diff --git a/debian-mysql-core/Dockerfile b/debian-mysql-core/Dockerfile new file mode 100644 index 00000000..e3589df2 --- /dev/null +++ b/debian-mysql-core/Dockerfile @@ -0,0 +1,43 @@ +# mysql backup image +FROM debian:stretch-slim +MAINTAINER Karthik + +RUN apt-get update && apt-get install -y gnupg dirmngr + +RUN set -ex; \ +# gpg: key 5072E1F5: public key "MySQL Release Engineering " imported + key='A4A9406876FCBD3C456770C88C718D3B5072E1F5'; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + apt-key list > /dev/null + +ENV MYSQL_MAJOR 5.7 +ENV MYSQL_VERSION 5.7.26-1debian9 +RUN echo "deb http://repo.mysql.com/apt/debian/ stretch mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list + +# install the necessary client +RUN apt-get update && \ + apt-get install -y mysql-client bash python3 python3-pip samba-client && \ + rm -rf /var/cache/apk/* && \ + touch /etc/samba/smb.conf && \ + pip3 install awscli + +# set us up to run as non-root user +RUN groupadd -g 1005 appuser && \ + useradd -r -u 1005 -g appuser appuser + +# ensure smb stuff works correctly +#RUN mkdir -p /var/cache/samba && chmod 0755 /var/cache/samba && chown appuser /var/cache/samba +USER appuser + +# install the entrypoint +COPY ../functions.sh / +COPY ../entrypoint /entrypoint +#RUN chmod +x /entrypoint + +# start +ENTRYPOINT ["/entrypoint"] diff --git a/debian-mysql-core/README.md b/debian-mysql-core/README.md new file mode 100644 index 00000000..fa05e865 --- /dev/null +++ b/debian-mysql-core/README.md @@ -0,0 +1,60 @@ +### MySQL Backup to S3 using Kubernetes Cronjobs +* Create S3 bucket +* Create IAM user +* Store the Access Key ID and Secret Key of the IAM user +* Provide S3 bucket full access to the IAM user +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::/*" + ] + } + ] +} +``` + + +* Find the MySQL root password +* Create Kubernetes Secrets for the below + * MySQL root password + * `kubectl create secret generic mysql-pass --from-literal=password=` + * AWS Access Key ID + * `kubectl create secret generic s3-access --from-literal=AWS_ACCESS_KEY_ID=` + * AWS Secret Access Key + * `echo -n ‘’ | base64` + * `copy the output from above echo command` + * `kubectl edit secret s3-access` + * Add `AWS_SECRET_ACCESS_KEY: ` under data section + +* Download the YAML file from this link +`https://github.com/mattermost/mattermost-kubernetes/blob/master/mysql-backup/mysql-dump-ScheduledJob.yaml` +* Modify DB_NAMES environment variable from the YAML file +* Replace the below values, + * DB_DUMP_TARGET - S3 bucket created above + * DB_SERVER - Service name of the MySql deployment/statefulset + * DB_USER - root + * DB_PASS - secretKeyRef name: mysql-pass, secretKeyRef key: password + * AWS_ACCESS_KEY_ID - secretKeyRef name: s3-access, secretKeyRef key: AWS_ACCESS_KEY_ID + * AWS_SECRET_ACCESS_KEY- secretKeyRef name: s3-access, secretKeyRef key: AWS_SECRET_ACCESS_KEY + * AWS_REGION - Region where your services deployed + * schedule: "0 0 * * *" - Change this cron for when to execute the backup job +* Once done with replacing all the values deploy the cronjob into the cluster + * `kubectl apply -f mysql-dump-ScheduledJob.yaml -n ` + + +### Restore Process +* Download this YAML file + * `https://github.com/mattermost/mattermost-kubernetes/blob/master/mysql-backup/mysql-restore-Job.yaml` +* Modify DB_NAMES environment variable from the YAML file +* Replace the values as same as backup process. +* Deploy the job into the cluster, to start the recovery process. Note: This will replace all the data inside mysql and restore it from backup. + * `kubectl apply -f mysql-restore-Job.yaml -n ` diff --git a/debian-mysql-core/db-pass-secret.yaml b/debian-mysql-core/db-pass-secret.yaml new file mode 100644 index 00000000..fb0265dc --- /dev/null +++ b/debian-mysql-core/db-pass-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + password: +kind: Secret +metadata: + name: db-pass + namespace: default +type: Opaque diff --git a/debian-mysql-core/s3-access-secret.yaml b/debian-mysql-core/s3-access-secret.yaml new file mode 100644 index 00000000..766b315c --- /dev/null +++ b/debian-mysql-core/s3-access-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + AWS_ACCESS_KEY_ID: + AWS_SECRET_ACCESS_KEY: +kind: Secret +metadata: + name: s3-access + namespace: default +type: Opaque diff --git a/debian-mysql-core/s3-aws-policy.json b/debian-mysql-core/s3-aws-policy.json new file mode 100644 index 00000000..593fd721 --- /dev/null +++ b/debian-mysql-core/s3-aws-policy.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::/*" + ] + } + ] +} +