Add EtcdBackup CRD enhancement for OADP integration#1945
Add EtcdBackup CRD enhancement for OADP integration#1945jparrill wants to merge 1 commit intoopenshift:masterfrom
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
If you have time @sjenning @enxebre @csrwng @muraee @bryan-cox, please review 🙏 . |
jparrill
force-pushed
the
CNTRLPLANE-2676
branch
from
bcfad43 to
28b90ea
Compare
Introduces a new EtcdBackup CRD in the hypershift.openshift.io/v1beta1 API group that serves as the contract between the OADP HyperShift plugin and the Hypershift Operator for triggering etcd backups. A controller in the HO orchestrates snapshot and upload Jobs while keeping management credentials isolated from HCP namespaces. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Juan Manuel Parrilla Madrid <jparrill@redhat.com>
jparrill
force-pushed
the
CNTRLPLANE-2676
branch
from
28b90ea to
b92f834
Compare
|
@jparrill: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
|
||
| ### Workflow Description | ||
|
|
||
| 1. The OADP plugin (running as a Velero pre-hook or standalone pod) creates an `EtcdBackup` CR in the HCP namespace. The CR spec includes S3 bucket configuration and a reference to an AWS credentials Secret in the HO namespace. |
There was a problem hiding this comment.
The ticket says the solution should work for both Azure and AWS. This should mention the Azure bits as well.
There was a problem hiding this comment.
This applies to the rest of the proposal where AWS only language is used.
There was a problem hiding this comment.
The enhancement doesn't address the interaction with KMS encryption at rest. When a hosted cluster has KMS encryption configured, the etcd snapshot will contain DEKs wrapped by the KMS key. The snapshot and upload process should work fine since etcdctl snapshot save is encryption-agnostic, but the resulting backup is only restorable if the KMS key remains available and accessible.
A few questions:
- Should the EtcdBackupStatus capture metadata about the encryption state (e.g., whether KMS was active, which key ID was used)? This would let the restore path validate key availability before attempting a restore, rather than failing opaquely.
- Should there be a note in the Risks and Mitigations table about the dependency between KMS key lifecycle and backup usability?
- Even though restore is out of scope here, does the existing RestoreSnapshotURL mechanism already account for KMS key availability, or is that a gap that needs to be tracked separately?
2 participants
Summary
EtcdBackupCRD in thehypershift.openshift.io/v1beta1API groupDetails
EtcdBackup(namespaced, in HCP namespace)Test plan
🤖 Generated with Claude Code