Update to new backup logic and use new images

Author: m-stoer

backup_cronjob.yaml

@@ -0,0 +1,126 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: storage-backup
+spec:
+  schedule: "*/30 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        spec:
+          imagePullSecrets: [ name: microstream-ocir-credentials ]
+          restartPolicy: Never
+          securityContext:
+            runAsNonRoot: true
+            fsGroupChangePolicy: OnRootMismatch
+            fsGroup: 10000
+            runAsUser: 10000
+            runAsGroup: 10000
+          containers:
+          - name: backup
+            image: curlimages/curl:8.11.1
+            command: [ sh, -c ]
+            resources:
+              requests:
+                memory: 100M
+                cpu: 500m
+              limits:
+                memory: 100M
+                cpu: 500m
+            env:
+            - name: MY_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            args:
+            - |
+              # CONSTANTS
+              token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
+              cacert="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+              backup_pod_url='http://masternode/microstream-cluster-controller'
+              ns="$MY_NAMESPACE"
+              wait_loop_retries=7200
+
+              # Appends the arguments to curl with a list of default options.
+              # Sets 'ret' to the response
+              http() {
+                ret=$(curl --fail --no-progress-meter 2>&1 $@)
+              }
+
+              fail() {
+                echo "$1" >&2
+                exit 1
+              }
+
+              # Makes the http request and returns the response, or cleans up and exits on failure
+              # Sets 'ret' to the response
+              ensure_http() {
+                http $@
+                [ $? != 0 ] && fail "Failed to call endpoint: $ret"
+              }
+
+              update_to_latest_microstream_offset() {
+                echo "Updating to latest offset"
+                ensure_http -X POST "$backup_pod_url/microstream-updates"
+
+                echo "Waiting for updates to finish..."
+                local i=0
+                until [ $i -gt $wait_loop_retries ]; do
+                  ensure_http -H 'Content-Type:application/json' "$backup_pod_url/microstream-updates"
+                  [ "$ret" = "true" ] && break
+                  sleep 1
+                  i=$(expr $i + 1)
+                done
+                if [ $i -gt $wait_loop_retries ]; then
+                  fail "Timed out waiting for backup to stop"
+                fi
+                echo "...done!"
+              }
+
+              collect_backup_pod_garbage() {
+                echo "Issuing garbage collection"
+                ensure_http -X POST "$backup_pod_url/microstream-gc"
+
+                local i=0
+
+                echo "Waiting for garbage collection completion"
+                until [ $i -gt $wait_loop_retries ]
+                do
+                  ensure_http "$backup_pod_url/microstream-gc"
+                  [ "$ret" = "false" ] && break
+                  sleep 1
+                  i=$(expr $i + 1)
+                done
+
+                if [ $i -gt $wait_loop_retries ]; then
+                  fail "Timed out waiting for backup to stop"
+                fi
+              }
+
+              create_backup() {
+                echo "Creating backup"
+                ensure_http -X POST "$backup_pod_url/microstream-backup"
+                local id="$ret"
+                echo "Waiting for backup to finish"
+                while [ "$(ensure_http $backup_pod_url/microstream-backup)" = "true" ]; do
+                  sleep 1
+                done
+              }
+
+              resume_updates() {
+                echo "Resuming updates"
+                ensure_http -X POST "$backup_pod_url/microstream-resume-updates"
+              }
+
+              # PROGRAM START
+
+              update_to_latest_microstream_offset
+              collect_backup_pod_garbage
+              create_backup
+              resume_updates
+
+              echo "Done!"

kafka_statefulset.yaml

@@ -17,7 +17,7 @@ spec:
       imagePullSecrets: [ name: microstream-ocir-credentials ]
       containers:
       - name: kafka
-        image: ocir.microstream.one/onprem/image/microstream-cluster-kafka:1.14.0-SNAPSHOT
+        image: ocir.microstream.one/onprem/image/microstream-cluster-kafka:1.14.0
         ports:
         - name: plaintext
           containerPort: 9092

masternode_pod.yaml

@@ -2,6 +2,8 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: masternode
+  labels:
+    microstream.one/cluster-component: masternode
 spec:
   imagePullSecrets: [ name: microstream-ocir-credentials ]
   securityContext:
@@ -10,59 +12,98 @@ spec:
     fsGroup: 10000
     runAsUser: 10000
     runAsGroup: 10000
+  resources:
+    requests:
+      memory: 2000M
+      cpu: 1000m
+    limits:
+      memory: 2000M
+      cpu: 1000m
   initContainers:
   - name: prepare-masternode
     image: curlimages/curl:8.11.1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop: [ all ]
+    volumeMounts:
+    - name: storage
+      mountPath: /storage
+    - name: app
+      mountPath: /app
+    resources:
+      requests:
+        memory: 2000M
+        cpu: 1000m
+      limits:
+        memory: 2000M
+        cpu: 1000m
     command: 
     - sh
     - -ce
     - |
-      # Wait for the user rest service project to exist
       # You can upload the jar like this:
-      # `kubectl cp -c prepare-masternode /path/to/jar masternode:/storage/project/project.jar`
+      # `kubectl cp -c prepare-masternode /path/to/jar masternode:/app/application.jar`
       # If you have a libs folder as well you can copy it with
-      # `kubectl cp -c prepare-masternode /path/to/libs masternode:/storage/project`
+      # `kubectl cp -c prepare-masternode /path/to/libs masternode:/app`
       # When you are done create the ready flag with
-      # `kubectl exec -ti -c prepare-masternode pod/masternode -- touch /storage/project/ready`
-      mkdir -p /storage/project
-      echo "Waiting for user rest service jar (timeout=10min)..."
-      i=0
-      until [ -f /storage/project/ready ]; do
-        sleep 1s
-        # Fail if we time out
-        if [ $i -gt 600 ]; then
-          echo "Timed out waiting for /storage/project/ready to exist" >&2
-          exit 1
-        fi
-        i=$((i+1))
-      done
-      echo "Success!"
+      # `kubectl exec -ti -c prepare-masternode pod/masternode -- touch /app/ready`
 
-      # Check for kafka ready flag for 5 minutes
-      echo "Waiting for kafka to be ready (timeout=5min)..."
-      i=0
-      until nc -z -w5 kafka 9092; do
-        sleep 1s
-        # Fail if we time out
-        if [ $i -gt 300 ]; then
-          echo "Timed out waiting for kafka to be ready" >&2
-          exit 1
-        fi
-        i=$((i+1))
-      done
-      echo "Success!"
+      # Wait for the user application to exist
+      if [ ! -f /app/ready ]; then
+        echo "Waiting for /app/ready flag..."
+        while [ ! -f /app/ready ]; do sleep 1; done
+        echo "...done!"
+      fi
+
+      # Wait for kafka
+      if ! nc -z -w5 kafka 9092; then
+        echo "Waiting for kafka..."
+        until nc -z -w5 kafka 9092; do sleep 1; done
+        echo "...done!"
+      fi
+  containers:
+  - name: masternode
+    image: ocir.microstream.one/onprem/image/microstream-cluster-storage-node:1.14.0
+    workingDir: /storage
+    args: [ "/app/application.jar" ]
+    ports:
+    - name: http
+      containerPort: 8080
+    # Restart the pod if container is not responsive at all
+    livenessProbe:
+      periodSeconds: 10
+      timeoutSeconds: 20
+      failureThreshold: 2
+      httpGet:
+        path: /microstream-cluster-controller/microstream-health
+        port: http
+    # Remove the pod from being ready if we fail to check
+    readinessProbe:
+      periodSeconds: 10
+      timeoutSeconds: 20
+      failureThreshold: 1
+      httpGet:
+        path: /microstream-cluster-controller/microstream-health/ready
+        port: http
     securityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop: [ all ]
     volumeMounts:
     - name: storage
       mountPath: /storage
-  containers:
-  - name: masternode
-    image: ocir.microstream.one/onprem/image/microstream-cluster-storage-node:1.14.0-SNAPSHOT
-    workingDir: /storage
-    args: [ "/storage/project/project.jar" ]
+    - name: backups
+      mountPath: /backups
+    - name: app
+      mountPath: /app
+    resources:
+      requests:
+        memory: 2000M
+        cpu: 1000m
+      limits:
+        memory: 2000M
+        cpu: 1000m
     env:
     - name: MSCNL_PROD_MODE
       value: "true"
@@ -81,40 +122,17 @@ spec:
       value: "true"
     - name: IS_BACKUP_NODE
       value: "true"
+    - name: KEPT_BACKUPS_COUNT
+      value: "3"
     - name: BACKUP_PROXY_SERVICE_URL
       value: external-resource-proxy
-    ports:
-    - name: http
-      containerPort: 8080
-    # Restart the pod if container is not responsive at all
-    livenessProbe:
-      timeoutSeconds: 5
-      failureThreshold: 5
-      httpGet:
-        path: /microstream-cluster-controller/microstream-health
-        port: http
-    # Remove the pod from being ready if we fail to check
-    readinessProbe:
-      timeoutSeconds: 4
-      failureThreshold: 3
-      httpGet:
-        path: /microstream-cluster-controller/microstream-health/ready
-        port: http
-    # Give the container ~50 seconds to fully start up
-    startupProbe:
-      timeoutSeconds: 5
-      failureThreshold: 10
-      httpGet:
-          path: /microstream-cluster-controller/microstream-health
-          port: http
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop: [ all ]
-    volumeMounts:
-    - name: storage
-      mountPath: /storage
   volumes:
   - name: storage
     persistentVolumeClaim:
-      claimName: masternode-storage
+      claimName: masternode-storage
+  - name: backups
+    persistentVolumeClaim:
+      claimName: storage-backups
+  - name: app
+    persistentVolumeClaim:
+      claimName: user-app

masternode_pvclaim.yaml

@@ -3,8 +3,7 @@ kind: PersistentVolumeClaim
 metadata:
   name: masternode-storage
 spec:
-  # Needs to be read-write-many so every storage node can attach and clone the storage as a starting point
-  accessModes: [ ReadWriteMany ]
+  accessModes: [ ReadWriteOnce ]
   resources:
     requests:
       storage: 20G

masternode_service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: masternode
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  selector:
+    microstream.one/cluster-component: masternode

storage_backups_pvclaim.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: storage-backups
+spec:
+  # Needs to be read-write-many so every storage node can attach and clone the backups as a starting point
+  accessModes: [ ReadWriteMany ]
+  resources:
+    requests:
+      storage: 60G