pxc-db: backup.enabled: false leads to values.yaml overlay not being correctly merged

[cjohn001]

Hello together.
I am trying to customize the pxc-db chart with a myvalues.yaml. i.e.

helm install pxc-db ./pxc-db -n dev-percona -f cvalues.yaml

I am trying to do some modifications for the backup part

backup:
    enabled: false
    storages:
        s3-us-west:
            type: s3
            verifyTLS: false
            s3:
                bucket: dev-percona
                credentialsSecret: s3-backup-secret-working
                region: us-east-1
                endpointUrl: https://minio.example.org

Unfortunately, when setting backup.enabled: false, the entire backup block is not mearged into the resulting yaml.

I would expect that it is merged, because I want to be able to perform manual backups against my s3 storage. This currently seems only to work if I also enable scheduled. backups.

[spron-in]

If you don't need backups to be made on schedule, you can just leave backup.schedule section empty.
With it you will still be able to do manual backups.

So in your case it would be smth as follows:

backup:
    enabled: true
    schedule: []
    storages:
        s3-us-west:
            type: s3
            verifyTLS: false
            s3:
                bucket: dev-percona
                credentialsSecret: s3-backup-secret-working
                region: us-east-1
                endpointUrl: https://minio.example.org

[cjohn001]

@spron-in: Thanks for the directions, this was indeed my workaround. However, when I think about your comment, I assume this might be the intended behavior. I mean backup enabled in general without a schedule set, would also make sense for the storage to be set. Shall I leave the issue open or close it?

I have two other questions. Maybe you have a quick comment for me on the topic.

1. I need to import a database backup from s3 storage into a new cluster. Seems like I have to manually set up a PerconaXtraDBClusterBackup resource pointing to the s3 storage location. Unfortunately, I have not found anything in the docs in this regards. I would be interested which attributes will have to be set on the ressource in order to work.

2. I have a minio server with a self signed certificate of my private CA as storage location. I created the pxc-db-ssl and pxc-db-ssl-internal certificates (type: kubernetes.io/tls) for the pxc cluster which also includes the CA certificate. My hope was that this would allow xtrabackup to do tls verification. However, when I enable backup.storages.x.verifyTLS: true I see a certificate verification error in the logs. Seems like the CA cert does not get deployed to the backup pod. Unfortunately, the pods are to short lived in order to get a chance to debug whats in the container. Is this currently a limitation of the helm chart, that xtrabackup cannot be used with verifyTLS against a privately signed certificate? If not, do you have an idea what I need to do in order to get the CA cert installed in the pod? Thanks for your help

[spron-in]

Hey @cjohn001!

However, when I think about your comment, I assume this might be the intended behavior. I mean backup enabled in general without a schedule set, would also make sense for the storage to be set. Shall I leave the issue open or close it?

It is an intended behaviour. You can have backups enabled, storage set, schedules NULL. Or you can disable backups completely, this will remove the backup section. We did that to accomodate various developer requests, where backups are not needed at all.

As for your questions (btw good ones):

1. Please look at this blog post: https://docs.percona.com/percona-operator-for-mysql/pxc/backups-move-from-external-db.html
2. Right now it is not possible to set custom TLS for xtrabackup.. You can skip TLS check for now. In the next release we are going to allow users to set various flags, which should help with setting custom TLS cert.
   Hope it helps.

[cjohn001]

Hello @spron-in ,
thanks for the directions. Than I will look forward for the next release :) In regards to "backups from external db". In the meantime I solved the issue by migrating my databases with the help of mysql workbench from one installation to the other. As a matter of principle, I was following the description on the page but could not get this working.
To me it was not clear how xtrabackup migration should work. I have red that always all databases are backed up and restored. The problem I was running into was that the sys schema of the database was also synced, which broke the database configuration after import, as I was using an older 8.x pxc version on the donor cluster where the backups came from. To my understanding an option is missing how one could enforce sys schema not to be synced. Or is such a flag already there and I just did not find it?