From dd516c2258ba59100ece0d453ddcc95811437244 Mon Sep 17 00:00:00 2001 From: zerospiel Date: Mon, 30 Dec 2024 13:13:53 +0100 Subject: [PATCH] Backup implementation part 2 * rename Backup to ManagementBackup * removed Oneshot parameter from the Spec * reconcile scheduled backups (collect statuses, create schedules, etc.) * reconcile backups (collect statuses, create velero backups) * collect the required velero backup spec for the whole backup * label Credential references (clusterIdentities) in order include them in backup * backup validation webhook * backup controller watches velero resources * amend backup controller logic to better handle scheduled and non-scheduled backups * set velero maintained plugins settings * add custom plugins set via mgmt spec * reconcile all the velero plugins either during the installation or depending on existing BSL objects exist in a cluster --- PROJECT | 5 +- api/v1alpha1/backup_types.go | 77 ---- api/v1alpha1/management_backup_types.go | 95 +++++ api/v1alpha1/management_types.go | 33 +- api/v1alpha1/templates_common.go | 7 +- api/v1alpha1/zz_generated.deepcopy.go | 195 +++++----- cmd/main.go | 4 +- go.mod | 1 + go.sum | 2 + internal/controller/backup/collect.go | 98 +++++ internal/controller/backup/config.go | 125 ++++++ internal/controller/backup/install.go | 366 ++++++++++-------- internal/controller/backup/oneshot.go | 63 ++- internal/controller/backup/schedule.go | 176 ++++++++- internal/controller/backup/type.go | 48 ++- internal/controller/backup_controller.go | 166 -------- internal/controller/credential_controller.go | 5 + .../management_backup_controller.go | 264 +++++++++++++ ...o => management_backup_controller_test.go} | 12 +- internal/webhook/management_webhook_test.go | 8 +- internal/webhook/managementbackup_webhook.go | 72 ++++ .../webhook/managementbackup_webhook_test.go | 74 ++++ ...> hmc.mirantis.com_managementbackups.yaml} | 61 ++- .../crds/hmc.mirantis.com_managements.yaml | 24 +- .../provider/hmc/templates/deployment.yaml | 2 + .../hmc/templates/rbac/controller/roles.yaml | 18 +- ...itor.yaml => managementbackup-editor.yaml} | 6 +- ...ewer.yaml => managementbackup-viewer.yaml} | 6 +- .../provider/hmc/templates/webhooks.yaml | 21 + templates/provider/hmc/values.yaml | 4 + test/objects/management/management.go | 2 +- 31 files changed, 1449 insertions(+), 591 deletions(-) delete mode 100644 api/v1alpha1/backup_types.go create mode 100644 api/v1alpha1/management_backup_types.go create mode 100644 internal/controller/backup/collect.go create mode 100644 internal/controller/backup/config.go delete mode 100644 internal/controller/backup_controller.go create mode 100644 internal/controller/management_backup_controller.go rename internal/controller/{backup_controller_test.go => management_backup_controller_test.go} (89%) create mode 100644 internal/webhook/managementbackup_webhook.go create mode 100644 internal/webhook/managementbackup_webhook_test.go rename templates/provider/hmc/templates/crds/{hmc.mirantis.com_backups.yaml => hmc.mirantis.com_managementbackups.yaml} (88%) rename templates/provider/hmc/templates/rbac/user-facing/{backup-editor.yaml => managementbackup-editor.yaml} (79%) rename templates/provider/hmc/templates/rbac/user-facing/{backup-viewer.yaml => managementbackup-viewer.yaml} (79%) diff --git a/PROJECT b/PROJECT index 2dc3e36ca..64d0489e7 100644 --- a/PROJECT +++ b/PROJECT @@ -110,7 +110,10 @@ resources: controller: true domain: hmc.mirantis.com group: hmc.mirantis.com - kind: Backup + kind: ManagementBackup path: github.com/K0rdent/kcm/api/v1alpha1 version: v1alpha1 + webhooks: + validation: true + webhookVersion: v1 version: "3" diff --git a/api/v1alpha1/backup_types.go b/api/v1alpha1/backup_types.go deleted file mode 100644 index 561a6c273..000000000 --- a/api/v1alpha1/backup_types.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2024 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1alpha1 - -import ( - velerov1 "github.com/zerospiel/velero/pkg/apis/velero/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - // Name to label most of the HMC-related components. - // Mostly utilized by the backup feature. - GenericComponentLabelName = "hmc.mirantis.com/component" - // Component label value for the HMC-related components. - GenericComponentLabelValueHMC = "hmc" -) - -// BackupSpec defines the desired state of Backup -type BackupSpec struct { - // Oneshot indicates whether the Backup should not be scheduled - // and rather created immediately and only once. - Oneshot bool `json:"oneshot,omitempty"` -} - -// BackupStatus defines the observed state of Backup -type BackupStatus struct { - // Reference to the underlying Velero object being managed. - // Might be either Velero Backup or Schedule. - Reference *corev1.ObjectReference `json:"reference,omitempty"` - // Status of the Velero Schedule for the Management scheduled backups. - // Always absent for the Backups with the .spec.oneshot set to true. - Schedule *velerov1.ScheduleStatus `json:"schedule,omitempty"` - // NextAttempt indicates the time when the next scheduled backup will be performed. - // Always absent for the Backups with the .spec.oneshot set to true. - NextAttempt *metav1.Time `json:"nextAttempt,omitempty"` - // Last Velero Backup that has been created. - LastBackup *velerov1.BackupStatus `json:"lastBackup,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Cluster - -// Backup is the Schema for the backups API -type Backup struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec BackupSpec `json:"spec,omitempty"` - Status BackupStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// BackupList contains a list of Backup -type BackupList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Backup `json:"items"` -} - -func init() { - SchemeBuilder.Register(&Backup{}, &BackupList{}) -} diff --git a/api/v1alpha1/management_backup_types.go b/api/v1alpha1/management_backup_types.go new file mode 100644 index 000000000..3ae21e24c --- /dev/null +++ b/api/v1alpha1/management_backup_types.go @@ -0,0 +1,95 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha1 + +import ( + velerov1 "github.com/zerospiel/velero/pkg/apis/velero/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + // Name to label most of the HMC-related components. + // Mostly utilized by the backup feature. + GenericComponentLabelName = "hmc.mirantis.com/component" + // Component label value for the HMC-related components. + GenericComponentLabelValueHMC = "hmc" +) + +// ManagementBackupSpec defines the desired state of ManagementBackup +type ManagementBackupSpec struct{} + +// ManagementBackupStatus defines the observed state of ManagementBackup +type ManagementBackupStatus struct { + // Reference to the underlying Velero object being managed. + // Might be either Velero Backup or Schedule. + Reference *corev1.ObjectReference `json:"reference,omitempty"` + // NextAttempt indicates the time when the next scheduled backup will be performed. + // Always absent for the ManagementBackups with a schedule. + NextAttempt *metav1.Time `json:"nextAttempt,omitempty"` + // Last Velero Backup that has been created. + LastBackup *velerov1.BackupStatus `json:"lastBackup,omitempty"` + // Status of the Velero Schedule for the Management scheduled backups. + // Always absent for the ManagementBackups with a schedule. + Schedule *velerov1.ScheduleStatus `json:"schedule,omitempty"` + // SchedulePaused indicates if the Velero Schedule is paused. + SchedulePaused bool `json:"schedulePaused,omitempty"` +} + +func (in *ManagementBackupStatus) GetLastBackupCopy() velerov1.BackupStatus { + if in.LastBackup == nil { + return velerov1.BackupStatus{} + } + return *in.LastBackup +} + +func (in *ManagementBackupStatus) GetScheduleCopy() velerov1.ScheduleStatus { + if in.Schedule == nil { + return velerov1.ScheduleStatus{} + } + return *in.Schedule +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,shortName=hmcbackup;mgmtbackup +// +kubebuilder:printcolumn:name="NextBackup",type=string,JSONPath=`.status.nextAttempt`,description="Next scheduled attempt to back up",priority=0 +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.schedule.phase`,description="Schedule phase",priority=0 +// +kubebuilder:printcolumn:name="SinceLastBackup",type=date,JSONPath=`.status.schedule.lastBackup`,description="Time elapsed since last backup run",priority=1 +// +kubebuilder:printcolumn:name="LastBackupStatus",type=string,JSONPath=`.status.lastBackup.phase`,description="Status of last backup run",priority=0 +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Time elapsed since object creation",priority=0 +// +kubebuilder:printcolumn:name="Paused",type=boolean,JSONPath=`.status.schedulePaused`,description="Schedule is on pause",priority=1 + +// ManagementBackup is the Schema for the backups API +type ManagementBackup struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ManagementBackupSpec `json:"spec,omitempty"` + Status ManagementBackupStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ManagementBackupList contains a list of ManagementBackup +type ManagementBackupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ManagementBackup `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ManagementBackup{}, &ManagementBackupList{}) +} diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go index 618c5d19d..f1e1ebda4 100644 --- a/api/v1alpha1/management_types.go +++ b/api/v1alpha1/management_types.go @@ -44,7 +44,7 @@ type ManagementSpec struct { // Providers is the list of supported CAPI providers. Providers []Provider `json:"providers,omitempty"` - Backup ManagementBackup `json:"backup,omitempty"` + Backup Backup `json:"backup,omitempty"` } // Core represents a structure describing core Management components. @@ -55,15 +55,29 @@ type Core struct { CAPI Component `json:"capi,omitempty"` } -// ManagementBackup enables a feature to backup HMC objects into a cloud. -type ManagementBackup struct { - // Schedule is a Cron expression defining when to run the scheduled Backup. +// Backup enables a feature to backup HMC objects into a cloud. +type Backup struct { + // +kubebuilder:example={customPlugins: {"alibabacloud": "registry..aliyuncs.com/acs/velero:1.4.2", "community.openstack.org/openstack": "lirt/velero-plugin-for-openstack:v0.6.0"}} + + // CustomPlugins holds key value pairs with [Velero] [community] and [custom] plugins, where: + // - key represents the provider's name in the format [velero.io/]; + // - value represents the provider's plugin name; + // + // Provider name must be exactly the same as in a [BackupStorageLocation] object. + // + // [Velero]: https://velero.io + // [community] and third-party plugins]: https://velero.io/docs/v1.15/supported-providers/#provider-plugins-maintained-by-the-velero-community + // [custom]: https://velero.io/docs/v1.15/custom-plugins/ + // [BackupStorageLocation]: https://velero.io/docs/v1.15/api-types/backupstoragelocation/ + CustomPlugins map[string]string `json:"customPlugins,omitempty"` + + // Schedule is a Cron expression defining when to run the scheduled ManagementBackup. // Default value is to backup every 6 hours. Schedule string `json:"schedule,omitempty"` // Flag to indicate whether the backup feature is enabled. // If set to true, [Velero] platform will be installed. - // If set to false, creation or modification of Backups/Restores will be blocked. + // If set to false, creation or modification of ManagementBackups will be blocked. // // [Velero]: https://velero.io Enabled bool `json:"enabled,omitempty"` @@ -123,6 +137,15 @@ func (in *Management) Templates() []string { return templates } +// GetBackupSchedule safely returns backup schedule. +func (in *Management) GetBackupSchedule() string { + if in == nil { + return "" + } + + return in.Spec.Backup.Schedule +} + // ManagementStatus defines the observed state of Management type ManagementStatus struct { // For each CAPI provider name holds its compatibility [contract versions] diff --git a/api/v1alpha1/templates_common.go b/api/v1alpha1/templates_common.go index 73330949c..5c0797e72 100644 --- a/api/v1alpha1/templates_common.go +++ b/api/v1alpha1/templates_common.go @@ -23,13 +23,10 @@ import ( helmcontrollerv2 "github.com/fluxcd/helm-controller/api/v2" sourcev1 "github.com/fluxcd/source-controller/api/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + clusterapiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" ) const ( - // ChartAnnotationProviderName is the annotation set on components in a Template. - // This annotations allows to identify all the components belonging to a provider. - ChartAnnotationProviderName = "cluster.x-k8s.io/provider" - chartAnnoCAPIPrefix = "cluster.x-k8s.io/" DefaultRepoName = "hmc-templates" @@ -103,7 +100,7 @@ func getProvidersList(providers Providers, annotations map[string]string) Provid return slices.Compact(res) } - providersFromAnno := annotations[ChartAnnotationProviderName] + providersFromAnno := annotations[clusterapiv1beta1.ProviderNameLabel] if len(providersFromAnno) == 0 { return Providers{} } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 75d485b31..bafff8c27 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -180,10 +180,13 @@ func (in *AvailableUpgrade) DeepCopy() *AvailableUpgrade { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) + if in.CustomPlugins != nil { + in, out := &in.CustomPlugins, &out.CustomPlugins + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backup. @@ -196,95 +199,6 @@ func (in *Backup) DeepCopy() *Backup { return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Backup) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupList) DeepCopyInto(out *BackupList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Backup, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupList. -func (in *BackupList) DeepCopy() *BackupList { - if in == nil { - return nil - } - out := new(BackupList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BackupList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupSpec) DeepCopyInto(out *BackupSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupSpec. -func (in *BackupSpec) DeepCopy() *BackupSpec { - if in == nil { - return nil - } - out := new(BackupSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupStatus) DeepCopyInto(out *BackupStatus) { - *out = *in - if in.Reference != nil { - in, out := &in.Reference, &out.Reference - *out = new(corev1.ObjectReference) - **out = **in - } - if in.Schedule != nil { - in, out := &in.Schedule, &out.Schedule - *out = new(velerov1.ScheduleStatus) - (*in).DeepCopyInto(*out) - } - if in.NextAttempt != nil { - in, out := &in.NextAttempt, &out.NextAttempt - *out = (*in).DeepCopy() - } - if in.LastBackup != nil { - in, out := &in.LastBackup, &out.LastBackup - *out = new(velerov1.BackupStatus) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupStatus. -func (in *BackupStatus) DeepCopy() *BackupStatus { - if in == nil { - return nil - } - out := new(BackupStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterDeployment) DeepCopyInto(out *ClusterDeployment) { *out = *in @@ -820,6 +734,10 @@ func (in *Management) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManagementBackup) DeepCopyInto(out *ManagementBackup) { *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementBackup. @@ -832,6 +750,95 @@ func (in *ManagementBackup) DeepCopy() *ManagementBackup { return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ManagementBackup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementBackupList) DeepCopyInto(out *ManagementBackupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ManagementBackup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementBackupList. +func (in *ManagementBackupList) DeepCopy() *ManagementBackupList { + if in == nil { + return nil + } + out := new(ManagementBackupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ManagementBackupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementBackupSpec) DeepCopyInto(out *ManagementBackupSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementBackupSpec. +func (in *ManagementBackupSpec) DeepCopy() *ManagementBackupSpec { + if in == nil { + return nil + } + out := new(ManagementBackupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagementBackupStatus) DeepCopyInto(out *ManagementBackupStatus) { + *out = *in + if in.Reference != nil { + in, out := &in.Reference, &out.Reference + *out = new(corev1.ObjectReference) + **out = **in + } + if in.NextAttempt != nil { + in, out := &in.NextAttempt, &out.NextAttempt + *out = (*in).DeepCopy() + } + if in.LastBackup != nil { + in, out := &in.LastBackup, &out.LastBackup + *out = new(velerov1.BackupStatus) + (*in).DeepCopyInto(*out) + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(velerov1.ScheduleStatus) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementBackupStatus. +func (in *ManagementBackupStatus) DeepCopy() *ManagementBackupStatus { + if in == nil { + return nil + } + out := new(ManagementBackupStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManagementList) DeepCopyInto(out *ManagementList) { *out = *in @@ -879,7 +886,7 @@ func (in *ManagementSpec) DeepCopyInto(out *ManagementSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.Backup = in.Backup + in.Backup.DeepCopyInto(&out.Backup) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagementSpec. diff --git a/cmd/main.go b/cmd/main.go index 66e6f88c1..f9253964b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -318,10 +318,10 @@ func main() { os.Exit(1) } // TODO (zerospiel): disabled until the #605 - // if err = (&controller.BackupReconciler{ + // if err = (&controller.ManagementBackupReconciler{ // Client: mgr.GetClient(), // }).SetupWithManager(mgr); err != nil { - // setupLog.Error(err, "unable to create controller", "controller", "Backup") + // setupLog.Error(err, "unable to create controller", "controller", "ManagementBackup") // os.Exit(1) // } // +kubebuilder:scaffold:builder diff --git a/go.mod b/go.mod index f877bafca..4bf129756 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 github.com/projectsveltos/addon-controller v0.44.0 github.com/projectsveltos/libsveltos v0.44.0 + github.com/robfig/cron/v3 v3.0.1 github.com/segmentio/analytics-go v3.1.0+incompatible github.com/stretchr/testify v1.10.0 github.com/zerospiel/velero v0.0.0-20241213181215-1eaa894d12b8 diff --git a/go.sum b/go.sum index e4f65c9f7..d99865bb6 100644 --- a/go.sum +++ b/go.sum @@ -434,6 +434,8 @@ github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= +github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= diff --git a/internal/controller/backup/collect.go b/internal/controller/backup/collect.go new file mode 100644 index 000000000..20f6290a7 --- /dev/null +++ b/internal/controller/backup/collect.go @@ -0,0 +1,98 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package backup + +import ( + "context" + "fmt" + + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + clusterapiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" + "sigs.k8s.io/controller-runtime/pkg/client" + + hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" +) + +func (c *Config) getBackupTemplateSpec(ctx context.Context) (*velerov1api.BackupSpec, error) { + bs := &velerov1api.BackupSpec{ + IncludedNamespaces: []string{"*"}, + OrLabelSelectors: []*metav1.LabelSelector{ + // fixed ones + selector(hmcv1alpha1.GenericComponentLabelName, hmcv1alpha1.GenericComponentLabelValueHMC), + selector(certmanagerv1.PartOfCertManagerControllerLabelKey, "true"), + selector(hmcv1alpha1.FluxHelmChartNameKey, hmcv1alpha1.CoreHMCName), + selector(clusterapiv1beta1.ProviderNameLabel, "cluster-api"), + }, + } + + clusterTemplates := new(hmcv1alpha1.ClusterTemplateList) + if err := c.cl.List(ctx, clusterTemplates); err != nil { + return nil, fmt.Errorf("failed to list ClusterTemplates: %w", err) + } + + if len(clusterTemplates.Items) == 0 { // just collect child clusters names + cldSelectors, err := getClusterDeploymentsSelectors(ctx, c.cl, "") + if err != nil { + return nil, fmt.Errorf("failed to get selectors for all clusterdeployments: %w", err) + } + + bs.OrLabelSelectors = append(bs.OrLabelSelectors, cldSelectors...) + + return bs, nil + } + + for _, cltpl := range clusterTemplates.Items { + for _, provider := range cltpl.Status.Providers { + bs.OrLabelSelectors = append(bs.OrLabelSelectors, selector(clusterapiv1beta1.ProviderNameLabel, provider)) + } + + cldSelectors, err := getClusterDeploymentsSelectors(ctx, c.cl, cltpl.Name) + if err != nil { + return nil, fmt.Errorf("failed to get selectors for clusterdeployments referencing %s clustertemplate: %w", client.ObjectKeyFromObject(&cltpl), err) + } + + bs.OrLabelSelectors = append(bs.OrLabelSelectors, cldSelectors...) + } + + return bs, nil +} + +func getClusterDeploymentsSelectors(ctx context.Context, cl client.Client, clusterTemplateRef string) ([]*metav1.LabelSelector, error) { + cldeploys := new(hmcv1alpha1.ClusterDeploymentList) + opts := []client.ListOption{} + if clusterTemplateRef != "" { + opts = append(opts, client.MatchingFields{hmcv1alpha1.ClusterDeploymentTemplateIndexKey: clusterTemplateRef}) + } + + if err := cl.List(ctx, cldeploys, opts...); err != nil { + return nil, fmt.Errorf("failed to list ClusterDeployments: %w", err) + } + + selectors := make([]*metav1.LabelSelector, len(cldeploys.Items)*2) + for i, cldeploy := range cldeploys.Items { + selectors[i] = selector(hmcv1alpha1.FluxHelmChartNameKey, cldeploy.Name) + selectors[i+1] = selector(clusterapiv1beta1.ProviderNameLabel, cldeploy.Name) + } + + return selectors, nil +} + +func selector(k, v string) *metav1.LabelSelector { + return &metav1.LabelSelector{ + MatchLabels: map[string]string{k: v}, + } +} diff --git a/internal/controller/backup/config.go b/internal/controller/backup/config.go new file mode 100644 index 000000000..58c7ed7bc --- /dev/null +++ b/internal/controller/backup/config.go @@ -0,0 +1,125 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package backup + +import ( + "fmt" + "time" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// Config holds required set of parameters of to successfully install Velero stack and manipulate with it. +type Config struct { + kubeRestConfig *rest.Config + scheme *runtime.Scheme + cl client.Client + + image string + systemNamespace string + pluginImages []string + features []string + + requeueAfter time.Duration +} + +// VeleroName contains velero name of different parts of the stack. +const VeleroName = "velero" + +// ConfigOpt is the functional option for the Config. +type ConfigOpt func(*Config) + +// NewConfig creates instance of the config. +func NewConfig(cl client.Client, kc *rest.Config, scheme *runtime.Scheme, opts ...ConfigOpt) *Config { + c := newWithDefaults() + + for _, o := range opts { + o(c) + } + + c.cl = cl + c.kubeRestConfig = kc + c.scheme = scheme + + return c +} + +// GetVeleroSystemNamespace returns the velero system namespace. +func (c *Config) GetVeleroSystemNamespace() string { return c.systemNamespace } + +// WithRequeueAfter sets the RequeueAfter period if >0. +func WithRequeueAfter(d time.Duration) ConfigOpt { + return func(c *Config) { + if d == 0 { + return + } + c.requeueAfter = d + } +} + +// WithVeleroSystemNamespace sets the SystemNamespace if non-empty. +func WithVeleroSystemNamespace(ns string) ConfigOpt { + return func(c *Config) { + if len(ns) == 0 { + return + } + c.systemNamespace = ns + } +} + +// WithPluginImages sets maps of plugins maintained by Velero. +func WithPluginImages(pluginImages ...string) ConfigOpt { + return func(c *Config) { + if len(pluginImages) == 0 { + return + } + c.pluginImages = pluginImages + } +} + +// WithVeleroImage sets the main image for the Velero deployment if non-empty. +func WithVeleroImage(image string) ConfigOpt { + return func(c *Config) { + if len(image) == 0 { + return + } + c.image = image + } +} + +// WithFeatures sets a list of features for the Velero deployment. +func WithFeatures(features ...string) ConfigOpt { + return func(c *Config) { + if len(features) == 0 { + return + } + c.features = features + } +} + +func newWithDefaults() *Config { + return &Config{ + requeueAfter: 5 * time.Second, + systemNamespace: VeleroName, + image: fmt.Sprintf("%s/%s:%s", VeleroName, VeleroName, "v1.15.0"), // velero/velero:v1.15.0 + pluginImages: []string{ + "velero/velero-plugin-for-aws:v1.11.0", + "velero/velero-plugin-for-microsoft-azure:v1.11.0", + "velero/velero-plugin-for-gcp:v1.11.0", + }, + } +} diff --git a/internal/controller/backup/install.go b/internal/controller/backup/install.go index 69d89fc60..eca100d46 100644 --- a/internal/controller/backup/install.go +++ b/internal/controller/backup/install.go @@ -18,9 +18,11 @@ import ( "context" "fmt" "io" + "slices" "time" velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" + velerobuilder "github.com/zerospiel/velero/pkg/builder" veleroclient "github.com/zerospiel/velero/pkg/client" veleroinstall "github.com/zerospiel/velero/pkg/install" "github.com/zerospiel/velero/pkg/uploader" @@ -33,109 +35,83 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/dynamic" - "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" -) - -type Config struct { - kubeRestConfig *rest.Config - cl client.Client - - image string - systemNamespace string - features []string - - requeueAfter time.Duration -} -const veleroName = "velero" - -type ConfigOpt func(*Config) + hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" +) -func NewConfig(cl client.Client, kc *rest.Config, opts ...ConfigOpt) *Config { - c := newWithDefaults() +// ReconcileVeleroInstallation reconciles installation of velero stack within a management cluster. +func (c *Config) ReconcileVeleroInstallation(ctx context.Context, mgmt *hmcv1alpha1.Management) (ctrl.Result, error) { + requeueResult := ctrl.Result{Requeue: true, RequeueAfter: c.requeueAfter} - for _, o := range opts { - o(c) + veleroDeploy, err := c.fetchVeleroDeploy(ctx) + if err != nil && !apierrors.IsNotFound(err) { + return ctrl.Result{}, fmt.Errorf("failed to get velero deploy: %w", err) } - c.cl = cl - c.kubeRestConfig = kc - - return c -} - -func WithRequeueAfter(d time.Duration) ConfigOpt { - return func(c *Config) { - if d == 0 { - return + if apierrors.IsNotFound(err) { + if err := c.installVelero(ctx); err != nil { + return ctrl.Result{}, fmt.Errorf("failed to perform velero stack installation: %w", err) } - c.requeueAfter = d - } -} -func WithVeleroSystemNamespace(ns string) ConfigOpt { - return func(c *Config) { - if len(ns) == 0 { - return - } - c.systemNamespace = ns + return requeueResult, nil } -} -func WithVeleroImage(image string) ConfigOpt { - return func(c *Config) { - if len(image) == 0 { - return - } - c.image = image + originalDeploy := veleroDeploy.DeepCopy() + + installedProperly, err := c.isDeployProperlyInstalled(ctx, veleroDeploy) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to check if velero deploy is properly installed: %w", err) } -} -func WithFeatures(features ...string) ConfigOpt { - return func(c *Config) { - if len(features) == 0 { - return + if !installedProperly { + if err := c.installVelero(ctx); err != nil { + return ctrl.Result{}, fmt.Errorf("failed to perform velero stack installation: %w", err) } - c.features = features - } -} -func newWithDefaults() *Config { - return &Config{ - requeueAfter: 5 * time.Second, - systemNamespace: veleroName, - image: fmt.Sprintf("%s/%s:%s", veleroName, veleroName, "v1.15.0"), // velero/velero:v1.15.0 + return requeueResult, nil } -} -// ReconcileVeleroInstallation reconciles installation of velero stack within a management cluster. -func (c *Config) ReconcileVeleroInstallation(ctx context.Context) (ctrl.Result, error) { - deployState, err := c.checkVeleroDeployIsInstalled(ctx) + isPatchRequired, err := c.normalizeDeploy(ctx, veleroDeploy, mgmt) if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to determine if velero is installed: %w", err) + return ctrl.Result{}, fmt.Errorf("failed to check if velero deploy required patch: %w", err) } - if deployState.needInstallation { - ctrl.LoggerFrom(ctx).Info("Installing velero stack") - if err := c.installVelero(ctx); err != nil { - return ctrl.Result{}, fmt.Errorf("failed to perform velero stack installation: %w", err) + l := ctrl.LoggerFrom(ctx) + if isPatchRequired { + l.Info("Patching the deployment") + if err := c.cl.Patch(ctx, veleroDeploy, client.MergeFrom(originalDeploy)); err != nil { + return ctrl.Result{}, fmt.Errorf("failed to patch velero deploy: %w", err) } - return ctrl.Result{}, nil + l.Info("Successfully patched the deploy") } - if deployState.needRequeue || deployState.needInstallation { - return ctrl.Result{Requeue: true, RequeueAfter: c.requeueAfter}, nil // either the installation has happened or direct requeue is required + if !isDeploymentReady(veleroDeploy) { + l.Info("Deployment is not ready yet, will requeue") + return requeueResult, nil } + l.Info("Deployment is in the expected state") return ctrl.Result{}, nil } +// InstallVeleroCRDs install all Velero CRDs. +func (c *Config) InstallVeleroCRDs(cl client.Client) error { + dc, err := dynamic.NewForConfig(c.kubeRestConfig) + if err != nil { + return fmt.Errorf("failed to construct dynamic client: %w", err) + } + + return veleroinstall.Install(veleroclient.NewDynamicFactory(dc), cl, veleroinstall.AllCRDs(), io.Discard) +} + // installVelero installs velero stack with all the required components. func (c *Config) installVelero(ctx context.Context) error { + ctrl.LoggerFrom(ctx).Info("Installing velero stack") + saName, err := c.ensureVeleroRBAC(ctx) if err != nil { return fmt.Errorf("failed to ensure velero RBAC: %w", err) @@ -145,6 +121,7 @@ func (c *Config) installVelero(ctx context.Context) error { Namespace: c.systemNamespace, Image: c.image, Features: c.features, + Plugins: c.pluginImages, ServiceAccountName: saName, NoDefaultBackupLocation: true, // no need (explicit BSL) @@ -174,7 +151,6 @@ func (c *Config) installVelero(ctx context.Context) error { UseVolumeSnapshots: false, // no need BSLConfig: nil, // backupstoragelocation VSLConfig: nil, // volumesnapshotlocation - Plugins: nil, // should be installed on-demand (BSL object) CACertData: nil, // no need (explicit BSL) DefaultVolumesToFsBackup: false, // no volume backups, no need DefaultSnapshotMoveData: false, // no snapshots, no need @@ -196,13 +172,157 @@ func (c *Config) installVelero(ctx context.Context) error { return veleroinstall.Install(veleroclient.NewDynamicFactory(dc), c.cl, resources, io.Discard) } +func (c *Config) installCustomPlugins(ctx context.Context, veleroDeploy *appsv1.Deployment, mgmt *hmcv1alpha1.Management) (isPatchRequired bool, _ error) { + if mgmt == nil || len(mgmt.Spec.Backup.CustomPlugins) == 0 { + return false, nil + } + + l := ctrl.LoggerFrom(ctx) + + bsls := new(velerov1api.BackupStorageLocationList) + if err := c.cl.List(ctx, bsls, client.InNamespace(c.systemNamespace)); err != nil { + return false, fmt.Errorf("failed to list velero backup storage locations: %w", err) + } + + // NOTE: we do not care about removing the init containers (plugins), it might be managed by the velero CLI directly + // TODO: process absent containers? + initContainers := slices.Clone(veleroDeploy.Spec.Template.Spec.InitContainers) + preLen := len(initContainers) + for _, bsl := range bsls.Items { + image, ok := mgmt.Spec.Backup.CustomPlugins[bsl.Spec.Provider] + if !ok { + l.Info("Custom plugin is set but no BackupStorageLocation with such provider exists", "provider", bsl.Spec.Provider, "bsl_name", bsl.Name, "velero_namespace", c.systemNamespace) + continue + } + + cont := *velerobuilder.ForPluginContainer(image, corev1.PullIfNotPresent).Result() + if !slices.ContainsFunc(initContainers, hasContainer(cont)) { + initContainers = append(initContainers, cont) + } + } + + postLen := len(initContainers) + + if preLen == postLen { // nothing to do + return false, nil + } + + l.Info("Adding new plugins to the Velero deployment", "new_plugins_count", postLen-preLen) + veleroDeploy.Spec.Template.Spec.InitContainers = initContainers + return true, nil +} + +func (c *Config) normalizeDeploy(ctx context.Context, veleroDeploy *appsv1.Deployment, mgmt *hmcv1alpha1.Management) (bool, error) { + l := ctrl.LoggerFrom(ctx) + + isPatchRequired, err := c.installCustomPlugins(ctx, veleroDeploy, mgmt) + if err != nil { + return false, fmt.Errorf("failed to check if custom plugins are in place: %w", err) + } + + // process 2 invariants beforehand since velero installation does not manage those if they has been changed + cont := veleroDeploy.Spec.Template.Spec.Containers[0] + if cont.Image != c.image { + l.Info("Deployment container has unexpected image", "current_image", cont.Image, "expected_image", c.image) + cont.Image = c.image + veleroDeploy.Spec.Template.Spec.Containers[0] = cont + isPatchRequired = true + } + + if veleroDeploy.Spec.Replicas == nil || *veleroDeploy.Spec.Replicas == 0 { + l.Info("Deployment is scaled to 0, scaling up to 1") + *veleroDeploy.Spec.Replicas = 1 + isPatchRequired = true + } + + return isPatchRequired, nil +} + +func (c *Config) isDeployProperlyInstalled(ctx context.Context, veleroDeploy *appsv1.Deployment) (bool, error) { + l := ctrl.LoggerFrom(ctx) + + l.Info("Checking if Velero deployment is properly installed") + + missingPlugins := []string{} + for _, pluginImage := range c.pluginImages { + if slices.ContainsFunc(veleroDeploy.Spec.Template.Spec.InitContainers, func(c corev1.Container) bool { + return pluginImage == c.Image + }) { + continue + } + + missingPlugins = append(missingPlugins, pluginImage) + } + + if len(missingPlugins) > 0 { + l.Info("There are missing init containers in the velero deployment", "missing_images", missingPlugins) + return false, nil + } + + if len(veleroDeploy.Spec.Template.Spec.Containers) > 0 && + veleroDeploy.Spec.Template.Spec.Containers[0].Name == VeleroName { + return true, nil + } + + // the deploy is "corrupted", remove only it and then reinstall + l.Info("Deployment has unexpected container name, considering to reinstall the deployment again") + if err := c.cl.Delete(ctx, veleroDeploy); err != nil { + return false, fmt.Errorf("failed to delete velero deploy: %w", err) + } + + removalCtx, cancel := context.WithCancel(ctx) + var checkErr error + checkFn := func(ctx context.Context) { + key := client.ObjectKeyFromObject(veleroDeploy) + ll := l.V(1).WithValues("velero_deploy", key.String()) + ll.Info("Checking if the deployment has been removed") + if checkErr = c.cl.Get(ctx, key, veleroDeploy); checkErr != nil { + if apierrors.IsNotFound(checkErr) { + ll.Info("Removed successfully") + checkErr = nil + } + cancel() + return + } + ll.Info("Not removed yet") + } + + wait.UntilWithContext(removalCtx, checkFn, time.Millisecond*500) + if checkErr != nil { + return false, fmt.Errorf("failed to wait for velero deploy removal: %w", checkErr) + } + + return false, nil // require install +} + +func hasContainer(container corev1.Container) func(c corev1.Container) bool { + return func(c corev1.Container) bool { + // if container names, images, or volume mounts (name/mount) differ + // than consider that the slice does not a given container + if c.Name != container.Name || + c.Image != container.Image || + len(c.VolumeMounts) != len(container.VolumeMounts) { + return false + } + + for i := range c.VolumeMounts { + if c.VolumeMounts[i].Name != container.VolumeMounts[i].Name || + c.VolumeMounts[i].MountPath != container.VolumeMounts[i].MountPath { + return false + } + } + + return true + } +} + // ensureVeleroRBAC creates required RBAC objects for velero to be functional // with the minimal required set of permissions. // Returns the name of created ServiceAccount referenced by created bindings. func (c *Config) ensureVeleroRBAC(ctx context.Context) (string, error) { - crbName, clusterRoleName, rbName, roleName, saName := veleroName, veleroName, veleroName, veleroName, veleroName - if c.systemNamespace != veleroName { - vns := veleroName + "-" + c.systemNamespace + crbName, clusterRoleName, rbName, roleName, saName := VeleroName, VeleroName, VeleroName, VeleroName, VeleroName + if c.systemNamespace != VeleroName { + vns := VeleroName + "-" + c.systemNamespace crbName, clusterRoleName, saName = vns+"-clusterrolebinding", vns+"-clusterrole", crbName+"-sa" rbName, roleName = vns+"-rolebinding", vns+"-role" } @@ -311,101 +431,9 @@ func (c *Config) ensureVeleroRBAC(ctx context.Context) (string, error) { return saName, nil } -type deployState struct { - needRequeue bool - needInstallation bool -} - -// checkVeleroDeployIsInstalled check whether the velero deploy is already installed: -// - the deployment is presented; -// - is in ready state; -// - the only container has the expected image and replicas. -// -// If image or replica count are not expected, the deploy will be patched regardingly. -// If the deploy has unexpected container name, the deploy will be deleted. -func (c *Config) checkVeleroDeployIsInstalled(ctx context.Context) (deployState, error) { - l := ctrl.LoggerFrom(ctx).WithName("velero-deploy-checker") - - l.Info("Checking if Velero deployment is already installed") - +func (c *Config) fetchVeleroDeploy(ctx context.Context) (*appsv1.Deployment, error) { veleroDeploy := new(appsv1.Deployment) - err := c.cl.Get(ctx, client.ObjectKey{Namespace: c.systemNamespace, Name: veleroName}, veleroDeploy) - if err != nil && !apierrors.IsNotFound(err) { - return deployState{}, fmt.Errorf("failed to get velero deploy: %w", err) - } - - if apierrors.IsNotFound(err) { - l.Info("Deployment is not found, considering the stack has not been (yet) installed") - return deployState{needInstallation: true}, nil - } - - if len(veleroDeploy.Spec.Template.Spec.Containers) == 0 || - veleroDeploy.Spec.Template.Spec.Containers[0].Name != veleroName { - l.Info("Deployment has unexpected container name, considering to reinstall the deployment again") - // the deploy is "corrupted", remove only it and then reinstall - if err := c.cl.Delete(ctx, veleroDeploy); err != nil { - return deployState{}, fmt.Errorf("failed to delete velero deploy: %w", err) - } - - removalCtx, cancel := context.WithCancel(ctx) - var checkErr error - checkFn := func(ctx context.Context) { - key := client.ObjectKeyFromObject(veleroDeploy) - ll := l.V(1).WithValues("velero_deploy", key.String()) - ll.Info("Checking if the deployment has been removed") - if checkErr = c.cl.Get(ctx, client.ObjectKeyFromObject(veleroDeploy), veleroDeploy); checkErr != nil { - if apierrors.IsNotFound(checkErr) { - ll.Info("Removed successfully") - checkErr = nil - } - cancel() - return - } - ll.Info("Not removed yet") - } - - wait.UntilWithContext(removalCtx, checkFn, time.Millisecond*500) - if checkErr != nil { - return deployState{}, fmt.Errorf("failed to wait for velero deploy removal: %w", checkErr) - } - - return deployState{needInstallation: true}, nil - } - - isPatchRequired := false - // process 2 invariants beforehand - cont := veleroDeploy.Spec.Template.Spec.Containers[0] - if cont.Image != c.image { - l.Info("Deployment container has unexpected image", "current_image", cont.Image, "expected_image", c.image) - cont.Image = c.image - veleroDeploy.Spec.Template.Spec.Containers[0] = cont - isPatchRequired = true - } - - if veleroDeploy.Spec.Replicas == nil || *veleroDeploy.Spec.Replicas == 0 { - l.Info("Deployment is scaled to 0, scaling up to 1") - *veleroDeploy.Spec.Replicas = 1 - isPatchRequired = true - } - - if isPatchRequired { - l.Info("Patching the deployment") - if err := c.cl.Patch(ctx, veleroDeploy, client.Merge); err != nil { - return deployState{}, fmt.Errorf("failed to patch velero deploy: %w", err) - } - - l.Info("Need to requeue after the successful patch") - return deployState{needRequeue: true}, nil - } - - r := isDeploymentReady(veleroDeploy) // if no invariants then just check the readiness - if !r { - l.Info("Deployment is not ready yet, will requeue") - return deployState{needRequeue: true}, nil - } - - l.Info("Deployment is in the expected state") - return deployState{}, nil + return veleroDeploy, c.cl.Get(ctx, client.ObjectKey{Namespace: c.systemNamespace, Name: VeleroName}, veleroDeploy) } // https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kubectl/pkg/polymorphichelpers/rollout_status.go#L76-L89 diff --git a/internal/controller/backup/oneshot.go b/internal/controller/backup/oneshot.go index 2729fb5d0..bb3987877 100644 --- a/internal/controller/backup/oneshot.go +++ b/internal/controller/backup/oneshot.go @@ -16,15 +16,72 @@ package backup import ( "context" + "fmt" + + velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) -func (*Config) ReconcileBackup(ctx context.Context, backup *hmcv1alpha1.Backup) error { +func (c *Config) ReconcileBackup(ctx context.Context, backup *hmcv1alpha1.ManagementBackup) error { if backup == nil { return nil } - _ = ctx - return nil + if backup.Status.Reference == nil { // backup is not yet created + templateSpec, err := c.getBackupTemplateSpec(ctx) + if err != nil { + return fmt.Errorf("failed to construct velero backup spec: %w", err) + } + + veleroBackup := &velerov1api.Backup{ + ObjectMeta: metav1.ObjectMeta{ + Name: backup.Name, + Namespace: c.systemNamespace, + }, + Spec: *templateSpec, + } + + _ = controllerutil.SetControllerReference(backup, veleroBackup, c.scheme, controllerutil.WithBlockOwnerDeletion(false)) + + if err := c.cl.Create(ctx, veleroBackup); client.IgnoreAlreadyExists(err) != nil { // avoid err-loop on status update error + return fmt.Errorf("failed to create velero Backup: %w", err) + } + + backup.Status.Reference = &corev1.ObjectReference{ + APIVersion: velerov1api.SchemeGroupVersion.String(), + Kind: "Backup", + Namespace: veleroBackup.Namespace, + Name: veleroBackup.Name, + } + + if err := c.cl.Status().Update(ctx, backup); err != nil { + return fmt.Errorf("failed to update backup status with updated reference: %w", err) + } + + // velero schedule has been created, nothing yet to update here + return nil + } + + // if backup does not exist then it has not been run yet + veleroBackup := new(velerov1api.Backup) + if err := c.cl.Get(ctx, client.ObjectKey{ + Name: backup.Name, + Namespace: c.systemNamespace, + }, veleroBackup); err != nil { + return fmt.Errorf("failed to get velero Backup: %w", err) + } + + // decrease API calls + if equality.Semantic.DeepEqual(backup.Status.GetLastBackupCopy(), veleroBackup.Status) { + return nil + } + + backup.Status.LastBackup = &veleroBackup.Status + return c.cl.Status().Update(ctx, backup) } diff --git a/internal/controller/backup/schedule.go b/internal/controller/backup/schedule.go index db621f678..be5cd9f3f 100644 --- a/internal/controller/backup/schedule.go +++ b/internal/controller/backup/schedule.go @@ -16,15 +16,185 @@ package backup import ( "context" + "fmt" + + cron "github.com/robfig/cron/v3" + velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) -func (*Config) ReconcileScheduledBackup(ctx context.Context, schedule *hmcv1alpha1.Backup) error { - if schedule == nil { +func (c *Config) ReconcileScheduledBackup(ctx context.Context, scheduledBackup *hmcv1alpha1.ManagementBackup, cronRaw string) error { + if scheduledBackup == nil { return nil } - _ = ctx + + l := ctrl.LoggerFrom(ctx).WithName("schedule-reconciler") + + if scheduledBackup.Status.Reference == nil { + if scheduledBackup.CreationTimestamp.IsZero() || scheduledBackup.UID == "" { + l.Info("Creating scheduled ManagementBackup") + if err := c.cl.Create(ctx, scheduledBackup); err != nil { + return fmt.Errorf("failed to create scheduled ManagementBackup: %w", err) + } + } + + templateSpec, err := c.getBackupTemplateSpec(ctx) + if err != nil { + return fmt.Errorf("failed to construct velero backup template spec: %w", err) + } + + veleroSchedule := &velerov1api.Schedule{ + ObjectMeta: metav1.ObjectMeta{ + Name: scheduledBackup.Name, + Namespace: c.systemNamespace, + }, + Spec: velerov1api.ScheduleSpec{ + Template: *templateSpec, + Schedule: cronRaw, + UseOwnerReferencesInBackup: ref(true), + SkipImmediately: ref(false), + }, + } + + _ = ctrl.SetControllerReference(scheduledBackup, veleroSchedule, c.scheme, controllerutil.WithBlockOwnerDeletion(false)) + + createErr := c.cl.Create(ctx, veleroSchedule) + isAlreadyExistsErr := apierrors.IsAlreadyExists(createErr) + if createErr != nil && !isAlreadyExistsErr { + return fmt.Errorf("failed to create velero Schedule: %w", createErr) + } + + scheduledBackup.Status.Reference = &corev1.ObjectReference{ + APIVersion: velerov1api.SchemeGroupVersion.String(), + Kind: "Schedule", + Namespace: veleroSchedule.Namespace, + Name: veleroSchedule.Name, + } + + if !isAlreadyExistsErr { + l.Info("Initial schedule has been created") + if err := c.cl.Status().Update(ctx, scheduledBackup); err != nil { + return fmt.Errorf("failed to update scheduled backup status with updated reference: %w", err) + } + // velero schedule has been created, nothing yet to update here + return nil + } + + // velero schedule is already exists, scheduled-backup has been "restored", update its status + } + + l.Info("Collecting scheduled backup status") + + veleroSchedule := new(velerov1api.Schedule) + if err := c.cl.Get(ctx, client.ObjectKey{ + Name: scheduledBackup.Status.Reference.Name, + Namespace: scheduledBackup.Status.Reference.Namespace, + }, veleroSchedule); err != nil { + return fmt.Errorf("failed to get velero Schedule: %w", err) + } + + if cronRaw != "" && veleroSchedule.Spec.Schedule != cronRaw { + l.Info("Velero Schedule has outdated crontab, updating", "current_crontab", veleroSchedule.Spec.Schedule, "expected_crontab", cronRaw) + originalSchedule := veleroSchedule.DeepCopy() + veleroSchedule.Spec.Schedule = cronRaw + if err := c.cl.Patch(ctx, veleroSchedule, client.MergeFrom(originalSchedule)); err != nil { + return fmt.Errorf("failed to update velero schedule %s with a new crontab '%s': %w", client.ObjectKeyFromObject(veleroSchedule), cronRaw, err) + } + + return nil + } + + // if backup does not exist then it has not been run yet + veleroBackup := new(velerov1api.Backup) + if !veleroSchedule.Status.LastBackup.IsZero() { + l.V(1).Info("Fetching velero Backup to sync its status") + if err := c.cl.Get(ctx, client.ObjectKey{ + Name: veleroSchedule.TimestampedName(veleroSchedule.Status.LastBackup.Time), + Namespace: scheduledBackup.Status.Reference.Namespace, + }, veleroBackup); client.IgnoreNotFound(err) != nil { + return fmt.Errorf("failed to get velero Backup: %w", err) + } + } + + var nextAttempt *metav1.Time + if !veleroSchedule.Spec.Paused { + l.V(1).Info("Parsing crontab schedule", "crontab", cronRaw) + cronSchedule, err := cron.ParseStandard(cronRaw) + if err != nil { + return fmt.Errorf("failed to parse cron schedule %s: %w", cronRaw, err) + } + + nextAttempt = getNextAttemptTime(veleroSchedule, cronSchedule) + } + + // decrease API calls, on first .status.reference set the status itself is empty so no need to check it + { + if scheduledBackup.Status.NextAttempt.Equal(nextAttempt) && + scheduledBackup.Status.SchedulePaused == veleroSchedule.Spec.Paused && + equality.Semantic.DeepEqual(scheduledBackup.Status.GetScheduleCopy(), veleroSchedule.Status) && + equality.Semantic.DeepEqual(scheduledBackup.Status.GetLastBackupCopy(), veleroBackup.Status) { + l.V(1).Info("No new changes to show in the scheduled Backup") + return nil + } + } + + scheduledBackup.Status.Schedule = &veleroSchedule.Status + scheduledBackup.Status.NextAttempt = nextAttempt + scheduledBackup.Status.SchedulePaused = veleroSchedule.Spec.Paused + if !veleroBackup.CreationTimestamp.IsZero() { // exists + scheduledBackup.Status.LastBackup = &veleroBackup.Status + } + + l.Info("Updating scheduled backup status") + return c.cl.Status().Update(ctx, scheduledBackup) +} + +// DisableSchedule sets pause to the referenced velero schedule. +// Do nothing is ManagedBackup is already marked as paused. +func (c *Config) DisableSchedule(ctx context.Context, scheduledBackup *hmcv1alpha1.ManagementBackup) error { + if scheduledBackup.Status.Reference == nil || scheduledBackup.Status.SchedulePaused { // sanity + return nil + } + + veleroSchedule := new(velerov1api.Schedule) + if err := c.cl.Get(ctx, client.ObjectKey{ + Name: scheduledBackup.Status.Reference.Name, + Namespace: scheduledBackup.Status.Reference.Namespace, + }, veleroSchedule); err != nil { + return fmt.Errorf("failed to get velero Schedule: %w", err) + } + + original := veleroSchedule.DeepCopy() + + veleroSchedule.Spec.Paused = true + if err := c.cl.Patch(ctx, veleroSchedule, client.MergeFrom(original)); err != nil { + return fmt.Errorf("failed to disable velero schedule: %w", err) + } + + ctrl.LoggerFrom(ctx).Info("Disabled Velero Schedule") return nil } + +func getNextAttemptTime(schedule *velerov1api.Schedule, cronSchedule cron.Schedule) *metav1.Time { + lastBackupTime := schedule.CreationTimestamp.Time + if schedule.Status.LastBackup != nil { + lastBackupTime = schedule.Status.LastBackup.Time + } + + if schedule.Status.LastSkipped != nil && schedule.Status.LastSkipped.After(lastBackupTime) { + lastBackupTime = schedule.Status.LastSkipped.Time + } + + return &metav1.Time{Time: cronSchedule.Next(lastBackupTime)} +} + +func ref[T any](v T) *T { return &v } diff --git a/internal/controller/backup/type.go b/internal/controller/backup/type.go index 0292506d6..1d4f240cf 100644 --- a/internal/controller/backup/type.go +++ b/internal/controller/backup/type.go @@ -16,6 +16,7 @@ package backup import ( "context" + "errors" "fmt" velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" @@ -24,39 +25,48 @@ import ( hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" ) +// Typ indicates type of a ManagementBackup object. type Typ uint const ( + // TypeNone indicates unknown type. TypeNone Typ = iota + // TypeSchedule indicates Schedule type. TypeSchedule + // TypeSchedule indicates Backup oneshot type. TypeBackup ) -func (c *Config) GetBackupType(ctx context.Context, instance *hmcv1alpha1.Backup, reqName string) (Typ, error) { - if instance.Status.Reference != nil { - gv := velerov1api.SchemeGroupVersion - switch instance.Status.Reference.GroupVersionKind() { - case gv.WithKind("Schedule"): - return TypeSchedule, nil - case gv.WithKind("Backup"): - return TypeBackup, nil - default: - return TypeNone, fmt.Errorf("unexpected kind %s in the backup reference", instance.Status.Reference.Kind) - } +// GetType returns type of the ManagementBackup, returns TypeNone if undefined. +func GetType(instance *hmcv1alpha1.ManagementBackup) Typ { + if instance.Status.Reference == nil { + return TypeNone } - mgmts := new(hmcv1alpha1.ManagementList) - if err := c.cl.List(ctx, mgmts, client.Limit(1)); err != nil { - return TypeNone, fmt.Errorf("failed to list Management: %w", err) + gv := velerov1api.SchemeGroupVersion + switch instance.Status.Reference.GroupVersionKind() { + case gv.WithKind("Schedule"): + return TypeSchedule + case gv.WithKind("Backup"): + return TypeBackup + default: + return TypeNone } +} - if len(mgmts.Items) == 0 { // nothing to do in such case for both scheduled/non-scheduled backups - return TypeNone, nil +// ErrNoManagementExists is a sentinel error indicating no Management object exists. +var ErrNoManagementExists = errors.New("no Management object exists") + +// GetManagement fetches a Management object. +func (c *Config) GetManagement(ctx context.Context) (*hmcv1alpha1.Management, error) { + mgmts := new(hmcv1alpha1.ManagementList) + if err := c.cl.List(ctx, mgmts, client.Limit(1)); err != nil { + return nil, fmt.Errorf("failed to list Management: %w", err) } - if reqName == mgmts.Items[0].Name { // mgmt name == scheduled-backup - return TypeSchedule, nil + if len(mgmts.Items) == 0 { + return nil, ErrNoManagementExists } - return TypeBackup, nil + return &mgmts.Items[0], nil } diff --git a/internal/controller/backup_controller.go b/internal/controller/backup_controller.go deleted file mode 100644 index 26493e2ae..000000000 --- a/internal/controller/backup_controller.go +++ /dev/null @@ -1,166 +0,0 @@ -// Copyright 2024 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - "fmt" - "os" - "strings" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/client-go/rest" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/builder" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" - - hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" - "github.com/K0rdent/kcm/internal/controller/backup" -) - -// BackupReconciler reconciles a Backup object -type BackupReconciler struct { - client.Client - - kc *rest.Config - - image string - systemNamespace string - features []string - - requeueAfter time.Duration -} - -func (r *BackupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - l := ctrl.LoggerFrom(ctx) - - backupInstance := new(hmcv1alpha1.Backup) - err := r.Client.Get(ctx, req.NamespacedName, backupInstance) - if ierr := client.IgnoreNotFound(err); ierr != nil { - l.Error(ierr, "unable to fetch Backup") - return ctrl.Result{}, ierr - } - - bcfg := backup.NewConfig(r.Client, r.kc, - backup.WithFeatures(r.features...), - backup.WithRequeueAfter(r.requeueAfter), - backup.WithVeleroImage(r.image), - backup.WithVeleroSystemNamespace(r.systemNamespace), - ) - - if apierrors.IsNotFound(err) { - // if non-scheduled backup is not found(deleted), then just skip the error - // if scheduled backup is not found, then it either does not exist yet - // and we should create it, or it has been removed; - // if the latter is the case, we either should re-create it once again - // or do nothing if mgmt backup is disabled - mgmt := new(hmcv1alpha1.Management) - if err := r.Client.Get(ctx, req.NamespacedName, mgmt); err != nil { - l.Error(err, "unable to fetch Management") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - if !mgmt.Spec.Backup.Enabled { - l.Info("Management backup is disabled, nothing to do") - return ctrl.Result{}, nil - } - - l.Info("Reconciling velero stack") - installRes, err := bcfg.ReconcileVeleroInstallation(ctx) - if err != nil { - l.Error(err, "velero installation") - return ctrl.Result{}, err - } - if installRes.Requeue || installRes.RequeueAfter > 0 { - return installRes, nil - } - - // required during creation - backupInstance.Name = req.Name - backupInstance.Namespace = req.Namespace - } - - btype, err := bcfg.GetBackupType(ctx, backupInstance, req.Name) - if err != nil { - l.Error(err, "failed to determine backup type") - return ctrl.Result{}, err - } - - switch btype { - case backup.TypeNone: - l.Info("There are nothing to reconcile, management does not exists") - // TODO: do we need to reconcile/delete/pause schedules in this case? - return ctrl.Result{}, nil - case backup.TypeBackup: - return ctrl.Result{}, bcfg.ReconcileBackup(ctx, backupInstance) - case backup.TypeSchedule: - return ctrl.Result{}, bcfg.ReconcileScheduledBackup(ctx, backupInstance) - } - - return ctrl.Result{}, nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *BackupReconciler) SetupWithManager(mgr ctrl.Manager) error { - r.kc = mgr.GetConfig() - - const reqDuration = "BACKUP_CTRL_REQUEUE_DURATION" - r.features = strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_FEATURES"), ", ", ","), ",") - r.systemNamespace = os.Getenv("BACKUP_SYSTEM_NAMESPACE") - r.image = os.Getenv("BACKUP_BASIC_IMAGE") - d, err := time.ParseDuration(os.Getenv(reqDuration)) - if err != nil { - return fmt.Errorf("failed to parse env %s duration: %w", reqDuration, err) - } - r.requeueAfter = d - - return ctrl.NewControllerManagedBy(mgr). - For(&hmcv1alpha1.Backup{}). - Watches(&hmcv1alpha1.Management{}, handler.EnqueueRequestsFromMapFunc(func(_ context.Context, o client.Object) []ctrl.Request { - return []ctrl.Request{{NamespacedName: client.ObjectKeyFromObject(o)}} - }), builder.WithPredicates( // watch mgmt.spec.backup to manage the (only) scheduled Backup - predicate.Funcs{ - GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, - DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, - CreateFunc: func(tce event.TypedCreateEvent[client.Object]) bool { - mgmt, ok := tce.Object.(*hmcv1alpha1.Management) - if !ok { - return false - } - - return mgmt.Spec.Backup.Enabled - }, - UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { - oldMgmt, ok := tue.ObjectOld.(*hmcv1alpha1.Management) - if !ok { - return false - } - - newMgmt, ok := tue.ObjectNew.(*hmcv1alpha1.Management) - if !ok { - return false - } - - return (newMgmt.Spec.Backup.Enabled != oldMgmt.Spec.Backup.Enabled || - newMgmt.Spec.Backup.Schedule != oldMgmt.Spec.Backup.Schedule) - }, - }, - )). - Complete(r) -} diff --git a/internal/controller/credential_controller.go b/internal/controller/credential_controller.go index 77ce04f2e..1689e446a 100644 --- a/internal/controller/credential_controller.go +++ b/internal/controller/credential_controller.go @@ -81,6 +81,11 @@ func (r *CredentialReconciler) Reconcile(ctx context.Context, req ctrl.Request) return ctrl.Result{}, err } + if err := utils.AddHMCComponentLabel(ctx, r.Client, clIdty); err != nil { + l.Error(err, "adding component label to the ClusterIdentity") + return ctrl.Result{}, err + } + apimeta.SetStatusCondition(cred.GetConditions(), metav1.Condition{ Type: hmc.CredentialReadyCondition, Status: metav1.ConditionTrue, diff --git a/internal/controller/management_backup_controller.go b/internal/controller/management_backup_controller.go new file mode 100644 index 000000000..35dba1322 --- /dev/null +++ b/internal/controller/management_backup_controller.go @@ -0,0 +1,264 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package controller + +import ( + "context" + "errors" + "fmt" + "os" + "strings" + "time" + + velerov1api "github.com/zerospiel/velero/pkg/apis/velero/v1" + appsv1 "k8s.io/api/apps/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/rest" + "k8s.io/client-go/util/workqueue" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" + + hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" + "github.com/K0rdent/kcm/internal/controller/backup" +) + +// ManagementBackupReconciler reconciles a ManagementBackup object +type ManagementBackupReconciler struct { + client.Client + + config *backup.Config +} + +func (r *ManagementBackupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + l := ctrl.LoggerFrom(ctx) + + backupInstance := new(hmcv1alpha1.ManagementBackup) + err := r.Client.Get(ctx, req.NamespacedName, backupInstance) + if ierr := client.IgnoreNotFound(err); ierr != nil { + l.Error(ierr, "unable to fetch ManagementBackup") + return ctrl.Result{}, ierr + } + + instanceIsNotFound := apierrors.IsNotFound(err) + + mgmt, err := r.config.GetManagement(ctx) + if err != nil && !errors.Is(err, backup.ErrNoManagementExists) { // error during list + return ctrl.Result{}, err + } + + btype := backup.GetType(backupInstance) + if errors.Is(err, backup.ErrNoManagementExists) { + // no mgmt, if backup is not found then nothing to do + if instanceIsNotFound { + l.Info("No Management object exists, ManagementBackup object has not been found, nothing to do") + return ctrl.Result{}, nil + } + + // backup exists, disable if schedule and active, otherwise proceed with reconciliation (status updates) + if btype == backup.TypeSchedule { + if err := r.config.DisableSchedule(ctx, backupInstance); err != nil { + l.Error(err, "failed to disable scheduled ManagementBackup") + return ctrl.Result{}, err + } + } + } + + requestEqualsMgmt := mgmt != nil && req.Name == mgmt.Name && req.Namespace == mgmt.Namespace + if instanceIsNotFound { // mgmt exists + if !requestEqualsMgmt { // oneshot backup + l.Info("ManagementBackup object has not been found, nothing to do") + return ctrl.Result{}, nil + } + + btype = backup.TypeSchedule + + // required during creation + backupInstance.Name = req.Name + backupInstance.Namespace = req.Namespace + } + + if requestEqualsMgmt { + l.Info("Reconciling velero stack parts") + installRes, err := r.config.ReconcileVeleroInstallation(ctx, mgmt) + if err != nil { + l.Error(err, "velero stack installation") + return ctrl.Result{}, err + } + + if !installRes.IsZero() { + return installRes, nil + } + } + + if btype == backup.TypeNone { + if requestEqualsMgmt { + btype = backup.TypeSchedule + } else { + btype = backup.TypeBackup + } + } + + switch btype { + case backup.TypeBackup: + return ctrl.Result{}, r.config.ReconcileBackup(ctx, backupInstance) + case backup.TypeSchedule: + return ctrl.Result{}, r.config.ReconcileScheduledBackup(ctx, backupInstance, mgmt.GetBackupSchedule()) + case backup.TypeNone: + fallthrough + default: + return ctrl.Result{}, nil + } +} + +// SetupWithManager sets up the controller with the Manager. +func (r *ManagementBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { + var err error + r.config, err = parseEnvsToConfig(r.Client, mgr) + if err != nil { + return fmt.Errorf("failed to parse envs: %w", err) + } + + // NOTE: without installed CRDs it is impossible to initialize informers + // and the uncached client is required because it this point the manager + // still has not started the cache yet + uncachedCl, err := client.New(mgr.GetConfig(), client.Options{Cache: nil}) + if err != nil { + return fmt.Errorf("failed to create uncached client: %w", err) + } + + if err := r.config.InstallVeleroCRDs(uncachedCl); err != nil { + return fmt.Errorf("failed to install velero CRDs: %w", err) + } + + return ctrl.NewControllerManagedBy(mgr). + For(&hmcv1alpha1.ManagementBackup{}). + Owns(&velerov1api.Backup{}, + builder.WithPredicates( + predicate.Funcs{ + GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, + DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, + }, + ), + builder.MatchEveryOwner, + ). + Owns(&velerov1api.Schedule{}, builder.WithPredicates( + predicate.Funcs{ + GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, + DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, + }, + )). + Watches(&velerov1api.BackupStorageLocation{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []ctrl.Request { + mgmt, err := r.config.GetManagement(ctx) + if err != nil { + return []ctrl.Request{} + } + + return []ctrl.Request{{NamespacedName: client.ObjectKeyFromObject(mgmt)}} + }), builder.WithPredicates( + predicate.Funcs{ + GenericFunc: func(event.TypedGenericEvent[client.Object]) bool { return false }, + DeleteFunc: func(event.TypedDeleteEvent[client.Object]) bool { return false }, + CreateFunc: func(event.TypedCreateEvent[client.Object]) bool { return true }, + UpdateFunc: func(tue event.TypedUpdateEvent[client.Object]) bool { + oldBSL, ok := tue.ObjectOld.(*velerov1api.BackupStorageLocation) + if !ok { + return false + } + + newBSL, ok := tue.ObjectNew.(*velerov1api.BackupStorageLocation) + if !ok { + return false + } + + return newBSL.Spec.Provider != oldBSL.Spec.Provider + }, + }, + )). + Watches(&hmcv1alpha1.Management{}, handler.Funcs{ + GenericFunc: nil, + DeleteFunc: func(_ context.Context, tde event.TypedDeleteEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { + q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tde.Object)}) // disable schedule on mgmt absence + }, + CreateFunc: func(_ context.Context, tce event.TypedCreateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { + mgmt, ok := tce.Object.(*hmcv1alpha1.Management) + if !ok || !mgmt.Spec.Backup.Enabled { + return + } + + q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tce.Object)}) + }, + UpdateFunc: func(_ context.Context, tue event.TypedUpdateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { + oldMgmt, ok := tue.ObjectOld.(*hmcv1alpha1.Management) + if !ok { + return + } + + newMgmt, ok := tue.ObjectNew.(*hmcv1alpha1.Management) + if !ok { + return + } + + if newMgmt.Spec.Backup.Enabled == oldMgmt.Spec.Backup.Enabled && + newMgmt.Spec.Backup.Schedule == oldMgmt.Spec.Backup.Schedule { + return + } + + q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(tue.ObjectNew)}) + }, + }). + Watches(&appsv1.Deployment{}, handler.Funcs{ + GenericFunc: nil, + DeleteFunc: nil, + CreateFunc: nil, + UpdateFunc: func(ctx context.Context, tue event.TypedUpdateEvent[client.Object], q workqueue.TypedRateLimitingInterface[ctrl.Request]) { + if tue.ObjectNew.GetNamespace() != r.config.GetVeleroSystemNamespace() || tue.ObjectNew.GetName() != backup.VeleroName { + return + } + + mgmt, err := r.config.GetManagement(ctx) + if err != nil { + return + } + + q.Add(ctrl.Request{NamespacedName: client.ObjectKeyFromObject(mgmt)}) + }, + }). + Complete(r) +} + +func parseEnvsToConfig(cl client.Client, mgr interface { + GetScheme() *runtime.Scheme + GetConfig() *rest.Config +}, +) (*backup.Config, error) { + const reqDurationEnv = "BACKUP_CTRL_REQUEUE_DURATION" + requeueAfter, err := time.ParseDuration(os.Getenv(reqDurationEnv)) + if err != nil { + return nil, fmt.Errorf("failed to parse env %s duration: %w", reqDurationEnv, err) + } + + return backup.NewConfig(cl, mgr.GetConfig(), mgr.GetScheme(), + backup.WithFeatures(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_FEATURES"), ", ", ","), ",")...), + backup.WithRequeueAfter(requeueAfter), + backup.WithVeleroImage(os.Getenv("BACKUP_BASIC_IMAGE")), + backup.WithVeleroSystemNamespace(os.Getenv("BACKUP_SYSTEM_NAMESPACE")), + backup.WithPluginImages(strings.Split(strings.ReplaceAll(os.Getenv("BACKUP_PLUGIN_IMAGES"), ", ", ","), ",")...), + ), nil +} diff --git a/internal/controller/backup_controller_test.go b/internal/controller/management_backup_controller_test.go similarity index 89% rename from internal/controller/backup_controller_test.go rename to internal/controller/management_backup_controller_test.go index 6e78a71ca..7eb14495f 100644 --- a/internal/controller/backup_controller_test.go +++ b/internal/controller/management_backup_controller_test.go @@ -15,8 +15,6 @@ package controller import ( - "context" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/api/errors" @@ -30,19 +28,17 @@ var _ = Describe("Backup Controller", func() { Context("When reconciling a resource", func() { const resourceName = "test-resource" - ctx := context.Background() - typeNamespacedName := types.NamespacedName{ Name: resourceName, Namespace: metav1.NamespaceAll, } - backup := &hmcmirantiscomv1alpha1.Backup{} + backup := &hmcmirantiscomv1alpha1.ManagementBackup{} BeforeEach(func() { By("creating the custom resource for the Kind Backup") err := k8sClient.Get(ctx, typeNamespacedName, backup) if err != nil && errors.IsNotFound(err) { - resource := &hmcmirantiscomv1alpha1.Backup{ + resource := &hmcmirantiscomv1alpha1.ManagementBackup{ ObjectMeta: metav1.ObjectMeta{ Name: resourceName, Namespace: metav1.NamespaceAll, @@ -53,7 +49,7 @@ var _ = Describe("Backup Controller", func() { }) AfterEach(func() { - resource := &hmcmirantiscomv1alpha1.Backup{} + resource := &hmcmirantiscomv1alpha1.ManagementBackup{} err := k8sClient.Get(ctx, typeNamespacedName, resource) Expect(err).NotTo(HaveOccurred()) @@ -63,7 +59,7 @@ var _ = Describe("Backup Controller", func() { It("should successfully reconcile the resource", func() { By("Reconciling the created resource") - controllerReconciler := &BackupReconciler{ + controllerReconciler := &ManagementBackupReconciler{ Client: k8sClient, } _ = controllerReconciler diff --git a/internal/webhook/management_webhook_test.go b/internal/webhook/management_webhook_test.go index cfa0c49ce..e23e2a3a1 100644 --- a/internal/webhook/management_webhook_test.go +++ b/internal/webhook/management_webhook_test.go @@ -446,13 +446,13 @@ func TestManagementDefault(t *testing.T) { }{ { name: "should not set default backup schedule if already set", - input: management.NewManagement(management.WithBackup(v1alpha1.ManagementBackup{Enabled: true, Schedule: "0"})), - expected: management.NewManagement(management.WithBackup(v1alpha1.ManagementBackup{Enabled: true, Schedule: "0"})), + input: management.NewManagement(management.WithBackup(v1alpha1.Backup{Enabled: true, Schedule: "0"})), + expected: management.NewManagement(management.WithBackup(v1alpha1.Backup{Enabled: true, Schedule: "0"})), }, { name: "should set every six hours default backup schedule if backup is enabled but not set", - input: management.NewManagement(management.WithBackup(v1alpha1.ManagementBackup{Enabled: true})), - expected: management.NewManagement(management.WithBackup(v1alpha1.ManagementBackup{Enabled: true, Schedule: "0 */6 * * *"})), + input: management.NewManagement(management.WithBackup(v1alpha1.Backup{Enabled: true})), + expected: management.NewManagement(management.WithBackup(v1alpha1.Backup{Enabled: true, Schedule: "0 */6 * * *"})), }, { name: "should not set schedule if backup is disabled", diff --git a/internal/webhook/managementbackup_webhook.go b/internal/webhook/managementbackup_webhook.go new file mode 100644 index 000000000..9233247de --- /dev/null +++ b/internal/webhook/managementbackup_webhook.go @@ -0,0 +1,72 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package webhook + +import ( + "context" + "fmt" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" +) + +type ManagementBackupValidator struct { + client.Client +} + +// SetupWebhookWithManager will setup the manager to manage the webhooks +func (v *ManagementBackupValidator) SetupWebhookWithManager(mgr ctrl.Manager) error { + v.Client = mgr.GetClient() + return ctrl.NewWebhookManagedBy(mgr). + For(&hmcv1alpha1.Release{}). + WithValidator(v). + Complete() +} + +var _ webhook.CustomValidator = &ManagementBackupValidator{} + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type +func (v *ManagementBackupValidator) ValidateCreate(ctx context.Context, _ runtime.Object) (admission.Warnings, error) { + return v.validateBackupEnabled(ctx) +} + +func (v *ManagementBackupValidator) validateBackupEnabled(ctx context.Context) (admission.Warnings, error) { + mgmt, err := getManagement(ctx, v.Client) + if err != nil { + return nil, fmt.Errorf("failed to get Management: %w", err) + } + + if !mgmt.Spec.Backup.Enabled { + return admission.Warnings{"Management backup feature is disabled"}, apierrors.NewBadRequest("management backup is disabled, create or update of ManagementBackup objects disabled") + } + + return nil, nil +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type +func (v *ManagementBackupValidator) ValidateUpdate(ctx context.Context, _, _ runtime.Object) (admission.Warnings, error) { + return v.validateBackupEnabled(ctx) +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type +func (*ManagementBackupValidator) ValidateDelete(context.Context, runtime.Object) (admission.Warnings, error) { + return nil, nil +} diff --git a/internal/webhook/managementbackup_webhook_test.go b/internal/webhook/managementbackup_webhook_test.go new file mode 100644 index 000000000..4a59aef01 --- /dev/null +++ b/internal/webhook/managementbackup_webhook_test.go @@ -0,0 +1,74 @@ +// Copyright 2024 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package webhook + +import ( + "context" + "testing" + + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + hmcv1alpha1 "github.com/K0rdent/kcm/api/v1alpha1" + "github.com/K0rdent/kcm/test/objects/management" + "github.com/K0rdent/kcm/test/scheme" +) + +func TestManagementBackup_validateBackupEnabled(t *testing.T) { + g := NewWithT(t) + + tests := []struct { + name string + existingObjects []runtime.Object + err string + }{ + { + name: "should fail if > 1 Management", + existingObjects: []runtime.Object{management.NewManagement(), management.NewManagement(management.WithName("second"))}, + err: "failed to get Management: expected 1 Management object, got 2", + }, + { + name: "should fail if no Management", + err: "failed to get Management: " + errManagementIsNotFound.Error(), + }, + { + name: "should fail if backup is disabled", + existingObjects: []runtime.Object{management.NewManagement()}, + err: "management backup is disabled, create or update of ManagementBackup objects disabled", + }, + { + name: "should succeed if backup is enabled", + existingObjects: []runtime.Object{management.NewManagement(management.WithBackup(hmcv1alpha1.Backup{Enabled: true}))}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(_ *testing.T) { + c := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(tt.existingObjects...).Build() + validator := &ManagementBackupValidator{Client: c} + + ctx := context.Background() + + _, err := validator.validateBackupEnabled(ctx) + if tt.err != "" { + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(MatchError(tt.err)) + } else { + g.Expect(err).To(Succeed()) + } + }) + } +} diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managementbackups.yaml similarity index 88% rename from templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml rename to templates/provider/hmc/templates/crds/hmc.mirantis.com_managementbackups.yaml index 2cf4717bb..e455a0f7c 100644 --- a/templates/provider/hmc/templates/crds/hmc.mirantis.com_backups.yaml +++ b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managementbackups.yaml @@ -4,20 +4,50 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 - name: backups.hmc.mirantis.com + name: managementbackups.hmc.mirantis.com spec: group: hmc.mirantis.com names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup + kind: ManagementBackup + listKind: ManagementBackupList + plural: managementbackups + shortNames: + - hmcbackup + - mgmtbackup + singular: managementbackup scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Next scheduled attempt to back up + jsonPath: .status.nextAttempt + name: NextBackup + type: string + - description: Schedule phase + jsonPath: .status.schedule.phase + name: Status + type: string + - description: Time elapsed since last backup run + jsonPath: .status.schedule.lastBackup + name: SinceLastBackup + priority: 1 + type: date + - description: Status of last backup run + jsonPath: .status.lastBackup.phase + name: LastBackupStatus + type: string + - description: Time elapsed since object creation + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Schedule is on pause + jsonPath: .status.schedulePaused + name: Paused + priority: 1 + type: boolean + name: v1alpha1 schema: openAPIV3Schema: - description: Backup is the Schema for the backups API + description: ManagementBackup is the Schema for the backups API properties: apiVersion: description: |- @@ -37,16 +67,10 @@ spec: metadata: type: object spec: - description: BackupSpec defines the desired state of Backup - properties: - oneshot: - description: |- - Oneshot indicates whether the Backup should not be scheduled - and rather created immediately and only once. - type: boolean + description: ManagementBackupSpec defines the desired state of ManagementBackup type: object status: - description: BackupStatus defines the observed state of Backup + description: ManagementBackupStatus defines the observed state of ManagementBackup properties: lastBackup: description: Last Velero Backup that has been created. @@ -197,7 +221,7 @@ spec: nextAttempt: description: |- NextAttempt indicates the time when the next scheduled backup will be performed. - Always absent for the Backups with the .spec.oneshot set to true. + Always absent for the ManagementBackups with a schedule. format: date-time type: string reference: @@ -248,7 +272,7 @@ spec: schedule: description: |- Status of the Velero Schedule for the Management scheduled backups. - Always absent for the Backups with the .spec.oneshot set to true. + Always absent for the ManagementBackups with a schedule. properties: lastBackup: description: |- @@ -277,6 +301,9 @@ spec: type: string type: array type: object + schedulePaused: + description: SchedulePaused indicates if the Velero Schedule is paused. + type: boolean type: object type: object served: true diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml index 93ac004f4..7424ffd4e 100644 --- a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml +++ b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managements.yaml @@ -43,20 +43,36 @@ spec: description: ManagementSpec defines the desired state of Management properties: backup: - description: ManagementBackup enables a feature to backup HMC objects - into a cloud. + description: Backup enables a feature to backup HMC objects into a + cloud. properties: + customPlugins: + additionalProperties: + type: string + description: "CustomPlugins holds key value pairs with [Velero] + [community] and [custom] plugins, where:\n\t- key represents + the provider's name in the format [velero.io/];\n\t- + value represents the provider's plugin name;\n\nProvider name + must be exactly the same as in a [BackupStorageLocation] object.\n\n[Velero]: + https://velero.io\n[community] and third-party plugins]: https://velero.io/docs/v1.15/supported-providers/#provider-plugins-maintained-by-the-velero-community\n[custom]: + https://velero.io/docs/v1.15/custom-plugins/\n[BackupStorageLocation]: + https://velero.io/docs/v1.15/api-types/backupstoragelocation/" + example: + customPlugins: + alibabacloud: registry..aliyuncs.com/acs/velero:1.4.2 + community.openstack.org/openstack: lirt/velero-plugin-for-openstack:v0.6.0 + type: object enabled: description: |- Flag to indicate whether the backup feature is enabled. If set to true, [Velero] platform will be installed. - If set to false, creation or modification of Backups/Restores will be blocked. + If set to false, creation or modification of ManagementBackups will be blocked. [Velero]: https://velero.io type: boolean schedule: description: |- - Schedule is a Cron expression defining when to run the scheduled Backup. + Schedule is a Cron expression defining when to run the scheduled ManagementBackup. Default value is to backup every 6 hours. type: string type: object diff --git a/templates/provider/hmc/templates/deployment.yaml b/templates/provider/hmc/templates/deployment.yaml index d2fcbe938..86d3fb5fc 100644 --- a/templates/provider/hmc/templates/deployment.yaml +++ b/templates/provider/hmc/templates/deployment.yaml @@ -47,6 +47,8 @@ spec: value: {{ .Values.controller.backup.namespace }} - name: BACKUP_CTRL_REQUEUE_DURATION value: {{ .Values.controller.backup.requeue }} + - name: BACKUP_PLUGIN_IMAGES + value: {{ join "," .Values.controller.backup.veleroPluginImages | quote }} image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/templates/provider/hmc/templates/rbac/controller/roles.yaml b/templates/provider/hmc/templates/rbac/controller/roles.yaml index 22876c277..41659e811 100644 --- a/templates/provider/hmc/templates/rbac/controller/roles.yaml +++ b/templates/provider/hmc/templates/rbac/controller/roles.yaml @@ -183,7 +183,8 @@ rules: - awsclusterroleidentities - azureclusteridentities - vsphereclusteridentities - verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }} + verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} + - update # required for the managementbackups-ctrl - apiGroups: - config.projectsveltos.io resources: @@ -215,23 +216,24 @@ rules: resources: - secrets verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - - create -# backup-ctrl + - create # required for the managementbackups-ctrl + - update # required for the managementbackups-ctrl +# managementbackups-ctrl - apiGroups: - hmc.mirantis.com resources: - - backups + - managementbackups verbs: {{ include "rbac.editorVerbs" . | nindent 4 }} - apiGroups: - hmc.mirantis.com resources: - - backups/finalizers + - managementbackups/finalizers verbs: - update - apiGroups: - hmc.mirantis.com resources: - - backups/status + - managementbackups/status verbs: - get - patch @@ -243,6 +245,7 @@ rules: - namespaces verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - create + - update - apiGroups: - apps resources: @@ -260,6 +263,7 @@ rules: - roles verbs: {{ include "rbac.viewerVerbs" . | nindent 2 }} - create + - update - apiGroups: - apiextensions.k8s.io resources: @@ -279,7 +283,7 @@ rules: verbs: - list - get -# backup-ctrl +# managementbackups-ctrl --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/templates/provider/hmc/templates/rbac/user-facing/backup-editor.yaml b/templates/provider/hmc/templates/rbac/user-facing/managementbackup-editor.yaml similarity index 79% rename from templates/provider/hmc/templates/rbac/user-facing/backup-editor.yaml rename to templates/provider/hmc/templates/rbac/user-facing/managementbackup-editor.yaml index 1b977a065..168c843d6 100644 --- a/templates/provider/hmc/templates/rbac/user-facing/backup-editor.yaml +++ b/templates/provider/hmc/templates/rbac/user-facing/managementbackup-editor.yaml @@ -1,4 +1,4 @@ -# permissions for end users to edit backups. +# permissions for end users to edit managementbackups. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -9,8 +9,8 @@ rules: - apiGroups: - hmc.mirantis.com resources: - - backups - - backups/status + - managementbackups + - managementbackups/status verbs: {{ include "rbac.editorVerbs" . | nindent 6 }} - apiGroups: - velero.io diff --git a/templates/provider/hmc/templates/rbac/user-facing/backup-viewer.yaml b/templates/provider/hmc/templates/rbac/user-facing/managementbackup-viewer.yaml similarity index 79% rename from templates/provider/hmc/templates/rbac/user-facing/backup-viewer.yaml rename to templates/provider/hmc/templates/rbac/user-facing/managementbackup-viewer.yaml index c6b57f6fe..a0713cd3b 100644 --- a/templates/provider/hmc/templates/rbac/user-facing/backup-viewer.yaml +++ b/templates/provider/hmc/templates/rbac/user-facing/managementbackup-viewer.yaml @@ -1,4 +1,4 @@ -# permissions for end users to view backups. +# permissions for end users to view managementbackups. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -9,8 +9,8 @@ rules: - apiGroups: - hmc.mirantis.com resources: - - backups - - backups/status + - managementbackups + - managementbackups/status verbs: {{ include "rbac.viewerVerbs" . | nindent 6 }} - apiGroups: - velero.io diff --git a/templates/provider/hmc/templates/webhooks.yaml b/templates/provider/hmc/templates/webhooks.yaml index 6a8dfe3db..c2213ef2b 100644 --- a/templates/provider/hmc/templates/webhooks.yaml +++ b/templates/provider/hmc/templates/webhooks.yaml @@ -341,4 +341,25 @@ webhooks: resources: - releases sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "hmc.webhook.serviceName" . }} + namespace: {{ include "hmc.webhook.serviceNamespace" . }} + path: /validate-hmc-mirantis-com-v1alpha1-managementbackup + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.managementbackup.hmc.mirantis.com + rules: + - apiGroups: + - hmc.mirantis.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - managementbackups + sideEffects: None {{- end }} diff --git a/templates/provider/hmc/values.yaml b/templates/provider/hmc/values.yaml index 0a8795687..f0cbc0c6f 100644 --- a/templates/provider/hmc/values.yaml +++ b/templates/provider/hmc/values.yaml @@ -23,6 +23,10 @@ controller: name: velero tag: v1.15.0 requeue: 5s + veleroPluginImages: + - velero/velero-plugin-for-aws:v1.11.0 + - velero/velero-plugin-for-microsoft-azure:v1.11.0 + - velero/velero-plugin-for-gcp:v1.11.0 containerSecurityContext: allowPrivilegeEscalation: false diff --git a/test/objects/management/management.go b/test/objects/management/management.go index 77ae435ba..605f3c196 100644 --- a/test/objects/management/management.go +++ b/test/objects/management/management.go @@ -90,7 +90,7 @@ func WithRelease(v string) Opt { } } -func WithBackup(v v1alpha1.ManagementBackup) Opt { +func WithBackup(v v1alpha1.Backup) Opt { return func(management *v1alpha1.Management) { management.Spec.Backup = v }