keywords:

@@ -81,6 +81,8 @@ The chart has three modes of operation. These are configured via the `mode` para
 
 ### Backup configuration
 
+#### Barman Object Store
+
 CNPG implements disaster recovery via [Barman](https://pgbarman.org/). The following section configures the barman object
 store where backups will be stored. Barman performs backups of the cluster filesystem base backup and WALs. Both are
 stored in the specified location. The backup provider is configured via the `backups.provider` parameter. The following
@@ -101,10 +103,29 @@ backups:
       backupOwnerReference: self
 ```
 
-Each backup adapter takes it's own set of parameters, listed in the [Configuration options](#Configuration-options) section
-below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.s3`,
-`backup.azure`, or `backup.google`.
+Each backup adapter takes its own set of parameters, listed in the [Configuration options](#Configuration-options) section
+below. Refer to the table for the full list of parameters and place the configuration under the appropriate key: `backup.barmanObjectStore.s3`,
+`backup.barmanObjectStore.azure`, or `backup.barmanObjectStore.google`.
+
+#### Volume Snapshots
+
+You can also configure backup using Volume Snapshots. See the [example](.examples/volumesnapshot.yml) to learn how to do that.
+
+Volume snapshots can be used as a backup method by setting the `backups.method` parameter to `volumeSnapshot`. The following parameters can be configured:
+* `backups.volumeSnapshot.className` - Snapshot Class to be used for PG_DATA PersistentVolumeClaim.
+* `backups.volumeSnapshot.walClassName` - Snapshot Class to be used for the PG_WAL PersistentVolumeClaim.
+* `backups.volumeSnapshot.tablespaceClassName` - Snapshot Class to be used for the tablespaces. Defaults to the PGDATA Snapshot Class, if set.
+* `backups.volumeSnapshot.snapshotOwnerReference` - Type of owner reference the snapshot should have. Available options are `none`, `cluster`, and `backup`.
+* `backups.volumeSnapshot.online` - Define if the backup shall be online or offline.
+* `backups.volumeSnapshot.onlineConfiguration` - Configuration for online backups, including `waitForArchive` and `immediateCheckpoint`.
+
+#### Plugin Backups
+
+Another backup option are plugin backups. See the [example](.examples/pluginbackup.yml) to learn how to do that.
 
+Plugin backups can be used by setting the `backups.method` parameter to `plugin`. The following parameters can be configured:
+* `backups.pluginConfiguration.name` - Name of the plugin to use.
+* `backups.pluginConfiguration.parameters` - Configuration parameters for the plugin.
 
 Recovery
 --------

@@ -0,0 +1,14 @@
+type: postgresql
+mode: standalone
+version:
+  postgresql: "16"
+cluster:
+  instances: 1
+backups:
+  enabled: true
+  method: plugin
+  pluginConfiguration:
+    name: testplugin
+    parameters:
+      param1: value1
+      param2: value2
@@ -9,15 +9,17 @@ cluster:
   instances: 1
 
 backups:
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1-restore"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  enabled: true
+  barmanObjectStore:
+    provider: s3
+    s3:
+      region: "eu-west-1"
+      bucket: "db-backups"
+      path: "/v1-restore"
+      accessKey: "AWS_S3_ACCESS_KEY"
+      secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"
@@ -16,16 +16,18 @@ cluster:
   instances: 1
 
 backups:
-  endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com"
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1-restore"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  enabled: true
+  barmanObjectStore:
+    endpointURL: "https://cm-db-chart-test.ams3.digitaloceanspaces.com"
+    provider: s3
+    s3:
+      region: "eu-west-1"
+      bucket: "db-backups"
+      path: "/v1-restore"
+      accessKey: "AWS_S3_ACCESS_KEY"
+      secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"
@@ -6,15 +6,16 @@ cluster:
 
 backups:
   enabled: true
-  provider: s3
-  s3:
-    region: "eu-west-1"
-    bucket: "db-backups"
-    path: "/v1"
-    accessKey: "AWS_S3_ACCESS_KEY"
-    secretKey: "AWS_S3_SECRET_KEY"
-  scheduledBackups:
-    - name: daily-backup # Daily at midnight
-      schedule: "0 0 0 * * *" # Daily at midnight
-      backupOwnerReference: self
-  retentionPolicy: "30d"
+  barmanObjectStore:
+    provider: s3
+    s3:
+      region: "eu-west-1"
+      bucket: "db-backups"
+      path: "/v1"
+      accessKey: "AWS_S3_ACCESS_KEY"
+      secretKey: "AWS_S3_SECRET_KEY"
+    scheduledBackups:
+      - name: daily-backup # Daily at midnight
+        schedule: "0 0 0 * * *" # Daily at midnight
+        backupOwnerReference: self
+    retentionPolicy: "30d"
@@ -0,0 +1,22 @@
+type: postgresql
+mode: standalone
+version:
+  postgresql: "16"
+cluster:
+  instances: 1
+backups:
+  enabled: true
+  method: volumeSnapshot
+  volumeSnapshot:
+    labels:
+      testlabel: abc
+    annotations:
+      testannotation: def
+    className: snapclass
+    snapshotOwnerReference: backup
+    online: true
+  scheduledBackups:
+    - name: daily-backup
+      schedule: "0 0 0 * * *"
+      backupOwnerReference: self
+      method: volumeSnapshot
@@ -82,7 +82,10 @@ Configuration
 │ Instances         │ {{ include (printf "%s%s" "cluster.color-" $redundancyColor) (printf "%-56s" (toString .Values.cluster.instances)) }} │
 │ Backups           │ {{ include (printf "%s%s" "cluster.color-" (ternary "ok" "error" .Values.backups.enabled)) (printf "%-56s" (ternary "Enabled" "Disabled" .Values.backups.enabled)) }} │
 {{- if .Values.backups.enabled }}
-│ Backup Provider   │ {{ printf "%-56s" (title .Values.backups.provider) }} │
+| Backup Method     | {{  printf "%-56s" .Values.backups.method }} |
+{{- if eq .Values.backups.method "barmanObjectStore" }}
+│ Backup Provider   │ {{ printf "%-56s" (title .Values.backups.barmanObjectStore.provider) }} │
+{{- end }}
 │ Scheduled Backups │ {{ printf "%-56s" $scheduledBackups }} │
 {{- end }}
 │ Storage           │ {{ printf "%-56s" .Values.cluster.storage.size }} │

@@ -1,19 +1,42 @@
 {{- define "cluster.backup" -}}
 {{- if .Values.backups.enabled }}
 backup:
-  target: "prefer-standby"
+  target: {{ .Values.backups.target }}
   retentionPolicy: {{ .Values.backups.retentionPolicy }}
+  {{- if eq .Values.backups.method "plugin" }}
+  pluginConfiguration:
+    name: {{ .Values.backups.pluginConfiguration.name }}
+    parameters: 
+      {{ .Values.backups.pluginConfiguration.parameters | toYaml | nindent 6 }}
+  {{- end }}
+  {{- if eq .Values.backups.method "volumeSnapshot" }}
+  volumeSnapshot:
+    labels:
+      {{ .Values.backups.volumeSnapshot.labels | toYaml | nindent 6 }}
+    annotations: 
+      {{ .Values.backups.volumeSnapshot.annotations | toYaml | nindent 6 }}
+    className: {{ .Values.backups.volumeSnapshot.className }}
+    walClassName: {{ .Values.backups.volumeSnapshot.walClassName }}
+    tablespaceClassName: 
+      {{ .Values.backups.volumeSnapshot.tablespaceClassName | toYaml | nindent 6 }}
+    snapshotOwnerReference: {{ .Values.backups.volumeSnapshot.snapshotOwnerReference }}
+    online: {{ .Values.backups.volumeSnapshot.online }}
+    onlineConfiguration:
+      waitForArchive: {{ .Values.backups.volumeSnapshot.onlineConfiguration.waitForArchive }}
+      immediateCheckpoint: {{ .Values.backups.volumeSnapshot.onlineConfiguration.immediateCheckpoint }}
+  {{- end }}  
+  {{- if eq .Values.backups.method "barmanObjectStore" }}
   barmanObjectStore:
     wal:
-      compression: {{ .Values.backups.wal.compression }}
-      encryption: {{ .Values.backups.wal.encryption }}
-      maxParallel: {{ .Values.backups.wal.maxParallel }}
+      compression: {{ .Values.backups.barmanObjectStore.wal.compression }}
+      encryption: {{ .Values.backups.barmanObjectStore.wal.encryption }}
+      maxParallel: {{ .Values.backups.barmanObjectStore.wal.maxParallel }}
     data:
-      compression: {{ .Values.backups.data.compression }}
-      encryption: {{ .Values.backups.data.encryption }}
-      jobs: {{ .Values.backups.data.jobs }}
-
-    {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups "secretPrefix" "backup" }}
+      compression: {{ .Values.backups.barmanObjectStore.data.compression }}
+      encryption: {{ .Values.backups.barmanObjectStore.data.encryption }}
+      jobs: {{ .Values.backups.barmanObjectStore.data.jobs }}
+    {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups.barmanObjectStore "secretPrefix" "backup" }}
     {{- include "cluster.barmanObjectStoreConfig" $d | nindent 2 }}
+  {{- end }}  
 {{- end }}
 {{- end }}
@@ -1,12 +1,12 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") .Values.backups.secret.create }}
+{{- if and .Values.backups.enabled (eq .Values.backups.method "barmanObjectStore") (eq .Values.backups.barmanObjectStore.provider "azure") .Values.backups.barmanObjectStore.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
+  name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.barmanObjectStore.secret.name }}
   namespace: {{ include "cluster.namespace" . }}
 data:
-  AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }}
-  AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
-  AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }}
-  AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }}
+  AZURE_CONNECTION_STRING: {{ .Values.backups.barmanObjectStore.azure.connectionString | b64enc | quote }}
+  AZURE_STORAGE_ACCOUNT: {{ .Values.backups.barmanObjectStore.azure.storageAccount | b64enc | quote }}
+  AZURE_STORAGE_KEY: {{ .Values.backups.barmanObjectStore.azure.storageKey | b64enc | quote }}
+  AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.barmanObjectStore.azure.storageSasToken | b64enc | quote }}
 {{- end }}
@@ -1,9 +1,9 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") .Values.backups.secret.create }}
+{{- if and .Values.backups.enabled (eq .Values.backups.method "barmanObjectStore") (eq .Values.backups.barmanObjectStore.provider "google") .Values.backups.barmanObjectStore.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
+  name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.barmanObjectStore.secret.name }}
   namespace: {{ include "cluster.namespace" . }}
 data:
-  APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
+  APPLICATION_CREDENTIALS: {{ .Values.backups.barmanObjectStore.google.applicationCredentials | b64enc | quote }}
 {{- end }}
@@ -1,10 +1,10 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") (not .Values.backups.s3.inheritFromIAMRole) .Values.backups.secret.create }}
+{{- if and .Values.backups.enabled (eq .Values.backups.method "barmanObjectStore") (eq .Values.backups.barmanObjectStore.provider "s3") (not .Values.backups.barmanObjectStore.s3.inheritFromIAMRole) .Values.backups.barmanObjectStore.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
+  name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.barmanObjectStore.secret.name }}
   namespace: {{ include "cluster.namespace" . }}
 data:
-  ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
-  ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
+  ACCESS_KEY_ID: {{ required ".Values.backups.barmanObjectStore.s3.accessKey is required, but not specified." .Values.backups.barmanObjectStore.s3.accessKey | b64enc | quote }}
+  ACCESS_SECRET_KEY: {{ required ".Values.backups.barmanObjectStore.s3.secretKey is required, but not specified." .Values.backups.barmanObjectStore.s3.secretKey | b64enc | quote }}
 {{- end }}
@@ -1,10 +1,10 @@
-{{- if .Values.backups.endpointCA.create }}
+{{- if .Values.backups.barmanObjectStore.endpointCA.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.backups.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }}
+  name: {{ .Values.backups.barmanObjectStore.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }}
   namespace: {{ include "cluster.namespace" . }}
 data:
-  {{ .Values.backups.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.endpointCA.value }}
+  {{ .Values.backups.barmanObjectStore.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.barmanObjectStore.endpointCA.value }}
 
 {{- end }}
@@ -8,20 +8,21 @@ cluster:
 
 backups:
   enabled: true
-  provider: s3
-  endpointURL: "https://minio.minio.svc.cluster.local"
-  endpointCA:
-    name: kube-root-ca.crt
-    key: ca.crt
-  wal:
-    encryption: ""
-  data:
-    encryption: ""
-  s3:
-    bucket: "mybucket"
-    path: "/postgresql-minio-backup-restore/v1"
-    accessKey: "minio"
-    secretKey: "minio123"
-    region: "local"
-  scheduledBackups: []
-  retentionPolicy: "30d"
+  barmanObjectStore:
+    provider: s3
+    endpointURL: "https://minio.minio.svc.cluster.local"
+    endpointCA:
+      name: kube-root-ca.crt
+      key: ca.crt
+    wal:
+      encryption: ""
+    data:
+      encryption: ""
+    s3:
+      bucket: "mybucket"
+      path: "/postgresql-minio-backup-restore/v1"
+      accessKey: "minio"
+      secretKey: "minio123"
+      region: "local"
+    scheduledBackups: []
+    retentionPolicy: "30d"