cnpg-plugin-pgbackrest

module
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2025 License: Apache-2.0

README

CloudNativePG

pgBackRest CNPG-I plugin

Status: EXPERIMENTAL

Welcome to the codebase of the pgBackRest CNPG-I plugin for CloudNativePG.

Table of contents

Features

This plugin enables continuous backup to object storage for a PostgreSQL cluster using the pgbackrest tool suite.

The features provided by this plugin are:

  • Data Directory Backup
  • Data Directory Restore
  • WAL Archiving
  • WAL Restoring
  • Point-in-Time Recovery (PITR)
  • Replica Clusters
  • Client-side encryption of both backups and WAL archives

[!WARNING] While all data necessary to use various restore modes in pgbackrest is properly stored in the object store, restore is currently tested only with full backup recovery to the latest backup. Reports on more advanced recovery attempts are welcome.

This plugin is currently only compatible with S3 object storage.

The following storage solutions have been tested and confirmed to work with this implementation:

  • MinIO – An S3-compatible object storage solution.

Known missing features:

  • support for other object storage solutions (GCS, Azure),
  • backups from replicas,
  • proper support for private certificate authorities.

Prerequisites

To use this plugin, ensure the following prerequisites are met:

Installation

IMPORTANT NOTES:

  1. The plugin must be installed in the same namespace where the operator is installed (typically cnpg-system).

  2. Be aware that the operator's listening namespaces may differ from its installation namespace. Ensure you verify this distinction to avoid configuration issues.

Here’s an enhanced version of your instructions for verifying the prerequisites:

Step 1 - Verify the Prerequisites

If CloudNativePG is installed in the default cnpg-system namespace, verify its version using the following command:

kubectl get deployment -n cnpg-system cnpg-controller-manager \
  | grep ghcr.io/cloudnative-pg/cloudnative-pg

Example output:

image: ghcr.io/cloudnative-pg/cloudnative-pg:1.25.0

Ensure that the version displayed is 1.25 or newer.

Then, use the cmctl tool to confirm that cert-manager is correctly installed:

cmctl check api

Example output:

The cert-manager API is ready

Both checks are necessary to proceed with the installation.

Step 2 - Install the pgBackRest Plugin

Use kubectl to apply the manifest for the latest commit in the main branch:

kubectl apply -f \
  https://github.com/operasoftware/cnpg-plugin-pgbackrest/releases/download/v0.4.1/manifest.yaml

Example output:

customresourcedefinition.apiextensions.k8s.io/archives.pgbackrest.cnpg.opera.com created
serviceaccount/plugin-pgbackrest created
role.rbac.authorization.k8s.io/leader-election-role created
clusterrole.rbac.authorization.k8s.io/archive-editor-role created
clusterrole.rbac.authorization.k8s.io/archive-viewer-role created
clusterrole.rbac.authorization.k8s.io/metrics-auth-role created
clusterrole.rbac.authorization.k8s.io/metrics-reader created
clusterrole.rbac.authorization.k8s.io/plugin-pgbackrest created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/metrics-auth-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/plugin-pgbackrest-binding created
secret/plugin-pgbackrest--8tfddg42gf created
service/pgbackrest created
deployment.apps/pgbackrest created
certificate.cert-manager.io/pgbackrest-client created
certificate.cert-manager.io/pgbackrest-server created
issuer.cert-manager.io/selfsigned-issuer created

After these steps, the plugin will be successfully installed. Make sure it is ready to use by checking the deployment status as follows:

kubectl rollout status deployment \
  -n cnpg-system pgbackrest

Example output:

deployment "pgbackrest" successfully rolled out

This confirms that the plugin is deployed and operational.

Usage

Defining the Archive

An Archive object should be created for each pgbackrest storage configuration used in your PostgreSQL architecture. Below is an example configuration for using a single MinIO repository with encryption enabled:

apiVersion: pgbackrest.cnpg.opera.com/v1
kind: Archive
metadata:
  name: minio-store
spec:
  configuration:
    repositories:
      - destinationPath: /
        bucket: backups
        endpointURL: minio:9000
        disableVerifyTLS: true
        encryption: aes-256-cbc
        encryptionKey:
          name: minio
          key: ENCRYPTION_KEY
        s3Credentials:
          region: "dummy"
          accessKeyId:
            name: minio
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: minio
            key: ACCESS_SECRET_KEY
    compression: zst
  instanceSidecarConfiguration:
    resources:
      requests:
        memory: "2Gi"
        cpu: "2"
      limits:
        memory: "2Gi"
        cpu: "2"

[!IMPORTANT] Unlike Barman, pgBackRest requires object storage to be accessible over HTTPS. While it's possible to disable key verification and use self-signed keys, using HTTP endpoint is not possible.

Configuring WAL Archiving

Once the Archive is defined, you can configure a PostgreSQL cluster to archive WALs by referencing the configuration in the .spec.plugins section, as shown below:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-example
spec:
  instances: 3
  imagePullPolicy: Always
  plugins:
  - name: pgbackrest.cnpg.opera.com
    parameters:
      pgbackrestObjectName: minio-store
  storage:
    size: 1Gi

This configuration enables both WAL archiving and data directory backups.

[!IMPORTANT] Archiving will only start working after at least one backup is created. That's due to the stanza creation process which currently is only executed on backups.

Performing a Base Backup

Once WAL archiving is enabled, the cluster is ready for backups. To create a backup, configure the backup.spec.pluginConfiguration section to specify this plugin:

apiVersion: postgresql.cnpg.io/v1
kind: Backup
metadata:
  name: backup-example
spec:
  method: plugin
  cluster:
    name: cluster-example
  target: primary
  pluginConfiguration:
    name: pgbackrest.cnpg.opera.com
    parameters:
      type: full

[!IMPORTANT] Currently only backups from primary are supported. Trying to run backup from a replica will fail.

[!TIP] All keys defined in the parameters section are passed to the pgBackRest as flags. This feature makes it possible to configure some additional options, most notably backup type, for a single backup instead of globally.

Restoring a Cluster

To restore a cluster from an archive, create a new Cluster resource that references the archive containing the backup. Below is an example configuration:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-restore
spec:
  instances: 3
  imagePullPolicy: IfNotPresent
  bootstrap:
    recovery:
      source: source
  externalClusters:
  - name: source
    plugin:
      name: pgbackrest.cnpg.opera.com
      parameters:
        pgbackrestObjectName: minio-store
        stanza: cluster-example
  storage:
    size: 1Gi

[!NOTE] The above configuration does not enable WAL archiving for the restored cluster.

To enable WAL archiving for the restored cluster, include the .spec.plugins section alongside the externalClusters.plugin section, as shown below:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-restore
spec:
  instances: 3
  imagePullPolicy: IfNotPresent
  bootstrap:
    recovery:
      source: source
  plugins:
  - name: pgbackrest.cnpg.opera.com
    parameters:
      # Backup archive (push, read-write)
      pgbackrestObjectName: minio-store-bis
  externalClusters:
  - name: source
    plugin:
      name: pgbackrest.cnpg.opera.com
      parameters:
        # Recovery archive (pull, read-only)
        pgbackrestObjectName: minio-store
        stanza: cluster-example
  storage:
    size: 1Gi

The same archive may be used for both transaction log archiving and restoring a cluster, or you can configure separate stores for these purposes.

Configuring Replica Clusters

You can set up a distributed topology by combining the previously defined configurations with the .spec.replica section. Below is an example of how to define a replica cluster:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-dc-a
spec:
  instances: 3
  primaryUpdateStrategy: unsupervised

  storage:
    storageClass: csi-hostpath-sc
    size: 1Gi

  plugins:
  - name: pgbackrest.cnpg.opera.com
    parameters:
      pgbackrestObjectName: minio-store-a

  replica:
    self: cluster-dc-a
    primary: cluster-dc-a
    source: cluster-dc-b

  externalClusters:
  - name: cluster-dc-a
    plugin:
      name: pgbackrest.cnpg.opera.com
      parameters:
        pgbackrestObjectName: minio-store-a

  - name: cluster-dc-b
    plugin:
      name: pgbackrest.cnpg.opera.com
      parameters:
        pgbackrestObjectName: minio-store-b

Directories

Path Synopsis
api
v1
Package v1 contains API Schema definitions for the pgbackrest v1 API group +kubebuilder:object:generate=true +groupName=pgbackrest.cnpg.opera.com
 Package v1 contains API Schema definitions for the pgbackrest v1 API group +kubebuilder:object:generate=true +groupName=pgbackrest.cnpg.opera.com
cmd
manager command
Package main is the entrypoint for the plugin
 Package main is the entrypoint for the plugin
internal
cmd/healthcheck
Package healthcheck contains the logic to execute an healthcheck on the plugin through a command
 Package healthcheck contains the logic to execute an healthcheck on the plugin through a command
cmd/instance
Package instance is the entrypoint of instance plugin
 Package instance is the entrypoint of instance plugin
cmd/operator
Package operator is the entrypoint of operator plugin
 Package operator is the entrypoint of operator plugin
cmd/restore
Package restore is the entrypoint of restore capabilities
 Package restore is the entrypoint of restore capabilities
cnpgi/common
Package common contains reusable structs and methods for CNPGI plugins.
 Package common contains reusable structs and methods for CNPGI plugins.
cnpgi/instance
Package instance implements the capabilities used by the operator sidecar
 Package instance implements the capabilities used by the operator sidecar
cnpgi/instance/internal/client
Package client provides an extended client that is capable of caching multiple secrets without relying on informers
 Package client provides an extended client that is capable of caching multiple secrets without relying on informers
cnpgi/metadata
Package metadata contains the common metadata on the operator and on the instance manager
 Package metadata contains the common metadata on the operator and on the instance manager
cnpgi/operator
Package operator implements the capabilities used by CNPG
 Package operator implements the capabilities used by CNPG
cnpgi/operator/config
Package config contains the functions to parse the plugin configuration
 Package config contains the functions to parse the plugin configuration
cnpgi/operator/specs
Package specs contains the specification of the kubernetes objects that are created by the plugin
 Package specs contains the specification of the kubernetes objects that are created by the plugin
cnpgi/restore
Package restore provides the restore functionality for CNPGI.
 Package restore provides the restore functionality for CNPGI.
controller
Package controller implements a controller for the CRDs as defined by this operator
 Package controller implements a controller for the CRDs as defined by this operator
pgbackrest/api
Package api contains the Pgbackrest types that are used in the CloudNativePG API
 Package api contains the Pgbackrest types that are used in the CloudNativePG API
pgbackrest/archiver
Package archiver manages the WAL archiving process
 Package archiver manages the WAL archiving process
pgbackrest/backup
Package backup manages the backup creation process
 Package backup manages the backup creation process
pgbackrest/catalog
Package catalog is the implementation of a backup catalog
 Package catalog is the implementation of a backup catalog
pgbackrest/command
Package command contains the utilities to interact with pgbackrest.
 Package command contains the utilities to interact with pgbackrest.
pgbackrest/credentials
Package credentials handles the retrieval and injection of credentials stored in Kubernetes secrets
 Package credentials handles the retrieval and injection of credentials stored in Kubernetes secrets
pgbackrest/restorer
Package restorer manages the cluster restoration process
 Package restorer manages the cluster restoration process
pgbackrest/spool
Package spool maintains the scratch space used for WAL retrieval
 Package spool maintains the scratch space used for WAL retrieval
pgbackrest/utils
Package utils provides utility functions that help with configuring pgBackrest
 Package utils provides utility functions that help with configuring pgBackrest
pgbackrest/walarchive
Package walarchive provides support for WAL archive upload
 Package walarchive provides support for WAL archive upload
test
e2e/internal/certmanager
Package certmanager provides utilities for setting up and managing cert-manager for end-to-end testing.
 Package certmanager provides utilities for setting up and managing cert-manager for end-to-end testing.
e2e/internal/client
Package client provides function to create Kubernetes clients.
 Package client provides function to create Kubernetes clients.
e2e/internal/cloudnativepg
Package cloudnativepg provides utilities for setting up and managing CloudNativePG environments for end-to-end testing.
 Package cloudnativepg provides utilities for setting up and managing CloudNativePG environments for end-to-end testing.
e2e/internal/cluster
Package cluster contains functions to interact with the CloudNativePG clusters
 Package cluster contains functions to interact with the CloudNativePG clusters
e2e/internal/command
Package command provides function to execute commands in k8s pods.
 Package command provides function to execute commands in k8s pods.
e2e/internal/deployment
Package deployment provides utilities for managing Kubernetes deployments
 Package deployment provides utilities for managing Kubernetes deployments
e2e/internal/e2etestenv
Package e2etestenv provides a test environment for end-to-end tests.
 Package e2etestenv provides a test environment for end-to-end tests.
e2e/internal/kustomize
Package kustomize provides utilities for applying and managing Kubernetes customizations using Kustomize.
 Package kustomize provides utilities for applying and managing Kubernetes customizations using Kustomize.
e2e/internal/namespace
Package namespace provides utilities to manage namespaces.
 Package namespace provides utilities to manage namespaces.
e2e/internal/objectstore
Package objectstore provides shared examples for archive tests using various object store implementations.
 Package objectstore provides shared examples for archive tests using various object store implementations.
e2e/internal/tests/backup
Package backup contains tests for the backup and restore functionality of the Pgbackrest Plugin.
 Package backup contains tests for the backup and restore functionality of the Pgbackrest Plugin.
e2e/internal/tests/replicacluster
Package replicacluster contains tests validating replica clusters using the pgBackRest Plugin.
 Package replicacluster contains tests validating replica clusters using the pgBackRest Plugin.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.