From 86eb13439b4ceceaf00de09fb9e2e183ed94800f Mon Sep 17 00:00:00 2001 From: zerospiel Date: Fri, 10 Jan 2025 18:15:14 +0100 Subject: [PATCH] Backup implementation * install velero via flux rather than code * TODO: code removal due to the chart installation * adjusted roles for the velero chart * removed unnecessary controller values * fix bug in providertemplates ctrl when ownerreferences are being updated but requeue is not set * TODO: actually remove the code * TODO: rework controller to ticker but watch the mgmt events and manage schedule instead of velero schedule --- PROJECT | 4 +- api/v1alpha1/management_backup_types.go | 10 +- api/v1alpha1/management_types.go | 2 +- cmd/main.go | 2 +- internal/controller/backup/collect.go | 14 +- internal/controller/backup/type.go | 8 +- internal/controller/credential_controller.go | 4 +- .../management_backup_controller.go | 154 +++++---- internal/controller/template_controller.go | 4 +- internal/credspropagation/common.go | 4 +- internal/webhook/managementbackup_webhook.go | 4 +- .../cluster/vsphere-hosted-cp/Chart.yaml | 2 +- .../cluster/vsphere-standalone-cp/Chart.yaml | 2 +- templates/provider/kcm/Chart.lock | 7 +- templates/provider/kcm/Chart.yaml | 4 + templates/provider/kcm/templates/_helpers.tpl | 8 - .../crds/k0rdent.mirantis.com_backups.yaml | 316 ------------------ ...rdent.mirantis.com_managementbackups.yaml} | 8 +- .../k0rdent.mirantis.com_managements.yaml | 2 +- .../provider/kcm/templates/deployment.yaml | 10 - .../rbac/controller/rolebindings.yaml | 16 + .../kcm/templates/rbac/controller/roles.yaml | 59 +--- .../kcm/templates/serviceaccount.yaml | 10 + .../provider/kcm/templates/webhooks.yaml | 10 +- templates/provider/kcm/values.yaml | 56 +++- 25 files changed, 210 insertions(+), 510 deletions(-) delete mode 100644 templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml rename templates/provider/kcm/templates/crds/{hmc.mirantis.com_managementbackups.yaml => k0rdent.mirantis.com_managementbackups.yaml} (97%) diff --git a/PROJECT b/PROJECT index d2319b5b..28ea0196 100644 --- a/PROJECT +++ b/PROJECT @@ -108,8 +108,8 @@ resources: crdVersion: v1 namespaced: true controller: true - domain: hmc.mirantis.com - group: hmc.mirantis.com + domain: k0rdent.mirantis.com + group: k0rdent.mirantis.com kind: ManagementBackup path: github.com/K0rdent/kcm/api/v1alpha1 version: v1alpha1 diff --git a/api/v1alpha1/management_backup_types.go b/api/v1alpha1/management_backup_types.go index 3ae21e24..e3826105 100644 --- a/api/v1alpha1/management_backup_types.go +++ b/api/v1alpha1/management_backup_types.go @@ -21,11 +21,11 @@ import ( ) const ( - // Name to label most of the HMC-related components. + // Name to label most of the KCM-related components. // Mostly utilized by the backup feature. - GenericComponentLabelName = "hmc.mirantis.com/component" - // Component label value for the HMC-related components. - GenericComponentLabelValueHMC = "hmc" + GenericComponentLabelName = "k0rdent.mirantis.com/component" + // Component label value for the KCM-related components. + GenericComponentLabelValueKCM = "kcm" ) // ManagementBackupSpec defines the desired state of ManagementBackup @@ -64,7 +64,7 @@ func (in *ManagementBackupStatus) GetScheduleCopy() velerov1.ScheduleStatus { // +kubebuilder:object:root=true // +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Cluster,shortName=hmcbackup;mgmtbackup +// +kubebuilder:resource:scope=Cluster,shortName=kcmbackup;mgmtbackup // +kubebuilder:printcolumn:name="NextBackup",type=string,JSONPath=`.status.nextAttempt`,description="Next scheduled attempt to back up",priority=0 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.schedule.phase`,description="Schedule phase",priority=0 // +kubebuilder:printcolumn:name="SinceLastBackup",type=date,JSONPath=`.status.schedule.lastBackup`,description="Time elapsed since last backup run",priority=1 diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go index b0c0f352..2f3757df 100644 --- a/api/v1alpha1/management_types.go +++ b/api/v1alpha1/management_types.go @@ -55,7 +55,7 @@ type Core struct { CAPI Component `json:"capi,omitempty"` } -// Backup enables a feature to backup HMC objects into a cloud. +// Backup enables a feature to backup KCM objects into a cloud. type Backup struct { // +kubebuilder:example={customPlugins: {"alibabacloud": "registry..aliyuncs.com/acs/velero:1.4.2", "community.openstack.org/openstack": "lirt/velero-plugin-for-openstack:v0.6.0"}} diff --git a/cmd/main.go b/cmd/main.go index 1ae8bad5..663fae88 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -394,7 +394,7 @@ func setupWebhooks(mgr ctrl.Manager, currentNamespace string) error { setupLog.Error(err, "unable to create webhook", "webhook", "Release") return err } - if err := (&hmcwebhook.ManagementBackupValidator{}).SetupWebhookWithManager(mgr); err != nil { + if err := (&kcmwebhook.ManagementBackupValidator{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "ManagementBackup") return err } diff --git a/internal/controller/backup/collect.go b/internal/controller/backup/collect.go index 8184ebab..63b1022b 100644 --- a/internal/controller/backup/collect.go +++ b/internal/controller/backup/collect.go @@ -28,7 +28,7 @@ import ( clusterapiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" "sigs.k8s.io/controller-runtime/pkg/client" - hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" + kcmv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) func (c *Config) getBackupTemplateSpec(ctx context.Context) (*velerov1api.BackupSpec, error) { @@ -40,13 +40,13 @@ func (c *Config) getBackupTemplateSpec(ctx context.Context) (*velerov1api.Backup orSelectors := []*metav1.LabelSelector{ // fixed ones - selector(hmcv1alpha1.GenericComponentLabelName, hmcv1alpha1.GenericComponentLabelValueHMC), + selector(kcmv1alpha1.GenericComponentLabelName, kcmv1alpha1.GenericComponentLabelValueKCM), selector(certmanagerv1.PartOfCertManagerControllerLabelKey, "true"), - selector(hmcv1alpha1.FluxHelmChartNameKey, hmcv1alpha1.CoreHMCName), + selector(kcmv1alpha1.FluxHelmChartNameKey, kcmv1alpha1.CoreKCMName), selector(clusterapiv1beta1.ProviderNameLabel, "cluster-api"), } - clusterTemplates := new(hmcv1alpha1.ClusterTemplateList) + clusterTemplates := new(kcmv1alpha1.ClusterTemplateList) if err := c.cl.List(ctx, clusterTemplates); err != nil { return nil, fmt.Errorf("failed to list ClusterTemplates: %w", err) } @@ -112,10 +112,10 @@ func sortDedup(selectors []*metav1.LabelSelector) []*metav1.LabelSelector { } func getClusterDeploymentsSelectors(ctx context.Context, cl client.Client, clusterTemplateRef string) ([]*metav1.LabelSelector, error) { - cldeploys := new(hmcv1alpha1.ClusterDeploymentList) + cldeploys := new(kcmv1alpha1.ClusterDeploymentList) opts := []client.ListOption{} if clusterTemplateRef != "" { - opts = append(opts, client.MatchingFields{hmcv1alpha1.ClusterDeploymentTemplateIndexKey: clusterTemplateRef}) + opts = append(opts, client.MatchingFields{kcmv1alpha1.ClusterDeploymentTemplateIndexKey: clusterTemplateRef}) } if err := cl.List(ctx, cldeploys, opts...); err != nil { @@ -124,7 +124,7 @@ func getClusterDeploymentsSelectors(ctx context.Context, cl client.Client, clust selectors := make([]*metav1.LabelSelector, len(cldeploys.Items)*2) for i, cldeploy := range cldeploys.Items { - selectors[i] = selector(hmcv1alpha1.FluxHelmChartNameKey, cldeploy.Name) + selectors[i] = selector(kcmv1alpha1.FluxHelmChartNameKey, cldeploy.Name) selectors[i+1] = selector(clusterapiv1beta1.ClusterNameLabel, cldeploy.Name) } diff --git a/internal/controller/backup/type.go b/internal/controller/backup/type.go index 2644f0c4..cf77f0f5 100644 --- a/internal/controller/backup/type.go +++ b/internal/controller/backup/type.go @@ -22,7 +22,7 @@ import ( velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" "sigs.k8s.io/controller-runtime/pkg/client" - kcmv1 "github.com/K0rdent/kcm/api/v1alpha1" + kcmv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) // Typ indicates type of a ManagementBackup object. @@ -38,7 +38,7 @@ const ( ) // GetType returns type of the ManagementBackup, returns TypeNone if undefined. -func GetType(instance *hmcv1alpha1.ManagementBackup) Typ { +func GetType(instance *kcmv1alpha1.ManagementBackup) Typ { if instance.Status.Reference == nil { return TypeNone } @@ -58,8 +58,8 @@ func GetType(instance *hmcv1alpha1.ManagementBackup) Typ { var ErrNoManagementExists = errors.New("no Management object exists") // GetManagement fetches a Management object. -func (c *Config) GetManagement(ctx context.Context) (*hmcv1alpha1.Management, error) { - mgmts := new(hmcv1alpha1.ManagementList) +func (c *Config) GetManagement(ctx context.Context) (*kcmv1alpha1.Management, error) { + mgmts := new(kcmv1alpha1.ManagementList) if err := c.cl.List(ctx, mgmts, client.Limit(1)); err != nil { return nil, fmt.Errorf("failed to list Management: %w", err) } diff --git a/internal/controller/credential_controller.go b/internal/controller/credential_controller.go index 0bd21f35..4407921a 100644 --- a/internal/controller/credential_controller.go +++ b/internal/controller/credential_controller.go @@ -82,7 +82,7 @@ func (r *CredentialReconciler) Reconcile(ctx context.Context, req ctrl.Request) return ctrl.Result{}, err } - if err := utils.AddHMCComponentLabel(ctx, r.Client, clIdty); err != nil { + if err := utils.AddKCMComponentLabel(ctx, r.Client, clIdty); err != nil { l.Error(err, "adding component label to the ClusterIdentity") return ctrl.Result{}, err } @@ -219,7 +219,7 @@ func (r *CredentialReconciler) updateAWSSecretFromClusterStaticIdentity(ctx cont return fmt.Errorf("failed to get Secret %s referenced in %s %s: %w", key, clStaticIdentity.GetKind(), clStaticIdentity.GetName(), err) } - if err := utils.AddHMCComponentLabel(ctx, r.Client, secret); err != nil { + if err := utils.AddKCMComponentLabel(ctx, r.Client, secret); err != nil { return fmt.Errorf("failed to add component label: %w", err) } diff --git a/internal/controller/management_backup_controller.go b/internal/controller/management_backup_controller.go index 8a369b09..76b208ef 100644 --- a/internal/controller/management_backup_controller.go +++ b/internal/controller/management_backup_controller.go @@ -20,11 +20,9 @@ import ( "fmt" "os" "slices" - "strings" "time" velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" - appsv1 "k8s.io/api/apps/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/rest" @@ -36,7 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" - hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" + kcmv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" "github.com/K0rdent/kcm/internal/controller/backup" ) @@ -50,7 +48,7 @@ type ManagementBackupReconciler struct { func (r *ManagementBackupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { l := ctrl.LoggerFrom(ctx) - backupInstance := new(hmcv1alpha1.ManagementBackup) + backupInstance := new(kcmv1alpha1.ManagementBackup) err := r.Client.Get(ctx, req.NamespacedName, backupInstance) if ierr := client.IgnoreNotFound(err); ierr != nil { l.Error(ierr, "unable to fetch ManagementBackup") @@ -95,18 +93,18 @@ func (r *ManagementBackupReconciler) Reconcile(ctx context.Context, req ctrl.Req backupInstance.Namespace = req.Namespace } - if requestEqualsMgmt { - l.Info("Reconciling velero stack parts") - installRes, err := r.config.ReconcileVeleroInstallation(ctx, mgmt) - if err != nil { - l.Error(err, "velero stack installation") - return ctrl.Result{}, err - } + // if requestEqualsMgmt { + // l.Info("Reconciling velero stack parts") + // installRes, err := r.config.ReconcileVeleroInstallation(ctx, mgmt) + // if err != nil { + // l.Error(err, "velero stack installation") + // return ctrl.Result{}, err + // } - if !installRes.IsZero() { - return installRes, nil - } - } + // if !installRes.IsZero() { + // return installRes, nil + // } + // } if btype == backup.TypeNone { if requestEqualsMgmt { @@ -139,14 +137,14 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { // NOTE: without installed CRDs it is impossible to initialize informers // and the uncached client is required because it this point the manager // still has not started the cache yet - uncachedCl, err := client.New(mgr.GetConfig(), client.Options{Cache: nil}) - if err != nil { - return fmt.Errorf("failed to create uncached client: %w", err) - } + // uncachedCl, err := client.New(mgr.GetConfig(), client.Options{Cache: nil}) + // if err != nil { + // return fmt.Errorf("failed to create uncached client: %w", err) + // } - if err := r.config.InstallVeleroCRDs(uncachedCl); err != nil { - return fmt.Errorf("failed to install velero CRDs: %w", err) - } + // if err := r.config.InstallVeleroCRDs(uncachedCl); err != nil { + // return fmt.Errorf("failed to install velero CRDs: %w", err) + // } getManagementNameIfEnabled := func(ctx context.Context) ctrl.Request { mgmt, err := r.config.GetManagement(ctx) @@ -165,7 +163,7 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). - For(&hmcv1alpha1.ManagementBackup{}). + For(&kcmv1alpha1.ManagementBackup{}). Owns(&velerov1api.Backup{}, builder.WithPredicates( predicate.Funcs{ @@ -181,35 +179,35 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, }, )). - Watches(&velerov1api.BackupStorageLocation{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { - return enqueueIfManagementEnabled(getManagementNameIfEnabled(ctx)) - }), builder.WithPredicates( - predicate.Funcs{ - GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, - DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, - CreateFunc: func(event.TypedCreateEvent[client.Object]) bool { return true }, - UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { - oldBSL, ok := tue.ObjectOld.(*velerov1api.BackupStorageLocation) - if !ok { - return false - } - - newBSL, ok := tue.ObjectNew.(*velerov1api.BackupStorageLocation) - if !ok { - return false - } - - return newBSL.Spec.Provider != oldBSL.Spec.Provider - }, - }, - )). - Watches(&hmcv1alpha1.Management{}, handler.Funcs{ + // Watches(&velerov1api.BackupStorageLocation{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { + // return enqueueIfManagementEnabled(getManagementNameIfEnabled(ctx)) + // }), builder.WithPredicates( + // predicate.Funcs{ + // GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, + // DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, + // CreateFunc: func(event.TypedCreateEvent[client.Object]) bool { return true }, + // UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { + // oldBSL, ok := tue.ObjectOld.(*velerov1api.BackupStorageLocation) + // if !ok { + // return false + // } + + // newBSL, ok := tue.ObjectNew.(*velerov1api.BackupStorageLocation) + // if !ok { + // return false + // } + + // return newBSL.Spec.Provider != oldBSL.Spec.Provider + // }, + // }, + // )). + Watches(&kcmv1alpha1.Management{}, handler.Funcs{ GenericFunc: nil, DeleteFunc: func(_ context.Context, tde event.TypedDeleteEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tde.Object)}) // disable schedule on mgmt absence }, CreateFunc: func(_ context.Context, tce event.TypedCreateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { - mgmt, ok := tce.Object.(*hmcv1alpha1.Management) + mgmt, ok := tce.Object.(*kcmv1alpha1.Management) if !ok || !mgmt.Spec.Backup.Enabled { return } @@ -217,12 +215,12 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tce.Object)}) }, UpdateFunc: func(_ context.Context, tue event.TypedUpdateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { - oldMgmt, ok := tue.ObjectOld.(*hmcv1alpha1.Management) + oldMgmt, ok := tue.ObjectOld.(*kcmv1alpha1.Management) if !ok { return } - newMgmt, ok := tue.ObjectNew.(*hmcv1alpha1.Management) + newMgmt, ok := tue.ObjectNew.(*kcmv1alpha1.Management) if !ok { return } @@ -235,19 +233,19 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tue.ObjectNew)}) }, }). - Watches(&appsv1.Deployment{}, handler.Funcs{ - GenericFunc: nil, - DeleteFunc: nil, - CreateFunc: nil, - UpdateFunc: func(ctx context.Context, tue event.TypedUpdateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { - if tue.ObjectNew.GetNamespace() != r.config.GetVeleroSystemNamespace() || tue.ObjectNew.GetName() != backup.VeleroName { - return - } - - q.Add(getManagementNameIfEnabled(ctx)) - }, - }). - Watches(&hmcv1alpha1.ClusterDeployment{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { + // Watches(&appsv1.Deployment{}, handler.Funcs{ + // GenericFunc: nil, + // DeleteFunc: nil, + // CreateFunc: nil, + // UpdateFunc: func(ctx context.Context, tue event.TypedUpdateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { + // if tue.ObjectNew.GetNamespace() != r.config.GetVeleroSystemNamespace() || tue.ObjectNew.GetName() != backup.VeleroName { + // return + // } + + // q.Add(getManagementNameIfEnabled(ctx)) + // }, + // }). + Watches(&kcmv1alpha1.ClusterDeployment{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { return enqueueIfManagementEnabled(getManagementNameIfEnabled(ctx)) }), builder.WithPredicates( predicate.Funcs{ @@ -255,12 +253,12 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { CreateFunc: func(event.TypedCreateEvent[client.Object]) bool { return true }, DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return true }, UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { - oldObj, ok := tue.ObjectOld.(*hmcv1alpha1.ClusterDeployment) + oldObj, ok := tue.ObjectOld.(*kcmv1alpha1.ClusterDeployment) if !ok { return false } - newObj, ok := tue.ObjectNew.(*hmcv1alpha1.ClusterDeployment) + newObj, ok := tue.ObjectNew.(*kcmv1alpha1.ClusterDeployment) if !ok { return false } @@ -269,7 +267,7 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { }, }, )). - Watches(&hmcv1alpha1.ClusterTemplate{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { + Watches(&kcmv1alpha1.ClusterTemplate{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { return enqueueIfManagementEnabled(getManagementNameIfEnabled(ctx)) }), builder.WithPredicates( predicate.Funcs{ @@ -277,12 +275,12 @@ func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { CreateFunc: func(event.TypedCreateEvent[client.Object]) bool { return true }, DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return true }, UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { - oldObj, ok := tue.ObjectOld.(*hmcv1alpha1.ClusterTemplate) + oldObj, ok := tue.ObjectOld.(*kcmv1alpha1.ClusterTemplate) if !ok { return false } - newObj, ok := tue.ObjectNew.(*hmcv1alpha1.ClusterTemplate) + newObj, ok := tue.ObjectNew.(*kcmv1alpha1.ClusterTemplate) if !ok { return false } @@ -300,13 +298,13 @@ func parseEnvsToConfig(cl client.Client, mgr interface { }, ) (*backup.Config, error) { const ( - installationReqDurationEnv = "BACKUP_CTRL_INSTALL_READINESS_REQUEUE_DURATION" - reqDurationEnv = "BACKUP_CTRL_REQUEUE_DURATION" + // installationReqDurationEnv = "BACKUP_CTRL_INSTALL_READINESS_REQUEUE_DURATION" + reqDurationEnv = "BACKUP_CTRL_REQUEUE_DURATION" ) - installationRequeueAfter, err := time.ParseDuration(os.Getenv(installationReqDurationEnv)) - if err != nil { - return nil, fmt.Errorf("failed to parse env %s duration: %w", installationReqDurationEnv, err) - } + // installationRequeueAfter, err := time.ParseDuration(os.Getenv(installationReqDurationEnv)) + // if err != nil { + // return nil, fmt.Errorf("failed to parse env %s duration: %w", installationReqDurationEnv, err) + // } objectsRequeueAfter, err := time.ParseDuration(os.Getenv(reqDurationEnv)) if err != nil { @@ -314,11 +312,11 @@ func parseEnvsToConfig(cl client.Client, mgr interface { } return backup.NewConfig(cl, mgr.GetConfig(), mgr.GetScheme(), - backup.WithFeatures(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_FEATURES"), ", ", ","), ",")...), - backup.WithInstallationRequeueAfter(installationRequeueAfter), + // backup.WithFeatures(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_FEATURES"), ", ", ","), ",")...), + // backup.WithInstallationRequeueAfter(installationRequeueAfter), backup.WithObjectsRequeueAfter(objectsRequeueAfter), - backup.WithVeleroImage(os.Getenv("BACKUP_BASIC_IMAGE")), - backup.WithVeleroSystemNamespace(os.Getenv("BACKUP_SYSTEM_NAMESPACE")), - backup.WithPluginImages(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_PLUGIN_IMAGES"), ", ", ","), ",")...), + // backup.WithVeleroImage(os.Getenv("BACKUP_BASIC_IMAGE")), + // backup.WithVeleroSystemNamespace(os.Getenv("BACKUP_SYSTEM_NAMESPACE")), + // backup.WithPluginImages(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_PLUGIN_IMAGES"), ", ", ","), ",")...), ), nil } diff --git a/internal/controller/template_controller.go b/internal/controller/template_controller.go index 95ada543..d7315bef 100644 --- a/internal/controller/template_controller.go +++ b/internal/controller/template_controller.go @@ -97,7 +97,7 @@ func (r *ClusterTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Requ if err := r.validateCompatibilityAttrs(ctx, clusterTemplate); err != nil { if apierrors.IsNotFound(err) { l.Info("Validation cannot be performed until Management cluster appears", "requeue in", defaultRequeueTime) - return ctrl.Result{RequeueAfter: defaultRequeueTime}, nil + return ctrl.Result{RequeueAfter: defaultRequeueTime}, nil // generation has not changed, need explicit requeue } l.Error(err, "failed to validate compatibility attributes") @@ -160,7 +160,7 @@ func (r *ProviderTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Req } if changed { l.Info("Updating OwnerReferences with associated Releases") - return ctrl.Result{}, r.Update(ctx, providerTemplate) + return ctrl.Result{Requeue: true}, r.Update(ctx, providerTemplate) } return r.ReconcileTemplate(ctx, providerTemplate) diff --git a/internal/credspropagation/common.go b/internal/credspropagation/common.go index 7eeb4e54..a01bb2fc 100644 --- a/internal/credspropagation/common.go +++ b/internal/credspropagation/common.go @@ -60,7 +60,7 @@ func makeSecret(name string, data map[string][]byte) *corev1.Secret { Name: name, Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - hmc.GenericComponentLabelName: hmc.GenericComponentLabelValueHMC, + kcm.GenericComponentLabelName: kcm.GenericComponentLabelValueKCM, }, }, Data: data, @@ -75,7 +75,7 @@ func makeConfigMap(name string, data map[string]string) *corev1.ConfigMap { Name: name, Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - hmc.GenericComponentLabelName: hmc.GenericComponentLabelValueHMC, + kcm.GenericComponentLabelName: kcm.GenericComponentLabelValueKCM, }, }, Data: data, diff --git a/internal/webhook/managementbackup_webhook.go b/internal/webhook/managementbackup_webhook.go index 02d4ef88..b514732a 100644 --- a/internal/webhook/managementbackup_webhook.go +++ b/internal/webhook/managementbackup_webhook.go @@ -25,7 +25,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" + kcmv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) type ManagementBackupValidator struct { @@ -36,7 +36,7 @@ type ManagementBackupValidator struct { func (v *ManagementBackupValidator) SetupWebhookWithManager(mgr ctrl.Manager) error { v.Client = mgr.GetClient() return ctrl.NewWebhookManagedBy(mgr). - For(&hmcv1alpha1.ManagementBackup{}). + For(&kcmv1alpha1.ManagementBackup{}). WithValidator(v). Complete() } diff --git a/templates/cluster/vsphere-hosted-cp/Chart.yaml b/templates/cluster/vsphere-hosted-cp/Chart.yaml index cd74a077..0056449f 100644 --- a/templates/cluster/vsphere-hosted-cp/Chart.yaml +++ b/templates/cluster/vsphere-hosted-cp/Chart.yaml @@ -15,7 +15,7 @@ version: 0.0.5 appVersion: "v1.31.1+k0s.1" annotations: cluster.x-k8s.io/provider: infrastructure-vsphere, control-plane-k0sproject-k0smotron, bootstrap-k0sproject-k0smotron - hmc.mirantis.com/type: deployment + k0rdent.mirantis.com/type: deployment cluster.x-k8s.io/bootstrap-k0sproject-k0smotron: v1beta1 cluster.x-k8s.io/control-plane-k0sproject-k0smotron: v1beta1 cluster.x-k8s.io/infrastructure-vsphere: v1beta1 diff --git a/templates/cluster/vsphere-standalone-cp/Chart.yaml b/templates/cluster/vsphere-standalone-cp/Chart.yaml index 60b89b18..8fa9645c 100644 --- a/templates/cluster/vsphere-standalone-cp/Chart.yaml +++ b/templates/cluster/vsphere-standalone-cp/Chart.yaml @@ -14,7 +14,7 @@ version: 0.0.5 appVersion: "v1.31.1+k0s.1" annotations: cluster.x-k8s.io/provider: infrastructure-vsphere, control-plane-k0sproject-k0smotron, bootstrap-k0sproject-k0smotron - hmc.mirantis.com/type: deployment + k0rdent.mirantis.com/type: deployment cluster.x-k8s.io/bootstrap-k0sproject-k0smotron: v1beta1 cluster.x-k8s.io/control-plane-k0sproject-k0smotron: v1beta1 cluster.x-k8s.io/infrastructure-vsphere: v1beta1 diff --git a/templates/provider/kcm/Chart.lock b/templates/provider/kcm/Chart.lock index 4e6d19bd..c91e0fec 100644 --- a/templates/provider/kcm/Chart.lock +++ b/templates/provider/kcm/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator version: 0.15.1 -digest: sha256:ba894e71230268164bfcd65813ac700776cc7da1603fd68522cdedd543468d97 -generated: "2024-12-30T09:28:33.584882+07:00" +- name: velero + repository: https://vmware-tanzu.github.io/helm-charts + version: 8.2.0 +digest: sha256:cf8aa76af18925a80c248a60bbaa5c4d0be076e4ef772924338d5a5ec0ffaf3d +generated: "2025-01-10T15:17:42.03581+01:00" diff --git a/templates/provider/kcm/Chart.yaml b/templates/provider/kcm/Chart.yaml index d8cbf26c..950d8f0a 100644 --- a/templates/provider/kcm/Chart.yaml +++ b/templates/provider/kcm/Chart.yaml @@ -28,3 +28,7 @@ dependencies: version: 0.15.1 repository: https://kubernetes-sigs.github.io/cluster-api-operator condition: cluster-api-operator.enabled + - name: velero + version: 8.2.0 + repository: https://vmware-tanzu.github.io/helm-charts + condition: velero.enabled diff --git a/templates/provider/kcm/templates/_helpers.tpl b/templates/provider/kcm/templates/_helpers.tpl index 4a6be0d9..e771596d 100644 --- a/templates/provider/kcm/templates/_helpers.tpl +++ b/templates/provider/kcm/templates/_helpers.tpl @@ -109,11 +109,3 @@ kcm-webhook - list - watch {{- end -}} - -{{- define "backup.imageName" -}} -{{- if (.Values.controller.backup.image.fullName) -}} -{{- .Values.controller.backup.image.fullName -}} -{{- else -}} -{{- printf "%s/%s:%s" .Values.controller.backup.image.repository .Values.controller.backup.image.name .Values.controller.backup.image.tag -}} -{{- end -}} -{{- end -}} diff --git a/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml b/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml deleted file mode 100644 index b3f9d083..00000000 --- a/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml +++ /dev/null @@ -1,316 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.3 -<<<<<<<< HEAD:templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml - name: backups.k0rdent.mirantis.com -======== - name: managementbackups.hmc.mirantis.com ->>>>>>>> fb31e55 (Backup implementation part 2):templates/provider/kcm/templates/crds/hmc.mirantis.com_managementbackups.yaml -spec: - group: k0rdent.mirantis.com - names: - kind: ManagementBackup - listKind: ManagementBackupList - plural: managementbackups - shortNames: - - hmcbackup - - mgmtbackup - singular: managementbackup - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Next scheduled attempt to back up - jsonPath: .status.nextAttempt - name: NextBackup - type: string - - description: Schedule phase - jsonPath: .status.schedule.phase - name: Status - type: string - - description: Time elapsed since last backup run - jsonPath: .status.schedule.lastBackup - name: SinceLastBackup - priority: 1 - type: date - - description: Status of last backup run - jsonPath: .status.lastBackup.phase - name: LastBackupStatus - type: string - - description: Time elapsed since object creation - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Schedule is on pause - jsonPath: .status.schedulePaused - name: Paused - priority: 1 - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: ManagementBackup is the Schema for the backups API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ManagementBackupSpec defines the desired state of ManagementBackup - type: object - status: - description: ManagementBackupStatus defines the observed state of ManagementBackup - properties: - lastBackup: - description: Last Velero Backup that has been created. - properties: - backupItemOperationsAttempted: - description: |- - BackupItemOperationsAttempted is the total number of attempted - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: |- - BackupItemOperationsCompleted is the total number of successfully completed - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsFailed: - description: |- - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an error. - type: integer - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: |- - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: |- - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: |- - Errors is a count of all error messages that were generated during - execution of the backup. The actual errors are in the backup's log - file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire - backup to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - hookStatus: - description: HookStatus contains information about the status - of the hooks. - nullable: true - properties: - hooksAttempted: - description: |- - HooksAttempted is the total number of attempted hooks - Specifically, HooksAttempted represents the number of hooks that failed to execute - and the number of hooks that executed successfully. - type: integer - hooksFailed: - description: HooksFailed is the total number of hooks which - ended with an error - type: integer - type: object - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: |- - Progress contains information about the backup's execution progress. Note - that this information is best-effort only -- if Velero fails to update it - during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: |- - ItemsBackedUp is the number of items that have actually been written to the - backup tarball so far. - type: integer - totalItems: - description: |- - TotalItems is the total number of items to be backed up. This number may change - throughout the execution of the backup due to plugins that return additional related - items to back up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable). - items: - type: string - nullable: true - type: array - version: - description: |- - Version is the backup format major version. - Deprecated: Please see FormatVersion - type: integer - volumeSnapshotsAttempted: - description: |- - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: |- - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: |- - Warnings is a count of all warning messages that were generated during - execution of the backup. The actual warnings are in the backup's log - file in object storage. - type: integer - type: object - nextAttempt: - description: |- - NextAttempt indicates the time when the next scheduled backup will be performed. - Always absent for the ManagementBackups with a schedule. - format: date-time - type: string - reference: - description: |- - Reference to the underlying Velero object being managed. - Might be either Velero Backup or Schedule. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - schedule: - description: |- - Status of the Velero Schedule for the Management scheduled backups. - Always absent for the ManagementBackups with a schedule. - properties: - lastBackup: - description: |- - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - lastSkipped: - description: LastSkipped is the last time a Schedule was skipped - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable) - items: - type: string - type: array - type: object - schedulePaused: - description: SchedulePaused indicates if the Velero Schedule is paused. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/templates/provider/kcm/templates/crds/hmc.mirantis.com_managementbackups.yaml b/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managementbackups.yaml similarity index 97% rename from templates/provider/kcm/templates/crds/hmc.mirantis.com_managementbackups.yaml rename to templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managementbackups.yaml index b3f9d083..07d94ac1 100644 --- a/templates/provider/kcm/templates/crds/hmc.mirantis.com_managementbackups.yaml +++ b/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managementbackups.yaml @@ -4,11 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 -<<<<<<<< HEAD:templates/provider/kcm/templates/crds/k0rdent.mirantis.com_backups.yaml - name: backups.k0rdent.mirantis.com -======== - name: managementbackups.hmc.mirantis.com ->>>>>>>> fb31e55 (Backup implementation part 2):templates/provider/kcm/templates/crds/hmc.mirantis.com_managementbackups.yaml + name: managementbackups.k0rdent.mirantis.com spec: group: k0rdent.mirantis.com names: @@ -16,7 +12,7 @@ spec: listKind: ManagementBackupList plural: managementbackups shortNames: - - hmcbackup + - kcmbackup - mgmtbackup singular: managementbackup scope: Cluster diff --git a/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managements.yaml b/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managements.yaml index 8c531bc7..75199292 100644 --- a/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managements.yaml +++ b/templates/provider/kcm/templates/crds/k0rdent.mirantis.com_managements.yaml @@ -43,7 +43,7 @@ spec: description: ManagementSpec defines the desired state of Management properties: backup: - description: Backup enables a feature to backup HMC objects into a + description: Backup enables a feature to backup KCM objects into a cloud. properties: customPlugins: diff --git a/templates/provider/kcm/templates/deployment.yaml b/templates/provider/kcm/templates/deployment.yaml index d32803d9..2a05b6a8 100644 --- a/templates/provider/kcm/templates/deployment.yaml +++ b/templates/provider/kcm/templates/deployment.yaml @@ -39,18 +39,8 @@ spec: env: - name: KUBERNETES_CLUSTER_DOMAIN value: {{ quote .Values.kubernetesClusterDomain }} - - name: BACKUP_BASIC_IMAGE - value: {{ template "backup.imageName" . }} - - name: BACKUP_FEATURES - value: {{ .Values.controller.backup.features }} - - name: BACKUP_SYSTEM_NAMESPACE - value: {{ .Values.controller.backup.namespace }} - - name: BACKUP_CTRL_INSTALL_READINESS_REQUEUE_DURATION - value: {{ .Values.controller.backup.installReadinessRequeuePeriod }} - name: BACKUP_CTRL_REQUEUE_DURATION value: {{ .Values.controller.backup.requeuePeriod }} - - name: BACKUP_PLUGIN_IMAGES - value: {{ join "," .Values.controller.backup.veleroPluginImages | quote }} image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/templates/provider/kcm/templates/rbac/controller/rolebindings.yaml b/templates/provider/kcm/templates/rbac/controller/rolebindings.yaml index 427e5564..78add50c 100644 --- a/templates/provider/kcm/templates/rbac/controller/rolebindings.yaml +++ b/templates/provider/kcm/templates/rbac/controller/rolebindings.yaml @@ -28,3 +28,19 @@ subjects: - kind: ServiceAccount name: '{{ include "kcm.fullname" . }}-controller-manager' namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kcm.fullname" . }}-velero-server-rolebinding + namespace: {{ .Release.Namespace }} + labels: + {{- include "kcm.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "kcm.fullname" . }}-velero-server-role' +subjects: + - kind: ServiceAccount + name: velero-server-sa + namespace: '{{ .Release.Namespace }}' diff --git a/templates/provider/kcm/templates/rbac/controller/roles.yaml b/templates/provider/kcm/templates/rbac/controller/roles.yaml index cbc8dbfd..11011080 100644 --- a/templates/provider/kcm/templates/rbac/controller/roles.yaml +++ b/templates/provider/kcm/templates/rbac/controller/roles.yaml @@ -185,7 +185,7 @@ rules: - azureclusteridentities - vsphereclusteridentities verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - update # required for the managementbackups-ctrl + - update # required for the managementbackups - apiGroups: - config.projectsveltos.io resources: @@ -217,8 +217,7 @@ rules: resources: - secrets verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create # required for the managementbackups-ctrl - - update # required for the managementbackups-ctrl + - update # required for the managementbackups # managementbackups-ctrl - apiGroups: - k0rdent.mirantis.com @@ -239,51 +238,12 @@ rules: - get - patch - update -- apiGroups: - - "" - resources: - - serviceaccounts - - namespaces - verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create - - update -- apiGroups: - - apps - resources: - - deployments - verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create - - delete - - patch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create - apiGroups: - velero.io resources: - '*' verbs: - '*' -- apiGroups: - - '*' - resources: - - '*' - verbs: - - list - - get # managementbackups-ctrl --- apiVersion: rbac.authorization.k8s.io/v1 @@ -301,3 +261,18 @@ rules: verbs: - get - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kcm.fullname" . }}-velero-server-role + namespace: {{ .Release.Namespace }} + labels: + {{- include "kcm.labels" . | nindent 4 }} +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' diff --git a/templates/provider/kcm/templates/serviceaccount.yaml b/templates/provider/kcm/templates/serviceaccount.yaml index 8ef0ba4b..38199e2e 100644 --- a/templates/provider/kcm/templates/serviceaccount.yaml +++ b/templates/provider/kcm/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -6,3 +7,12 @@ metadata: {{- include "kcm.labels" . | nindent 4 }} annotations: {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: velero-server-sa + labels: + {{- include "kcm.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} diff --git a/templates/provider/kcm/templates/webhooks.yaml b/templates/provider/kcm/templates/webhooks.yaml index 31841ef6..b3627e05 100644 --- a/templates/provider/kcm/templates/webhooks.yaml +++ b/templates/provider/kcm/templates/webhooks.yaml @@ -345,15 +345,15 @@ webhooks: - v1 clientConfig: service: - name: {{ include "hmc.webhook.serviceName" . }} - namespace: {{ include "hmc.webhook.serviceNamespace" . }} - path: /validate-hmc-mirantis-com-v1alpha1-managementbackup + name: {{ include "kcm.webhook.serviceName" . }} + namespace: {{ include "kcm.webhook.serviceNamespace" . }} + path: /validate-k0rdent-mirantis-com-v1alpha1-managementbackup failurePolicy: Fail matchPolicy: Equivalent - name: validation.managementbackup.hmc.mirantis.com + name: validation.managementbackup.k0rdent.mirantis.com rules: - apiGroups: - - hmc.mirantis.com + - k0rdent.mirantis.com apiVersions: - v1alpha1 operations: diff --git a/templates/provider/kcm/values.yaml b/templates/provider/kcm/values.yaml index 49af52dd..bb4863cf 100644 --- a/templates/provider/kcm/values.yaml +++ b/templates/provider/kcm/values.yaml @@ -16,18 +16,7 @@ controller: createTemplates: true enableTelemetry: true backup: - namespace: velero - features: "" - image: - repository: velero - name: velero - tag: v1.15.0 - installReadinessRequeuePeriod: 5s - requeuePeriod: 5m - veleroPluginImages: - - velero/velero-plugin-for-aws:v1.11.0 - - velero/velero-plugin-for-microsoft-azure:v1.11.0 - - velero/velero-plugin-for-gcp:v1.11.0 + requeuePeriod: 5m # TODO: probably no need, revisit containerSecurityContext: allowPrivilegeEscalation: false @@ -100,3 +89,46 @@ cluster-api-operator: requests: cpu: 100m memory: 150Mi + +# TODO: remove all of the imagePullSecrets, used for localhost DEBUG +velero: + initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.11.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + - name: velero-plugin-for-microsoft-azure + image: velero/velero-plugin-for-microsoft-azure:v1.11.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + - name: velero-plugin-for-gcp + image: velero/velero-plugin-for-gcp:v1.11.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + image: + imagePullSecrets: + - docker-registry + metrics: + enabled: false + upgradeCRDs: false + cleanUpCRDs: false + rbac: + create: false + clusterAdministrator: false + serviceAccount: + server: + create: false + name: velero-server-sa + imagePullSecrets: + - docker-registry + credentials: + useSecret: false + snapshotsEnabled: false + backupsEnabled: false + deployNodeAgent: false