viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(dbaas,vault): fix backup CronJob failures and mysql-operator memory

Browse source 
- Add docker.io/library/ prefix to mysql and postgres backup images
  to satisfy Kyverno require-trusted-registries policy (both CronJobs
  were blocked for 46h, triggering MySQLBackupStale alert)
- Document mysql-operator chart ignoring resources values key — the
  LimitRange default (256Mi) was silently applied, putting the operator
  at 97% memory. Patched live to 512Mi via kubectl.
- Increase vault-raft-backup backoff_limit to 6 for transient failures
  (also fixed NFS export: vault-backup was a separate ZFS dataset not
  in the TrueNAS NFS share — destroyed dataset, created directory)
This commit is contained in:
Viktor Barzin 2026-03-19 23:26:05 +00:00
parent 250a058627
commit e823b795f7
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
stacks/dbaas/modules/dbaas/main.tf
View file

@ -74,14 +74,19 @@ resource "helm_release" "mysql_operator" {
chart = "mysql-operator" chart = "mysql-operator"
version = "2.2.7" version = "2.2.7"
# NOTE: The mysql-operator chart (2.2.7) does NOT expose a resources values key.
# The resources block below is ignored by the chart. Without explicit resources
# on the deployment, the LimitRange default (256Mi) applies silently.
# Fix: kubectl patch deployment mysql-operator -n mysql-operator --type=json \
# -p='[{"op":"replace","path":"/spec/template/spec/containers/0/resources","value":{"requests":{"cpu":"100m","memory":"256Mi"},"limits":{"memory":"512Mi"}}}]'
values = [yamlencode({ values = [yamlencode({
resources = { resources = {
requests = { requests = {
cpu = "100m" cpu = "100m"
memory = "512Mi" memory = "256Mi"
} }
limits = { limits = {
memory = "580Mi" memory = "512Mi"
} }
} }
})] })]
@ -323,7 +328,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
spec { spec {
container { container {
name = "mysql-backup" name = "mysql-backup"
image = "mysql" image = "docker.io/library/mysql:8.0"
env { env {
name = "MYSQL_PWD" name = "MYSQL_PWD"
value_from { value_from {
@ -1059,7 +1064,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
spec { spec {
container { container {
name = "postgresql-backup" name = "postgresql-backup"
image = "postgres:16.4-bullseye" image = "docker.io/library/postgres:16.4-bullseye"
env { env {
name = "PGPASSWORD" name = "PGPASSWORD"
value_from { value_from {

1
stacks/vault/main.tf
View file

@ -256,6 +256,7 @@ resource "kubernetes_cron_job_v1" "vault_backup" {
job_template { job_template {
metadata {} metadata {}
spec { spec {
backoff_limit = 6
template { template {
metadata {} metadata {}
spec { spec {