[installer]: configure kots to backup in-cluster mysql

Author: Simon Emms

install/installer/cmd/testdata/render/customization/output.golden

@@ -7740,6 +7740,10 @@ spec:
     metadata:
       annotations:
         checksum/configuration: f96f510015050d9b0165d12f144f5eca5641c065ccbe9c75e64f58e81a9b3d8c
+        backup.velero.io/backup-volumes: backup
+        pre.hook.backup.velero.io/command: |
+          ["/bin/bash", "-c", "mysqldump -u root -p$MYSQL_ROOT_PASSWORD --databases $MYSQL_DATABASE gitpod-sessions -h 127.0.0.1 > /backup/mysqldump.sql"]
+        pre.hook.backup.velero.io/timeout: 5m
       labels:
         app.kubernetes.io/name: mysql
         helm.sh/chart: mysql-9.1.2
@@ -7849,13 +7853,17 @@ spec:
             - name: config
               mountPath: /opt/bitnami/mysql/conf/my.cnf
               subPath: my.cnf
+            - mountPath: /backup
+              name: backup
       volumes:
         - name: config
           configMap:
             name: mysql
         - name: custom-init-scripts
           configMap:
             name: db-init-scripts
+        - emptyDir: {}
+          name: backup
   volumeClaimTemplates:
     - metadata:
         name: data

install/installer/cmd/testdata/render/external-registry/output.golden

@@ -6831,6 +6831,10 @@ spec:
     metadata:
       annotations:
         checksum/configuration: f96f510015050d9b0165d12f144f5eca5641c065ccbe9c75e64f58e81a9b3d8c
+        backup.velero.io/backup-volumes: backup
+        pre.hook.backup.velero.io/command: |
+          ["/bin/bash", "-c", "mysqldump -u root -p$MYSQL_ROOT_PASSWORD --databases $MYSQL_DATABASE gitpod-sessions -h 127.0.0.1 > /backup/mysqldump.sql"]
+        pre.hook.backup.velero.io/timeout: 5m
       labels:
         app.kubernetes.io/name: mysql
         helm.sh/chart: mysql-9.1.2
@@ -6940,13 +6944,17 @@ spec:
             - name: config
               mountPath: /opt/bitnami/mysql/conf/my.cnf
               subPath: my.cnf
+            - mountPath: /backup
+              name: backup
       volumes:
         - name: config
           configMap:
             name: mysql
         - name: custom-init-scripts
           configMap:
             name: db-init-scripts
+        - emptyDir: {}
+          name: backup
   volumeClaimTemplates:
     - metadata:
         name: data

install/installer/cmd/testdata/render/minimal/output.golden

@@ -7111,6 +7111,10 @@ spec:
     metadata:
       annotations:
         checksum/configuration: f96f510015050d9b0165d12f144f5eca5641c065ccbe9c75e64f58e81a9b3d8c
+        backup.velero.io/backup-volumes: backup
+        pre.hook.backup.velero.io/command: |
+          ["/bin/bash", "-c", "mysqldump -u root -p$MYSQL_ROOT_PASSWORD --databases $MYSQL_DATABASE gitpod-sessions -h 127.0.0.1 > /backup/mysqldump.sql"]
+        pre.hook.backup.velero.io/timeout: 5m
       labels:
         app.kubernetes.io/name: mysql
         helm.sh/chart: mysql-9.1.2
@@ -7220,13 +7224,17 @@ spec:
             - name: config
               mountPath: /opt/bitnami/mysql/conf/my.cnf
               subPath: my.cnf
+            - mountPath: /backup
+              name: backup
       volumes:
         - name: config
           configMap:
             name: mysql
         - name: custom-init-scripts
           configMap:
             name: db-init-scripts
+        - emptyDir: {}
+          name: backup
   volumeClaimTemplates:
     - metadata:
         name: data

install/installer/cmd/testdata/render/statefulset-customization/output.golden

@@ -7123,6 +7123,10 @@ spec:
     metadata:
       annotations:
         checksum/configuration: f96f510015050d9b0165d12f144f5eca5641c065ccbe9c75e64f58e81a9b3d8c
+        backup.velero.io/backup-volumes: backup
+        pre.hook.backup.velero.io/command: |
+          ["/bin/bash", "-c", "mysqldump -u root -p$MYSQL_ROOT_PASSWORD --databases $MYSQL_DATABASE gitpod-sessions -h 127.0.0.1 > /backup/mysqldump.sql"]
+        pre.hook.backup.velero.io/timeout: 5m
       labels:
         app.kubernetes.io/name: mysql
         helm.sh/chart: mysql-9.1.2
@@ -7232,13 +7236,17 @@ spec:
             - name: config
               mountPath: /opt/bitnami/mysql/conf/my.cnf
               subPath: my.cnf
+            - mountPath: /backup
+              name: backup
       volumes:
         - name: config
           configMap:
             name: mysql
         - name: custom-init-scripts
           configMap:
             name: db-init-scripts
+        - emptyDir: {}
+          name: backup
   volumeClaimTemplates:
     - metadata:
         name: data

install/installer/pkg/components/database/incluster/helm.go

@@ -24,30 +24,38 @@ var Helm = common.CompositeHelmFunc(
 			return nil, err
 		}
 
+		customization := make([]string, 0)
+		customization = helm.CustomizeAnnotation(customization, "mysql.primary.podAnnotations", cfg, Component, common.TypeMetaStatefulSet)
+		customization = helm.CustomizeLabel(customization, "mysql.primary.podLabels", cfg, Component, common.TypeMetaStatefulSet)
+		customization = helm.CustomizeAnnotation(customization, "mysql.primary.service.annotations", cfg, Component, common.TypeMetaService)
+
 		return &common.HelmConfig{
 			Enabled: true,
 			Values: &values.Options{
-				Values: []string{
-					helm.KeyValue("mysql.auth.existingSecret", SQLPasswordName),
-					helm.KeyValue("mysql.auth.database", Database),
-					helm.KeyValue("mysql.auth.username", Username),
-					helm.KeyValue("mysql.initdbScriptsConfigMap", SQLInitScripts),
-					helm.KeyValue("mysql.serviceAccount.name", Component),
-					helm.ImagePullSecrets("mysql.image.pullSecrets", cfg),
-					helm.KeyValue("mysql.image.registry", ""),
-					helm.KeyValue("mysql.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/mysql")),
-					helm.ImagePullSecrets("mysql.metrics.image.pullSecrets", cfg),
-					helm.KeyValue("mysql.metrics.image.registry", ""),
-					helm.KeyValue("mysql.metrics.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/mysqld-exporter")),
-					helm.ImagePullSecrets("mysql.volumePermissions.image.pullSecrets", cfg),
-					helm.KeyValue("mysql.volumePermissions.image.pullPolicy", "IfNotPresent"),
-					helm.KeyValue("mysql.volumePermissions.image.registry", ""),
-					helm.KeyValue("mysql.volumePermissions.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/bitnami-shell")),
+				Values: append(
+					[]string{
+						helm.KeyValue("mysql.auth.existingSecret", SQLPasswordName),
+						helm.KeyValue("mysql.auth.database", Database),
+						helm.KeyValue("mysql.auth.username", Username),
+						helm.KeyValue("mysql.initdbScriptsConfigMap", SQLInitScripts),
+						helm.KeyValue("mysql.serviceAccount.name", Component),
+						helm.ImagePullSecrets("mysql.image.pullSecrets", cfg),
+						helm.KeyValue("mysql.image.registry", ""),
+						helm.KeyValue("mysql.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/mysql")),
+						helm.ImagePullSecrets("mysql.metrics.image.pullSecrets", cfg),
+						helm.KeyValue("mysql.metrics.image.registry", ""),
+						helm.KeyValue("mysql.metrics.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/mysqld-exporter")),
+						helm.ImagePullSecrets("mysql.volumePermissions.image.pullSecrets", cfg),
+						helm.KeyValue("mysql.volumePermissions.image.pullPolicy", "IfNotPresent"),
+						helm.KeyValue("mysql.volumePermissions.image.registry", ""),
+						helm.KeyValue("mysql.volumePermissions.image.repository", cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "bitnami/bitnami-shell")),
 
-					// improve start time
-					helm.KeyValue("mysql.primary.startupProbe.enabled", "false"),
-					helm.KeyValue("mysql.primary.livenessProbe.initialDelaySeconds", "30"),
-				},
+						// improve start time
+						helm.KeyValue("mysql.primary.startupProbe.enabled", "false"),
+						helm.KeyValue("mysql.primary.livenessProbe.initialDelaySeconds", "30"),
+					},
+					customization...,
+				),
 				// This is too complex to be sent as a string
 				FileValues: []string{
 					primaryAffinityTemplate,

install/installer/third_party/charts/mysql/values.yaml

@@ -8,6 +8,19 @@ mysql:
     # We switched to the specific version because "5.7" was broken at least once
     tag: 5.7.34-debian-10-r55
   primary:
+    # Backup settings
+    podAnnotations:
+      backup.velero.io/backup-volumes: backup
+      pre.hook.backup.velero.io/command: |
+        ["/bin/bash", "-c", "mysqldump -u root -p$MYSQL_ROOT_PASSWORD --databases $MYSQL_DATABASE gitpod-sessions -h 127.0.0.1 > /backup/mysqldump.sql"]
+      pre.hook.backup.velero.io/timeout: 5m
+    extraVolumes:
+      - name: backup
+        emptyDir: {}
+    extraVolumeMounts:
+      - name: backup
+        mountPath: /backup
+    # End of backup settings
     extraEnvVars:
       # We rely on this in our DB implementations: NULL (re-)sets configured columns to be initialized with CURRENT_TIMESTAMP.
       # OFF is the default as documented [here](https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_explicit_defaults_for_timestamp) (we also see this in GCP), but not for this chart.
@@ -19,4 +32,4 @@ mysql:
   serviceAccount:
     create: false
   volumePermissions:
-    enabled: true
+    enabled: true