Version: v0.8.0

Disaster Recovery for Percona PostgreSQL Operator


  • AWS Cli
  • yq
  • kubectl
  • Nova Control Plane installed with 3 workload clusters connected

The paths to files will be defined relatively to try-nova root directory.

Setting Up S3 Access for Backups

Our first step involves setting up an S3 bucket for backups. Follow these commands to create a bucket and configure access:

  1. Create S3 bucket

aws s3api create-bucket \
--bucket nova-postgresql-backup \
--region $REGION \
--create-bucket-configuration LocationConstraint=$REGION
  1. Create IAM Policy:
aws iam create-policy \
--policy-name read-write-list-s3-nova-postgresql-backup \
--policy-document file://examples/percona-disaster-recovery/s3-policy.json
  1. List Policies to Verify:
aws iam list-policies --query 'Policies[?PolicyName==`read-write-list-s3-nova-postgresql-backup`].Arn' --output text
  1. Create User and Attach Policy:
aws iam create-user --no-cli-pager --user-name s3-backup-service-account

POLICYARN=$(aws iam list-policies --query 'Policies[?PolicyName==`read-write-list-s3-nova-postgresql-backup`].Arn' --output text)
aws iam attach-user-policy \
--policy-arn $POLICYARN \
--user-name s3-backup-service-account

aws iam create-access-key --user-name s3-backup-service-account

NOTE Before rerunning this tutorial make sure that used bucket is empty.

"AccessKey": {
"UserName": "s3-backup-service-account",
"AccessKeyId": "AKIAXXXX",
"Status": "Active",
"SecretAccessKey": "VaC0xxxx",
"CreateDate": "2023-12-13T13:59:34+00:00"

Note down the AccessKeyId and SecretAccessKey values and substitute in examples/percona-disaster-recovery/template-s3-bucket-access-key-secret.txt

base64 -i examples/percona-disaster-recovery/template-s3-bucket-access-key-secret.txt

Place output in examples/percona-disaster-recovery/s3-access-secret.yaml

Installing Percona PostgreSQL Operator

Now let's install the Percona PostgreSQL Operator and set up the clusters:

  1. Create Schedule Policies: Below policies will schedule PostgreSQL Operator to cluster 1 and 2, primary PostgreSQL cluster to 1 and standby to 2. HaProxy will be also scheduled to cluster 2.
kubectl --context nova create -f examples/percona-disaster-recovery/schedule-policies.yaml
  1. Clone Percona PostgreSQL Repository:

if [ -d "$REPO_DIR" ]; then
rm -rf $REPO_DIR

git clone -b $REPO_BRANCH $REPO_URL
  1. Proceed with installing Percona PostgreSQL Operator
echo "Creating operator namespace"
kubectl --context nova create ns psql-operator --dry-run=client -o yaml | yq e ".metadata.labels.psql-cluster = \"all\"" | kubectl --context nova apply -f -

echo "Installing operator to cluster all"
cat percona-postgresql-operator/deploy/bundle.yaml | python3 namespace psql-cluster all | python3 cluster psql-cluster all | kubectl --context nova --namespace psql-operator create -f -

When running on AWS use:

# echo "Settting up s3 access"
cat examples/percona-disaster-recovery/s3-access-secret.yaml | python3 namespace psql-cluster all | kubectl --context nova create -f -

and when running locally with Minio:

# echo "Settting up s3 access"
cat examples/percona-disaster-recovery/s3-access-secret-minio.yaml | python3 namespace psql-cluster all | kubectl --context nova create -f -
  1. Configure 2 PostgreSQL clusters
cat examples/percona-disaster-recovery/cluster_1_cr.yaml | python3 namespace psql-cluster cluster-1 | kubectl --context nova --namespace psql-operator create -f -
cat examples/percona-disaster-recovery/cluster_2_cr.yaml | python3 namespace psql-cluster cluster-2 | kubectl --context nova --namespace psql-operator create -f -
  1. Setup loadbalancer in front of our databases. LoadBalancer is needed to keep supporting client connection after the recovery switch is made. For our example we'll use HAProxy. We'll need address of our active PostgreSQL cluster. To get it, you can run:
kubectl --context nova get perconapgcluster

Then substitute address for server db1 in HAProxy config:

mode tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend fe_main
bind *:5432
default_backend be_db_1

backend be_db_1
server db1 <address>:<port> check

Save this config as examples/percona-disaster-recovery/haproxy.cfg file and run following command to create ConfigMap.

kubectl --context nova create configmap haproxy-config --from-file=haproxy.cfg=examples/percona-disaster-recovery/haproxy.cfg --dry-run=client -o yaml | python3 namespace cluster cluster-ha-proxy | kubectl --context nova apply -f -

And then apply actual HAProxy deployment and service

kubectl --context nova create -f examples/percona-disaster-recovery/haproxy.yaml

Setup RecoveryPlan

kind: RecoveryPlan
name: psql-primary-failover-plan
app: percona-postgresql-cluster-1
- type: patch # set cluster 1 to standby
apiVersion: ""
resource: "perconapgclusters"
namespace: "psql-operator"
name: "cluster1"
fieldPath: "spec.standby.enabled"
raw: true
patchType: "application/merge-patch+json"
- type: patch # set cluster 2 as new primery
apiVersion: ""
resource: "perconapgclusters"
namespace: "psql-operator"
name: "cluster2"
fieldPath: "spec.standby.enabled"
raw: false
patchType: "application/merge-patch+json"
- type: readField # read cluster 2 host
apiVersion: ""
resource: "perconapgclusters"
namespace: "psql-operator"
name: "cluster2"
fieldPath: ""
outputKey: "Cluster2IP"
- type: patch # update HAProxy to point to cluster 2
apiVersion: "v1"
resource: "configmaps"
namespace: "default"
name: "haproxy-config"
fieldPath: "data"
raw: {"haproxy.cfg": "defaults\n mode tcp\n timeout connect 5000ms\n timeout client 50000ms\n timeout server 50000ms\n\nfrontend fe_main\n bind *:5432\n default_backend be_db_2\n\nbackend be_db_2\n server db2 {{ .Values.Cluster2IP }}:5432 check"}
patchType: "application/merge-patch+json"

Let's run

Recovery plan will read the host of standby cluster, so we need to make sure it was assigned, before proceeding

kubectl wait perconapgclusters/cluster2 -n psql-operator --context nova '--for=jsonpath={}' --timeout=180s
kubectl --context=kind-workload-1 wait -n psql-operator perconapgcluster cluster1 --for=jsonpath='{.status.pgbouncer.ready}'=3 --timeout=180s
kubectl --context=kind-workload-1 wait -n psql-operator pod -l --for=condition=Ready --timeout=120s
kubectl --context=kind-workload-1 get pods -n psql-operator
kubectl --context=kind-workload-2 wait -n psql-operator perconapgcluster cluster2 --for=jsonpath='{.status.pgbouncer.ready}'=3 --timeout=120s
kubectl --context=kind-workload-2 wait -n psql-operator pod -l --for=condition=Ready --timeout=120s
kubectl --context=kind-workload-2 get pods -n psql-operator

Add recovery plan

kubectl --context nova create -f examples/percona-disaster-recovery/recovery-plan.yaml

In production systems alerts will be sent to Nova through recovery webhook, by some metrics service like Prometheus with Alertmanager. For ease of this tutorial we will simulate receiving an alert by adding it to Nova. When the alert is added Nova looks for recovery plan by matching alert labels to recovery plan labels. Once it finds the recovery plan it executes it.

kubectl --context nova create -f examples/percona-disaster-recovery/received-alert.yaml

Let's verify if recovery succeeded

Check if cluster 1 (in our tutorial we assume it fails) is set to standby.

kubectl wait perconapgclusters/cluster1 -n psql-operator --context nova '--for=jsonpath={.spec.standby.enabled}'=true --timeout=180s

Check if cluster 2 took over the role of primary - standby false.

kubectl wait perconapgclusters/cluster2 -n psql-operator --context nova '--for=jsonpath={.spec.standby.enabled}'=false --timeout=180s

Check if HAProxy is now connected to the new primary cluster - cluster 2.

kubectl get cm/haproxy-config --context nova -n default -o jsonpath='{.data.haproxy\.cfg}' | grep 'server db2'
server db2 check


kubectl --context nova delete -f examples/percona-disaster-recovery/received-alert.yaml
kubectl --context nova delete -f examples/percona-disaster-recovery/recovery-plan.yaml
kubectl --context nova delete -f examples/percona-disaster-recovery/haproxy.yaml
kubectl --context nova create configmap haproxy-config --from-file=haproxy.cfg=examples/percona-disaster-recovery/haproxy.cfg --dry-run=client -o yaml | python3 namespace cluster cluster-ha-proxy | kubectl --context nova delete -f -
cat examples/percona-disaster-recovery/cluster_1_cr.yaml | python3 namespace psql-cluster cluster-1 | kubectl --context nova --namespace psql-operator delete -f -
cat examples/percona-disaster-recovery/cluster_2_cr.yaml | python3 namespace psql-cluster cluster-2 | kubectl --context nova --namespace psql-operator delete -f -
cat percona-postgresql-operator/deploy/bundle.yaml | python3 namespace psql-cluster all | python3 cluster psql-cluster all | kubectl --context nova --namespace psql-operator delete -f -
cat examples/percona-disaster-recovery/s3-access-secret.yaml | python3 namespace psql-cluster all | kubectl --context nova delete -f -
kubectl --context nova create ns psql-operator --dry-run=client -o yaml | yq e ".metadata.labels.psql-cluster = \"all\"" | kubectl --context nova delete -f -
kubectl --context nova delete -f examples/percona-disaster-recovery/schedule-policies.yaml