Backup from MySQL Community Edition

debian-mysql-core/Dockerfile

@@ -0,0 +1,43 @@
+# mysql backup image
+FROM debian:stretch-slim
+MAINTAINER Karthik
+
+RUN apt-get update && apt-get install -y gnupg dirmngr
+
+RUN set -ex; \
+# gpg: key 5072E1F5: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
+	key='A4A9406876FCBD3C456770C88C718D3B5072E1F5'; \
+	export GNUPGHOME="$(mktemp -d)"; \
+#	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$key"; \
+	gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	apt-key list > /dev/null
+
+ENV MYSQL_MAJOR 5.7
+ENV MYSQL_VERSION 5.7.26-1debian9
+RUN echo "deb http://repo.mysql.com/apt/debian/ stretch mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list
+
+# install the necessary client
+RUN apt-get update && \
+    apt-get install -y mysql-client bash python3 python3-pip samba-client && \
+    rm -rf /var/cache/apk/* && \
+    touch /etc/samba/smb.conf && \
+    pip3 install awscli
+
+# set us up to run as non-root user
+RUN groupadd -g 1005 appuser && \
+    useradd -r -u 1005 -g appuser appuser
+
+# ensure smb stuff works correctly
+#RUN mkdir -p /var/cache/samba && chmod 0755 /var/cache/samba && chown appuser /var/cache/samba
+USER appuser
+
+# install the entrypoint
+COPY ../functions.sh /
+COPY ../entrypoint /entrypoint
+#RUN chmod +x /entrypoint
+
+# start
+ENTRYPOINT ["/entrypoint"]

debian-mysql-core/README.md

@@ -0,0 +1,60 @@
+### MySQL Backup to S3 using Kubernetes Cronjobs
+* Create S3 bucket
+* Create IAM user
+* Store the Access Key ID and Secret Key of the IAM user
+* Provide S3 bucket full access to the IAM user
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject",
+                "s3:GetObject",
+                "s3:DeleteObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::<bucket_name>/*"
+            ]
+        }
+    ]
+}
+```
+
+
+* Find the MySQL root password
+* Create Kubernetes Secrets for the below
+    * MySQL root password 
+        * `kubectl create secret generic mysql-pass --from-literal=password=<root_password>`
+    * AWS Access Key ID
+        * `kubectl create secret generic s3-access --from-literal=AWS_ACCESS_KEY_ID=<ACCESS_KEY_ID>`
+    * AWS Secret Access Key
+        * `echo -n ‘<SECRET_ACCESS_KEY>’ | base64`
+        * `copy the output from above echo command`
+        * `kubectl edit secret s3-access`
+        * Add `AWS_SECRET_ACCESS_KEY: <paste_output_of_echo>` under data section
+
+* Download the YAML file from this link
+`https://github.com/mattermost/mattermost-kubernetes/blob/master/mysql-backup/mysql-dump-ScheduledJob.yaml`
+* Modify DB_NAMES environment variable from the YAML file
+* Replace the below values,
+    * DB_DUMP_TARGET - S3 bucket created above
+    * DB_SERVER - Service name of the MySql deployment/statefulset
+    * DB_USER - root
+    * DB_PASS - secretKeyRef name: mysql-pass, secretKeyRef key: password
+    * AWS_ACCESS_KEY_ID - secretKeyRef name: s3-access, secretKeyRef key: AWS_ACCESS_KEY_ID
+    * AWS_SECRET_ACCESS_KEY- secretKeyRef name: s3-access, secretKeyRef key: AWS_SECRET_ACCESS_KEY
+    * AWS_REGION - Region where your services deployed
+    * schedule: "0 0 * * *" - Change this cron for when to execute the backup job
+* Once done with replacing all the values deploy the cronjob into the cluster
+    * `kubectl apply -f mysql-dump-ScheduledJob.yaml -n <NAMESPACE>`
+
+
+### Restore Process
+* Download this YAML file
+    * `https://github.com/mattermost/mattermost-kubernetes/blob/master/mysql-backup/mysql-restore-Job.yaml`
+* Modify DB_NAMES environment variable from the YAML file
+* Replace the values as same as backup process.
+* Deploy the job into the cluster, to start the recovery process. Note: This will replace all the data inside mysql and restore it from backup.
+    * `kubectl apply -f mysql-restore-Job.yaml -n <NAMESPACE>`

debian-mysql-core/db-pass-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  password: <base64_encoded_password>
+kind: Secret
+metadata:
+  name: db-pass
+  namespace: default
+type: Opaque

debian-mysql-core/s3-access-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+  AWS_ACCESS_KEY_ID: <base64_encoded_access_key>
+  AWS_SECRET_ACCESS_KEY: <base64_encoded_secret_access_key>
+kind: Secret
+metadata:
+  name: s3-access
+  namespace: default
+type: Opaque

debian-mysql-core/s3-aws-policy.json

@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject",
+                "s3:GetObject",
+                "s3:DeleteObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::<bucket_name>/*"
+            ]
+        }
+    ]
+}
+