[DM-48286] Automate Chronograf and kapacitor backups

applications/sasquatch/README.md

@@ -108,12 +108,10 @@ Rubin Observatory's telemetry service
 | app-metrics.resources | object | See `values.yaml` | Kubernetes resources requests and limits |
 | app-metrics.tolerations | list | `[]` | Tolerations for pod assignment |
 | backup.affinity | object | `{}` | Affinity rules for the backups deployment pod |
+| backup.backupItems | list | `[{"enabled":false,"name":"chronograf","retention_days":7},{"enabled":false,"name":"kapacitor","retention_days":7},{"enabled":false,"name":"influxdb-enterprise-incremental"}]` | List of items to backup, must match the names in the sasquatch backup script |
 | backup.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the backups image |
 | backup.image.repository | string | `"ghcr.io/lsst-sqre/sasquatch"` | Image to use in the backups deployment |
 | backup.image.tag | string | The appVersion of the chart | Tag of image to use |
-| backup.items.chronograf | bool | `false` | Whether to backup Chronograf |
-| backup.items.influxdbEnterprise | bool | `false` | Whether to backup InfluxDB Enterprise |
-| backup.items.kapacitor | bool | `false` | Whether to backup Kapacitor |
 | backup.nodeSelector | object | `{}` | Node selection rules for the backups deployment pod |
 | backup.persistence.size | string | "100Gi" | Size of the data store to request, if enabled |
 | backup.persistence.storageClass | string | "" (empty string) to use the cluster default storage class | Storage class to use for the backups |

applications/sasquatch/charts/backup/README.md

@@ -7,12 +7,10 @@ Backup Sasquatch data
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity rules for the backups deployment pod |
+| backupItems | list | `[{"enabled":false,"name":"chronograf","retention_days":7},{"enabled":false,"name":"kapacitor","retention_days":7},{"enabled":false,"name":"influxdb-enterprise-incremental"}]` | List of items to backup, must match the names in the sasquatch backup script |
 | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the backups image |
 | image.repository | string | `"ghcr.io/lsst-sqre/sasquatch"` | Image to use in the backups deployment |
 | image.tag | string | The appVersion of the chart | Tag of image to use |
-| items.chronograf | bool | `false` | Whether to backup Chronograf |
-| items.influxdbEnterprise | bool | `false` | Whether to backup InfluxDB Enterprise |
-| items.kapacitor | bool | `false` | Whether to backup Kapacitor |
 | nodeSelector | object | `{}` | Node selection rules for the backups deployment pod |
 | persistence.size | string | "100Gi" | Size of the data store to request, if enabled |
 | persistence.storageClass | string | "" (empty string) to use the cluster default storage class | Storage class to use for the backups |

applications/sasquatch/charts/backup/templates/backup-cronjob.yaml

@@ -18,6 +18,7 @@ spec:
           labels:
             {{- include "backup.selectorLabels" . | nindent 12 }}
         spec:
+          serviceAccountName: sasquatch-backup
           restartPolicy: OnFailure
           securityContext:
             runAsNonRoot: true
@@ -28,39 +29,22 @@ spec:
           - name: backup
             persistentVolumeClaim:
               claimName: sasquatch-backup
-          {{- if .Values.items.chronograf }}
-          - name: chronograf
-            persistentVolumeClaim:
-              claimName: sasquatch-chronograf
-              readOnly: true
-          {{- end }}
-          {{- if .Values.items.kapacitor }}
-          - name: kapacitor
-            persistentVolumeClaim:
-              claimName: sasquatch-kapacitor
-              readOnly: true
-          {{- end }}
           containers:
           - name: sasquatch-backup
             image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
             imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
             volumeMounts:
             - name: backup
               mountPath: /backup
-            {{- if .Values.items.chronograf }}
-            - name: chronograf
-              mountPath: /chronograf
-            {{- end }}
-            {{- if .Values.items.kapacitor }}
-            - name: kapacitor
-              mountPath: /kapacitor
-            {{- end }}
             command:
             - /bin/sh
             - -c
             - backup.sh
             resources:
               {{- toYaml .Values.resources | nindent 14 }}
+            env:
+            - name: BACKUP_ITEMS
+              value: {{ .Values.backupItems | toJson | quote }}
           {{- with .Values.nodeSelector }}
           nodeSelector:
              {{- toYaml . | nindent 12 }}

applications/sasquatch/charts/backup/templates/role.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: sasquatch-backup
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/exec"]
+    verbs: ["create"]

applications/sasquatch/charts/backup/templates/rolebiding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sasquatch-backup-binding
+subjects:
+  - kind: ServiceAccount
+    name: sasquatch-backup
+roleRef:
+  kind: Role
+  name: sasquatch-backup
+  apiGroup: rbac.authorization.k8s.io

applications/sasquatch/charts/backup/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sasquatch-backup

applications/sasquatch/charts/backup/values.yaml

@@ -10,7 +10,7 @@ image:
 
   # -- Tag of image to use
   # @default -- The appVersion of the chart
-  tag: "1.0.0"
+  tag: "1.1.0"
 
 # -- Schedule for executing the sasquatch backup script
 # @default -- "0 3 * * *"
@@ -24,13 +24,16 @@ persistence:
   # @default -- "" (empty string) to use the cluster default storage class
   storageClass: ""
 
-items:
-  # -- Whether to backup Chronograf
-  chronograf: false
-  # -- Whether to backup Kapacitor
-  kapacitor: false
-  # -- Whether to backup InfluxDB Enterprise
-  influxdbEnterprise: false
+# -- List of items to backup, must match the names in the sasquatch backup script
+backupItems:
+  - name: "chronograf"
+    enabled: false
+    retention_days: 7
+  - name: "kapacitor"
+    enabled: false
+    retention_days: 7
+  - name: "influxdb-enterprise-incremental"
+    enabled: false
 
 # -- Affinity rules for the backups deployment pod
 affinity: {}

applications/sasquatch/values-idfdev.yaml

@@ -163,12 +163,15 @@ app-metrics:
 
 backup:
   enabled: true
-  image:
-    pullPolicy: "Always"
   persistence:
     size: 500Gi
     storageClass: standard
-  items:
-    chronograf: false
-    kapacitor: false
-    influxdbEnterprise: true
+  backupItems:
+    - name: "chronograf"
+      enabled: true
+      retention_days: 3
+    - name: "kapacitor"
+      enabled: true
+      retention_days: 3
+    - name: "influxdb-enterprise-incremental"
+      enabled: true

applications/sasquatch/values-usdfprod.yaml

@@ -371,7 +371,6 @@ backup:
   persistence:
     size: 100Ti
     storageClass: wekafs--sdf-k8s01
-  items:
-    chronograf: false
-    kapacitor: false
-    influxdbEnterprise: true
+  backupItems:
+    - name: influxdb-enterprise-incremental
+      enabled: true