Migrate to backup-restore-sidecar based meilisearch database.

control-plane/roles/auditing-meili/README.md

@@ -2,12 +2,8 @@
 
 This role deploys a helm chart for [MeiliSearch](https://github.com/meilisearch/meilisearch-kubernetes) for auditing purposes.
 
+This role just wraps the [meili-backup-restore](/control-plane/roles/meili-backup-restore) role. Refer to this role for further documentation.
+
 ## Variables
 
-| Name                       | Mandatory | Description                                                                                    |
-| -------------------------- | --------- | ---------------------------------------------------------------------------------------------- |
-| auditing_meili_secret      |           | The content of the auth secret. If empty or not provided, the secret must be created manually. |
-| auditing_meili_ingress     |           | Configuratrion for ingress, check example or helm chart for details                            |
-| auditing_meili_persistence |           | Configuration for persistence, check example or helm chart for details                         |
-| auditing_meili_environment |           | Sets Meilisearch environment to development/production                                         |
-| auditing_meili_namespace   |           | Namespace to deploy MeiliSearch                                                                |
+The role should take the same variables as the wrapped role, but prefixed with `auditing_meili_` instead of `meilisearch_`.

control-plane/roles/auditing-meili/defaults/main/main.yaml

@@ -1,32 +1,37 @@
 ---
+auditing_meili_name: auditing-meili
 auditing_meili_namespace: "{{ metal_control_plane_namespace }}"
-auditing_meili_secret: ""
-auditing_meili_environment: production
 
-# possible parametrization can be found at the helm-chart repo
-# https://github.com/meilisearch/meilisearch-kubernetes
+auditing_meili_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
 
-auditing_meili_ingress: {}
-# enabled: false
-# className: nginx
-# annotations: {}
-# path: /
-# hosts:
-#   - meilisearch-example.local
-# tls: []
+auditing_meili_storage_size: 10Gi
+auditing_meili_storage_class:
 
-auditing_meili_persistence:
-  {}
-  # enabled: false
-  # accessMode: ReadWriteOnce
-  # storageClass: "-"
-  # size: 10Gi
-  # annotations: {}
-  # volume:
-  #   name: data
-  #   mountPath: /meili_data
+auditing_meili_api_key: change-me-at-least-16-chars
+auditing_meili_env: production
+auditing_meili_no_analytics: true
 
-auditing_meili_registry_enabled: "{{ metal_registry_auth_enabled }}"
+auditing_meili_backup_restore_sidecar_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
+auditing_meili_backup_restore_sidecar_provider: local
+auditing_meili_backup_restore_sidecar_backup_cron_schedule: "0 * * * *"
+auditing_meili_backup_restore_sidecar_log_level: debug
+auditing_meili_backup_restore_sidecar_object_prefix: "{{ auditing_meili_name }}-{{ metal_control_plane_stage_name }}"
+auditing_meili_backup_restore_sidecar_object_max_keep:
+
+auditing_meili_backup_restore_sidecar_gcp_bucket_name:
+auditing_meili_backup_restore_sidecar_gcp_backup_location:
+auditing_meili_backup_restore_sidecar_gcp_project_id:
+auditing_meili_backup_restore_sidecar_gcp_serviceaccount_json:
+
+auditing_meili_resources:
+  requests:
+    memory: "256Mi"
+    cpu: "500m"
+  limits:
+    memory: "1Gi"
+    cpu: "1"
+
+auditing_meili_registry_auth_enabled: "{{ metal_registry_auth_enabled }}"
 auditing_meili_registry_auth:
   auths:
     https://index.docker.io/v1/:

control-plane/roles/auditing-meili/tasks/main.yaml

@@ -12,38 +12,32 @@
         labels:
           name: "{{ auditing_meili_namespace }}"
 
-- name: Create meili secret
-  k8s:
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: metal-auditing-master-key
-        namespace: "{{ auditing_meili_namespace }}"
-      stringData:
-        MEILI_MASTER_KEY: "{{ auditing_meili_secret }}"
-  when: auditing_meili_secret
-
-- name: Create registry pull secret
-  k8s:
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: metal-auditing-registry-pull-secret
-        namespace: "{{ auditing_meili_namespace }}"
-      type: kubernetes.io/dockerconfigjson
-      data:
-        .dockerconfigjson: "{{ auditing_meili_registry_auth | to_json | b64encode }}"
-  when: auditing_meili_registry_enabled
-
 - name: Deploy meilisearch
   include_role:
-    name: ansible-common/roles/helm-chart
+    name: metal-roles/control-plane/roles/meili-backup-restore
   vars:
-    helm_repo: "{{ metal_auditing_meili_chart_repo }}"
-    helm_chart: meilisearch
-    helm_target_namespace: "{{ auditing_meili_namespace }}"
-    helm_chart_version: "{{ metal_auditing_meili_chart_version }}"
-    helm_release_name: auditing-meili
-    helm_value_file_template: "values.yaml"
+    meilisearch_name: "{{ auditing_meili_name }}"
+    meilisearch_namespace: "{{ auditing_meili_namespace }}"
+    meilisearch_image_pull_policy: "{{ auditing_meili_image_pull_policy }}"
+    meilisearch_image_name: "{{ auditing_meili_image_name }}"
+    meilisearch_image_tag: "{{ auditing_meili_image_tag }}"
+    meilisearch_registry_auth_enabled: "{{ auditing_meili_registry_auth_enabled }}"
+    meilisearch_registry_auth: "{{ auditing_meili_registry_auth }}"
+    meilisearch_storage_size: "{{ auditing_meili_storage_size }}"
+    meilisearch_storage_class: "{{ auditing_meili_storage_class }}"
+    meilisearch_api_key: "{{ auditing_meili_api_key }}"
+    meilisearch_env: "{{ auditing_meili_env }}"
+    meilisearch_no_analytics: "{{ auditing_meili_no_analytics }}"
+    meilisearch_backup_restore_sidecar_image_pull_policy: "{{ auditing_meili_backup_restore_sidecar_image_pull_policy }}"
+    meilisearch_backup_restore_sidecar_image_name: "{{ auditing_meili_backup_restore_sidecar_image_name }}"
+    meilisearch_backup_restore_sidecar_image_tag: "{{ auditing_meili_backup_restore_sidecar_image_tag }}"
+    meilisearch_backup_restore_sidecar_provider: "{{ auditing_meili_backup_restore_sidecar_provider }}"
+    meilisearch_backup_restore_sidecar_backup_cron_schedule: "{{ auditing_meili_backup_restore_sidecar_backup_cron_schedule }}"
+    meilisearch_backup_restore_sidecar_log_level: "{{ auditing_meili_backup_restore_sidecar_log_level }}"
+    meilisearch_backup_restore_sidecar_object_prefix: "{{ auditing_meili_backup_restore_sidecar_object_prefix }}"
+    meilisearch_backup_restore_sidecar_gcp_bucket_name: "{{ auditing_meili_backup_restore_sidecar_gcp_bucket_name }}"
+    meilisearch_backup_restore_sidecar_gcp_backup_location: "{{ auditing_meili_backup_restore_sidecar_gcp_backup_location }}"
+    meilisearch_backup_restore_sidecar_gcp_project_id: "{{ auditing_meili_backup_restore_sidecar_gcp_project_id }}"
+    meilisearch_backup_restore_sidecar_gcp_serviceaccount_json: "{{ auditing_meili_backup_restore_sidecar_gcp_serviceaccount_json }}"
+    meilisearch_resources: "{{ auditing_meili_resources }}"
+    meilisearch_backup_restore_sidecar_object_max_keep: "{{ auditing_meili_backup_restore_sidecar_object_max_keep }}"

control-plane/roles/meili-backup-restore/README.md

@@ -0,0 +1,34 @@
+# meili-backup-restore
+
+Deploys a meilisearch database together with a [backup-restore-sidecar](https://github.com/metal-stack/backup-restore-sidecar).
+
+## Variables
+
+This role uses variables from [control-plane-defaults](/control-plane). So, make sure you define them adequately as well.
+
+You can look up all the default values of this role [here](defaults/main/main.yaml).
+
+| Name                                                       | Mandatory | Description                                                             |
+| ---------------------------------------------------------- | --------- | ----------------------------------------------------------------------- |
+| meilisearch_image_name                                     | yes       | Image version of the meilisearch                                        |
+| meilisearch_image_tag                                      | yes       | Image tag of the meilisearch                                            |
+| meilisearch_registry_auth_enabled                          |           | Enables registry authentication                                         |
+| meilisearch_registry_auth                                  |           | The dockerconfigjson content used for registry authentication           |
+| meilisearch_image_pull_policy                              |           | Image pull policy (defaults to IfNotPresent)                            |
+| meilisearch_name                                           |           | The name of the meilisearch instance                                    |
+| meilisearch_namespace                                      |           | The deployment's target namespace                                       |
+| meilisearch_storage_size                                   |           | The size of the PVC                                                     |
+| meilisearch_storage_class                                  |           | The storage class of the PVC                                            |
+| meilisearch_api_key                                        |           | The api key for meilisearch                                             |
+| meilisearch_env                                            |           | Sets the environment configuration for meilisearch                      |
+| meilisearch_no_analytics                                   |           | Sets the no analytics configuration for meilisearch                     |
+| meilisearch_backup_restore_sidecar_image_name              | yes       | Image version of the backup-restore-sidecar                             |
+| meilisearch_backup_restore_sidecar_image_tag               | yes       | Image tag of the backup-restore-sidecar                                 |
+| meilisearch_backup_restore_sidecar_provider                |           | The backup provider                                                     |
+| meilisearch_backup_restore_sidecar_backup_cron_schedule    |           | The backup cron schedule                                                |
+| meilisearch_backup_restore_sidecar_log_level               |           | The log level of the sidecar                                            |
+| meilisearch_backup_restore_sidecar_gcp_bucket_name         |           | Bucket name of the GCP bucket                                           |
+| meilisearch_backup_restore_sidecar_gcp_backup_location     |           | Location of the GCP bucket                                              |
+| meilisearch_backup_restore_sidecar_gcp_project_id          |           | GCP project name                                                        |
+| meilisearch_backup_restore_sidecar_gcp_serviceaccount_json |           | GCP Serviceaccount JSON string (service account requires bucket access) |
+| meilisearch_resources                                      |           | The kubernetes resources for the actual meilisearch container           |

control-plane/roles/meili-backup-restore/defaults/main/control-plane-defaults

@@ -0,0 +1 @@
+../../../../control-plane-defaults/

control-plane/roles/meili-backup-restore/defaults/main/global-defaults

@@ -0,0 +1 @@
+../../../../../defaults

control-plane/roles/meili-backup-restore/defaults/main/main.yaml

@@ -0,0 +1,40 @@
+---
+meilisearch_name: meilisearch
+meilisearch_namespace: "{{ metal_control_plane_namespace }}"
+
+meilisearch_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
+
+meilisearch_storage_size: 5Gi
+meilisearch_storage_class:
+
+meilisearch_api_key: change-me-at-least-16-chars
+meilisearch_env: production
+meilisearch_no_analytics: true
+
+meilisearch_backup_restore_sidecar_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
+meilisearch_backup_restore_sidecar_provider: local
+meilisearch_backup_restore_sidecar_backup_cron_schedule: "0 * * * *"
+meilisearch_backup_restore_sidecar_log_level: debug
+meilisearch_backup_restore_sidecar_object_prefix: "{{ meilisearch_name }}-{{ metal_control_plane_stage_name }}"
+meilisearch_backup_restore_sidecar_object_max_keep:
+
+meilisearch_backup_restore_sidecar_gcp_bucket_name:
+meilisearch_backup_restore_sidecar_gcp_backup_location:
+meilisearch_backup_restore_sidecar_gcp_project_id:
+meilisearch_backup_restore_sidecar_gcp_serviceaccount_json:
+
+meilisearch_resources:
+  requests:
+    memory: "256Mi"
+    cpu: "500m"
+  limits:
+    memory: "1Gi"
+    cpu: "1"
+
+meilisearch_registry_auth_enabled: "{{ metal_registry_auth_enabled }}"
+meilisearch_registry_auth:
+  auths:
+    https://index.docker.io/v1/:
+      username: "{{ metal_registry_auth_user }}"
+      password: "{{ metal_registry_auth_password }}"
+      auth: "{{ (metal_registry_auth_user + ':' + metal_registry_auth_password) | b64encode }}"

control-plane/roles/meili-backup-restore/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+- name: Gather release versions
+  setup_yaml:
+
+- name: Check mandatory variables for this role are set
+  assert:
+    fail_msg: "not all mandatory variables given, check role documentation"
+    quiet: yes
+    that:
+      - meilisearch_image_name is defined
+      - meilisearch_image_tag is defined
+      - meilisearch_backup_restore_sidecar_image_name is defined
+      - meilisearch_backup_restore_sidecar_image_tag is defined
+
+- name: Deploy meilisearch (backup-restore)
+  k8s:
+    definition: "{{ lookup('template', 'meilisearch.yaml') }}"
+    namespace: "{{ meilisearch_namespace }}"
+    apply: yes