From 9f017d03e6b30b294b1320971216429fa4a260b4 Mon Sep 17 00:00:00 2001 From: Christian Adams Date: Tue, 23 Aug 2022 23:23:01 -0400 Subject: [PATCH] Make Backup & restore requests and limits configurable (#1030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add resource specification options to the backup objects * Add resource specification options to the restore object Co-authored-by: Ivan Aragonés <26822043+ivarmu@users.noreply.github.com> Co-authored-by: silvinux Co-authored-by: Ivan Aragonés Muniesa --- .../crd/bases/awx.ansible.com_awxbackups.yaml | 18 +++ .../bases/awx.ansible.com_awxrestores.yaml | 18 +++ .../awxbackup.ansible.com_awxbackups.yaml | 105 ++++++++++++++++++ .../awxrestore.ansible.com_awxrestores.yaml | 104 +++++++++++++++++ .../awx-operator.clusterserviceversion.yaml | 10 ++ config/samples/awx_v1beta1_awxbackup.yaml | 7 ++ config/samples/awx_v1beta1_awxrestore.yaml | 7 ++ roles/backup/README.md | 25 ++++- roles/backup/defaults/main.yml | 9 ++ roles/backup/templates/management-pod.yml.j2 | 4 + roles/restore/README.md | 19 +++- roles/restore/defaults/main.yml | 10 ++ roles/restore/templates/management-pod.yml.j2 | 4 + 13 files changed, 333 insertions(+), 7 deletions(-) create mode 100644 config/crd/bases/awxbackup.ansible.com_awxbackups.yaml create mode 100644 config/crd/bases/awxrestore.ansible.com_awxrestores.yaml diff --git a/config/crd/bases/awx.ansible.com_awxbackups.yaml b/config/crd/bases/awx.ansible.com_awxbackups.yaml index 497feda0..9d46d2d2 100644 --- a/config/crd/bases/awx.ansible.com_awxbackups.yaml +++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml @@ -54,6 +54,24 @@ spec: backup_storage_requirements: description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from) type: string + backup_resource_requirements: + description: Resource requirements for the task container + properties: + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object backup_storage_class: description: Storage class to use when creating PVC for backup type: string diff --git a/config/crd/bases/awx.ansible.com_awxrestores.yaml b/config/crd/bases/awx.ansible.com_awxrestores.yaml index 2c54f099..ab5512c7 100644 --- a/config/crd/bases/awx.ansible.com_awxrestores.yaml +++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml @@ -62,6 +62,24 @@ spec: backup_dir: description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) type: string + backup_resource_requirements: + description: Resource requirements for the management pod that backs up AWX + properties: + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object postgres_label_selector: description: Label selector used to identify postgres pod for backing up data type: string diff --git a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml new file mode 100644 index 00000000..0829095f --- /dev/null +++ b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml @@ -0,0 +1,105 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxbackups.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWXBackup + listKind: AWXBackupList + plural: awxbackups + singular: awxbackup + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Schema validation for the AWXBackup CRD + properties: + spec: + type: object + required: + - deployment_name + properties: + backup_resource_requirements: + description: Resource requirements for the task container + properties: + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + deployment_name: + description: Name of the deployment to be backed up + type: string + backup_pvc: + description: Name of the backup PVC + type: string + backup_pvc_namespace: + description: (Deprecated) Namespace the PVC is in + type: string + backup_storage_requirements: + description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from) + type: string + backup_storage_class: + description: Storage class to use when creating PVC for backup + type: string + clean_backup_on_delete: + description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted + type: boolean + postgres_label_selector: + description: Label selector used to identify postgres pod for backing up data + type: string + postgres_image: + description: Registry path to the PostgreSQL container to use + type: string + postgres_image_version: + description: PostgreSQL container image version to use + type: string + no_log: + description: Configure no_log for no_log tasks + type: string + set_self_labels: + description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) + type: boolean + default: true + status: + type: object + properties: + conditions: + description: The resulting conditions when a Service Telemetry is instantiated + items: + properties: + lastTransitionTime: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + backupDirectory: + description: Backup directory name on the specified pvc + type: string + backupClaim: + description: Backup persistent volume claim + type: string diff --git a/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml new file mode 100644 index 00000000..374398f4 --- /dev/null +++ b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxrestores.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWXRestore + listKind: AWXRestoreList + plural: awxrestores + singular: awxrestore + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Schema validation for the AWXRestore CRD + properties: + spec: + type: object + properties: + backup_source: + description: Backup source + type: string + enum: + - CR + - PVC + restore_resource_requirements: + description: Resource requirements for the management pod the restores the database to the new AWX instance + properties: + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + deployment_name: + description: Name of the restored deployment. This should be different from the original deployment name + if the original deployment still exists. + type: string + backup_name: + description: AWXBackup object name + type: string + backup_pvc: + description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim) + type: string + backup_pvc_namespace: + description: (Deprecated) Namespace the PVC is in + type: string + backup_dir: + description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) + type: string + postgres_label_selector: + description: Label selector used to identify postgres pod for backing up data + type: string + postgres_image: + description: Registry path to the PostgreSQL container to use + type: string + postgres_image_version: + description: PostgreSQL container image version to use + type: string + no_log: + description: Configure no_log for no_log tasks + type: string + set_self_labels: + description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) + type: boolean + default: true + status: + type: object + properties: + conditions: + description: The resulting conditions when a Service Telemetry is instantiated + items: + properties: + lastTransitionTime: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + restoreComplete: + description: Restore process complete + type: boolean diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index 453135f8..197f7734 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -34,6 +34,11 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:advanced + - displayName: Backup management pod resource requirements + path: backup_resource_requirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - displayName: Backup PVC storage class path: backup_storage_class x-descriptors: @@ -112,6 +117,11 @@ spec: path: postgres_image_version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Restore management pod resource requirements + path: restore_resource_requirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements statusDescriptors: - description: The state of the restore displayName: Restore status diff --git a/config/samples/awx_v1beta1_awxbackup.yaml b/config/samples/awx_v1beta1_awxbackup.yaml index b617c051..b13a6965 100644 --- a/config/samples/awx_v1beta1_awxbackup.yaml +++ b/config/samples/awx_v1beta1_awxbackup.yaml @@ -4,3 +4,10 @@ metadata: name: example-awx-backup spec: deployment_name: example-awx + backup_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" diff --git a/config/samples/awx_v1beta1_awxrestore.yaml b/config/samples/awx_v1beta1_awxrestore.yaml index bc05e8c9..512d2fda 100644 --- a/config/samples/awx_v1beta1_awxrestore.yaml +++ b/config/samples/awx_v1beta1_awxrestore.yaml @@ -5,3 +5,10 @@ metadata: spec: deployment_name: example-awx-2 backup_name: example-awx-backup + restore_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" diff --git a/roles/backup/README.md b/roles/backup/README.md index c26f27b6..d4ab7bd4 100644 --- a/roles/backup/README.md +++ b/roles/backup/README.md @@ -45,7 +45,7 @@ The resulting pvc will contain a backup tar that can be used to restore to a new Role Variables -------------- -A custom, pre-created pvc can be used by setting the following variables. +A custom, pre-created pvc can be used by setting the following variables. ``` backup_pvc: 'awx-backup-volume-claim' @@ -60,10 +60,17 @@ backup_storage_class: 'standard' backup_storage_requirements: '20Gi' ``` +By default, the backup pvc will be created in the same namespace the awxbackup object is created in. If you want your backup to be stored +in a specific namespace, you can do so by specifying `backup_pvc_namespace`. Keep in mind that you will +need to provide the same namespace when restoring. + +``` +backup_pvc_namespace: 'custom-namespace' +``` The backup pvc will be created in the same namespace the awxbackup object is created in. -If a custom postgres configuration secret was used when deploying AWX, it will automatically be used by the backup role. -To check the name of this secret, look at the postgresConfigurationSecret status on your AWX object. +If a custom postgres configuration secret was used when deploying AWX, it will automatically be used by the backup role. +To check the name of this secret, look at the postgresConfigurationSecret status on your AWX object. The postgresql pod for the old deployment is used when backing up data to the new postgresql pod. If your postgresql pod has a custom label, you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found. @@ -74,6 +81,18 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa ``` clean_backup_on_delete: true ``` + +Variable to define resources limits and request for backup CR. +``` +backup_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" +``` + Testing ---------------- diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index cbd1bb19..1ba5acdb 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -20,8 +20,17 @@ clean_backup_on_delete: false # Variable to signal that this role is being run as a finalizer finalizer_run: false +# Default resource requirements +backup_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" # Allow additional parameters to be added to the pg_dump backup command pg_dump_suffix: '' # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true +... diff --git a/roles/backup/templates/management-pod.yml.j2 b/roles/backup/templates/management-pod.yml.j2 index 6269a3f1..21cca229 100644 --- a/roles/backup/templates/management-pod.yml.j2 +++ b/roles/backup/templates/management-pod.yml.j2 @@ -20,6 +20,10 @@ spec: - name: {{ ansible_operator_meta.name }}-backup mountPath: /backups readOnly: false +{% if backup_resource_requirements is defined %} + resources: + {{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, indentfirst=False) }} +{%- endif %} volumes: - name: {{ ansible_operator_meta.name }}-backup persistentVolumeClaim: diff --git a/roles/restore/README.md b/roles/restore/README.md index 8b341bd6..c4cfe8e4 100644 --- a/roles/restore/README.md +++ b/roles/restore/README.md @@ -35,9 +35,9 @@ spec: backup_name: awxbackup-2021-04-22 ``` -Note that the `deployment_name` above is the name of the AWX deployment you intend to create and restore to. +Note that the `deployment_name` above is the name of the AWX deployment you intend to create and restore to. -The namespace specified is the namespace the resulting AWX deployment will be in. The namespace you specified must be pre-created. +The namespace specified is the namespace the resulting AWX deployment will be in. The namespace you specified must be pre-created. ``` kubectl create ns my-namespace @@ -57,7 +57,7 @@ This will create a new deployment and restore your backup to it. Role Variables -------------- -The name of the backup directory can be found as a status on your AWXBackup object. This can be found in your cluster's console, or with the client as shown below. +The name of the backup directory can be found as a status on your AWXBackup object. This can be found in your cluster's console, or with the client as shown below. ```bash $ kubectl get awxbackup awxbackup1 -o jsonpath="{.items[0].status.backupDirectory}" @@ -69,7 +69,7 @@ backup_dir: '/backups/tower-openshift-backup-2021-04-02-03:25:08' ``` -The name of the PVC can also be found by looking at the backup object. +The name of the PVC can also be found by looking at the backup object. ```bash $ kubectl get awxbackup awxbackup1 -o jsonpath="{.items[0].status.backupClaim}" @@ -95,6 +95,17 @@ backup_pvc: myoldtower-backup-claim backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08 ``` +Variable to define resources limits and request for restore CR. + +``` +restore_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" +``` Testing ---------------- diff --git a/roles/restore/defaults/main.yml b/roles/restore/defaults/main.yml index 9b239d4f..f85cfc35 100644 --- a/roles/restore/defaults/main.yml +++ b/roles/restore/defaults/main.yml @@ -14,5 +14,15 @@ backup_dir: '' # Set no_log settings on certain tasks no_log: 'true' +# Default resource requirements +restore_resource_requirements: + limits: + cpu: "1000m" + memory: "4096Mi" + requests: + cpu: "25m" + memory: "32Mi" + # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true +... diff --git a/roles/restore/templates/management-pod.yml.j2 b/roles/restore/templates/management-pod.yml.j2 index d88351c3..4898bf52 100644 --- a/roles/restore/templates/management-pod.yml.j2 +++ b/roles/restore/templates/management-pod.yml.j2 @@ -20,6 +20,10 @@ spec: - name: {{ ansible_operator_meta.name }}-backup mountPath: /backups readOnly: false +{% if restore_resource_requirements is defined %} + resources: + {{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, indentfirst=False) }} +{%- endif %} volumes: - name: {{ ansible_operator_meta.name }}-backup persistentVolumeClaim: