From f0c17e061f8494739a238f409b72956330adc281 Mon Sep 17 00:00:00 2001 From: Jean-Marc ANDRE Date: Mon, 6 Mar 2023 23:04:39 +0100 Subject: [PATCH] The BackupSession controller in the sidecar should get the latest informtation about the repository everytime it reconciles because it might change --- api/v1alpha1/repo_types.go | 52 ------------------- .../backupconfiguration_controller_helpers.go | 12 +++-- 2 files changed, 8 insertions(+), 56 deletions(-) diff --git a/api/v1alpha1/repo_types.go b/api/v1alpha1/repo_types.go index b4de2d8..8959a8e 100644 --- a/api/v1alpha1/repo_types.go +++ b/api/v1alpha1/repo_types.go @@ -17,10 +17,8 @@ limitations under the License. package v1alpha1 import ( - "fmt" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "strings" ) const ( @@ -85,53 +83,3 @@ type RepoList struct { func init() { SchemeBuilder.Register(&Repo{}, &RepoList{}) } - -func (repo *Repo) GetResticEnv(backupConf BackupConfiguration) []corev1.EnvVar { - env := []corev1.EnvVar{} - if repo.Spec.Backend.S3 != nil { - url := fmt.Sprintf("s3:http://%s/%s/%s-%s", - repo.Spec.Backend.S3.Server, - repo.Spec.Backend.S3.Bucket, - strings.ToUpper(backupConf.Namespace), - strings.ToLower(backupConf.Name)) - env = append(env, corev1.EnvVar{ - Name: RESTIC_REPOSITORY, - Value: url, - }) - for _, key := range []string{ - AWS_ACCESS_KEY_ID, - AWS_SECRET_ACCESS_KEY, - } { - env = append(env, corev1.EnvVar{ - Name: key, - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: repo.Spec.RepositorySecrets, - }, - Key: key, - }, - }, - }) - } - } - if repo.Spec.Backend.Local != nil { - env = append(env, corev1.EnvVar{ - Name: RESTIC_REPOSITORY, - Value: RESTIC_REPO_PATH, - }) - } - env = append(env, corev1.EnvVar{ - Name: RESTIC_PASSWORD, - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: repo.Spec.RepositorySecrets, - }, - Key: RESTIC_PASSWORD, - }, - }, - }) - - return env -} diff --git a/controllers/backupconfiguration_controller_helpers.go b/controllers/backupconfiguration_controller_helpers.go index a2d484a..a6828ad 100644 --- a/controllers/backupconfiguration_controller_helpers.go +++ b/controllers/backupconfiguration_controller_helpers.go @@ -253,12 +253,11 @@ func (r *BackupConfigurationReconciler) addSidecar(backupConf formolv1alpha1.Bac return err } r.Log.V(1).Info("Got Repository", "repo", repo) - env := repo.GetResticEnv(backupConf) sidecar := corev1.Container{ Name: formolv1alpha1.SIDECARCONTAINER_NAME, Image: backupConf.Spec.Image, Args: []string{"backupsession", "server"}, - Env: append(env, + Env: []corev1.EnvVar{ corev1.EnvVar{ Name: formolv1alpha1.TARGET_NAME, Value: target.TargetName, @@ -270,7 +269,7 @@ func (r *BackupConfigurationReconciler) addSidecar(backupConf formolv1alpha1.Bac FieldPath: "metadata.namespace", }, }, - }), + }}, VolumeMounts: []corev1.VolumeMount{}, SecurityContext: &corev1.SecurityContext{ Privileged: func() *bool { b := true; return &b }(), @@ -379,7 +378,12 @@ func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccou rbacv1.PolicyRule{ Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"formol.desmojim.fr"}, - Resources: []string{"restoresessions", "backupsessions", "backupconfigurations", "functions", "repos"}, + Resources: []string{"restoresessions", "backupsessions", "backupconfigurations", "functions", "repoes"}, + }, + rbacv1.PolicyRule{ + Verbs: []string{"get", "list", "watch"}, + APIGroups: []string{""}, + Resources: []string{"secrets"}, }, rbacv1.PolicyRule{ Verbs: []string{"get", "list", "watch", "create", "update", "patch", "delete"},