Optional backups v2 (#3977)

Make backups optional

* Make spec.backups an optional field
* Add permissions to delete RBAC K8s objects in pgBackRest cleanup
* Pause reconciliation if backups need to be removed and annotation isn't present
* Add KUTTL test

---------
Co-authored-by: Anthony Landreth <[email protected]>

Author: benjaminjb

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -4334,8 +4334,6 @@ spec:
                     required:
                     - volumeSnapshotClassName
                     type: object
-                required:
-                - pgbackrest
                 type: object
               config:
                 properties:
@@ -16873,7 +16871,6 @@ spec:
                 - name
                 x-kubernetes-list-type: map
             required:
-            - backups
             - instances
             - postgresVersion
             type: object

config/rbac/cluster/role.yaml

@@ -10,6 +10,7 @@ rules:
   - configmaps
   - persistentvolumeclaims
   - secrets
+  - serviceaccounts
   - services
   verbs:
   - create
@@ -54,16 +55,6 @@ rules:
   - list
   - patch
   - watch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
 - apiGroups:
   - apps
   resources:
@@ -167,6 +158,7 @@ rules:
   - roles
   verbs:
   - create
+  - delete
   - get
   - list
   - patch

config/rbac/namespace/role.yaml

@@ -10,6 +10,7 @@ rules:
   - configmaps
   - persistentvolumeclaims
   - secrets
+  - serviceaccounts
   - services
   verbs:
   - create
@@ -54,16 +55,6 @@ rules:
   - list
   - patch
   - watch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
 - apiGroups:
   - apps
   resources:
@@ -167,6 +158,7 @@ rules:
   - roles
   verbs:
   - create
+  - delete
   - get
   - list
   - patch

internal/controller/postgrescluster/cluster.go

@@ -290,7 +290,9 @@ func (r *Reconciler) reconcileClusterReplicaService(
 func (r *Reconciler) reconcileDataSource(ctx context.Context,
 	cluster *v1beta1.PostgresCluster, observed *observedInstances,
 	clusterVolumes []corev1.PersistentVolumeClaim,
-	rootCA *pki.RootCertificateAuthority) (bool, error) {
+	rootCA *pki.RootCertificateAuthority,
+	backupsSpecFound bool,
+) (bool, error) {
 
 	// a hash func to hash the pgBackRest restore options
 	hashFunc := func(jobConfigs []string) (string, error) {
@@ -413,7 +415,8 @@ func (r *Reconciler) reconcileDataSource(ctx context.Context,
 	switch {
 	case dataSource != nil:
 		if err := r.reconcilePostgresClusterDataSource(ctx, cluster, dataSource,
-			configHash, clusterVolumes, rootCA); err != nil {
+			configHash, clusterVolumes, rootCA,
+			backupsSpecFound); err != nil {
 			return true, err
 		}
 	case cloudDataSource != nil:

internal/controller/postgrescluster/controller.go

@@ -162,21 +162,23 @@ func (r *Reconciler) Reconcile(
 	}
 
 	var (
-		clusterConfigMap         *corev1.ConfigMap
-		clusterReplicationSecret *corev1.Secret
-		clusterPodService        *corev1.Service
-		clusterVolumes           []corev1.PersistentVolumeClaim
-		instanceServiceAccount   *corev1.ServiceAccount
-		instances                *observedInstances
-		patroniLeaderService     *corev1.Service
-		primaryCertificate       *corev1.SecretProjection
-		primaryService           *corev1.Service
-		replicaService           *corev1.Service
-		rootCA                   *pki.RootCertificateAuthority
-		monitoringSecret         *corev1.Secret
-		exporterQueriesConfig    *corev1.ConfigMap
-		exporterWebConfig        *corev1.ConfigMap
-		err                      error
+		clusterConfigMap             *corev1.ConfigMap
+		clusterReplicationSecret     *corev1.Secret
+		clusterPodService            *corev1.Service
+		clusterVolumes               []corev1.PersistentVolumeClaim
+		instanceServiceAccount       *corev1.ServiceAccount
+		instances                    *observedInstances
+		patroniLeaderService         *corev1.Service
+		primaryCertificate           *corev1.SecretProjection
+		primaryService               *corev1.Service
+		replicaService               *corev1.Service
+		rootCA                       *pki.RootCertificateAuthority
+		monitoringSecret             *corev1.Secret
+		exporterQueriesConfig        *corev1.ConfigMap
+		exporterWebConfig            *corev1.ConfigMap
+		err                          error
+		backupsSpecFound             bool
+		backupsReconciliationAllowed bool
 	)
 
 	patchClusterStatus := func() error {
@@ -214,13 +216,34 @@ func (r *Reconciler) Reconcile(
 		meta.RemoveStatusCondition(&cluster.Status.Conditions, v1beta1.PostgresClusterProgressing)
 	}
 
+	if err == nil {
+		backupsSpecFound, backupsReconciliationAllowed, err = r.BackupsEnabled(ctx, cluster)
+
+		// If we cannot reconcile because the backup reconciliation is paused, set a condition and exit
+		if !backupsReconciliationAllowed {
+			meta.SetStatusCondition(&cluster.Status.Conditions, metav1.Condition{
+				Type:   v1beta1.PostgresClusterProgressing,
+				Status: metav1.ConditionFalse,
+				Reason: "Paused",
+				Message: "Reconciliation is paused: please fill in spec.backups " +
+					"or add the postgres-operator.crunchydata.com/authorizeBackupRemoval " +
+					"annotation to authorize backup removal.",
+
+				ObservedGeneration: cluster.GetGeneration(),
+			})
+			return runtime.ErrorWithBackoff(patchClusterStatus())
+		} else {
+			meta.RemoveStatusCondition(&cluster.Status.Conditions, v1beta1.PostgresClusterProgressing)
+		}
+	}
+
 	pgHBAs := postgres.NewHBAs()
 	pgmonitor.PostgreSQLHBAs(cluster, &pgHBAs)
 	pgbouncer.PostgreSQL(cluster, &pgHBAs)
 
 	pgParameters := postgres.NewParameters()
 	pgaudit.PostgreSQLParameters(&pgParameters)
-	pgbackrest.PostgreSQL(cluster, &pgParameters)
+	pgbackrest.PostgreSQL(cluster, &pgParameters, backupsSpecFound)
 	pgmonitor.PostgreSQLParameters(cluster, &pgParameters)
 
 	// Set huge_pages = try if a hugepages resource limit > 0, otherwise set "off"
@@ -287,7 +310,7 @@ func (r *Reconciler) Reconcile(
 		// the controller should return early while data initialization is in progress, after
 		// which it will indicate that an early return is no longer needed, and reconciliation
 		// can proceed normally.
-		returnEarly, err := r.reconcileDataSource(ctx, cluster, instances, clusterVolumes, rootCA)
+		returnEarly, err := r.reconcileDataSource(ctx, cluster, instances, clusterVolumes, rootCA, backupsSpecFound)
 		if err != nil || returnEarly {
 			return runtime.ErrorWithBackoff(errors.Join(err, patchClusterStatus()))
 		}
@@ -329,7 +352,9 @@ func (r *Reconciler) Reconcile(
 		err = r.reconcileInstanceSets(
 			ctx, cluster, clusterConfigMap, clusterReplicationSecret, rootCA,
 			clusterPodService, instanceServiceAccount, instances, patroniLeaderService,
-			primaryCertificate, clusterVolumes, exporterQueriesConfig, exporterWebConfig)
+			primaryCertificate, clusterVolumes, exporterQueriesConfig, exporterWebConfig,
+			backupsSpecFound,
+		)
 	}
 
 	if err == nil {
@@ -341,7 +366,8 @@ func (r *Reconciler) Reconcile(
 
 	if err == nil {
 		var next reconcile.Result
-		if next, err = r.reconcilePGBackRest(ctx, cluster, instances, rootCA); err == nil && !next.IsZero() {
+		if next, err = r.reconcilePGBackRest(ctx, cluster,
+			instances, rootCA, backupsSpecFound); err == nil && !next.IsZero() {
 			result.Requeue = result.Requeue || next.Requeue
 			if next.RequeueAfter > 0 {
 				result.RequeueAfter = next.RequeueAfter

internal/controller/postgrescluster/instance.go

@@ -346,7 +346,7 @@ func (r *Reconciler) observeInstances(
 		status.DesiredPGDataVolume = make(map[string]string)
 
 		for _, instance := range observed.bySet[name] {
-			status.Replicas += int32(len(instance.Pods))
+			status.Replicas += int32(len(instance.Pods)) //nolint:gosec
 
 			if ready, known := instance.IsReady(); known && ready {
 				status.ReadyReplicas++
@@ -604,6 +604,7 @@ func (r *Reconciler) reconcileInstanceSets(
 	primaryCertificate *corev1.SecretProjection,
 	clusterVolumes []corev1.PersistentVolumeClaim,
 	exporterQueriesConfig, exporterWebConfig *corev1.ConfigMap,
+	backupsSpecFound bool,
 ) error {
 
 	// Go through the observed instances and check if a primary has been determined.
@@ -640,7 +641,9 @@ func (r *Reconciler) reconcileInstanceSets(
 			rootCA, clusterPodService, instanceServiceAccount,
 			patroniLeaderService, primaryCertificate,
 			findAvailableInstanceNames(*set, instances, clusterVolumes),
-			numInstancePods, clusterVolumes, exporterQueriesConfig, exporterWebConfig)
+			numInstancePods, clusterVolumes, exporterQueriesConfig, exporterWebConfig,
+			backupsSpecFound,
+		)
 
 		if err == nil {
 			err = r.reconcileInstanceSetPodDisruptionBudget(ctx, cluster, set)
@@ -1079,6 +1082,7 @@ func (r *Reconciler) scaleUpInstances(
 	numInstancePods int,
 	clusterVolumes []corev1.PersistentVolumeClaim,
 	exporterQueriesConfig, exporterWebConfig *corev1.ConfigMap,
+	backupsSpecFound bool,
 ) ([]*appsv1.StatefulSet, error) {
 	log := logging.FromContext(ctx)
 
@@ -1123,6 +1127,7 @@ func (r *Reconciler) scaleUpInstances(
 			rootCA, clusterPodService, instanceServiceAccount,
 			patroniLeaderService, primaryCertificate, instances[i],
 			numInstancePods, clusterVolumes, exporterQueriesConfig, exporterWebConfig,
+			backupsSpecFound,
 		)
 	}
 	if err == nil {
@@ -1152,6 +1157,7 @@ func (r *Reconciler) reconcileInstance(
 	numInstancePods int,
 	clusterVolumes []corev1.PersistentVolumeClaim,
 	exporterQueriesConfig, exporterWebConfig *corev1.ConfigMap,
+	backupsSpecFound bool,
 ) error {
 	log := logging.FromContext(ctx).WithValues("instance", instance.Name)
 	ctx = logging.NewContext(ctx, log)
@@ -1198,8 +1204,10 @@ func (r *Reconciler) reconcileInstance(
 			postgresDataVolume, postgresWALVolume, tablespaceVolumes,
 			&instance.Spec.Template.Spec)
 
-		addPGBackRestToInstancePodSpec(
-			ctx, cluster, instanceCertificates, &instance.Spec.Template.Spec)
+		if backupsSpecFound {
+			addPGBackRestToInstancePodSpec(
+				ctx, cluster, instanceCertificates, &instance.Spec.Template.Spec)
+		}
 
 		err = patroni.InstancePod(
 			ctx, cluster, clusterConfigMap, clusterPodService, patroniLeaderService,