jandre/formol
1
1
Fork 0
Code Issues 6 Pull Requests Projects Releases 1 Wiki Activity

Compare commits

base: jandre:c20da00e0d035bda57f958a28318b33c1e24b4e1
Branches Tags
jandre:master
jandre:snapshots
jandre:v1.0.0
jandre:0.2.1
jandre:v0.9.1
jandre:v0.9.0
jandre:v0.8.0
jandre:v0.7.1
...
compare: jandre:04c6a55b1af77169fbe42c6df85bfb96a51de73a
Branches Tags
jandre:master
jandre:snapshots
jandre:v1.0.0
jandre:0.2.1
jandre:v0.9.1
jandre:v0.9.0
jandre:v0.8.0
jandre:v0.7.1

2 Commits
c20da00e0d ... 04c6a55b1a

Author SHA1 Message Date
Jean-Marc Andre
04c6a55b1a Test restore 2021-02-11 22:08:03 +01:00
Jean-Marc Andre
077a54079f Added restore functionality. Needs more testing 2021-02-11 22:07:27 +01:00
10 changed files with 466 additions and 29 deletions
Show Stats Expand all files Collapse all files

31
controllers/backupconfiguration_controller.go
View File

@ -18,6 +18,7 @@ package controllers
import ( import (
"context" "context"
"time"
formolrbac "github.com/desmo999r/formol/pkg/rbac" formolrbac "github.com/desmo999r/formol/pkg/rbac"
formolutils "github.com/desmo999r/formol/pkg/utils" formolutils "github.com/desmo999r/formol/pkg/utils"
@ -54,16 +55,15 @@ func (r *BackupConfigurationReconciler) getDeployment(namespace string, name str
return deployment, err return deployment, err
} }
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=backupconfigurations,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=formol.desmojim.fr,resources=*,verbs=*
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=backupconfigurations/status,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=backupsessions/status,verbs=get;list;watch
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=repoes,verbs=get;list;watch
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=batch,resources=cronjobs/status,verbs=get // +kubebuilder:rbac:groups=batch,resources=cronjobs/status,verbs=get
@ -135,7 +135,7 @@ func (r *BackupConfigurationReconciler) addSidecarContainer(backupConf *formolv1
sidecar := corev1.Container{ sidecar := corev1.Container{
Name: "backup", Name: "backup",
Image: "desmo999r/formolcli:latest", Image: "desmo999r/formolcli:latest",
Args: []string{"create", "server"}, Args: []string{"backupsession", "server"},
//Image: "busybox", //Image: "busybox",
//Command: []string{ //Command: []string{
// "sh", // "sh",
@ -190,7 +190,7 @@ func (r *BackupConfigurationReconciler) addSidecarContainer(backupConf *formolv1
} }
log.V(1).Info("getting pods matching label", "label", selector) log.V(1).Info("getting pods matching label", "label", selector)
pods := &corev1.PodList{} pods := &corev1.PodList{}
err = r.List(context.Background(), pods, client.MatchingLabels(selector)) err = r.List(context.Background(), pods, client.InNamespace(backupConf.Namespace), client.MatchingLabels(selector))
if err != nil { if err != nil {
log.Error(err, "unable to get deployment pods") log.Error(err, "unable to get deployment pods")
return nil return nil
@ -220,14 +220,10 @@ func (r *BackupConfigurationReconciler) addSidecarContainer(backupConf *formolv1
deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, sidecar) deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, sidecar)
deployment.Spec.Template.Spec.ShareProcessNamespace = func() *bool { b := true; return &b }() deployment.Spec.Template.Spec.ShareProcessNamespace = func() *bool { b := true; return &b }()
if err := formolrbac.CreateBackupSessionListenerRBAC(r.Client, deployment.Spec.Template.Spec.ServiceAccountName, deployment.Namespace); err != nil { if err := formolrbac.CreateFormolRBAC(r.Client, deployment.Spec.Template.Spec.ServiceAccountName, deployment.Namespace); err != nil {
log.Error(err, "unable to create backupsessionlistener RBAC") log.Error(err, "unable to create backupsessionlistener RBAC")
return nil return nil
} }
if err := formolrbac.CreateBackupSessionStatusUpdaterRBAC(r.Client, "default", backupConf.Namespace); err != nil {
log.Error(err, "unable to create backupsession-statusupdater RBAC")
return nil
}
log.V(0).Info("Adding a sicar container") log.V(0).Info("Adding a sicar container")
if err := r.Update(context.Background(), deployment); err != nil { if err := r.Update(context.Background(), deployment); err != nil {
@ -266,10 +262,11 @@ func (r *BackupConfigurationReconciler) addCronJob(backupConf *formolv1alpha1.Ba
return err return err
} }
if err := formolrbac.CreateBackupSessionCreatorRBAC(r.Client, backupConf.Namespace); err != nil { if err := formolrbac.CreateFormolRBAC(r.Client, "default", backupConf.Namespace); err != nil {
log.Error(err, "unable to create backupsession-creator RBAC") log.Error(err, "unable to create backupsessionlistener RBAC")
return nil return nil
} }
if err := formolrbac.CreateBackupSessionStatusUpdaterRBAC(r.Client, "default", backupConf.Namespace); err != nil { if err := formolrbac.CreateBackupSessionStatusUpdaterRBAC(r.Client, "default", backupConf.Namespace); err != nil {
log.Error(err, "unable to create backupsession-statusupdater RBAC") log.Error(err, "unable to create backupsession-statusupdater RBAC")
return nil return nil
@ -293,8 +290,8 @@ func (r *BackupConfigurationReconciler) addCronJob(backupConf *formolv1alpha1.Ba
Name: "job-createbackupsession-" + backupConf.Name, Name: "job-createbackupsession-" + backupConf.Name,
Image: "desmo999r/formolcli:latest", Image: "desmo999r/formolcli:latest",
Args: []string{ Args: []string{
"create",
"backupsession", "backupsession",
"create",
"--namespace", "--namespace",
backupConf.Namespace, backupConf.Namespace,
"--name", "--name",
@ -323,6 +320,7 @@ func (r *BackupConfigurationReconciler) addCronJob(backupConf *formolv1alpha1.Ba
func (r *BackupConfigurationReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { func (r *BackupConfigurationReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background() ctx := context.Background()
log := r.Log.WithValues("backupconfiguration", req.NamespacedName) log := r.Log.WithValues("backupconfiguration", req.NamespacedName)
time.Sleep(300 * time.Millisecond)
log.V(1).Info("Enter Reconcile with req", "req", req) log.V(1).Info("Enter Reconcile with req", "req", req)
@ -394,7 +392,7 @@ func (r *BackupConfigurationReconciler) deleteExternalResources(backupConf *form
if err != nil { if err != nil {
return err return err
} }
if err := formolrbac.DeleteBackupSessionListenerRBAC(r.Client, deployment.Spec.Template.Spec.ServiceAccountName, deployment.Namespace); err != nil { if err := formolrbac.DeleteFormolRBAC(r.Client, deployment.Spec.Template.Spec.ServiceAccountName, deployment.Namespace); err != nil {
return err return err
} }
if err := r.deleteSidecarContainer(backupConf, target); err != nil { if err := r.deleteSidecarContainer(backupConf, target); err != nil {
@ -405,6 +403,9 @@ func (r *BackupConfigurationReconciler) deleteExternalResources(backupConf *form
} }
} }
// TODO: remove the hardcoded "default" // TODO: remove the hardcoded "default"
if err := formolrbac.DeleteFormolRBAC(r.Client, "default", backupConf.Namespace); err != nil {
return err
}
if err := formolrbac.DeleteBackupSessionStatusUpdaterRBAC(r.Client, "default", backupConf.Namespace); err != nil { if err := formolrbac.DeleteBackupSessionStatusUpdaterRBAC(r.Client, "default", backupConf.Namespace); err != nil {
return err return err
} }

6
controllers/backupsession_controller.go
View File

@ -63,6 +63,7 @@ func (r *BackupSessionReconciler) StatusUpdate() error {
Name: target.Name, Name: target.Name,
Kind: target.Kind, Kind: target.Kind,
SessionState: formolv1alpha1.New, SessionState: formolv1alpha1.New,
StartTime: &metav1.Time{Time: time.Now()},
} }
r.BackupSession.Status.Targets = append(r.BackupSession.Status.Targets, targetStatus) r.BackupSession.Status.Targets = append(r.BackupSession.Status.Targets, targetStatus)
switch target.Kind { switch target.Kind {
@ -247,7 +248,6 @@ func (r *BackupSessionReconciler) IsBackupOngoing() bool {
// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;create;update;patch;delete;watch // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;create;update;patch;delete;watch
func (r *BackupSessionReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { func (r *BackupSessionReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
time.Sleep(100 * time.Millisecond)
log := r.Log.WithValues("backupsession", req.NamespacedName) log := r.Log.WithValues("backupsession", req.NamespacedName)
ctx := context.Background() ctx := context.Background()
@ -338,7 +338,7 @@ func (r *BackupSessionReconciler) CreateBackupJob(target formolv1alpha1.Target)
restic := corev1.Container{ restic := corev1.Container{
Name: "restic", Name: "restic",
Image: "desmo999r/formolcli:latest", Image: "desmo999r/formolcli:latest",
Args: []string{"backup", "volume", "--tag", r.BackupSession.Name, "--path", "/output"}, Args: []string{"volume", "backup", "--tag", r.BackupSession.Name, "--path", "/output"},
VolumeMounts: []corev1.VolumeMount{output}, VolumeMounts: []corev1.VolumeMount{output},
Env: backupSessionEnv, Env: backupSessionEnv,
} }
@ -418,7 +418,7 @@ func (r *BackupSessionReconciler) deleteExternalResources() error {
deleteSnapshots = append(deleteSnapshots, corev1.Container{ deleteSnapshots = append(deleteSnapshots, corev1.Container{
Name: target.Name, Name: target.Name,
Image: "desmo999r/formolcli:latest", Image: "desmo999r/formolcli:latest",
Args: []string{"delete", "snapshot", "--snapshot", target.SnapshotId}, Args: []string{"snapshot", "delete", "--snapshot-id", target.SnapshotId},
Env: env, Env: env,
}) })
} }

125
controllers/restoresession_controller.go
View File

@ -18,16 +18,20 @@ package controllers
import ( import (
"context" "context"
"fmt"
"strings"
"time" "time"
"github.com/go-logr/logr" "github.com/go-logr/logr"
batchv1 "k8s.io/api/batch/v1" batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client"
formolv1alpha1 "github.com/desmo999r/formol/api/v1alpha1" formolv1alpha1 "github.com/desmo999r/formol/api/v1alpha1"
formolutils "github.com/desmo999r/formol/pkg/utils"
) )
// RestoreSessionReconciler reconciles a RestoreSession object // RestoreSessionReconciler reconciles a RestoreSession object
@ -41,6 +45,97 @@ type RestoreSessionReconciler struct {
} }
func (r *RestoreSessionReconciler) CreateRestoreJob(target formolv1alpha1.Target) error { func (r *RestoreSessionReconciler) CreateRestoreJob(target formolv1alpha1.Target) error {
log := r.Log.WithValues("createrestorejob", target.Name)
ctx := context.Background()
restoreSessionEnv := []corev1.EnvVar{
corev1.EnvVar{
Name: "TARGET_NAME",
Value: target.Name,
},
corev1.EnvVar{
Name: "RESTORESESSION_NAME",
Value: r.RestoreSession.Name,
},
corev1.EnvVar{
Name: "RESTORESESSION_NAMESPACE",
Value: r.RestoreSession.Namespace,
},
}
output := corev1.VolumeMount{
Name: "output",
MountPath: "/output",
}
for _, targetStatus := range r.BackupSession.Status.Targets {
if targetStatus.Name == target.Name {
snapshotId := targetStatus.SnapshotId
restic := corev1.Container{
Name: "restic",
Image: "desmo999r/formolcli:latest",
Args: []string{"volume", "restore", "--snapshot-id", snapshotId},
VolumeMounts: []corev1.VolumeMount{output},
Env: restoreSessionEnv,
}
finalizer := corev1.Container{
Name: "finalizer",
Image: "desmo999r/formolcli:latest",
Args: []string{"target", "finalize"},
VolumeMounts: []corev1.VolumeMount{output},
Env: restoreSessionEnv,
}
repo := &formolv1alpha1.Repo{}
if err := r.Get(ctx, client.ObjectKey{
Namespace: r.BackupConf.Namespace,
Name: r.BackupConf.Spec.Repository.Name,
}, repo); err != nil {
log.Error(err, "unable to get Repo from BackupConfiguration")
return err
}
// S3 backing storage
var ttl int32 = 300
restic.Env = append(restic.Env, formolutils.ConfigureResticEnvVar(r.BackupConf, repo)...)
job := &batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
GenerateName: fmt.Sprintf("%s-%s-", r.RestoreSession.Name, target.Name),
Namespace: r.RestoreSession.Namespace,
},
Spec: batchv1.JobSpec{
TTLSecondsAfterFinished: &ttl,
Template: corev1.PodTemplateSpec{
Spec: corev1.PodSpec{
InitContainers: []corev1.Container{restic},
Containers: []corev1.Container{finalizer},
Volumes: []corev1.Volume{
corev1.Volume{Name: "output"},
},
RestartPolicy: corev1.RestartPolicyOnFailure,
},
},
},
}
for _, step := range target.Steps {
function := &formolv1alpha1.Function{}
if err := r.Get(ctx, client.ObjectKey{
Namespace: r.RestoreSession.Namespace,
Name: strings.Replace(step.Name, "backup", "restore", 1)}, function); err != nil {
log.Error(err, "unable to get function", "function", step)
return err
}
function.Spec.Env = append(step.Env, restoreSessionEnv...)
function.Spec.VolumeMounts = append(function.Spec.VolumeMounts, output)
job.Spec.Template.Spec.InitContainers = append(job.Spec.Template.Spec.InitContainers, function.Spec)
}
if err := ctrl.SetControllerReference(r.RestoreSession, job, r.Scheme); err != nil {
log.Error(err, "unable to set controller on job", "job", job, "restoresession", r.RestoreSession)
return err
}
log.V(0).Info("creating a restore job", "target", target.Name)
if err := r.Create(ctx, job); err != nil {
log.Error(err, "unable to create job", "job", job)
return err
}
}
}
return nil return nil
} }
@ -55,6 +150,7 @@ func (r *RestoreSessionReconciler) StatusUpdate() error {
Name: target.Name, Name: target.Name,
Kind: target.Kind, Kind: target.Kind,
SessionState: formolv1alpha1.New, SessionState: formolv1alpha1.New,
StartTime: &metav1.Time{Time: time.Now()},
} }
r.RestoreSession.Status.Targets = append(r.RestoreSession.Status.Targets, targetStatus) r.RestoreSession.Status.Targets = append(r.RestoreSession.Status.Targets, targetStatus)
switch target.Kind { switch target.Kind {
@ -70,7 +166,6 @@ func (r *RestoreSessionReconciler) StatusUpdate() error {
return nil, nil return nil, nil
} }
} }
var ret error
switch r.RestoreSession.Status.SessionState { switch r.RestoreSession.Status.SessionState {
case formolv1alpha1.New: case formolv1alpha1.New:
r.RestoreSession.Status.SessionState = formolv1alpha1.Running r.RestoreSession.Status.SessionState = formolv1alpha1.Running
@ -79,18 +174,38 @@ func (r *RestoreSessionReconciler) StatusUpdate() error {
return err return err
} }
log.V(0).Info("New restore. Start the first task", "task", targetStatus.Name) log.V(0).Info("New restore. Start the first task", "task", targetStatus.Name)
case formolv1alpha1.Running:
currentTargetStatus := r.RestoreSession.Status.Targets[len(r.RestoreSession.Status.Targets)-1]
switch currentTargetStatus.SessionState {
case formolv1alpha1.Failure:
log.V(0).Info("last restore task failed. Stop here", "target", currentTargetStatus.Name)
r.RestoreSession.Status.SessionState = formolv1alpha1.Failure
case formolv1alpha1.Running:
log.V(0).Info("task is still running", "target", currentTargetStatus.Name)
return nil
case formolv1alpha1.Success:
log.V(0).Info("last task was a success. start a new one", "target", currentTargetStatus)
targetStatus, err := startNextTask()
if err != nil {
return err
}
if targetStatus == nil {
// No more task to start. The restore is over
r.RestoreSession.Status.SessionState = formolv1alpha1.Success
}
}
} }
if ret = r.Status().Update(ctx, r.RestoreSession); ret != nil { if err := r.Status().Update(ctx, r.RestoreSession); err != nil {
log.Error(ret, "unable to update restoresession") log.Error(err, "unable to update restoresession")
return err
} }
return ret return nil
} }
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=restoresessions,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=formol.desmojim.fr,resources=restoresessions,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=formol.desmojim.fr,resources=restoresessions/status,verbs=get;update;patch // +kubebuilder:rbac:groups=formol.desmojim.fr,resources=restoresessions/status,verbs=get;update;patch
func (r *RestoreSessionReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { func (r *RestoreSessionReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
time.Sleep(100 * time.Millisecond)
ctx := context.Background() ctx := context.Background()
log := r.Log.WithValues("restoresession", req.NamespacedName) log := r.Log.WithValues("restoresession", req.NamespacedName)

108
pkg/rbac/backupconfiguration.go
View File

@ -10,6 +10,7 @@ import (
) )
const ( const (
formolRole = "formol-sidecar-role"
backupListenerRole = "backup-listener-role" backupListenerRole = "backup-listener-role"
backupListenerRoleBinding = "backup-listener-rolebinding" backupListenerRoleBinding = "backup-listener-rolebinding"
backupSessionCreatorSA = "backupsession-creator" backupSessionCreatorSA = "backupsession-creator"
@ -162,6 +163,104 @@ func DeleteBackupSessionListenerRBAC(cl client.Client, saName string, namespace
return nil return nil
} }
func DeleteFormolRBAC(cl client.Client, saName string, namespace string) error {
if saName == "" {
saName = "default"
}
formolRoleBinding := namespace + "-" + saName + "-formol-sidecar-rolebinding"
clusterRoleBinding := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: formolRoleBinding,
},
Subjects: []rbacv1.Subject{
rbacv1.Subject{
Kind: "ServiceAccount",
Namespace: namespace,
Name: saName,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: formolRole,
},
}
if err := cl.Delete(context.Background(), clusterRoleBinding); err != nil {
return client.IgnoreNotFound(err)
}
return nil
}
func CreateFormolRBAC(cl client.Client, saName string, namespace string) error {
if saName == "" {
saName = "default"
}
sa := &corev1.ServiceAccount{}
if err := cl.Get(context.Background(), client.ObjectKey{
Namespace: namespace,
Name: saName,
}, sa); err != nil {
return err
}
clusterRole := &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: formolRole,
},
Rules: []rbacv1.PolicyRule{
rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"*"},
//APIGroups: []string{"formol.desmojim.fr"},
//Resources: []string{"restoresessions", "backupsessions", "backupconfigurations"},
},
rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch"},
APIGroups: []string{""},
Resources: []string{"pods"},
},
rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch"},
APIGroups: []string{"apps"},
Resources: []string{"deployments", "replicasets"},
},
},
}
if err := cl.Get(context.Background(), client.ObjectKey{
Name: formolRole,
}, clusterRole); err != nil && errors.IsNotFound(err) {
if err = cl.Create(context.Background(), clusterRole); err != nil {
return err
}
}
formolRoleBinding := namespace + "-" + saName + "-formol-rolebinding"
clusterRoleBinding := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: formolRoleBinding,
},
Subjects: []rbacv1.Subject{
rbacv1.Subject{
Kind: "ServiceAccount",
Namespace: namespace,
Name: saName,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: formolRole,
},
}
if err := cl.Get(context.Background(), client.ObjectKey{
Name: formolRoleBinding,
}, clusterRoleBinding); err != nil && errors.IsNotFound(err) {
if err = cl.Create(context.Background(), clusterRoleBinding); err != nil {
return err
}
}
return nil
}
func CreateBackupSessionListenerRBAC(cl client.Client, saName string, namespace string) error { func CreateBackupSessionListenerRBAC(cl client.Client, saName string, namespace string) error {
if saName == "" { if saName == "" {
saName = "default" saName = "default"
@ -192,12 +291,12 @@ func CreateBackupSessionListenerRBAC(cl client.Client, saName string, namespace
rbacv1.PolicyRule{ rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch"}, Verbs: []string{"get", "list", "watch"},
APIGroups: []string{"formol.desmojim.fr"}, APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions", "backupconfigurations"}, Resources: []string{"restoresessions", "backupsessions", "backupconfigurations"},
}, },
rbacv1.PolicyRule{ rbacv1.PolicyRule{
Verbs: []string{"update", "delete"}, Verbs: []string{"update", "delete"},
APIGroups: []string{"formol.desmojim.fr"}, APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions"}, Resources: []string{"restoresessions", "backupsessions"},
}, },
}, },
} }
@ -234,6 +333,7 @@ func CreateBackupSessionListenerRBAC(cl client.Client, saName string, namespace
return err return err
} }
} }
return nil return nil
} }
@ -292,12 +392,12 @@ func CreateBackupSessionStatusUpdaterRBAC(cl client.Client, saName string, names
rbacv1.PolicyRule{ rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch", "patch", "update"}, Verbs: []string{"get", "list", "watch", "patch", "update"},
APIGroups: []string{"formol.desmojim.fr"}, APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions/status"}, Resources: []string{"restoresessions/status", "backupsessions/status"},
}, },
rbacv1.PolicyRule{ rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch"}, Verbs: []string{"get", "list", "watch"},
APIGroups: []string{"formol.desmojim.fr"}, APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions"}, Resources: []string{"restoresessions", "backupsessions"},
}, },
}, },
} }

2
test/00-setup.yaml
View File

@ -81,4 +81,4 @@ metadata:
spec: spec:
name: backup-pg name: backup-pg
image: desmo999r/formolcli:latest image: desmo999r/formolcli:latest
args: ["backup", "postgres", "--hostname", $(PGHOST), "--database", $(PGDATABASE), "--username", $(PGUSER), "--password", $(PGPASSWD), "--file", "/output/backup-pg.sql"] args: ["postgres", "backup", "--hostname", $(PGHOST), "--database", $(PGDATABASE), "--username", $(PGUSER), "--password", $(PGPASSWD), "--file", "/output/backup-pg.sql"]

2
test/02-backupconf.yaml
View File

@ -7,7 +7,7 @@ metadata:
spec: spec:
repository: repository:
name: repo-minio name: repo-minio
schedule: "1 * * * *" schedule: "15 * * * *"
targets: targets:
- kind: Deployment - kind: Deployment
apiVersion: v1 apiVersion: v1

84
test/03-setup-restore.yaml Normal file
View File

@ -0,0 +1,84 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: restore-demo
---
apiVersion: v1
kind: Secret
metadata:
namespace: restore-demo
name: demo-chap-secret
type: "kubernetes.io/iscsi-chap"
data:
discovery.sendtargets.auth.username: ZGVtbw==
discovery.sendtargets.auth.password: VHJtK1lZaXZvMUNZSGszcGFGVWMrcTdCMmdJPQo=
node.session.auth.username: ZGVtbw==
node.session.auth.password: VHJtK1lZaXZvMUNZSGszcGFGVWMrcTdCMmdJPQo=
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: restore-demo-pv
namespace: restore-demo
spec:
storageClassName: manual
capacity:
storage: 50Mi
accessModes:
- ReadWriteOnce
iscsi:
targetPortal: 192.168.1.159
iqn: iqn.2020-08.raid5:restore-demo
lun: 1
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: demo-chap-secret
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: restore-demo-pvc
namespace: restore-demo
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Mi
---
apiVersion: v1
kind: Secret
metadata:
name: secret-minio
namespace: restore-demo
data:
RESTIC_PASSWORD: bHIyOXhtOTU=
AWS_ACCESS_KEY_ID: OWFTSXZBSEVzWlNVMmkyTU9zVGxWSk1lL1NjPQ==
AWS_SECRET_ACCESS_KEY: WVN5ck9ncVllcjBWNFNLdlVOcmx2OGhjTllhZGZuN2xaNjBIaXRlL3djWT0=
---
apiVersion: formol.desmojim.fr/v1alpha1
kind: Repo
metadata:
name: repo-minio
namespace: restore-demo
spec:
backend:
s3:
server: raid5.desmojim.fr:9000
bucket: testbucket2
repositorySecrets: secret-minio
---
apiVersion: formol.desmojim.fr/v1alpha1
kind: Function
metadata:
name: restore-pg
namespace: restore-demo
spec:
name: backup-pg
image: desmo999r/formolcli:latest
args: ["postgres", "restore", "--hostname", $(PGHOST), "--database", $(PGDATABASE), "--username", $(PGUSER), "--password", $(PGPASSWD), "--file", "/output/backup-pg.sql"]

88
test/04-restore-deployment.yaml Normal file
View File

@ -0,0 +1,88 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: restore-demo
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
volumeMounts:
- name: demo-data
mountPath: /data
volumes:
- name: demo-data
persistentVolumeClaim:
claimName: restore-demo-pvc
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config-demo
namespace: restore-demo
labels:
app: postgres
data:
POSTGRES_DB: demopostgres
POSTGRES_USER: demopostgres
POSTGRES_PASSWORD: password123!
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: restore-demo
labels:
app: postgres
spec:
ports:
- port: 5432
name: postgres
clusterIP: None
selector:
app: postgres
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres-demo
namespace: restore-demo
spec:
serviceName: "postgres"
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:12
envFrom:
- configMapRef:
name: postgres-config-demo
ports:
- containerPort: 5432
name: postgredb
volumeMounts:
- name: postgredb
mountPath: /var/lib/postgresql/data
volumes:
- name: postgredb

39
test/05-backupconf.yaml Normal file
View File

@ -0,0 +1,39 @@
---
apiVersion: formol.desmojim.fr/v1alpha1
kind: BackupConfiguration
metadata:
name: backup-demo
namespace: restore-demo
spec:
repository:
name: repo-minio
schedule: "1 * * * *"
targets:
- kind: Deployment
apiVersion: v1
name: nginx-deployment
volumeMounts:
- name: demo-data
mountPath: /data
paths:
- /data
- kind: Task
name: backup-pg
steps:
- name: backup-pg
namespace: demo
env:
- name: PGHOST
value: postgres
- name: PGDATABASE
value: demopostgres
- name: PGUSER
value: demopostgres
- name: PGPASSWD
value: password123!
keep:
last: 5
daily: 2
weekly: 2
monthly: 6
yearly: 3

10
test/06-restoresession.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: formol.desmojim.fr/v1alpha1
kind: RestoreSession
metadata:
namespace: restore-demo
name: restore-demo
spec:
backupSessionRef:
namespace: demo
name: backupsession-backup-demo-1612734804
# name: backupsession-backup-demo-1612713316