K8SPG-771 | Backup snapshot improvements (#1478)

Signed-off-by: Mayank Shah <mayank.shah@percona.com>

Author: mayankshah1607

config/rbac/cluster/role.yaml

@@ -116,6 +116,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

config/rbac/namespace/role.yaml

@@ -116,6 +116,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

deploy/bundle.yaml

@@ -69402,6 +69402,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

deploy/cw-bundle.yaml

@@ -69402,6 +69402,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

deploy/cw-rbac.yaml

@@ -120,6 +120,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

deploy/rbac.yaml

@@ -120,6 +120,7 @@ rules:
   - leases
   verbs:
   - create
+  - delete
   - get
   - update
   - watch

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/google/go-cmp v0.7.0
 	github.com/google/uuid v1.6.0
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.8.0
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/kubernetes-csi/external-snapshotter/client/v8 v8.4.0
@@ -91,6 +92,7 @@ require (
 	github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/spf13/cobra v1.10.1 // indirect

go.sum

@@ -135,6 +135,11 @@ github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 h1:B+8ClL/kCQkRiU82d9xajR
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3/go.mod h1:NbCUVmiS4foBGBHOYlCT25+YmGpJ32dZPi75pGEUpj4=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=

percona/controller/pgbackup/snapshots/reconcile.go

@@ -3,13 +3,17 @@ package snapshots
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
+	merr "github.com/hashicorp/go-multierror"
 	volumesnapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -20,6 +24,7 @@ import (
 	"github.com/percona/percona-postgresql-operator/v2/internal/feature"
 	"github.com/percona/percona-postgresql-operator/v2/internal/logging"
 	"github.com/percona/percona-postgresql-operator/v2/internal/naming"
+	"github.com/percona/percona-postgresql-operator/v2/percona/k8s"
 	pNaming "github.com/percona/percona-postgresql-operator/v2/percona/naming"
 	v2 "github.com/percona/percona-postgresql-operator/v2/pkg/apis/pgv2.percona.com/v2"
 )
@@ -30,6 +35,8 @@ const (
 	defaultSnapshotErrorDeadline = 5 * time.Minute
 )
 
+var errVolumeSnapshotFailed = errors.New("volume snapshot failed")
+
 type snapshotExecutor interface {
 	// Prepare the cluster for performing a snapshot.
 	// Returns the name of the instance whose PVCs will be snapshotted.
@@ -149,6 +156,15 @@ func (r *snapshotReconciler) reconcileNew(ctx context.Context) (reconcile.Result
 		return reconcile.Result{RequeueAfter: time.Second * 5}, nil
 	}
 
+	acquired, err := r.tryAcquireLease(ctx)
+	if err != nil {
+		return reconcile.Result{}, errors.Wrap(err, "failed to acquire lease")
+	}
+	if !acquired {
+		r.log.Info("Backup lock is held by another backup")
+		return reconcile.Result{RequeueAfter: time.Second * 5}, nil
+	}
+
 	if updErr := r.backup.UpdateStatus(ctx, r.cl, func(bcp *v2.PerconaPGBackup) {
 		bcp.Status.State = v2.BackupStarting
 		bcp.Status.BackupType = v2.PGBackupTypeSnapshot
@@ -181,21 +197,42 @@ func (r *snapshotReconciler) reconcileRunning(ctx context.Context) (reconcile.Re
 		return reconcile.Result{}, errors.Wrap(err, "failed to get target PVCs")
 	}
 
+	// Gather VolumeSnapshot errors from all and report it at once in the status
+	// while failing the backup.
+	var snapshotErrors error
+
 	dataOk, err := r.reconcileDataSnapshot(ctx, dataPVC)
-	if err != nil {
+	if errors.Is(err, errVolumeSnapshotFailed) {
+		snapshotErrors = merr.Append(snapshotErrors, err)
+	} else if err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "failed to reconcile data snapshot")
 	}
 
 	walOk, err := r.reconcileWALSnapshot(ctx, walPVC)
-	if err != nil {
+	if errors.Is(err, errVolumeSnapshotFailed) {
+		snapshotErrors = merr.Append(snapshotErrors, err)
+	} else if err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "failed to reconcile WAL snapshot")
 	}
 
 	tablespaceOk, err := r.reconcileTablespaceSnapshot(ctx, tablespacePVCs)
-	if err != nil {
+	if errors.Is(err, errVolumeSnapshotFailed) {
+		snapshotErrors = merr.Append(snapshotErrors, err)
+	} else if err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "failed to reconcile tablespace snapshot")
 	}
 
+	if snapshotErrors != nil {
+		if updErr := r.backup.UpdateStatus(ctx, r.cl, func(bcp *v2.PerconaPGBackup) {
+			bcp.Status.State = v2.BackupFailed
+			bcp.Status.Error = fmt.Sprintf("one or more snapshots failed: %s", snapshotErrors)
+			bcp.Status.CompletedAt = ptr.To(metav1.Now())
+		}); updErr != nil {
+			return reconcile.Result{}, errors.Wrap(updErr, "failed to update backup status")
+		}
+		return reconcile.Result{}, errors.Wrap(errVolumeSnapshotFailed, snapshotErrors.Error())
+	}
+
 	if !dataOk || !walOk || !tablespaceOk {
 		return reconcile.Result{RequeueAfter: time.Second * 5}, nil
 	}
@@ -248,7 +285,7 @@ func (r *snapshotReconciler) reconcileSnapshot(ctx context.Context, volumeSnapsh
 			return false, nil
 		}
 
-		err := errors.New(message)
+		err := errors.Wrap(errVolumeSnapshotFailed, fmt.Sprintf("VolumeSnapshot %s failed: %s", volumeSnapshot.GetName(), message))
 
 		log.Error(err, "Volume snapshot failed")
 		return false, err
@@ -480,6 +517,11 @@ func (r *snapshotReconciler) complete(ctx context.Context) error {
 		return errors.Wrap(err, "finalize failed")
 	}
 
+	// release lease
+	if err := k8s.ReleaseLease(ctx, r.cl, r.backupLeaseName(), r.backupLeaseHolder(), r.cluster.GetNamespace()); err != nil {
+		return errors.Wrap(err, "failed to release lease")
+	}
+
 	// remove finalizer
 	if err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
 		bcp := r.backup.DeepCopy()
@@ -494,3 +536,55 @@ func (r *snapshotReconciler) complete(ctx context.Context) error {
 	}
 	return nil
 }
+
+func (r *snapshotReconciler) backupLeaseName() string {
+	return "pg-" + r.cluster.GetName() + "-backup-lock"
+}
+
+func (r *snapshotReconciler) backupLeaseHolder() string {
+	return fmt.Sprintf("%s|%s", r.backup.GetName(), r.backup.GetUID())
+}
+
+func (r *snapshotReconciler) parseBackupLeaseHolder(holder string) (string, types.UID) {
+	parts := strings.Split(holder, "|")
+	if len(parts) != 2 {
+		return "", ""
+	}
+	return parts[0], types.UID(parts[1])
+}
+
+func (r *snapshotReconciler) tryAcquireLease(ctx context.Context) (bool, error) {
+	leaseName := r.backupLeaseName()
+	leaseHolderID := r.backupLeaseHolder()
+
+	checkStale := func(ctx context.Context, currentHolder string) (bool, error) {
+		backupName, backupUID := r.parseBackupLeaseHolder(currentHolder)
+		if backupName == "" || backupUID == "" {
+			r.log.Info("Backup lease holder is malformed, acquiring lease anyway")
+			return true, nil
+		}
+
+		backup := &v2.PerconaPGBackup{}
+		if err := r.cl.Get(ctx, client.ObjectKey{Name: backupName, Namespace: r.cluster.GetNamespace()}, backup); k8serrors.IsNotFound(err) {
+			return true, nil
+		} else if err != nil {
+			return false, errors.Wrap(err, "failed to get backup")
+		} else if backup.GetUID() != backupUID {
+			// We found a backup with the same name, but different UID.
+			// So this isn't the same backup that was holding the lease.
+			return true, nil
+		}
+
+		// We found the backup that holds the lease. Check if it has completed fully before we acquire the lease.
+		return (backup.Status.State == v2.BackupFailed || backup.Status.State == v2.BackupSucceeded) &&
+			!controllerutil.ContainsFinalizer(backup, pNaming.FinalizerSnapshotInProgress), nil
+	}
+
+	if err := k8s.AcquireLease(ctx, r.cl, leaseName, leaseHolderID, r.cluster.GetNamespace(), checkStale); err != nil {
+		if errors.Is(err, k8s.ErrLeaseAlreadyHeld) || k8serrors.IsAlreadyExists(err) || k8serrors.IsConflict(err) {
+			return false, nil
+		}
+		return false, errors.Wrap(err, "failed to acquire lease")
+	}
+	return true, nil
+}