Skip to content

Commit

Permalink
fix nfs backup failure with latest changes for anyuid support
Browse files Browse the repository at this point in the history
  • Loading branch information
dbinnal-px committed Nov 22, 2024
1 parent aa96fee commit bddd4be
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 40 deletions.
6 changes: 0 additions & 6 deletions pkg/drivers/nfsbackup/nfsbackup.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,12 +146,6 @@ func buildJob(
return nil, fmt.Errorf(errMsg)
}

if err := utils.SetupRoleBindingForSCC(jobOptions.RestoreExportName, jobOptions.Namespace, jobOptions.SourcePVCName); err != nil {
errMsg := fmt.Sprintf("error creating role binding %s/%s: %v", jobOptions.Namespace, jobOptions.RestoreExportName, err)
logrus.Errorf("%s: %v", funct, errMsg)
return nil, fmt.Errorf(errMsg)
}

resources, err := utils.NFSResourceRequirements(jobOptions.JobConfigMap, jobOptions.JobConfigMapNs)
if err != nil {
return nil, err
Expand Down
6 changes: 0 additions & 6 deletions pkg/drivers/nfscsirestore/nfscsirestore.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,6 @@ func buildJob(
return nil, fmt.Errorf(errMsg)
}

if err := utils.SetupRoleBindingForSCC(jobName, jobOptions.Namespace, jobOptions.DestinationPVCName); err != nil {
errMsg := fmt.Sprintf("error creating role binding %s/%s: %v", jobOptions.Namespace, jobName, err)
logrus.Errorf("%s: %v", funct, errMsg)
return nil, fmt.Errorf(errMsg)
}

resources, err := utils.NFSResourceRequirements(jobOptions.JobConfigMap, jobOptions.JobConfigMapNs)
if err != nil {
return nil, err
Expand Down
6 changes: 0 additions & 6 deletions pkg/drivers/nfsrestore/nfsrestore.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,6 @@ func buildJob(
return nil, fmt.Errorf(errMsg)
}

if err := utils.SetupRoleBindingForSCC(jobOptions.RestoreExportName, jobOptions.Namespace, jobOptions.DestinationPVCName); err != nil {
errMsg := fmt.Sprintf("error creating role binding %s/%s: %v", jobOptions.Namespace, jobOptions.RestoreExportName, err)
logrus.Errorf("%s: %v", funct, errMsg)
return nil, fmt.Errorf(errMsg)
}

resources, err := utils.NFSResourceRequirements(jobOptions.JobConfigMap, jobOptions.JobConfigMapNs)
if err != nil {
return nil, err
Expand Down
10 changes: 5 additions & 5 deletions pkg/drivers/utils/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,17 +144,17 @@ func SetupRoleBindingForSCC(name, namespace, pvcName string) error {
return fmt.Errorf("failed to check if cluster is OCP: %v", err)
}

provisionerName, err := GetProvisionerNameFromPvc(pvcName, namespace)
if err != nil {
return fmt.Errorf("failed to get provisioner name from pvc: %v", err)
}

provisionersListToUseAnyUid, err := GetArrayConfigValue(KdmpConfigmapName, KdmpConfigmapNamespace, provisionersToUseAnyUid)
if err != nil {
logrus.Errorf("failed to extract provisioners list from configmap: %v", err)
return err
}

if len(provisionersListToUseAnyUid) > 0 {
provisionerName, err := GetProvisionerNameFromPvc(pvcName, namespace)
if err != nil {
return fmt.Errorf("failed to get provisioner name from pvc: %v", err)
}
if isOCP && contains(provisionersListToUseAnyUid, provisionerName) {
failed, err := addRoleBindingForScc(name, namespace, AnyUidClusterRoleName)
if failed {
Expand Down
37 changes: 20 additions & 17 deletions pkg/drivers/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -1054,32 +1054,35 @@ func AddSecurityContextToJob(job *batchv1.Job, podUserId, podGroupId, pvcName, p
return nil, err
}

// If PROVISIONERS_TO_USE_ANYUID is set in kdmp-config, then add rolebinding for anyuid SCC
// If PROVISIONERS_TO_USE_ANYUID is set in kdmp-config, then add anyuid SCC to the job pod
provisionersListToUseAnyUid, err := GetArrayConfigValue(KdmpConfigmapName, KdmpConfigmapNamespace, provisionersToUseAnyUid)
if err != nil {
errMsg := fmt.Sprintf("failed to extract provisioners list from configmap: %v", err)
logrus.Errorf(errMsg)
return nil, fmt.Errorf(errMsg)
}

// Get provisioner name from the pvcName, pvcNamespace
provisionerName, err := GetProvisionerNameFromPvc(pvcName, pvcNamespace)
if err != nil {
errMsg := fmt.Sprintf("failed to get provisionerName name for pvc [%s/%s]: %v", pvcNamespace, pvcName, err)
logrus.Errorf(errMsg)
return nil, fmt.Errorf(errMsg)
}

if len(provisionersListToUseAnyUid) > 0 {
if isOcp && contains(provisionersListToUseAnyUid, provisionerName) {
logrus.Infof("PROVISIONERS_TO_USE_ANYUID is set to use, running the job %v with anyuid SCC", job.Name)
// Add the annotation to force the pod to adopt anyuid scc in OCP
// It may not work if the pod's SA doesn't have permission to use anyuid SCC
if job.Spec.Template.Annotations == nil {
job.Spec.Template.Annotations = make(map[string]string)
// In case of nfs backup, nfs restore job pods since they are invoked for resources backup, we don't send any pvcName
if pvcName != "" && pvcNamespace != "" {
// Get provisioner name from the pvcName, pvcNamespace
provisionerName, err := GetProvisionerNameFromPvc(pvcName, pvcNamespace)
if err != nil {
errMsg := fmt.Sprintf("failed to get provisionerName name for pvc [%s/%s]: %v", pvcNamespace, pvcName, err)
logrus.Errorf(errMsg)
return nil, fmt.Errorf(errMsg)
}

if isOcp && contains(provisionersListToUseAnyUid, provisionerName) {
logrus.Infof("PROVISIONERS_TO_USE_ANYUID is set to use, running the job %v with anyuid SCC", job.Name)
// Add the annotation to force the pod to adopt anyuid scc in OCP
// It may not work if the pod's SA doesn't have permission to use anyuid SCC
if job.Spec.Template.Annotations == nil {
job.Spec.Template.Annotations = make(map[string]string)
}
job.Spec.Template.Annotations["openshift.io/required-scc"] = "anyuid"
return job, nil
}
job.Spec.Template.Annotations["openshift.io/required-scc"] = "anyuid"
return job, nil
}
}

Expand Down

0 comments on commit bddd4be

Please sign in to comment.