Merge pull request #1 from planetscale/enisoc-vtbackup

vtbackup: Clean up and add policy enforcement

Author: Daniel Kozlowski

docker/k8s/Dockerfile

@@ -33,6 +33,7 @@ COPY --from=base /vt/bin/vtctlclient /vt/bin/
 COPY --from=base /vt/bin/vtgate /vt/bin/
 COPY --from=base /vt/bin/vttablet /vt/bin/
 COPY --from=base /vt/bin/vtworker /vt/bin/
+COPY --from=base /vt/bin/vtbackup /vt/bin/
 
 # copy web admin files
 COPY --from=base $VTTOP/web /vt/web/
@@ -57,6 +58,9 @@ COPY --from=base $VTTOP/config/mycnf/backup.cnf /vt/config/mycnf/
 # settings to support rbr
 COPY --from=base $VTTOP/config/mycnf/rbr.cnf /vt/config/mycnf/
 
+# recommended production settings
+COPY --from=base $VTTOP/config/mycnf/production.cnf /vt/config/mycnf/
+
 # add vitess user and add permissions
 RUN groupadd -r --gid 2000 vitess && useradd -r -g vitess --uid 1000 vitess && \
    chown -R vitess:vitess /vt;

docker/k8s/vtbackup/Dockerfile

@@ -0,0 +1,25 @@
+FROM vitess/k8s AS k8s
+
+FROM debian:stretch-slim
+
+# Set up Vitess environment (just enough to run pre-built Go binaries)
+ENV VTROOT /vt
+ENV VTDATAROOT /vtdataroot
+
+# Prepare directory structure.
+RUN mkdir -p /vt/bin && mkdir -p /vtdataroot
+
+# Copy binaries
+COPY --from=k8s /vt/bin/vtbackup /vt/bin/
+
+# Copy certs to allow https calls
+COPY --from=k8s /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Copy vitess config
+COPY --from=k8s /vt/config /vt/config
+
+# add vitess user/group and add permissions
+RUN groupadd -r --gid 2000 vitess && \
+   useradd -r -g vitess --uid 1000 vitess && \
+   chown -R vitess:vitess /vt && \
+   chown -R vitess:vitess /vtdataroot

docker/lite/Dockerfile

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt
 
@@ -51,4 +52,4 @@ COPY --from=staging /vt/ /vt/
 
 # Create mount point for actual data (e.g. MySQL data dir)
 VOLUME /vt/vtdataroot
-USER vitess
+USER vitess

docker/lite/Dockerfile.alpine

@@ -13,6 +13,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 FROM alpine:3.8 
 

docker/lite/Dockerfile.mariadb

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt
 

docker/lite/Dockerfile.mariadb103

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 RUN chown -R vitess:vitess /vt
 
 FROM debian:stretch-slim

docker/lite/Dockerfile.mysql56

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt
 
@@ -51,4 +52,4 @@ COPY --from=staging /vt/ /vt/
 
 # Create mount point for actual data (e.g. MySQL data dir)
 VOLUME /vt/vtdataroot
-USER vitess
+USER vitess

docker/lite/Dockerfile.mysql57

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt
 
@@ -51,4 +52,4 @@ COPY --from=staging /vt/ /vt/
 
 # Create mount point for actual data (e.g. MySQL data dir)
 VOLUME /vt/vtdataroot
-USER vitess
+USER vitess

docker/lite/Dockerfile.mysql80

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt
 
@@ -51,4 +52,4 @@ COPY --from=staging /vt/ /vt/
 
 # Create mount point for actual data (e.g. MySQL data dir)
 VOLUME /vt/vtdataroot
-USER vitess
+USER vitess

docker/lite/Dockerfile.percona

@@ -15,6 +15,7 @@ COPY --from=builder /vt/bin/vtctlclient /vt/bin/
 COPY --from=builder /vt/bin/vtgate /vt/bin/
 COPY --from=builder /vt/bin/vttablet /vt/bin/
 COPY --from=builder /vt/bin/vtworker /vt/bin/
+COPY --from=builder /vt/bin/vtbackup /vt/bin/
 
 RUN chown -R vitess:vitess /vt