Fix backup restore

[eguzki]

what

Fixes: https://issues.redhat.com/browse/THREESCALE-8464

• Restore apimanager restore controller. On operator-sdk upgrade, the migration missed some code dd3a3fa
  • later, not used code (because it was missed in the migration process) was deleted b5b1d7c
• Add service account, roles and rolebinding to backup and restore jobs

Verification steps

• Deploy the operator in cluster wide mode using OLM from this PR branch guide

• Prepare external databases

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-redis-queues
  labels:
    app: backend-redis-queues
spec:
  selector:
    matchLabels:
      app: backend-redis-queues
  template:
    metadata:
      labels:
        app: backend-redis-queues
    spec:
      containers:
        - name: backend-redis-queues
          args:
            - "/etc/redis.d/redis.conf"
          image: redis
          ports:
            - containerPort: 6379
              name: redis
          volumeMounts:
          - mountPath: /etc/redis.d/
            name: redis-config
      volumes:
        - configMap:
            items:
            - key: redis.conf
              path: redis.conf
            name: redis-config
          name: redis-config
  replicas: 1
---
apiVersion: v1
kind: Service
metadata:
  name: backend-redis-queues
spec:
  selector:
    app: backend-redis-queues
  ports:
    - name: redis
      port: 6379
      protocol: TCP
      targetPort: 6379
---
apiVersion: v1
kind: Secret
metadata:
  name: backend-redis
stringData:
  REDIS_STORAGE_URL: "redis://backend-redis-storage"
  REDIS_STORAGE_SENTINEL_HOSTS: ""
  REDIS_STORAGE_SENTINEL_ROLE: ""
  REDIS_QUEUES_URL: "redis://backend-redis-queues"
  REDIS_QUEUES_SENTINEL_HOSTS: ""
  REDIS_QUEUES_SENTINEL_ROLE: ""
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-redis-storage
  labels:
    app: backend-redis-storage
spec:
  selector:
    matchLabels:
      app: backend-redis-storage
  template:
    metadata:
      labels:
        app: backend-redis-storage
    spec:
      containers:
        - name: backend-redis-storage
          args:
            - "/etc/redis.d/redis.conf"
          image: redis
          ports:
            - containerPort: 6379
              name: redis
          volumeMounts:
          - mountPath: /etc/redis.d/
            name: redis-config
      volumes:
        - configMap:
            items:
            - key: redis.conf
              path: redis.conf
            name: redis-config
          name: redis-config
  replicas: 1
---
apiVersion: v1
kind: Service
metadata:
  name: backend-redis-storage
spec:
  selector:
    app: backend-redis-storage
  ports:
    - name: redis
      port: 6379
      protocol: TCP
      targetPort: 6379
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-config
data:
  redis.conf: |
    protected-mode no
    stop-writes-on-bgsave-error no
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-conf
data:
  mysql-default-authentication-plugin.cnf: |
    [mysqld]
    default_authentication_plugin=mysql_native_password
---
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
stringData:
  password: test1234
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
spec:
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - image: mysql:8.0
        name: mysql
        imagePullPolicy: "IfNotPresent"
        env:
          - name: MYSQL_DATABASE
            value: system
          - name: MYSQL_USER
            value: user
          - name: MYSQL_PASSWORD
            value: user1234
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysql-secret
                key: password
        ports:
        - containerPort: 3306
          name: mysql
        volumeMounts:
        - mountPath: /etc/mysql/conf.d
          name: extra-config
      volumes:
        - name: extra-config
          configMap:
            name: mysql-conf
---
apiVersion: v1
kind: Service
metadata:
  name: system-mysql
spec:
  ports:
  - port: 3306
  selector:
    app: mysql
---
apiVersion: v1
kind: Secret
metadata:
  name: system-database
stringData:
  URL: "mysql2://root:test1234@system-mysql/system"
  DB_USER: "user"
  DB_PASSWORD: "user1234"
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: system-redis
  labels:
    app: system-redis
spec:
  selector:
    matchLabels:
      app: system-redis
  template:
    metadata:
      labels:
        app: system-redis
    spec:
      containers:
        - name: system-redis
          image: redis
          args:
            - "/etc/redis.d/redis.conf"
          ports:
            - containerPort: 6379
              name: redis
          volumeMounts:
          - mountPath: /etc/redis.d/
            name: redis-config
      volumes:
        - configMap:
            items:
            - key: redis.conf
              path: redis.conf
            name: redis-config
          name: redis-config
---
apiVersion: v1
kind: Service
metadata:
  name: system-redis
spec:
  selector:
    app: system-redis
  ports:
    - name: redis
      port: 6379
      protocol: TCP
      targetPort: 6379
---
apiVersion: v1
kind: Secret
metadata:
  name: system-redis
stringData:
  URL: "redis://system-redis"
  SENTINEL_HOSTS: ""
  SENTINEL_ROLE: ""
  NAMESPACE: ""
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
spec:
  selector:
    matchLabels:
      app: postgres
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:13
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_USER
              value: postgresadmin
            - name: POSTGRES_PASSWORD
              value: admin123
            - name: POSTGRES_DB
              value: postgresdb
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
---
apiVersion: v1
kind: Service
metadata:
  name: zync-database
spec:
  ports:
  - port: 5432
  selector:
    app: postgres
---
apiVersion: v1
kind: Secret
metadata:
  name: zync
stringData:
  DATABASE_URL: postgresql://postgresadmin:admin123@zync-database:5432/postgresdb
  ZYNC_DATABASE_PASSWORD: admin123
type: Opaque

• Deploy APIManager with external databases config.

System file storage must be with RWX PVC docs

System's FileStorage

    When the location of System's FileStorage is in a PersistentVolumeClaim (PVC)
    CURRENTLY UNSUPPORTED When the location of System's FileStorage is in a S3 API-compatible storage

k apply -f - <<EOF
---
apiVersion: apps.3scale.net/v1alpha1
kind: APIManager
metadata:
  name: apimanager1
spec:
  wildcardDomain: example.com
  resourceRequirementsEnabled: false
  system:
    fileStorage:
      persistentVolumeClaim:
        storageClassName: nfs
  externalComponents:
    backend:
      redis: true
    system:
      database: true
      redis: true
    zync:
      database: true
EOF

• Deploy Backup object

k apply -f - <<EOF
---
apiVersion: apps.3scale.net/v1alpha1
kind: APIManagerBackup
metadata:
  name: example-apimanagerbackup-pvc
spec:
  backupDestination:
    persistentVolumeClaim:
      resources:
        requests: "1Gi"
EOF

• When the backup job is done, remove APIManager object

k delete apimanager apimanager1

• Remove existing 3scale secrets

k delete secret backend-internal-api backend-listener system-app system-events-hook system-master-apicast system-memcache system-recaptcha system-seed system-smtp

• Restore 3scale

k apply -f - <<EOF
---
apiVersion: apps.3scale.net/v1alpha1
kind: APIManagerRestore
metadata:
  name: example-apimanagerrestore-pvc
spec:
  restoreSource:
    persistentVolumeClaim:
      claimSource:
        claimName: example-apimanagerbackup-pvc
        readOnly: true
EOF

• The restore job checks that 3scale is up and running. When the restore object reports completed in the status, the restore process is complete

[eguzki]

local tests passed.

ready for review @sergioifg94 @Patryk-Stefanski

[codeclimate]

Code Climate has analyzed commit 1ab186f and detected 24 issues on this pull request.

Here's the issue category breakdown:

Category	Count
Complexity	2
Duplication	14
Style	8

View more on Code Climate.

[sergioifg94]

Code changes look good to me

[kevprice83]

Functionality looks to be restored to previous state. I cannot comment on the new behaviour added though.

I see in the steps to reproduce the example APIManagerBackup CR is slightly different to that in our official docs but I am assuming based on the comment in the yaml that this is insignificant and in the end is just an arbitrary value right?