Configuration

This pgBackRest plugin supports three levels of configuration:

Managed configuration: Options defined via the Stanza or PluginConfig CRD.
Environment variables: Free-form variables that can be specified using CustomEnvVars. CustomEnvVars is a list of variables.
Hard-coded options: A few settings built directly into the plugin.

Additionally, the plugin can be configured to use a custom sidecar image. For details, please see the installation documentation.

Plugin configuration

The PluginConfig Custom Resource can be used to customize the behavior of the plugin. For example, it allows to:

Define resource limits (CPU, memory, etc.) for the pgBackRest sidecar container.
Specify the StorageClass to use when creating a PersistentVolumeClaim (PVC) to store transient data for spooled WAL files when running in asynchronous mode. Using a dedicated PVC ensures that we don't lose information about processed WAL when operating in asynchronous mode in case the sidecar container crashes.
The ExporterConfig setting can be used to add a sidecar container dedicated to pgBackRest exporter alongside the PostgreSQL container and the pgBackRest sidecar container. This exporter exposes metrics (on TCP port 9854) for monitoring purposes (e.g., Prometheus scraping) without impacting the PostgreSQL container and the pgBackRest sidecar container.

---
apiVersion: pgbackrest.dalibo.com/v1
kind: PluginConfig
metadata:
  name: sample-pluginconfig
  namespace: default
spec:
  resourcesRequirement:
    requests:
      cpu: "300m"
      memory: "128Mi"
    limits:
      cpu: "500m"
      memory: "512Mi"
  storageConfig:
    storageClass: "sample-storageclass"
  injectExporter: true

Resource requirements (requests and limits) can be defined for the plugin-pgbackrest sidecar containers; however, it should be noted that in Kubernetes the Pod's QoS depends on the resource configuration of all containers, different values may therefore downgrade the QoS.

pgBackRest specific configuration

Managed configuration and user's custom variables

The pgBackRest plugin is configured to run pgBackRest via environment variables. Some of these variables are created and managed automatically by the plugin based on the pgBackRest Stanza object associated with a Cluster. Additional configuration can be specified freely through the CustomEnvVar field, but these variables are only copied from there and are no validation.

For example, the definition of that Stanza:

---
apiVersion: pgbackrest.dalibo.com/v1
kind: Stanza
metadata:
  name: stanza-sample
spec:
  stanzaConfiguration:
    name: main
    s3Repositories:
      - bucket: demo
        endpoint: s3.minio.svc.cluster.local
        region: us-east-1
        repoPath: /cluster-demo
        uriStyle: path
        verifyTLS: false
        cipherConfig:
          encryptionPass:
            name: minio
            key: ENCRYPTION_PASS
        secretRef:
          accessKeyId:
            name: minio
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: minio
            key: ACCESS_SECRET_KEY
      CustomEnvVar:
        PGBACKREST_MY_CUSTOM: CNPG_ROCKS

Will result in pgbackrest running with those environment variables:

PGBACKREST_LOCK_PATH=/controller/tmp/pgbackrest-cnpg-plugin.lock
PGBACKREST_LOG_LEVEL_FILE=off
PGBACKREST_REPO1_PATH=/cluster-demo
PGBACKREST_REPO1_S3_
PGBACKREST_REPO1_S3_BUCKET=demo
PGBACKREST_REPO1_S3_ENDPOINT=s3.minio.svc.cluster.local
PGBACKREST_REPO1_S3_KEY=value_from_k8s_secret
PGBACKREST_REPO1_S3_KEY_SECRET=value_from_k8s_secret
PGBACKREST_REPO1_S3_REGION=us-east-1
PGBACKREST_REPO1_S3_URI_STYLE=path
PGBACKREST_REPO1_S3_VERIFY_TLS=n
PGBACKREST_STANZA=main
PGBACKREST_MY_CUSTOM=CNPG_ROCKS

To run pgBackRest with parameters not directly managed by this plugin, the CustomEnvVar option can be used.

Supported repositories types (S3 and Azure)

The pgBackRest plugin enables backup and WAL files to be stored in:

Amazon s3, or S3 compatible solutions
Microsoft Azure Blob Storage

The plugin relies on the repositories protocols supported by pgBackRest natively. configure the repositories for pgBackRest, you must define a Stanza object, which establishes the link between one PostgreSQL Cluster and the repository or repositories.

Below are a few examples of how to use the supported backup storage backend.

Amazon S3, or S3 compatible solutions

---
apiVersion: pgbackrest.dalibo.com/v1
kind: Stanza
metadata:
  name: stanza-sample
spec:
  stanzaConfiguration:
    name: main
    s3Repositories:
      - bucket: bucket-01
        endpoint: https://172.18.0.2:9000
        region: fr-par
        repoPath: /repo-01
        uriStyle: path
        verifyTLS: false
        retentionPolicy:
          full: 7
          fullType: count
          diff: 14
          archive: 2
          archiveType: full
          history: 30
        secretRef:
          accessKeyId:
            name: minio
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: minio
            key: ACCESS_SECRET_KEY

Azure Blob Storage

---
apiVersion: pgbackrest.dalibo.com/v1
kind: Stanza
metadata:
  name: stanza-azure
spec:
  stanzaConfiguration:
    name: main
    azureRepositories:
      - account: sts-sample
        container: backups
        endpoint: blob.core.windows.net
        repoPath: /cluster-sample
        keyType: shared
        secretRef:
          keyReference:
            name: azure
            key: KEY

Plugin configuration​

pgBackRest specific configuration​

Managed configuration and user's custom variables​

Supported repositories types (S3 and Azure)​

Amazon S3, or S3 compatible solutions​

Azure Blob Storage​