Skip to content

K8SPSMDB-1262: Fix demand-backup-fs on openshift #1945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 30, 2025
Merged

K8SPSMDB-1262: Fix demand-backup-fs on openshift #1945

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e59fcee
K8SPSMDB-1262: Fix demand-backup-fs on openshift
egegunes May 20, 2025
20ef8a4
Merge branch 'main' into K8SPSMDB-1262
hors May 28, 2025
ec70537
Merge branch 'main' into K8SPSMDB-1262
hors May 28, 2025
3a60395
Merge branch 'main' into K8SPSMDB-1262
hors May 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions ...sts/demand-backup-fs/conf/nfs-server.yaml → ...ests/demand-backup-fs/conf/nfs-server.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,21 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: system:openshift:scc:privileged
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:openshift:scc:privileged
subjects:
- kind: ServiceAccount
name: nfs-server
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
Expand All @@ -8,7 +26,7 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
Expand All @@ -24,9 +42,10 @@ spec:
labels:
app: nfs-server
spec:
serviceAccountName: nfs-server
containers:
- name: nfs-server
image: k8s.gcr.io/volume-nfs:0.8
image: egegunes/nfs-server:0.9.0
Copy link
Contributor

@pooknull pooknull May 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use the image from your account?

Copy link
Contributor Author

@egegunes egegunes May 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

old image is outdated, i think there's no harm in using the image from my account

ports:
- name: nfs
containerPort: 2049
Expand Down
45 changes: 45 additions & 0 deletions e2e-tests/demand-backup-fs/conf/rbac-oc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: psmdb-pods
---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: custom-psmdb-scc
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
fsGroup:
type: RunAsAny
supplementalGroups:
type: RunAsAny
volumes:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: use-custom-psmdb-scc
rules:
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- custom-psmdb-scc
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: custom-psmdb-scc
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: use-custom-psmdb-scc
subjects:
- kind: ServiceAccount
name: psmdb-pods
51 changes: 12 additions & 39 deletions ...ests/demand-backup-fs/conf/some-name.yaml → ...ts/demand-backup-fs/conf/some-name-oc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ spec:
volumeMounts:
- mountPath: /mnt/nfs/
name: backup-nfs
containerSecurityContext:
runAsNonRoot: true
runAsUser: 1001210000
image: perconalab/percona-server-mongodb-operator:main-mongod8.0
imagePullPolicy: Always
pmm:
Expand All @@ -30,6 +33,7 @@ spec:
serverHost: monitoring-service
replsets:
- name: rs0
size: 3
expose:
enabled: false
type: ClusterIP
Expand All @@ -47,52 +51,21 @@ spec:
nfs:
server: "nfs-service.storage.svc.cluster.local"
path: "/psmdb-some-name-rs0"
size: 3
volumeSpec:
persistentVolumeClaim:
resources:
requests:
storage: 3Gi
serviceAccountName: psmdb-pods
containerSecurityContext:
runAsNonRoot: true
runAsUser: 1001210000
podSecurityContext:
runAsNonRoot: true
runAsUser: 1001210000
fsGroup: 1001210000
secrets:
users: some-users
sharding:
configsvrReplSet:
affinity:
antiAffinityTopologyKey: none
expose:
enabled: false
type: ClusterIP
podDisruptionBudget:
maxUnavailable: 1
resources:
limits:
cpu: 300m
memory: 0.5G
requests:
cpu: 300m
memory: 0.5G
size: 3
volumeSpec:
persistentVolumeClaim:
resources:
requests:
storage: 3Gi
enabled: false
mongos:
affinity:
antiAffinityTopologyKey: none
expose:
type: ClusterIP
podDisruptionBudget:
maxUnavailable: 1
resources:
limits:
cpu: 300m
memory: 0.5G
requests:
cpu: 300m
memory: 0.5G
size: 3
updateStrategy: SmartUpdate
upgradeOptions:
apply: disabled
Expand Down
63 changes: 63 additions & 0 deletions e2e-tests/demand-backup-fs/conf/some-name.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
apiVersion: psmdb.percona.com/v1
kind: PerconaServerMongoDB
metadata:
finalizers:
- percona.com/delete-psmdb-pods-in-order
name: some-name
spec:
backup:
enabled: true
image: perconalab/percona-server-mongodb-operator:main-backup
pitr:
compressionLevel: 6
compressionType: gzip
enabled: true
oplogOnly: false
oplogSpanMin: 1
storages:
nfs:
filesystem:
path: /mnt/nfs/
type: filesystem
volumeMounts:
- mountPath: /mnt/nfs/
name: backup-nfs
image: perconalab/percona-server-mongodb-operator:main-mongod8.0
imagePullPolicy: Always
pmm:
enabled: false
image: perconalab/pmm-client:dev-latest
serverHost: monitoring-service
replsets:
- name: rs0
size: 3
expose:
enabled: false
type: ClusterIP
podDisruptionBudget:
maxUnavailable: 1
resources:
limits:
cpu: 300m
memory: 0.5G
requests:
cpu: 300m
memory: 0.5G
sidecarVolumes:
- name: backup-nfs
nfs:
server: "nfs-service.storage.svc.cluster.local"
path: "/psmdb-some-name-rs0"
volumeSpec:
persistentVolumeClaim:
resources:
requests:
storage: 3Gi
secrets:
users: some-users
updateStrategy: SmartUpdate
upgradeOptions:
apply: disabled
schedule: 0 2 * * *
setFCV: false
versionServiceEndpoint: https://check-dev.percona.com
33 changes: 22 additions & 11 deletions e2e-tests/demand-backup-fs/run
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,11 @@ test_dir=$(realpath $(dirname $0))
. ${test_dir}/../functions
set_debug

if [[ "${OPENSHIFT}" ]]; then
echo "This test is not supported on OpenShift due to nfs privileged. See K8SPSMDB-1262"
exit 0
fi

deploy_nfs_server() {
local uid=$1

kubectl_bin create namespace storage
kubectl_bin apply -n storage -f ${test_dir}/conf/nfs-server.yaml
kubectl_bin apply -n storage -f ${test_dir}/conf/nfs-server.yml
sleep 5 # wait for NFS server pod to be created

local nfsPod=$(kubectl_bin get pod -n storage -l app=nfs-server -o jsonpath={.items[].metadata.name})
Expand All @@ -23,7 +20,7 @@ deploy_nfs_server() {
done

kubectl_bin exec -n storage ${nfsPod} -- mkdir /exports/psmdb-${cluster}-rs0
kubectl_bin exec -n storage ${nfsPod} -- chown 1001:1001 /exports/psmdb-${cluster}-rs0
kubectl_bin exec -n storage ${nfsPod} -- chown ${uid}:${uid} /exports/psmdb-${cluster}-rs0
}

run_recovery_check() {
Expand Down Expand Up @@ -60,21 +57,35 @@ if [[ $GKE != 1 ]]; then
kubectl_bin annotate storageclass ${sc} storageclass.kubernetes.io/is-default-class=true
fi

uid=1001
if [[ "${OPENSHIFT}" ]]; then
uid=1001210000
fi

log "deploying NFS server"
deploy_nfs_server
deploy_nfs_server ${uid}

log 'creating secrets and start client'
kubectl_bin apply \
-f "${conf_dir}/secrets.yml" \
-f "${conf_dir}/client.yml"

if [[ "${OPENSHIFT}" ]]; then
log "creating custom security context constraints to allow NFS volumes"
kubectl_bin apply -f ${test_dir}/conf/rbac-oc.yml
fi

log "creating PSMDB cluster ${cluster}"
if [[ $GKE != 1 ]]; then
cluster_yaml=${test_dir}/conf/${cluster}.yml
if [[ "${OPENSHIFT}" ]]; then
cluster_yaml=${test_dir}/conf/${cluster}-oc.yml
fi

nfs_ip=$(kubectl_bin -n storage get svc nfs-service -o jsonpath={.spec.clusterIP})
sed "s/nfs-service.storage.svc.cluster.local/${nfs_ip}/g" ${test_dir}/conf/${cluster}.yaml \
| kubectl_bin apply -f -
sed "s/nfs-service.storage.svc.cluster.local/${nfs_ip}/g" ${cluster_yaml} | kubectl_bin apply -f -
else
apply_cluster ${test_dir}/conf/${cluster}.yaml
apply_cluster ${test_dir}/conf/${cluster}.yml
fi

log 'wait for all 3 pods to start'
Expand Down
Loading