diff --git a/Dockerfile b/Dockerfile index 986a6ae2f84..22e3d45abf8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ COPY main.go main.go COPY api/ api/ COPY pkg/ pkg/ COPY controllers/ controllers/ +COPY internal/ internal/ # Build RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod=mod -a -o /go/src/manager main.go diff --git a/Makefile b/Makefile index 23bfebbea20..8581e345d23 100644 --- a/Makefile +++ b/Makefile @@ -441,7 +441,7 @@ endef bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. GOFLAGS="-mod=mod" $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && GOFLAGS="-mod=mod" $(KUSTOMIZE) edit set image controller=$(IMG) - GOFLAGS="-mod=mod" $(KUSTOMIZE) build config/manifests | GOFLAGS="-mod=mod" $(OPERATOR_SDK) generate bundle -q --extra-service-accounts "velero" --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + GOFLAGS="-mod=mod" $(KUSTOMIZE) build config/manifests | GOFLAGS="-mod=mod" $(OPERATOR_SDK) generate bundle -q --extra-service-accounts "velero,non-admin-controller" --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) @make nullables # Copy updated bundle.Dockerfile to CI's Dockerfile.bundle # TODO: update CI to use generated one diff --git a/api/v1alpha1/oadp_types.go b/api/v1alpha1/oadp_types.go index f4ea6078897..b76988cb550 100644 --- a/api/v1alpha1/oadp_types.go +++ b/api/v1alpha1/oadp_types.go @@ -52,6 +52,12 @@ type CustomPlugin struct { Name string `json:"name"` Image string `json:"image"` } +type LogFormat string + +const ( + LogFormatText LogFormat = "text" + LogFormatJSON LogFormat = "json" +) // Field does not have enum validation for development flexibility type UnsupportedImageKey string @@ -65,10 +71,17 @@ const GCPPluginImageKey UnsupportedImageKey = "gcpPluginImageFqin" const ResticRestoreImageKey UnsupportedImageKey = "resticRestoreImageFqin" const KubeVirtPluginImageKey UnsupportedImageKey = "kubevirtPluginImageFqin" const HypershiftPluginImageKey UnsupportedImageKey = "hypershiftPluginImageFqin" +const NonAdminControllerImageKey UnsupportedImageKey = "nonAdminControllerImageFqin" const OperatorTypeKey UnsupportedImageKey = "operator-type" const OperatorTypeMTC = "mtc" +// NAC defaults +const ( + DefaultGarbageCollectionPeriod = 24 * time.Hour + DefaultBackupSyncPeriod = 2 * time.Minute +) + type VeleroConfig struct { // featureFlags defines the list of features to enable for Velero instance // +optional @@ -243,6 +256,102 @@ type SnapshotLocation struct { Velero *velero.VolumeSnapshotLocationSpec `json:"velero"` } +// We need to create enforcement structures for the BSL spec fields, because the Velero BSL spec +// is requiring fields like bucket, provider which are allowed to be empty for the enforcement in the DPA. + +// ObjectStorageLocation defines the enforced values for the Velero ObjectStorageLocation +type ObjectStorageLocation struct { + // Bucket is the bucket to use for object storage. + // +optional + Bucket string `json:"bucket,omitempty"` + + // Prefix is the path inside a bucket to use for Velero storage. Optional. + // +optional + Prefix string `json:"prefix,omitempty"` + + // CACert defines a CA bundle to use when verifying TLS connections to the provider. + // +optional + CACert []byte `json:"caCert,omitempty"` +} + +// StorageType defines the enforced values for the Velero StorageType +type StorageType struct { + // +optional + // +nullable + ObjectStorage *ObjectStorageLocation `json:"objectStorage,omitempty"` +} + +// EnforceBackupStorageLocationSpec defines the enforced values for the Velero BackupStorageLocationSpec +type EnforceBackupStorageLocationSpec struct { + // Provider is the provider of the backup storage. + // +optional + Provider string `json:"provider,omitempty"` + + // Config is for provider-specific configuration fields. + // +optional + Config map[string]string `json:"config,omitempty"` + + // Credential contains the credential information intended to be used with this location + // +optional + Credential *corev1.SecretKeySelector `json:"credential,omitempty"` + + StorageType `json:",inline"` + + // AccessMode defines the permissions for the backup storage location. + // +optional + AccessMode velero.BackupStorageLocationAccessMode `json:"accessMode,omitempty"` + + // BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + // +optional + // +nullable + BackupSyncPeriod *metav1.Duration `json:"backupSyncPeriod,omitempty"` + + // ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + // +optional + // +nullable + ValidationFrequency *metav1.Duration `json:"validationFrequency,omitempty"` +} + +type NonAdmin struct { + // Enables non admin feature, by default is disabled + // +optional + Enable *bool `json:"enable,omitempty"` + + // which bakup spec field values to enforce + // +optional + EnforceBackupSpec *velero.BackupSpec `json:"enforceBackupSpec,omitempty"` + + // which restore spec field values to enforce + // +optional + EnforceRestoreSpec *velero.RestoreSpec `json:"enforceRestoreSpec,omitempty"` + + // which backupstoragelocation spec field values to enforce + // +optional + EnforceBSLSpec *EnforceBackupStorageLocationSpec `json:"enforceBSLSpec,omitempty"` + + // RequireApprovalForBSL specifies whether cluster administrator approval is required + // for creating Velero BackupStorageLocation (BSL) resources. + // - If set to false, all NonAdminBackupStorageLocationApproval CRDs will be automatically approved, + // including those that were previously pending or rejected. + // - If set to true, any existing BackupStorageLocation CRDs that lack the necessary approvals may be deleted, + // leaving the associated NonAdminBackup objects non-restorable until approval is granted. + // Defaults to false + // +optional + RequireApprovalForBSL *bool `json:"requireApprovalForBSL,omitempty"` + + // GarbageCollectionPeriod defines how frequently to look for possible leftover non admin related objects in OADP namespace. + // A value of 0 disables garbage collection. + // By default 24h + // +optional + GarbageCollectionPeriod *metav1.Duration `json:"garbageCollectionPeriod,omitempty"` + + // BackupSyncPeriod specifies the interval at which backups from the OADP namespace are synchronized with non-admin namespaces. + // A value of 0 disables sync. + // By default 2m + // +optional + BackupSyncPeriod *metav1.Duration `json:"backupSyncPeriod,omitempty"` +} + // DataMover defines the various config for DPA data mover type DataMover struct { // enable flag is used to specify whether you want to deploy the volume snapshot mover controller @@ -384,6 +493,14 @@ type DataProtectionApplicationSpec struct { // +optional // +kubebuilder:validation:Enum=Always;IfNotPresent;Never ImagePullPolicy *corev1.PullPolicy `json:"imagePullPolicy,omitempty"` + // nonAdmin defines the configuration for the DPA to enable backup and restore operations for non-admin users + // +optional + NonAdmin *NonAdmin `json:"nonAdmin,omitempty"` + // The format for log output. Valid values are text, json. (default text) + // +kubebuilder:validation:Enum=text;json + // +kubebuilder:default=text + // +optional + LogFormat LogFormat `json:"logFormat,omitempty"` } // DataProtectionApplicationStatus defines the observed state of DataProtectionApplication diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 9725625d0c9..41119dbcbbc 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -405,6 +405,11 @@ func (in *DataProtectionApplicationSpec) DeepCopyInto(out *DataProtectionApplica *out = new(v1.PullPolicy) **out = **in } + if in.NonAdmin != nil { + in, out := &in.NonAdmin, &out.NonAdmin + *out = new(NonAdmin) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataProtectionApplicationSpec. @@ -439,6 +444,44 @@ func (in *DataProtectionApplicationStatus) DeepCopy() *DataProtectionApplication return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnforceBackupStorageLocationSpec) DeepCopyInto(out *EnforceBackupStorageLocationSpec) { + *out = *in + if in.Config != nil { + in, out := &in.Config, &out.Config + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(v1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } + in.StorageType.DeepCopyInto(&out.StorageType) + if in.BackupSyncPeriod != nil { + in, out := &in.BackupSyncPeriod, &out.BackupSyncPeriod + *out = new(metav1.Duration) + **out = **in + } + if in.ValidationFrequency != nil { + in, out := &in.ValidationFrequency, &out.ValidationFrequency + *out = new(metav1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnforceBackupStorageLocationSpec. +func (in *EnforceBackupStorageLocationSpec) DeepCopy() *EnforceBackupStorageLocationSpec { + if in == nil { + return nil + } + out := new(EnforceBackupStorageLocationSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Features) DeepCopyInto(out *Features) { *out = *in @@ -505,6 +548,76 @@ func (in *NodeAgentConfig) DeepCopy() *NodeAgentConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NonAdmin) DeepCopyInto(out *NonAdmin) { + *out = *in + if in.Enable != nil { + in, out := &in.Enable, &out.Enable + *out = new(bool) + **out = **in + } + if in.EnforceBackupSpec != nil { + in, out := &in.EnforceBackupSpec, &out.EnforceBackupSpec + *out = new(velerov1.BackupSpec) + (*in).DeepCopyInto(*out) + } + if in.EnforceRestoreSpec != nil { + in, out := &in.EnforceRestoreSpec, &out.EnforceRestoreSpec + *out = new(velerov1.RestoreSpec) + (*in).DeepCopyInto(*out) + } + if in.EnforceBSLSpec != nil { + in, out := &in.EnforceBSLSpec, &out.EnforceBSLSpec + *out = new(EnforceBackupStorageLocationSpec) + (*in).DeepCopyInto(*out) + } + if in.RequireApprovalForBSL != nil { + in, out := &in.RequireApprovalForBSL, &out.RequireApprovalForBSL + *out = new(bool) + **out = **in + } + if in.GarbageCollectionPeriod != nil { + in, out := &in.GarbageCollectionPeriod, &out.GarbageCollectionPeriod + *out = new(metav1.Duration) + **out = **in + } + if in.BackupSyncPeriod != nil { + in, out := &in.BackupSyncPeriod, &out.BackupSyncPeriod + *out = new(metav1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonAdmin. +func (in *NonAdmin) DeepCopy() *NonAdmin { + if in == nil { + return nil + } + out := new(NonAdmin) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectStorageLocation) DeepCopyInto(out *ObjectStorageLocation) { + *out = *in + if in.CACert != nil { + in, out := &in.CACert, &out.CACert + *out = make([]byte, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectStorageLocation. +func (in *ObjectStorageLocation) DeepCopy() *ObjectStorageLocation { + if in == nil { + return nil + } + out := new(ObjectStorageLocation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PodConfig) DeepCopyInto(out *PodConfig) { *out = *in @@ -600,6 +713,26 @@ func (in *SnapshotLocation) DeepCopy() *SnapshotLocation { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageType) DeepCopyInto(out *StorageType) { + *out = *in + if in.ObjectStorage != nil { + in, out := &in.ObjectStorage, &out.ObjectStorage + *out = new(ObjectStorageLocation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageType. +func (in *StorageType) DeepCopy() *StorageType { + if in == nil { + return nil + } + out := new(StorageType) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VeleroConfig) DeepCopyInto(out *VeleroConfig) { *out = *in diff --git a/bundle/manifests/nonadmindownloadrequest-admin-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/nonadmindownloadrequest-admin-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..d12e8f9d118 --- /dev/null +++ b/bundle/manifests/nonadmindownloadrequest-admin-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: oadp-nac + name: nonadmindownloadrequest-admin-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - '*' +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/bundle/manifests/nonadmindownloadrequest-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/nonadmindownloadrequest-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..69660074eb1 --- /dev/null +++ b/bundle/manifests/nonadmindownloadrequest-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: oadp-nac + name: nonadmindownloadrequest-editor-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/bundle/manifests/nonadmindownloadrequest-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/nonadmindownloadrequest-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..fca6f6f1d07 --- /dev/null +++ b/bundle/manifests/nonadmindownloadrequest-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: oadp-nac + name: nonadmindownloadrequest-viewer-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - get + - list + - watch +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/bundle/manifests/oadp-operator.clusterserviceversion.yaml b/bundle/manifests/oadp-operator.clusterserviceversion.yaml index 41ad809e2e9..b39108f2a0e 100644 --- a/bundle/manifests/oadp-operator.clusterserviceversion.yaml +++ b/bundle/manifests/oadp-operator.clusterserviceversion.yaml @@ -401,6 +401,34 @@ spec: displayName: Expiration path: expiration version: v1 + - description: NonAdminBackup is the Schema for the nonadminbackups API + displayName: Non Admin Backup + kind: NonAdminBackup + name: nonadminbackups.oadp.openshift.io + version: v1alpha1 + - description: NonAdminBackupStorageLocationRequest is the Schema for the nonadminbackupstoragelocationrequests + API + displayName: Non Admin BackupStorageLocationRequest + kind: NonAdminBackupStorageLocationRequest + name: nonadminbackupstoragelocationrequests.oadp.openshift.io + version: v1alpha1 + - description: NonAdminBackupStorageLocation is the Schema for the nonadminbackupstoragelocations + API + displayName: Non Admin BackupStorageLocation + kind: NonAdminBackupStorageLocation + name: nonadminbackupstoragelocations.oadp.openshift.io + version: v1alpha1 + - description: NonAdminDownloadRequest is the Schema for the nonadmindownloadrequests + API + displayName: Non Admin DownloadRequest + kind: NonAdminDownloadRequest + name: nonadmindownloadrequests.oadp.openshift.io + version: v1alpha1 + - description: NonAdminRestore is the Schema for the nonadminrestores API + displayName: Non Admin Restore + kind: NonAdminRestore + name: nonadminrestores.oadp.openshift.io + version: v1alpha1 - description: A velero pod volume backup is a restic backup of persistent volumes attached to a running pod. displayName: PodVolumeBackup @@ -581,6 +609,112 @@ spec: install: spec: clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oadp.openshift.io + resources: + - dataprotectionapplications + verbs: + - list + - apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups + - nonadminbackupstoragelocationrequests + - nonadminbackupstoragelocations + - nonadmindownloadrequests + - nonadminrestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups/finalizers + - nonadminbackupstoragelocations/finalizers + - nonadmindownloadrequests/finalizers + - nonadminrestores/finalizers + verbs: + - update + - apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups/status + - nonadminbackupstoragelocationrequests/status + - nonadminbackupstoragelocations/status + - nonadmindownloadrequests/status + - nonadminrestores/status + verbs: + - get + - patch + - update + - apiGroups: + - velero.io + resources: + - backups + - backupstoragelocations + - deletebackuprequests + - downloadrequests + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backupstoragelocations/status + verbs: + - get + - patch + - update + - apiGroups: + - velero.io + resources: + - datadownloads + - datauploads + - podvolumebackups + - podvolumerestores + verbs: + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - downloadrequests/status + verbs: + - get + serviceAccountName: non-admin-controller - rules: - apiGroups: - config.openshift.io @@ -871,6 +1005,8 @@ spec: value: quay.io/redhat-user-workloads/ocp-art-tenant/oadp-hypershift-oadp-plugin-oadp-1-4 - name: RELATED_IMAGE_MUSTGATHER value: quay.io/konveyor/oadp-must-gather:oadp-1.4 + - name: RELATED_IMAGE_NON_ADMIN_CONTROLLER + value: quay.io/konveyor/oadp-non-admin:oadp-1.4 image: quay.io/konveyor/oadp-operator:oadp-1.4 imagePullPolicy: Always livenessProbe: @@ -1024,5 +1160,7 @@ spec: name: hypershift-velero-plugin - image: quay.io/konveyor/oadp-must-gather:oadp-1.4 name: mustgather + - image: quay.io/konveyor/oadp-non-admin:oadp-1.4 + name: non-admin-controller replaces: oadp-operator.v1.4.5 version: 1.4.6 diff --git a/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml b/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml index 793b39495a7..75a4140bc73 100644 --- a/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml +++ b/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml @@ -1204,6 +1204,931 @@ spec: - IfNotPresent - Never type: string + logFormat: + default: text + description: The format for log output. Valid values are text, json. (default text) + enum: + - text + - json + type: string + nonAdmin: + description: nonAdmin defines the configuration for the DPA to enable backup and restore operations for non-admin users + properties: + backupSyncPeriod: + description: |- + BackupSyncPeriod specifies the interval at which backups from the OADP namespace are synchronized with non-admin namespaces. + A value of 0 disables sync. + By default 2m + type: string + enable: + description: Enables non admin feature, by default is disabled + type: boolean + enforceBSLSpec: + description: which backupstoragelocation spec field values to enforce + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + objectStorage: + description: ObjectStorageLocation defines the enforced values for the Velero ObjectStorageLocation + nullable: true + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero storage. Optional. + type: string + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + type: object + enforceBackupSpec: + description: which bakup spec field values to enforce + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + enforceRestoreSpec: + description: which restore spec field values to enforce + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments to execute from within a container after a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command will be launched when container is Ready instead of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers to be added to a pod during its restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON resource patches that should be applied to resources before restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number setting for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether write files sparsely or not. + nullable: true + type: boolean + type: object + type: object + garbageCollectionPeriod: + description: |- + GarbageCollectionPeriod defines how frequently to look for possible leftover non admin related objects in OADP namespace. + A value of 0 disables garbage collection. + By default 24h + type: string + requireApprovalForBSL: + description: |- + RequireApprovalForBSL specifies whether cluster administrator approval is required + for creating Velero BackupStorageLocation (BSL) resources. + - If set to false, all NonAdminBackupStorageLocationApproval CRDs will be automatically approved, + including those that were previously pending or rejected. + - If set to true, any existing BackupStorageLocation CRDs that lack the necessary approvals may be deleted, + leaving the associated NonAdminBackup objects non-restorable until approval is granted. + Defaults to false + type: boolean + type: object podAnnotations: additionalProperties: type: string diff --git a/bundle/manifests/oadp.openshift.io_nonadminbackups.yaml b/bundle/manifests/oadp.openshift.io_nonadminbackups.yaml new file mode 100644 index 00000000000..75df43810be --- /dev/null +++ b/bundle/manifests/oadp.openshift.io_nonadminbackups.yaml @@ -0,0 +1,1380 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + creationTimestamp: null + name: nonadminbackups.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackup + listKind: NonAdminBackupList + plural: nonadminbackups + shortNames: + - nab + singular: nonadminbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroBackup.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackup is the Schema for the nonadminbackups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupSpec defines the desired state of NonAdminBackup + properties: + backupSpec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the + uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + deleteBackup: + description: |- + DeleteBackup removes the NonAdminBackup and its associated NonAdminRestores and VeleroBackup from the cluster, + as well as the corresponding data in object storage + type: boolean + required: + - backupSpec + type: object + status: + description: NonAdminBackupStatus defines the observed state of NonAdminBackup + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + dataMoverDataUploads: + description: DataMoverDataUploads contains information of the related + Velero DataUpload objects. + properties: + accepted: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Accepted + type: integer + canceled: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Canceled + type: integer + canceling: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Canceling + type: integer + completed: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Completed + type: integer + failed: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Failed + type: integer + inProgress: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase InProgress + type: integer + new: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase New + type: integer + prepared: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Prepared + type: integer + total: + description: number of DataUploads related to this NonAdminBackup's + Backup + type: integer + type: object + fileSystemPodVolumeBackups: + description: FileSystemPodVolumeBackups contains information of the + related Velero PodVolumeBackup objects. + properties: + completed: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase Completed + type: integer + failed: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase Failed + type: integer + inProgress: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase InProgress + type: integer + new: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase New + type: integer + total: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup + type: integer + type: object + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminBackup. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + queueInfo: + description: |- + queueInfo is used to estimate how many backups are scheduled before the given VeleroBackup in the OADP namespace. + This number is not guaranteed to be accurate, but it should be close. It's inaccurate for cases when + Velero pod is not running or being restarted after Backup object were created. + It counts only VeleroBackups that are still subject to be handled by OADP/Velero. + properties: + estimatedQueuePosition: + description: estimatedQueuePosition is the number of operations + ahead in the queue (0 if not queued) + type: integer + required: + - estimatedQueuePosition + type: object + veleroBackup: + description: VeleroBackup contains information of the related Velero + backup object. + properties: + nacuuid: + description: nacuuid references the Velero Backup object by it's + label containing same NACUUID. + type: string + name: + description: references the Velero Backup object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + backup exists. + type: string + spec: + description: spec captures the current spec of the Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should + be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed + when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters + the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook + for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and + arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook + for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and + arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name + of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for + the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files + parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing + names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: status captures the current status of the Velero + backup. + properties: + backupItemOperationsAttempted: + description: |- + BackupItemOperationsAttempted is the total number of attempted + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: |- + BackupItemOperationsCompleted is the total number of successfully completed + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsFailed: + description: |- + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an error. + type: integer + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: |- + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: |- + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the backup. The actual errors are in the backup's log + file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for + garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire + backup to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + hookStatus: + description: HookStatus contains information about the status + of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks + which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: |- + Progress contains information about the backup's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: |- + ItemsBackedUp is the number of items that have actually been written to the + backup tarball so far. + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be backed up. This number may change + throughout the execution of the backup due to plugins that return additional related + items to back up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable). + items: + type: string + nullable: true + type: array + version: + description: |- + Version is the backup format major version. + Deprecated: Please see FormatVersion + type: integer + volumeSnapshotsAttempted: + description: |- + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: |- + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the backup. The actual warnings are in the backup's log + file in object storage. + type: integer + type: object + type: object + veleroDeleteBackupRequest: + description: VeleroDeleteBackupRequest contains information of the + related Velero delete backup request object. + properties: + nacuuid: + description: nacuuid references the Velero delete backup request + object by it's label containing same NACUUID. + type: string + name: + description: name references the Velero delete backup request + object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + delete backup request exists. + type: string + status: + description: status captures the current status of the Velero + delete backup request. + properties: + errors: + description: Errors contains any errors that were encountered + during the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml b/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml new file mode 100644 index 00000000000..0f1f473a48e --- /dev/null +++ b/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml @@ -0,0 +1,195 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + creationTimestamp: null + name: nonadminbackupstoragelocationrequests.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackupStorageLocationRequest + listKind: NonAdminBackupStorageLocationRequestList + plural: nonadminbackupstoragelocationrequests + shortNames: + - nabslrequest + singular: nonadminbackupstoragelocationrequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.nonAdminBackupStorageLocation.namespace + name: Request-Namespace + type: string + - jsonPath: .status.nonAdminBackupStorageLocation.name + name: Request-Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackupStorageLocationRequest is the Schema for the nonadminbackupstoragelocationrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupStorageLocationRequestSpec defines the desired + state of NonAdminBackupStorageLocationRequest + properties: + approvalDecision: + description: |- + approvalDecision is the decision of the cluster admin on the Requested NonAdminBackupStorageLocation creation. + The value may be set to either approve or reject. + enum: + - approve + - reject + - pending + type: string + type: object + status: + description: NonAdminBackupStorageLocationRequestStatus defines the observed + state of NonAdminBackupStorageLocationRequest + properties: + nonAdminBackupStorageLocation: + description: nonAdminBackupStorageLocation contains information of + the NonAdminBackupStorageLocation object that triggered NonAdminBSLRequest + properties: + nacuuid: + description: nacuuid references the NonAdminBackupStorageLocation + object by it's label containing same NACUUID. + type: string + name: + description: name references the NonAdminBackupStorageLocation + object by it's name. + type: string + namespace: + description: namespace references the Namespace in which NonAdminBackupStorageLocation + exists. + type: string + requestedSpec: + description: requestedSpec contains the requested Velero BackupStorageLocation + spec from the NonAdminBackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup + storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync + backup API objects from object storage. A value of 0 disables + sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration + fields. + type: object + credential: + description: Credential contains the credential information + intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default + backup storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings + necessary to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use + for Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to + validate the corresponding object storage. A value of 0 + disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + required: + - requestedSpec + type: object + phase: + description: phase represents the current state of the NonAdminBSLRequest. + It can be either Pending, Approved or Rejected. + enum: + - Pending + - Approved + - Rejected + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocations.yaml b/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocations.yaml new file mode 100644 index 00000000000..ae737171d4d --- /dev/null +++ b/bundle/manifests/oadp.openshift.io_nonadminbackupstoragelocations.yaml @@ -0,0 +1,287 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + creationTimestamp: null + name: nonadminbackupstoragelocations.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackupStorageLocation + listKind: NonAdminBackupStorageLocationList + plural: nonadminbackupstoragelocations + shortNames: + - nabsl + singular: nonadminbackupstoragelocation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='ClusterAdminApproved')].status + name: Request-Approved + type: string + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroBackupStorageLocation.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackupStorageLocation is the Schema for the nonadminbackupstoragelocations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupStorageLocationSpec defines the desired state + of NonAdminBackupStorageLocation + properties: + backupStorageLocationSpec: + description: BackupStorageLocationSpec defines the desired state of + a Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup + storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for + Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + required: + - backupStorageLocationSpec + type: object + status: + description: NonAdminBackupStorageLocationStatus defines the observed + state of NonAdminBackupStorageLocation + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminBackupStorageLocation. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + veleroBackupStorageLocation: + description: VeleroBackupStorageLocation contains information of the + related Velero backup object. + properties: + nacuuid: + description: nacuuid references the Velero BackupStorageLocation + object by it's label containing same NACUUID. + type: string + name: + description: references the Velero BackupStorageLocation object + by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + backup storage location exists. + type: string + status: + description: status captures the current status of the Velero + backup storage location. + properties: + accessMode: + description: |- + AccessMode is an unused field. + + Deprecated: there is now an AccessMode field on the Spec and this field + will be removed entirely as of v2.0. + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: |- + LastSyncedRevision is the value of the `metadata/revision` file in the backup + storage location the last time the BSL's contents were synced into the cluster. + + Deprecated: this field is no longer updated or used for detecting changes to + the location's contents and will be removed entirely in v2.0. + type: string + lastSyncedTime: + description: |- + LastSyncedTime is the last time the contents of the location were synced into + the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: |- + LastValidationTime is the last time the backup store location was validated + the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage + location's status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/oadp.openshift.io_nonadmindownloadrequests.yaml b/bundle/manifests/oadp.openshift.io_nonadmindownloadrequests.yaml new file mode 100644 index 00000000000..08290cb3fe9 --- /dev/null +++ b/bundle/manifests/oadp.openshift.io_nonadmindownloadrequests.yaml @@ -0,0 +1,190 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + creationTimestamp: null + name: nonadmindownloadrequests.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminDownloadRequest + listKind: NonAdminDownloadRequestList + plural: nonadmindownloadrequests + shortNames: + - nadr + singular: nonadmindownloadrequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminDownloadRequest is the Schema for the nonadmindownloadrequests + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NonAdminDownloadRequestSpec defines the desired state of NonAdminDownloadRequest. + Mirrors velero DownloadRequestSpec to allow non admins to download information for a non admin backup/restore + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + - BackupVolumeInfos + - RestoreVolumeInfo + type: string + name: + description: Name is the name of the Kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: NonAdminDownloadRequestStatus defines the observed state + of NonAdminDownloadRequest. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminDownloadRequest + enum: + - New + - BackingOff + - Created + - Deleting + type: string + velero: + description: VeleroDownloadRequest represents VeleroDownloadRequest + properties: + status: + description: VeleroDownloadRequestStatus represents VeleroDownloadRequestStatus + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the + target file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires + and can be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/oadp.openshift.io_nonadminrestores.yaml b/bundle/manifests/oadp.openshift.io_nonadminrestores.yaml new file mode 100644 index 00000000000..42d4a9a0506 --- /dev/null +++ b/bundle/manifests/oadp.openshift.io_nonadminrestores.yaml @@ -0,0 +1,755 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + creationTimestamp: null + name: nonadminrestores.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminRestore + listKind: NonAdminRestoreList + plural: nonadminrestores + shortNames: + - nar + singular: nonadminrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroRestore.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminRestore is the Schema for the nonadminrestores API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminRestoreSpec defines the desired state of NonAdminRestore + properties: + restoreSpec: + description: restoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore + hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after + a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command + will be launched when container is Ready + instead of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init + containers to be added to a pod during its + restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old + nodePorts from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON + resource patches that should be applied to resources before + restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to + which will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the + restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number + setting for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether + write files sparsely or not. + nullable: true + type: boolean + type: object + type: object + required: + - restoreSpec + type: object + status: + description: NonAdminRestoreStatus defines the observed state of NonAdminRestore + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + dataMoverDataDownloads: + description: DataMoverDataDownloads contains information of the related + Velero DataDownload objects. + properties: + accepted: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Accepted + type: integer + canceled: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Canceled + type: integer + canceling: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Canceling + type: integer + completed: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Completed + type: integer + failed: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Failed + type: integer + inProgress: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase InProgress + type: integer + new: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase New + type: integer + prepared: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Prepared + type: integer + total: + description: number of DataDownloads related to this NonAdminRestore's + Restore + type: integer + type: object + fileSystemPodVolumeRestores: + description: FileSystemPodVolumeRestores contains information of the + related Velero PodVolumeRestore objects. + properties: + completed: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase Completed + type: integer + failed: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase Failed + type: integer + inProgress: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase InProgress + type: integer + new: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase New + type: integer + total: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore + type: integer + type: object + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminRestore. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + queueInfo: + description: |- + queueInfo is used to estimate how many restores are scheduled before the given VeleroRestore in the OADP namespace. + This number is not guaranteed to be accurate, but it should be close. It's inaccurate for cases when + Velero pod is not running or being restarted after Restore object were created. + It counts only VeleroRestores that are still subject to be handled by OADP/Velero. + properties: + estimatedQueuePosition: + description: estimatedQueuePosition is the number of operations + ahead in the queue (0 if not queued) + type: integer + required: + - estimatedQueuePosition + type: object + veleroRestore: + description: VeleroRestore contains information of the related Velero + restore object. + properties: + nacuuid: + description: nacuuid references the Velero Restore object by it's + label containing same NACUUID. + type: string + name: + description: references the Velero Restore object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + Restore exists. + type: string + status: + description: status captures the current status of the Velero + restore. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time the restore operation was completed. + Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire + restore to fail. + type: string + hookStatus: + description: HookStatus contains information about the status + of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks + which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Finalizing + - FinalizingPartiallyFailed + type: string + progress: + description: |- + Progress contains information about the restore's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that + have actually been restored so far + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be restored. This number may change + throughout the execution of the restore due to plugins that return additional related + items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: |- + RestoreItemOperationsAttempted is the total number of attempted + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: |- + RestoreItemOperationsCompleted is the total number of successfully completed + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsFailed: + description: |- + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an error. + type: integer + startTimestamp: + description: |- + StartTimestamp records the time the restore operation was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + nullable: true + type: array + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml b/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml index 71ff673d9d0..0bbe17b8e39 100644 --- a/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml +++ b/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml @@ -1204,6 +1204,931 @@ spec: - IfNotPresent - Never type: string + logFormat: + default: text + description: The format for log output. Valid values are text, json. (default text) + enum: + - text + - json + type: string + nonAdmin: + description: nonAdmin defines the configuration for the DPA to enable backup and restore operations for non-admin users + properties: + backupSyncPeriod: + description: |- + BackupSyncPeriod specifies the interval at which backups from the OADP namespace are synchronized with non-admin namespaces. + A value of 0 disables sync. + By default 2m + type: string + enable: + description: Enables non admin feature, by default is disabled + type: boolean + enforceBSLSpec: + description: which backupstoragelocation spec field values to enforce + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + objectStorage: + description: ObjectStorageLocation defines the enforced values for the Velero ObjectStorageLocation + nullable: true + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero storage. Optional. + type: string + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + type: object + enforceBackupSpec: + description: which bakup spec field values to enforce + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + enforceRestoreSpec: + description: which restore spec field values to enforce + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments to execute from within a container after a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command will be launched when container is Ready instead of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers to be added to a pod during its restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON resource patches that should be applied to resources before restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number setting for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether write files sparsely or not. + nullable: true + type: boolean + type: object + type: object + garbageCollectionPeriod: + description: |- + GarbageCollectionPeriod defines how frequently to look for possible leftover non admin related objects in OADP namespace. + A value of 0 disables garbage collection. + By default 24h + type: string + requireApprovalForBSL: + description: |- + RequireApprovalForBSL specifies whether cluster administrator approval is required + for creating Velero BackupStorageLocation (BSL) resources. + - If set to false, all NonAdminBackupStorageLocationApproval CRDs will be automatically approved, + including those that were previously pending or rejected. + - If set to true, any existing BackupStorageLocation CRDs that lack the necessary approvals may be deleted, + leaving the associated NonAdminBackup objects non-restorable until approval is granted. + Defaults to false + type: boolean + type: object podAnnotations: additionalProperties: type: string diff --git a/config/crd/bases/oadp.openshift.io_nonadminbackups.yaml b/config/crd/bases/oadp.openshift.io_nonadminbackups.yaml new file mode 100644 index 00000000000..4ef8629eda5 --- /dev/null +++ b/config/crd/bases/oadp.openshift.io_nonadminbackups.yaml @@ -0,0 +1,1374 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: nonadminbackups.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackup + listKind: NonAdminBackupList + plural: nonadminbackups + shortNames: + - nab + singular: nonadminbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroBackup.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackup is the Schema for the nonadminbackups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupSpec defines the desired state of NonAdminBackup + properties: + backupSpec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the + uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + deleteBackup: + description: |- + DeleteBackup removes the NonAdminBackup and its associated NonAdminRestores and VeleroBackup from the cluster, + as well as the corresponding data in object storage + type: boolean + required: + - backupSpec + type: object + status: + description: NonAdminBackupStatus defines the observed state of NonAdminBackup + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + dataMoverDataUploads: + description: DataMoverDataUploads contains information of the related + Velero DataUpload objects. + properties: + accepted: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Accepted + type: integer + canceled: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Canceled + type: integer + canceling: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Canceling + type: integer + completed: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Completed + type: integer + failed: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Failed + type: integer + inProgress: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase InProgress + type: integer + new: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase New + type: integer + prepared: + description: number of DataUploads related to this NonAdminBackup's + Backup in phase Prepared + type: integer + total: + description: number of DataUploads related to this NonAdminBackup's + Backup + type: integer + type: object + fileSystemPodVolumeBackups: + description: FileSystemPodVolumeBackups contains information of the + related Velero PodVolumeBackup objects. + properties: + completed: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase Completed + type: integer + failed: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase Failed + type: integer + inProgress: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase InProgress + type: integer + new: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup in phase New + type: integer + total: + description: number of PodVolumeBackups related to this NonAdminBackup's + Backup + type: integer + type: object + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminBackup. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + queueInfo: + description: |- + queueInfo is used to estimate how many backups are scheduled before the given VeleroBackup in the OADP namespace. + This number is not guaranteed to be accurate, but it should be close. It's inaccurate for cases when + Velero pod is not running or being restarted after Backup object were created. + It counts only VeleroBackups that are still subject to be handled by OADP/Velero. + properties: + estimatedQueuePosition: + description: estimatedQueuePosition is the number of operations + ahead in the queue (0 if not queued) + type: integer + required: + - estimatedQueuePosition + type: object + veleroBackup: + description: VeleroBackup contains information of the related Velero + backup object. + properties: + nacuuid: + description: nacuuid references the Velero Backup object by it's + label containing same NACUUID. + type: string + name: + description: references the Velero Backup object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + backup exists. + type: string + spec: + description: spec captures the current spec of the Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should + be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed + when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters + the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook + for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and + arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook + for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and + arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name + of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for + the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files + parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing + names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: status captures the current status of the Velero + backup. + properties: + backupItemOperationsAttempted: + description: |- + BackupItemOperationsAttempted is the total number of attempted + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: |- + BackupItemOperationsCompleted is the total number of successfully completed + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsFailed: + description: |- + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an error. + type: integer + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: |- + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: |- + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the backup. The actual errors are in the backup's log + file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for + garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire + backup to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + hookStatus: + description: HookStatus contains information about the status + of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks + which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: |- + Progress contains information about the backup's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: |- + ItemsBackedUp is the number of items that have actually been written to the + backup tarball so far. + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be backed up. This number may change + throughout the execution of the backup due to plugins that return additional related + items to back up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable). + items: + type: string + nullable: true + type: array + version: + description: |- + Version is the backup format major version. + Deprecated: Please see FormatVersion + type: integer + volumeSnapshotsAttempted: + description: |- + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: |- + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the backup. The actual warnings are in the backup's log + file in object storage. + type: integer + type: object + type: object + veleroDeleteBackupRequest: + description: VeleroDeleteBackupRequest contains information of the + related Velero delete backup request object. + properties: + nacuuid: + description: nacuuid references the Velero delete backup request + object by it's label containing same NACUUID. + type: string + name: + description: name references the Velero delete backup request + object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + delete backup request exists. + type: string + status: + description: status captures the current status of the Velero + delete backup request. + properties: + errors: + description: Errors contains any errors that were encountered + during the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml b/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml new file mode 100644 index 00000000000..52013c47678 --- /dev/null +++ b/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml @@ -0,0 +1,189 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: nonadminbackupstoragelocationrequests.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackupStorageLocationRequest + listKind: NonAdminBackupStorageLocationRequestList + plural: nonadminbackupstoragelocationrequests + shortNames: + - nabslrequest + singular: nonadminbackupstoragelocationrequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.nonAdminBackupStorageLocation.namespace + name: Request-Namespace + type: string + - jsonPath: .status.nonAdminBackupStorageLocation.name + name: Request-Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackupStorageLocationRequest is the Schema for the nonadminbackupstoragelocationrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupStorageLocationRequestSpec defines the desired + state of NonAdminBackupStorageLocationRequest + properties: + approvalDecision: + description: |- + approvalDecision is the decision of the cluster admin on the Requested NonAdminBackupStorageLocation creation. + The value may be set to either approve or reject. + enum: + - approve + - reject + - pending + type: string + type: object + status: + description: NonAdminBackupStorageLocationRequestStatus defines the observed + state of NonAdminBackupStorageLocationRequest + properties: + nonAdminBackupStorageLocation: + description: nonAdminBackupStorageLocation contains information of + the NonAdminBackupStorageLocation object that triggered NonAdminBSLRequest + properties: + nacuuid: + description: nacuuid references the NonAdminBackupStorageLocation + object by it's label containing same NACUUID. + type: string + name: + description: name references the NonAdminBackupStorageLocation + object by it's name. + type: string + namespace: + description: namespace references the Namespace in which NonAdminBackupStorageLocation + exists. + type: string + requestedSpec: + description: requestedSpec contains the requested Velero BackupStorageLocation + spec from the NonAdminBackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup + storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync + backup API objects from object storage. A value of 0 disables + sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration + fields. + type: object + credential: + description: Credential contains the credential information + intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default + backup storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings + necessary to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use + for Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to + validate the corresponding object storage. A value of 0 + disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + required: + - requestedSpec + type: object + phase: + description: phase represents the current state of the NonAdminBSLRequest. + It can be either Pending, Approved or Rejected. + enum: + - Pending + - Approved + - Rejected + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocations.yaml b/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocations.yaml new file mode 100644 index 00000000000..e08f0a5dd03 --- /dev/null +++ b/config/crd/bases/oadp.openshift.io_nonadminbackupstoragelocations.yaml @@ -0,0 +1,281 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: nonadminbackupstoragelocations.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminBackupStorageLocation + listKind: NonAdminBackupStorageLocationList + plural: nonadminbackupstoragelocations + shortNames: + - nabsl + singular: nonadminbackupstoragelocation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='ClusterAdminApproved')].status + name: Request-Approved + type: string + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroBackupStorageLocation.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminBackupStorageLocation is the Schema for the nonadminbackupstoragelocations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminBackupStorageLocationSpec defines the desired state + of NonAdminBackupStorageLocation + properties: + backupStorageLocationSpec: + description: BackupStorageLocationSpec defines the desired state of + a Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup + storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for + Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + required: + - backupStorageLocationSpec + type: object + status: + description: NonAdminBackupStorageLocationStatus defines the observed + state of NonAdminBackupStorageLocation + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminBackupStorageLocation. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + veleroBackupStorageLocation: + description: VeleroBackupStorageLocation contains information of the + related Velero backup object. + properties: + nacuuid: + description: nacuuid references the Velero BackupStorageLocation + object by it's label containing same NACUUID. + type: string + name: + description: references the Velero BackupStorageLocation object + by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + backup storage location exists. + type: string + status: + description: status captures the current status of the Velero + backup storage location. + properties: + accessMode: + description: |- + AccessMode is an unused field. + + Deprecated: there is now an AccessMode field on the Spec and this field + will be removed entirely as of v2.0. + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: |- + LastSyncedRevision is the value of the `metadata/revision` file in the backup + storage location the last time the BSL's contents were synced into the cluster. + + Deprecated: this field is no longer updated or used for detecting changes to + the location's contents and will be removed entirely in v2.0. + type: string + lastSyncedTime: + description: |- + LastSyncedTime is the last time the contents of the location were synced into + the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: |- + LastValidationTime is the last time the backup store location was validated + the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage + location's status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/oadp.openshift.io_nonadmindownloadrequests.yaml b/config/crd/bases/oadp.openshift.io_nonadmindownloadrequests.yaml new file mode 100644 index 00000000000..4306f7b56ae --- /dev/null +++ b/config/crd/bases/oadp.openshift.io_nonadmindownloadrequests.yaml @@ -0,0 +1,184 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: nonadmindownloadrequests.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminDownloadRequest + listKind: NonAdminDownloadRequestList + plural: nonadmindownloadrequests + shortNames: + - nadr + singular: nonadmindownloadrequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminDownloadRequest is the Schema for the nonadmindownloadrequests + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NonAdminDownloadRequestSpec defines the desired state of NonAdminDownloadRequest. + Mirrors velero DownloadRequestSpec to allow non admins to download information for a non admin backup/restore + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + - BackupVolumeInfos + - RestoreVolumeInfo + type: string + name: + description: Name is the name of the Kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: NonAdminDownloadRequestStatus defines the observed state + of NonAdminDownloadRequest. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminDownloadRequest + enum: + - New + - BackingOff + - Created + - Deleting + type: string + velero: + description: VeleroDownloadRequest represents VeleroDownloadRequest + properties: + status: + description: VeleroDownloadRequestStatus represents VeleroDownloadRequestStatus + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the + target file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires + and can be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/oadp.openshift.io_nonadminrestores.yaml b/config/crd/bases/oadp.openshift.io_nonadminrestores.yaml new file mode 100644 index 00000000000..2a29371e270 --- /dev/null +++ b/config/crd/bases/oadp.openshift.io_nonadminrestores.yaml @@ -0,0 +1,749 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: nonadminrestores.oadp.openshift.io +spec: + group: oadp.openshift.io + names: + kind: NonAdminRestore + listKind: NonAdminRestoreList + plural: nonadminrestores + shortNames: + - nar + singular: nonadminrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Request-Phase + type: string + - jsonPath: .status.veleroRestore.status.phase + name: Velero-Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NonAdminRestore is the Schema for the nonadminrestores API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NonAdminRestoreSpec defines the desired state of NonAdminRestore + properties: + restoreSpec: + description: restoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore + hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after + a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command + will be launched when container is Ready + instead of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init + containers to be added to a pod during its + restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old + nodePorts from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON + resource patches that should be applied to resources before + restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to + which will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the + restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number + setting for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether + write files sparsely or not. + nullable: true + type: boolean + type: object + type: object + required: + - restoreSpec + type: object + status: + description: NonAdminRestoreStatus defines the observed state of NonAdminRestore + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + dataMoverDataDownloads: + description: DataMoverDataDownloads contains information of the related + Velero DataDownload objects. + properties: + accepted: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Accepted + type: integer + canceled: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Canceled + type: integer + canceling: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Canceling + type: integer + completed: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Completed + type: integer + failed: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Failed + type: integer + inProgress: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase InProgress + type: integer + new: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase New + type: integer + prepared: + description: number of DataDownloads related to this NonAdminRestore's + Restore in phase Prepared + type: integer + total: + description: number of DataDownloads related to this NonAdminRestore's + Restore + type: integer + type: object + fileSystemPodVolumeRestores: + description: FileSystemPodVolumeRestores contains information of the + related Velero PodVolumeRestore objects. + properties: + completed: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase Completed + type: integer + failed: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase Failed + type: integer + inProgress: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase InProgress + type: integer + new: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore in phase New + type: integer + total: + description: number of PodVolumeRestores related to this NonAdminRestore's + Restore + type: integer + type: object + phase: + description: phase is a simple one high-level summary of the lifecycle + of an NonAdminRestore. + enum: + - New + - BackingOff + - Created + - Deleting + type: string + queueInfo: + description: |- + queueInfo is used to estimate how many restores are scheduled before the given VeleroRestore in the OADP namespace. + This number is not guaranteed to be accurate, but it should be close. It's inaccurate for cases when + Velero pod is not running or being restarted after Restore object were created. + It counts only VeleroRestores that are still subject to be handled by OADP/Velero. + properties: + estimatedQueuePosition: + description: estimatedQueuePosition is the number of operations + ahead in the queue (0 if not queued) + type: integer + required: + - estimatedQueuePosition + type: object + veleroRestore: + description: VeleroRestore contains information of the related Velero + restore object. + properties: + nacuuid: + description: nacuuid references the Velero Restore object by it's + label containing same NACUUID. + type: string + name: + description: references the Velero Restore object by it's name. + type: string + namespace: + description: namespace references the Namespace in which Velero + Restore exists. + type: string + status: + description: status captures the current status of the Velero + restore. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time the restore operation was completed. + Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire + restore to fail. + type: string + hookStatus: + description: HookStatus contains information about the status + of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks + which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Finalizing + - FinalizingPartiallyFailed + type: string + progress: + description: |- + Progress contains information about the restore's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that + have actually been restored so far + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be restored. This number may change + throughout the execution of the restore due to plugins that return additional related + items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: |- + RestoreItemOperationsAttempted is the total number of attempted + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: |- + RestoreItemOperationsCompleted is the total number of successfully completed + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsFailed: + description: |- + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an error. + type: integer + startTimestamp: + description: |- + StartTimestamp records the time the restore operation was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + nullable: true + type: array + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 4f18352b286..498c2fb8aa2 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,6 +2,8 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: +- bases/oadp.openshift.io_nonadminbackupstoragelocationrequests.yaml +- bases/oadp.openshift.io_nonadminbackupstoragelocations.yaml - bases/oadp.openshift.io_dataprotectionapplications.yaml - bases/oadp.openshift.io_cloudstorages.yaml - bases/velero.io_backuprepositories.yaml @@ -17,19 +19,27 @@ resources: - bases/velero.io_schedules.yaml - bases/velero.io_serverstatusrequests.yaml - bases/velero.io_volumesnapshotlocations.yaml +- bases/oadp.openshift.io_nonadminbackups.yaml +- bases/oadp.openshift.io_nonadminrestores.yaml +- bases/oadp.openshift.io_nonadmindownloadrequests.yaml #+kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: +patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_veleroes.yaml +#- path: patches/webhook_in_dataprotectionapplications.yaml +#- path: patches/webhook_in_cloudstorages.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_veleroes.yaml +#- path: patches/cainjection_in_dataprotectionapplications.yaml +#- path: patches/cainjection_in_cloudstorages.yaml +#- path: patches/cainjection_in_dataprotectiontests.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml + +#configurations: +#- kustomizeconfig.yaml \ No newline at end of file diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index e1eeecb6730..2a2b1ee9bad 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -62,6 +62,8 @@ spec: value: quay.io/redhat-user-workloads/ocp-art-tenant/oadp-hypershift-oadp-plugin-oadp-1-4 - name: RELATED_IMAGE_MUSTGATHER value: quay.io/konveyor/oadp-must-gather:oadp-1.4 + - name: RELATED_IMAGE_NON_ADMIN_CONTROLLER + value: quay.io/konveyor/oadp-non-admin:oadp-1.4 args: - --leader-elect image: controller:latest diff --git a/config/manifests/bases/oadp-operator.clusterserviceversion.yaml b/config/manifests/bases/oadp-operator.clusterserviceversion.yaml index 32293084fba..247c639c2df 100644 --- a/config/manifests/bases/oadp-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/oadp-operator.clusterserviceversion.yaml @@ -402,6 +402,34 @@ spec: displayName: Name path: name version: v1alpha1 + - description: NonAdminBackup is the Schema for the nonadminbackups API + displayName: Non Admin Backup + kind: NonAdminBackup + name: nonadminbackups.oadp.openshift.io + version: v1alpha1 + - description: NonAdminRestore is the Schema for the nonadminrestores API + displayName: Non Admin Restore + kind: NonAdminRestore + name: nonadminrestores.oadp.openshift.io + version: v1alpha1 + - description: NonAdminDownloadRequest is the Schema for the nonadmindownloadrequests + API + displayName: Non Admin DownloadRequest + kind: NonAdminDownloadRequest + name: nonadmindownloadrequests.oadp.openshift.io + version: v1alpha1 + - description: NonAdminBackupStorageLocation is the Schema for the nonadminbackupstoragelocations + API + displayName: Non Admin BackupStorageLocation + kind: NonAdminBackupStorageLocation + name: nonadminbackupstoragelocations.oadp.openshift.io + version: v1alpha1 + - description: NonAdminBackupStorageLocationRequest is the Schema for the nonadminbackupstoragelocationrequests + API + displayName: Non Admin BackupStorageLocationRequest + kind: NonAdminBackupStorageLocationRequest + name: nonadminbackupstoragelocationrequests.oadp.openshift.io + version: v1alpha1 description: | **OpenShift API for Data Protection (OADP)** operator sets up and installs Velero on the OpenShift platform, allowing users to backup and restore diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 0a5c4052a13..cf9f275775a 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -6,6 +6,8 @@ resources: - ../samples - ../scorecard - ../velero +- ../non-admin-controller_rbac + # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. diff --git a/config/non-admin-controller_rbac/kustomization.yaml b/config/non-admin-controller_rbac/kustomization.yaml new file mode 100644 index 00000000000..758575ef776 --- /dev/null +++ b/config/non-admin-controller_rbac/kustomization.yaml @@ -0,0 +1,26 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +# - leader_election_role.yaml +# - leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +# - auth_proxy_service.yaml +# - auth_proxy_role.yaml +# - auth_proxy_role_binding.yaml +# - auth_proxy_client_clusterrole.yaml +# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the {{ .ProjectName }} itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- nonadmindownloadrequest_admin_role.yaml +- nonadmindownloadrequest_editor_role.yaml +- nonadmindownloadrequest_viewer_role.yaml + diff --git a/config/non-admin-controller_rbac/nonadmindownloadrequest_admin_role.yaml b/config/non-admin-controller_rbac/nonadmindownloadrequest_admin_role.yaml new file mode 100644 index 00000000000..a1e5df37886 --- /dev/null +++ b/config/non-admin-controller_rbac/nonadmindownloadrequest_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project oadp-nac itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over oadp.openshift.io. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: oadp-nac + app.kubernetes.io/managed-by: kustomize + name: nonadmindownloadrequest-admin-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - '*' +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/config/non-admin-controller_rbac/nonadmindownloadrequest_editor_role.yaml b/config/non-admin-controller_rbac/nonadmindownloadrequest_editor_role.yaml new file mode 100644 index 00000000000..a71d1f36401 --- /dev/null +++ b/config/non-admin-controller_rbac/nonadmindownloadrequest_editor_role.yaml @@ -0,0 +1,33 @@ +# This rule is not used by the project oadp-nac itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the oadp.openshift.io. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: oadp-nac + app.kubernetes.io/managed-by: kustomize + name: nonadmindownloadrequest-editor-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/config/non-admin-controller_rbac/nonadmindownloadrequest_viewer_role.yaml b/config/non-admin-controller_rbac/nonadmindownloadrequest_viewer_role.yaml new file mode 100644 index 00000000000..6674dedb294 --- /dev/null +++ b/config/non-admin-controller_rbac/nonadmindownloadrequest_viewer_role.yaml @@ -0,0 +1,29 @@ +# This rule is not used by the project oadp-nac itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to oadp.openshift.io resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: oadp-nac + app.kubernetes.io/managed-by: kustomize + name: nonadmindownloadrequest-viewer-role +rules: +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests + verbs: + - get + - list + - watch +- apiGroups: + - oadp.openshift.io + resources: + - nonadmindownloadrequests/status + verbs: + - get diff --git a/config/non-admin-controller_rbac/role.yaml b/config/non-admin-controller_rbac/role.yaml new file mode 100644 index 00000000000..4da2508875e --- /dev/null +++ b/config/non-admin-controller_rbac/role.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: non-admin-controller-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oadp.openshift.io + resources: + - dataprotectionapplications + verbs: + - list +- apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups + - nonadminbackupstoragelocationrequests + - nonadminbackupstoragelocations + - nonadmindownloadrequests + - nonadminrestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups/finalizers + - nonadminbackupstoragelocations/finalizers + - nonadmindownloadrequests/finalizers + - nonadminrestores/finalizers + verbs: + - update +- apiGroups: + - oadp.openshift.io + resources: + - nonadminbackups/status + - nonadminbackupstoragelocationrequests/status + - nonadminbackupstoragelocations/status + - nonadmindownloadrequests/status + - nonadminrestores/status + verbs: + - get + - patch + - update +- apiGroups: + - velero.io + resources: + - backups + - backupstoragelocations + - deletebackuprequests + - downloadrequests + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backupstoragelocations/status + verbs: + - get + - patch + - update +- apiGroups: + - velero.io + resources: + - datadownloads + - datauploads + - podvolumebackups + - podvolumerestores + verbs: + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - downloadrequests/status + verbs: + - get diff --git a/config/non-admin-controller_rbac/role_binding.yaml b/config/non-admin-controller_rbac/role_binding.yaml new file mode 100644 index 00000000000..42f638ae73a --- /dev/null +++ b/config/non-admin-controller_rbac/role_binding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/instance: non-admin-controller-rolebinding + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: oadp-operator + app.kubernetes.io/part-of: oadp-operator + app.kubernetes.io/managed-by: kustomize + name: non-admin-controller-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: non-admin-controller-role +subjects: +- kind: ServiceAccount + name: non-admin-controller + namespace: system diff --git a/config/non-admin-controller_rbac/service_account.yaml b/config/non-admin-controller_rbac/service_account.yaml new file mode 100644 index 00000000000..09e0b660cb3 --- /dev/null +++ b/config/non-admin-controller_rbac/service_account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/instance: non-admin-controller-sa + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: oadp-operator + app.kubernetes.io/part-of: oadp-operator + app.kubernetes.io/managed-by: kustomize + name: non-admin-controller + namespace: system diff --git a/config/samples/oadp_v1alpha1_nonadminbackup.yaml b/config/samples/oadp_v1alpha1_nonadminbackup.yaml new file mode 100644 index 00000000000..1c49d64a66a --- /dev/null +++ b/config/samples/oadp_v1alpha1_nonadminbackup.yaml @@ -0,0 +1,12 @@ +apiVersion: oadp.openshift.io/v1alpha1 +kind: NonAdminBackup +metadata: + labels: + app.kubernetes.io/name: nonadminbackup + app.kubernetes.io/instance: nonadminbackup-sample + app.kubernetes.io/part-of: oadp-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: oadp-operator + name: nonadminbackup-sample +spec: + backupSpec: {} diff --git a/config/samples/oadp_v1alpha1_nonadminbackupstoragelocation.yaml b/config/samples/oadp_v1alpha1_nonadminbackupstoragelocation.yaml new file mode 100644 index 00000000000..b6c329b9afd --- /dev/null +++ b/config/samples/oadp_v1alpha1_nonadminbackupstoragelocation.yaml @@ -0,0 +1,22 @@ +apiVersion: oadp.openshift.io/v1alpha1 +kind: NonAdminBackupStorageLocation +metadata: + labels: + app.kubernetes.io/name: nonadminbackupstoragelocation + app.kubernetes.io/instance: nonadminbackupstoragelocation-sample + app.kubernetes.io/part-of: oadp-nac + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: oadp-nac + name: nonadminbackupstoragelocation-sample +spec: + backupStorageLocationSpec: + config: + checksumAlgorithm: '' + region: eu-central-1 + credential: + key: default + name: cloud-credentials + objectStorage: + bucket: my-bucket + prefix: nac-test + provider: aws diff --git a/config/samples/oadp_v1alpha1_nonadminbackupstoragelocationrequest.yaml b/config/samples/oadp_v1alpha1_nonadminbackupstoragelocationrequest.yaml new file mode 100644 index 00000000000..28248a3a432 --- /dev/null +++ b/config/samples/oadp_v1alpha1_nonadminbackupstoragelocationrequest.yaml @@ -0,0 +1,12 @@ +apiVersion: oadp.openshift.io/v1alpha1 +kind: NonAdminBackupStorageLocationRequest +metadata: + labels: + app.kubernetes.io/name: nonadminbackupstoragelocationrequest + app.kubernetes.io/instance: nonadminbackupstoragelocationrequest-sample + app.kubernetes.io/part-of: oadp-nac + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: oadp-nac + name: nonadminbackupstoragelocationrequest-sample +spec: + approvalDecision: pending diff --git a/config/samples/oadp_v1alpha1_nonadmindownloadrequest.yaml b/config/samples/oadp_v1alpha1_nonadmindownloadrequest.yaml new file mode 100644 index 00000000000..9bd5a27610b --- /dev/null +++ b/config/samples/oadp_v1alpha1_nonadmindownloadrequest.yaml @@ -0,0 +1,12 @@ +apiVersion: oadp.openshift.io/v1alpha1 +kind: NonAdminDownloadRequest +metadata: + labels: + app.kubernetes.io/name: oadp-nac + app.kubernetes.io/managed-by: kustomize + name: nonadmindownloadrequest-sample +spec: + target: + kind: BackupLog + name: non-admin-backup-name + diff --git a/config/samples/oadp_v1alpha1_nonadminrestore.yaml b/config/samples/oadp_v1alpha1_nonadminrestore.yaml new file mode 100644 index 00000000000..f72499e9123 --- /dev/null +++ b/config/samples/oadp_v1alpha1_nonadminrestore.yaml @@ -0,0 +1,13 @@ +apiVersion: oadp.openshift.io/v1alpha1 +kind: NonAdminRestore +metadata: + labels: + app.kubernetes.io/name: nonadminrestore + app.kubernetes.io/instance: nonadminrestore-sample + app.kubernetes.io/part-of: oadp-nac + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: oadp-nac + name: nonadminrestore-sample +spec: + restoreSpec: + backupName: nonadminbackup-sample diff --git a/controllers/dpa_controller.go b/controllers/dpa_controller.go index 28a33520233..765f70d7b4a 100644 --- a/controllers/dpa_controller.go +++ b/controllers/dpa_controller.go @@ -46,11 +46,13 @@ import ( // DPAReconciler reconciles a Velero object type DPAReconciler struct { client.Client - Scheme *runtime.Scheme - Log logr.Logger - Context context.Context - NamespacedName types.NamespacedName - EventRecorder record.EventRecorder + Scheme *runtime.Scheme + Log logr.Logger + Context context.Context + NamespacedName types.NamespacedName + EventRecorder record.EventRecorder + dpa *oadpv1alpha1.DataProtectionApplication + ClusterWideClient client.Client } var debugMode = os.Getenv("DEBUG") == "true" @@ -87,6 +89,9 @@ func (r *DPAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R return result, nil } + // set the dpa field for use in reconciler methods + r.dpa = &dpa + // set client to pkg/client for use in non-reconcile functions oadpClient.SetClient(r.Client) @@ -105,6 +110,7 @@ func (r *DPAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R r.ReconcileNodeAgentDaemonset, r.ReconcileVeleroMetricsSVC, r.ReconcileDataMoverController, + r.ReconcileNonAdminController, ) if err != nil { diff --git a/controllers/nonadmin_controller.go b/controllers/nonadmin_controller.go new file mode 100644 index 00000000000..be9b2181105 --- /dev/null +++ b/controllers/nonadmin_controller.go @@ -0,0 +1,268 @@ +package controllers + +import ( + "fmt" + "os" + "reflect" + "strconv" + "time" + + "github.com/go-logr/logr" + "github.com/sirupsen/logrus" + "golang.org/x/exp/maps" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + k8serror "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + + oadpv1alpha1 "github.com/openshift/oadp-operator/api/v1alpha1" + "github.com/openshift/oadp-operator/pkg/common" +) + +const ( + nonAdminObjectName = "non-admin-controller" + controlPlaneKey = "control-plane" + + dpaResourceVersionAnnotation = oadpv1alpha1.OadpOperatorLabel + "-dpa-resource-version" +) + +var ( + controlPlaneLabel = map[string]string{ + controlPlaneKey: nonAdminObjectName, + } + deploymentLabels = map[string]string{ + "app.kubernetes.io/component": "manager", + "app.kubernetes.io/created-by": common.OADPOperator, + "app.kubernetes.io/instance": nonAdminObjectName, + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "deployment", + "app.kubernetes.io/part-of": common.OADPOperator, + } + + dpaResourceVersion = "" + previousNonAdminConfiguration *oadpv1alpha1.NonAdmin = nil + previousDefaultBSLSyncPeriod *time.Duration = nil +) + +func (r *DPAReconciler) ReconcileNonAdminController(log logr.Logger) (bool, error) { + nonAdminDeployment := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: nonAdminObjectName, + Namespace: r.NamespacedName.Namespace, + }, + } + + // Delete (possible) previously deployment + if !r.checkNonAdminEnabled() { + if err := r.Get( + r.Context, + types.NamespacedName{ + Name: nonAdminDeployment.Name, + Namespace: nonAdminDeployment.Namespace, + }, + nonAdminDeployment, + ); err != nil { + if k8serror.IsNotFound(err) { + return true, nil + } + return false, err + } + + if err := r.Delete( + r.Context, + nonAdminDeployment, + &client.DeleteOptions{PropagationPolicy: ptr.To(metav1.DeletePropagationForeground)}, + ); err != nil { + r.EventRecorder.Event( + nonAdminDeployment, + corev1.EventTypeWarning, + "NonAdminDeploymentDeleteFailed", + fmt.Sprintf("Could not delete non admin controller deployment %s/%s: %s", nonAdminDeployment.Namespace, nonAdminDeployment.Name, err), + ) + return false, err + } + r.EventRecorder.Event( + nonAdminDeployment, + corev1.EventTypeNormal, + "NonAdminDeploymentDeleteSucceed", + fmt.Sprintf("Non admin controller deployment %s/%s deleted", nonAdminDeployment.Namespace, nonAdminDeployment.Name), + ) + return true, nil + } + + operation, err := controllerutil.CreateOrUpdate( + r.Context, + r.Client, + nonAdminDeployment, + func() error { + err := r.buildNonAdminDeployment(nonAdminDeployment) + if err != nil { + return err + } + + // Setting controller owner reference on the non admin controller deployment + return controllerutil.SetControllerReference(r.dpa, nonAdminDeployment, r.Scheme) + }, + ) + if err != nil { + return false, err + } + + if operation != controllerutil.OperationResultNone { + r.EventRecorder.Event( + nonAdminDeployment, + corev1.EventTypeNormal, + "NonAdminDeploymentReconciled", + fmt.Sprintf("Non admin controller deployment %s/%s %s", nonAdminDeployment.Namespace, nonAdminDeployment.Name, operation), + ) + } + return true, nil +} + +func (r *DPAReconciler) buildNonAdminDeployment(deploymentObject *appsv1.Deployment) error { + nonAdminImage := r.getNonAdminImage() + imagePullPolicy, err := common.GetImagePullPolicy(r.dpa.Spec.ImagePullPolicy, nonAdminImage) + if err != nil { + r.Log.Error(err, "imagePullPolicy regex failed") + } + ensureRequiredLabels(deploymentObject) + err = ensureRequiredSpecs(deploymentObject, r.dpa, nonAdminImage, imagePullPolicy) + if err != nil { + return err + } + return nil +} + +func ensureRequiredLabels(deploymentObject *appsv1.Deployment) { + maps.Copy(deploymentLabels, controlPlaneLabel) + deploymentObjectLabels := deploymentObject.GetLabels() + if deploymentObjectLabels == nil { + deploymentObject.SetLabels(deploymentLabels) + } else { + for key, value := range deploymentLabels { + deploymentObjectLabels[key] = value + } + deploymentObject.SetLabels(deploymentObjectLabels) + } +} + +func ensureRequiredSpecs(deploymentObject *appsv1.Deployment, dpa *oadpv1alpha1.DataProtectionApplication, image string, imagePullPolicy corev1.PullPolicy) error { + envVars := []corev1.EnvVar{ + { + Name: "WATCH_NAMESPACE", // TODO: fix, this is only used to indicate oadp ns, and is not actually used for watching ns. + Value: deploymentObject.Namespace, + }, + } + if dpa.Spec.Configuration != nil && dpa.Spec.Configuration.Velero != nil { + envVars = append(envVars, corev1.EnvVar{ + Name: common.LogLevelEnvVar, + Value: func() string { + // these levels are already validated in another controller. + level, err := logrus.ParseLevel(dpa.Spec.Configuration.Velero.LogLevel) + if err != nil { + return "" + } + return strconv.FormatUint(uint64(level), 10) + }(), + }) + } + + if len(dpa.Spec.LogFormat) > 0 { + envVars = append(envVars, corev1.EnvVar{ + Name: common.LogFormatEnvVar, + Value: string(dpa.Spec.LogFormat), + }) + } + + if len(dpaResourceVersion) == 0 || + !reflect.DeepEqual(dpa.Spec.NonAdmin, previousNonAdminConfiguration) || + (dpa.Spec.Configuration.Velero.Args != nil && + !reflect.DeepEqual(dpa.Spec.Configuration.Velero.Args.BackupSyncPeriod, previousDefaultBSLSyncPeriod)) { + dpaResourceVersion = dpa.GetResourceVersion() + previousNonAdminConfiguration = dpa.Spec.NonAdmin + if dpa.Spec.Configuration.Velero.Args != nil { + previousDefaultBSLSyncPeriod = dpa.Spec.Configuration.Velero.Args.BackupSyncPeriod + } + } + podAnnotations := map[string]string{ + dpaResourceVersionAnnotation: dpaResourceVersion, + } + + deploymentObject.Spec.Replicas = ptr.To(int32(1)) + deploymentObject.Spec.Selector = &metav1.LabelSelector{ + MatchLabels: controlPlaneLabel, + } + + templateObjectLabels := deploymentObject.Spec.Template.GetLabels() + if templateObjectLabels == nil { + deploymentObject.Spec.Template.SetLabels(controlPlaneLabel) + } else { + templateObjectLabels[controlPlaneKey] = controlPlaneLabel[controlPlaneKey] + deploymentObject.Spec.Template.SetLabels(templateObjectLabels) + } + + templateObjectAnnotations := deploymentObject.Spec.Template.GetAnnotations() + if templateObjectAnnotations == nil { + deploymentObject.Spec.Template.SetAnnotations(podAnnotations) + } else { + templateObjectAnnotations[dpaResourceVersionAnnotation] = podAnnotations[dpaResourceVersionAnnotation] + deploymentObject.Spec.Template.SetAnnotations(templateObjectAnnotations) + } + + nonAdminContainerFound := false + if len(deploymentObject.Spec.Template.Spec.Containers) == 0 { + deploymentObject.Spec.Template.Spec.Containers = []corev1.Container{{ + Name: nonAdminObjectName, + Image: image, + ImagePullPolicy: imagePullPolicy, + Env: envVars, + TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, + }} + nonAdminContainerFound = true + } else { + for index, container := range deploymentObject.Spec.Template.Spec.Containers { + if container.Name == nonAdminObjectName { + nonAdminContainer := &deploymentObject.Spec.Template.Spec.Containers[index] + nonAdminContainer.Image = image + nonAdminContainer.ImagePullPolicy = imagePullPolicy + nonAdminContainer.Env = envVars + nonAdminContainer.TerminationMessagePolicy = corev1.TerminationMessageFallbackToLogsOnError + nonAdminContainerFound = true + break + } + } + } + if !nonAdminContainerFound { + return fmt.Errorf("could not find Non admin container in Deployment") + } + deploymentObject.Spec.Template.Spec.RestartPolicy = corev1.RestartPolicyAlways + deploymentObject.Spec.Template.Spec.ServiceAccountName = nonAdminObjectName + return nil +} + +func (r *DPAReconciler) checkNonAdminEnabled() bool { + if r.dpa.Spec.NonAdmin != nil && r.dpa.Spec.NonAdmin.Enable != nil { + return *r.dpa.Spec.NonAdmin.Enable + } + return false +} + +func (r *DPAReconciler) getNonAdminImage() string { + dpa := r.dpa + unsupportedOverride := dpa.Spec.UnsupportedOverrides[oadpv1alpha1.NonAdminControllerImageKey] + if unsupportedOverride != "" { + return unsupportedOverride + } + + environmentVariable := os.Getenv("RELATED_IMAGE_NON_ADMIN_CONTROLLER") + if environmentVariable != "" { + return environmentVariable + } + + // TODO https://github.com/openshift/oadp-operator/issues/1379 + return "quay.io/konveyor/oadp-non-admin:latest" +} diff --git a/controllers/nonadmin_controller_test.go b/controllers/nonadmin_controller_test.go new file mode 100644 index 00000000000..f09a528ff22 --- /dev/null +++ b/controllers/nonadmin_controller_test.go @@ -0,0 +1,556 @@ +package controllers + +import ( + "context" + "os" + "strconv" + "testing" + + "github.com/go-logr/logr" + "github.com/onsi/ginkgo/v2" + "github.com/onsi/gomega" + "github.com/sirupsen/logrus" + "github.com/vmware-tanzu/velero/pkg/apis/velero/v1" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/record" + "k8s.io/utils/ptr" + + oadpv1alpha1 "github.com/openshift/oadp-operator/api/v1alpha1" + "github.com/openshift/oadp-operator/pkg/common" +) + +const defaultNonAdminImage = "quay.io/konveyor/oadp-non-admin:latest" + +type ReconcileNonAdminControllerScenario struct { + namespace string + dpa string + errMessage string + eventWords []string + nonAdminEnabled bool + deployment *appsv1.Deployment +} + +func createTestDeployment(namespace string) *appsv1.Deployment { + return &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: nonAdminObjectName, + Namespace: namespace, + Labels: map[string]string{ + "test": "test", + "app.kubernetes.io/name": "wrong", + controlPlaneKey: "super-wrong", + }, + }, + Spec: appsv1.DeploymentSpec{ + Replicas: ptr.To(int32(2)), + Selector: &metav1.LabelSelector{ + MatchLabels: controlPlaneLabel, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: controlPlaneLabel, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: nonAdminObjectName, + Image: "wrong", + }, + }, + ServiceAccountName: "wrong-one", + }, + }, + }, + } +} + +func runReconcileNonAdminControllerTest( + scenario ReconcileNonAdminControllerScenario, + updateTestScenario func(scenario ReconcileNonAdminControllerScenario), + ctx context.Context, + envVarValue string, +) { + updateTestScenario(scenario) + + namespace := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: scenario.namespace, + }, + } + gomega.Expect(k8sClient.Create(ctx, namespace)).To(gomega.Succeed()) + + dpa := &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: scenario.dpa, + Namespace: scenario.namespace, + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{}, + }, + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(scenario.nonAdminEnabled), + }, + }, + } + gomega.Expect(k8sClient.Create(ctx, dpa)).To(gomega.Succeed()) + + if scenario.deployment != nil { + gomega.Expect(k8sClient.Create(ctx, scenario.deployment)).To(gomega.Succeed()) + } + + os.Setenv("RELATED_IMAGE_NON_ADMIN_CONTROLLER", envVarValue) + event := record.NewFakeRecorder(5) + r := &DPAReconciler{ + Client: k8sClient, + Scheme: testEnv.Scheme, + Context: ctx, + NamespacedName: types.NamespacedName{ + Name: scenario.dpa, + Namespace: scenario.namespace, + }, + EventRecorder: event, + dpa: dpa, + } + result, err := r.ReconcileNonAdminController(logr.Discard()) + + if len(scenario.errMessage) == 0 { + gomega.Expect(result).To(gomega.BeTrue()) + gomega.Expect(err).To(gomega.Not(gomega.HaveOccurred())) + } else { + gomega.Expect(result).To(gomega.BeFalse()) + gomega.Expect(err).To(gomega.HaveOccurred()) + gomega.Expect(err.Error()).To(gomega.ContainSubstring(scenario.errMessage)) + } + + if scenario.eventWords != nil { + gomega.Expect(len(event.Events)).To(gomega.Equal(1)) + message := <-event.Events + for _, word := range scenario.eventWords { + gomega.Expect(message).To(gomega.ContainSubstring(word)) + } + } else { + gomega.Expect(len(event.Events)).To(gomega.Equal(0)) + } +} + +var _ = ginkgo.Describe("Test ReconcileNonAdminController function", func() { + var ( + ctx = context.Background() + currentTestScenario ReconcileNonAdminControllerScenario + updateTestScenario = func(scenario ReconcileNonAdminControllerScenario) { + currentTestScenario = scenario + } + ) + + ginkgo.AfterEach(func() { + os.Unsetenv("RELATED_IMAGE_NON_ADMIN_CONTROLLER") + + deployment := &appsv1.Deployment{} + if k8sClient.Get( + ctx, + types.NamespacedName{ + Name: nonAdminObjectName, + Namespace: currentTestScenario.namespace, + }, + deployment, + ) == nil { + gomega.Expect(k8sClient.Delete(ctx, deployment)).To(gomega.Succeed()) + } + + dpa := &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: currentTestScenario.dpa, + Namespace: currentTestScenario.namespace, + }, + } + gomega.Expect(k8sClient.Delete(ctx, dpa)).To(gomega.Succeed()) + + namespace := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: currentTestScenario.namespace, + }, + } + gomega.Expect(k8sClient.Delete(ctx, namespace)).To(gomega.Succeed()) + }) + + ginkgo.DescribeTable("Reconcile is true", + func(scenario ReconcileNonAdminControllerScenario) { + runReconcileNonAdminControllerTest(scenario, updateTestScenario, ctx, defaultNonAdminImage) + }, + ginkgo.Entry("Should create non admin deployment", ReconcileNonAdminControllerScenario{ + namespace: "test-1", + dpa: "test-1-dpa", + eventWords: []string{"Normal", "NonAdminDeploymentReconciled", "created"}, + nonAdminEnabled: true, + }), + ginkgo.Entry("Should update non admin deployment", ReconcileNonAdminControllerScenario{ + namespace: "test-2", + dpa: "test-2-dpa", + eventWords: []string{"Normal", "NonAdminDeploymentReconciled", "updated"}, + nonAdminEnabled: true, + deployment: createTestDeployment("test-2"), + }), + ginkgo.Entry("Should delete non admin deployment", ReconcileNonAdminControllerScenario{ + namespace: "test-3", + dpa: "test-3-dpa", + eventWords: []string{"Normal", "NonAdminDeploymentDeleteSucceed", "deleted"}, + nonAdminEnabled: false, + deployment: createTestDeployment("test-3"), + }), + ginkgo.Entry("Should do nothing", ReconcileNonAdminControllerScenario{ + namespace: "test-4", + dpa: "test-4-dpa", + nonAdminEnabled: false, + }), + ) + + ginkgo.DescribeTable("Reconcile is false", + func(scenario ReconcileNonAdminControllerScenario) { + runReconcileNonAdminControllerTest(scenario, updateTestScenario, ctx, defaultNonAdminImage) + }, + ginkgo.Entry("Should error because non admin container was not found in Deployment", ReconcileNonAdminControllerScenario{ + namespace: "test-error-1", + dpa: "test-error-1-dpa", + errMessage: "could not find Non admin container in Deployment", + nonAdminEnabled: true, + deployment: &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: nonAdminObjectName, + Namespace: "test-error-1", + }, + Spec: appsv1.DeploymentSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: controlPlaneLabel, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: controlPlaneLabel, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{{ + Name: "wrong", + Image: defaultNonAdminImage, + }}, + }, + }, + }, + }, + }), + ) +}) + +func TestDPAReconcilerBuildNonAdminDeployment(t *testing.T) { + r := &DPAReconciler{dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + }, + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{}, + }, + }, + }} + t.Setenv("RELATED_IMAGE_NON_ADMIN_CONTROLLER", defaultNonAdminImage) + deployment := createTestDeployment("test-build-deployment") + err := r.buildNonAdminDeployment(deployment) + if err != nil { + t.Errorf("buildNonAdminDeployment() errored out: %v", err) + } + labels := deployment.GetLabels() + if labels["test"] != "test" { + t.Errorf("Deployment label 'test' has wrong value: %v", labels["test"]) + } + if labels["app.kubernetes.io/name"] != "deployment" { + t.Errorf("Deployment label 'app.kubernetes.io/name' has wrong value: %v", labels["app.kubernetes.io/name"]) + } + if labels[controlPlaneKey] != nonAdminObjectName { + t.Errorf("Deployment label '%v' has wrong value: %v", controlPlaneKey, labels[controlPlaneKey]) + } + if *deployment.Spec.Replicas != 1 { + t.Errorf("Deployment has wrong number of replicas: %v", *deployment.Spec.Replicas) + } + if deployment.Spec.Template.Spec.ServiceAccountName != nonAdminObjectName { + t.Errorf("Deployment has wrong ServiceAccount: %v", deployment.Spec.Template.Spec.ServiceAccountName) + } +} + +func TestEnsureRequiredLabels(t *testing.T) { + deployment := createTestDeployment("test-ensure-label") + ensureRequiredLabels(deployment) + labels := deployment.GetLabels() + if labels["test"] != "test" { + t.Errorf("Deployment label 'test' has wrong value: %v", labels["test"]) + } + if labels["app.kubernetes.io/name"] != "deployment" { + t.Errorf("Deployment label 'app.kubernetes.io/name' has wrong value: %v", labels["app.kubernetes.io/name"]) + } + if labels[controlPlaneKey] != nonAdminObjectName { + t.Errorf("Deployment label '%v' has wrong value: %v", controlPlaneKey, labels[controlPlaneKey]) + } +} + +func TestEnsureRequiredSpecs(t *testing.T) { + deployment := createTestDeployment("test-ensure-spec") + dpa := &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + ResourceVersion: "123456789", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{ + LogLevel: logrus.DebugLevel.String(), + }, + }, + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + }, + LogFormat: oadpv1alpha1.LogFormatJSON, + }, + } + err := ensureRequiredSpecs(deployment, dpa, defaultNonAdminImage, corev1.PullAlways) + if err != nil { + t.Errorf("ensureRequiredSpecs() errored out: %v", err) + } + if *deployment.Spec.Replicas != 1 { + t.Errorf("Deployment has wrong number of replicas: %v", *deployment.Spec.Replicas) + } + if deployment.Spec.Template.Spec.ServiceAccountName != nonAdminObjectName { + t.Errorf("Deployment has wrong ServiceAccount: %v", deployment.Spec.Template.Spec.ServiceAccountName) + } + if deployment.Spec.Template.Spec.Containers[0].Image != defaultNonAdminImage { + t.Errorf("Deployment has wrong Image: %v", deployment.Spec.Template.Spec.Containers[0].Image) + } + if len(deployment.Spec.Template.Annotations[dpaResourceVersionAnnotation]) == 0 { + t.Errorf("Deployment does not have Annotation") + } + for _, env := range deployment.Spec.Template.Spec.Containers[0].Env { + if env.Name == common.LogLevelEnvVar { + // check that we get expected int value string from the level set in config + if expectedLevel, err := logrus.ParseLevel(logrus.DebugLevel.String()); err != nil { + t.Errorf("Unable to parse loglevel expected") + } else { + if env.Value != strconv.FormatUint(uint64(expectedLevel), 10) { + t.Errorf("log level unexpected") + } + } + } + if env.Name == common.LogFormatEnvVar { + if env.Value != string(oadpv1alpha1.LogFormatJSON) && env.Value != string(oadpv1alpha1.LogFormatText) { + t.Errorf("log format unexpected") + } + } + } + + previousDPAAnnotationValue := deployment.DeepCopy().Spec.Template.Annotations[dpaResourceVersionAnnotation] + updatedDPA := &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + ResourceVersion: "147258369", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + }, + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{}, + }, + }, + } + err = ensureRequiredSpecs(deployment, updatedDPA, defaultNonAdminImage, corev1.PullAlways) + if err != nil { + t.Errorf("ensureRequiredSpecs() errored out: %v", err) + } + if previousDPAAnnotationValue != deployment.Spec.Template.Annotations[dpaResourceVersionAnnotation] { + t.Errorf("Deployment have different Annotation") + } + updatedDPA = &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + ResourceVersion: "987654321", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{}, + }, + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + EnforceBackupSpec: &v1.BackupSpec{ + SnapshotMoveData: ptr.To(false), + }, + }, + }, + } + err = ensureRequiredSpecs(deployment, updatedDPA, defaultNonAdminImage, corev1.PullAlways) + if err != nil { + t.Errorf("ensureRequiredSpecs() errored out: %v", err) + } + if previousDPAAnnotationValue == deployment.Spec.Template.Annotations[dpaResourceVersionAnnotation] { + t.Errorf("Deployment does not have different Annotation") + } + for _, env := range deployment.Spec.Template.Spec.Containers[0].Env { + if env.Name == common.LogLevelEnvVar { + // check that we get expected int value string from the level set in config + if expectedLevel, err := logrus.ParseLevel(""); err != nil { + // we expect logrus.ParseLevel("") to err here and returns 0 + if err == nil { + t.Error("Expected err when level is empty from logrus.ParseLevel") + } + // The returned expectedLevel of 0 is panic level + if expectedLevel != logrus.PanicLevel { + t.Errorf("unexpected logrus.ParseLevel('') return value") + } + // we ignore and return empty string instead, and nac deployment will handle defaulting + if env.Value != "" { + t.Errorf("log level unexpected") + } + } + } + } + previousDPAAnnotationValue = deployment.DeepCopy().Spec.Template.Annotations[dpaResourceVersionAnnotation] + updatedDPA = &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + ResourceVersion: "112233445", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + EnforceBackupSpec: &v1.BackupSpec{ + SnapshotMoveData: ptr.To(false), + }, + EnforceRestoreSpec: &v1.RestoreSpec{ + RestorePVs: ptr.To(true), + }, + EnforceBSLSpec: &oadpv1alpha1.EnforceBackupStorageLocationSpec{ + Provider: "foo-provider", + }, + }, + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{}, + }, + }, + } + err = ensureRequiredSpecs(deployment, updatedDPA, defaultNonAdminImage, corev1.PullAlways) + if err != nil { + t.Errorf("ensureRequiredSpecs() errored out: %v", err) + } + if previousDPAAnnotationValue == deployment.Spec.Template.Annotations[dpaResourceVersionAnnotation] { + t.Errorf("Deployment does not have different Annotation") + } +} + +func TestDPAReconcilerCheckNonAdminEnabled(t *testing.T) { + tests := []struct { + name string + result bool + dpa *oadpv1alpha1.DataProtectionApplication + }{ + { + name: "DPA has non admin feature enable: true so return true", + result: true, + dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(true), + }, + }, + }, + }, + { + name: "DPA has non admin feature enable: false so return false", + result: false, + dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: ptr.To(false), + }, + }, + }, + }, + { + name: "DPA has empty non admin feature spec so return false", + result: false, + dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{}, + }, + }, + }, + { + name: "DPA has non admin feature enable: nil so return false", + result: false, + dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: nil, + }, + }, + }, + }, + { + name: "DPA has no non admin feature", + result: false, + dpa: &oadpv1alpha1.DataProtectionApplication{}, + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + r := &DPAReconciler{dpa: test.dpa} + result := r.checkNonAdminEnabled() + if result != test.result { + t.Errorf("Results differ: got '%v' but expected '%v'", result, test.result) + } + }) + } +} + +func TestDPAReconcilerGetNonAdminImage(t *testing.T) { + tests := []struct { + name string + image string + env string + dpa *oadpv1alpha1.DataProtectionApplication + }{ + { + name: "Get non admin image from environment variable with default value", + image: defaultNonAdminImage, + env: defaultNonAdminImage, + dpa: &oadpv1alpha1.DataProtectionApplication{}, + }, + { + name: "Get non admin image from environment variable with custom value", + image: "quay.io/openshift/oadp-non-admin:latest", + env: "quay.io/openshift/oadp-non-admin:latest", + dpa: &oadpv1alpha1.DataProtectionApplication{}, + }, + { + name: "Get non admin image from unsupported overrides", + image: "quay.io/konveyor/another:latest", + dpa: &oadpv1alpha1.DataProtectionApplication{ + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + UnsupportedOverrides: map[oadpv1alpha1.UnsupportedImageKey]string{ + "nonAdminControllerImageFqin": "quay.io/konveyor/another:latest", + }, + }, + }, + }, + { + name: "Get non admin image from fallback", + image: defaultNonAdminImage, + dpa: &oadpv1alpha1.DataProtectionApplication{}, + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + r := &DPAReconciler{dpa: test.dpa} + if len(test.env) > 0 { + t.Setenv("RELATED_IMAGE_NON_ADMIN_CONTROLLER", test.env) + } + image := r.getNonAdminImage() + if image != test.image { + t.Errorf("Images differ: got '%v' but expected '%v'", image, test.image) + } + }) + } +} diff --git a/controllers/velero.go b/controllers/velero.go index 5fefdd5a296..110c98e1677 100644 --- a/controllers/velero.go +++ b/controllers/velero.go @@ -333,6 +333,10 @@ func (r *DPAReconciler) customizeVeleroDeployment(dpa *oadpv1alpha1.DataProtecti veleroContainer.Args = append(veleroContainer.Args, "--log-level", logLevel.String()) } + if dpa.Spec.LogFormat != "" { + veleroContainer.Args = append(veleroContainer.Args, fmt.Sprintf("--log-format=%s", dpa.Spec.LogFormat)) + } + // Setting async operations server parameter ItemOperationSyncFrequency if dpa.Spec.Configuration.Velero.ItemOperationSyncFrequency != "" { ItemOperationSyncFrequencyString := dpa.Spec.Configuration.Velero.ItemOperationSyncFrequency diff --git a/controllers/velero_test.go b/controllers/velero_test.go index 99689ef30e0..ba0f98ebec2 100644 --- a/controllers/velero_test.go +++ b/controllers/velero_test.go @@ -842,6 +842,7 @@ func TestDPAReconciler_buildVeleroDeployment(t *testing.T) { dpa: createTestDpaWith( nil, oadpv1alpha1.DataProtectionApplicationSpec{ + LogFormat: oadpv1alpha1.LogFormatJSON, Configuration: &oadpv1alpha1.ApplicationConfig{ Velero: &oadpv1alpha1.VeleroConfig{ LogLevel: logrus.InfoLevel.String(), @@ -863,6 +864,7 @@ func TestDPAReconciler_buildVeleroDeployment(t *testing.T) { defaultRestoreResourcePriorities, "--log-level", logrus.InfoLevel.String(), + "--log-format=json", "--item-operation-sync-frequency=5m", "--default-item-operation-timeout=2h", "--default-snapshot-move-data=false", diff --git a/go.mod b/go.mod index a55df062ed6..6dfe1a1ddd3 100644 --- a/go.mod +++ b/go.mod @@ -27,6 +27,7 @@ require ( github.com/google/go-cmp v0.7.0 github.com/openshift/hypershift/api v0.0.0-20240522104800-604a957be25e github.com/vmware-tanzu/velero v1.14.0 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 k8s.io/klog/v2 v2.120.1 ) @@ -151,7 +152,6 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.36.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.36.0 // indirect golang.org/x/oauth2 v0.27.0 // indirect golang.org/x/sync v0.12.0 // indirect diff --git a/internal/common/constant/constant.go b/internal/common/constant/constant.go new file mode 100644 index 00000000000..d04a2977153 --- /dev/null +++ b/internal/common/constant/constant.go @@ -0,0 +1,110 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package constant contains all common constants used in the project +package constant + +import ( + "k8s.io/apimachinery/pkg/util/validation" +) + +// Common labels for objects manipulated by the Non Admin Controller +// Labels should be used to identify the NAC object +// Annotations on the other hand should be used to define ownership +// of the specific Object, such as Backup/Restore. +const ( + OadpOperatorLabel = "openshift.io/oadp" + OadpLabel = OadpOperatorLabel + OadpLabelValue = TrueString + ManagedByLabel = "app.kubernetes.io/managed-by" + ManagedByLabelValue = "oadp-nac-controller" // TODO why not use same project name as in PROJECT file? + NabOriginNACUUIDLabel = OadpOperatorLabel + "-nab-origin-nacuuid" + NarOriginNACUUIDLabel = OadpOperatorLabel + "-nar-origin-nacuuid" + NabslOriginNACUUIDLabel = OadpOperatorLabel + "-nabsl-origin-nacuuid" + NadrOriginNACUUIDLabel = OadpOperatorLabel + "-nadr-origin-nacuuid" + NabSyncLabel = OadpOperatorLabel + "-nab-synced-from-nacuuid" + + NabOriginNameAnnotation = OadpOperatorLabel + "-nab-origin-name" + NabOriginNamespaceAnnotation = OadpOperatorLabel + "-nab-origin-namespace" + NarOriginNameAnnotation = OadpOperatorLabel + "-nar-origin-name" + NarOriginNamespaceAnnotation = OadpOperatorLabel + "-nar-origin-namespace" + NabslOriginNameAnnotation = OadpOperatorLabel + "-nabsl-origin-name" + NabslOriginNamespaceAnnotation = OadpOperatorLabel + "-nabsl-origin-namespace" + NadrOriginNameAnnotation = OadpOperatorLabel + "-nadr-origin-name" + NadrOriginNamespaceAnnotation = OadpOperatorLabel + "-nadr-origin-namespace" + + NabFinalizerName = "nonadminbackup.oadp.openshift.io/finalizer" + NarFinalizerName = "nonadminrestore.oadp.openshift.io/finalizer" + NabslFinalizerName = "nonadminbackupstoragelocation.oadp.openshift.io/finalizer" +) + +// Common environment variables for the Non Admin Controller +const ( + NamespaceEnvVar = "WATCH_NAMESPACE" + // Numeric Log Level corresponding to logrus levels (matching velero). + // 0 = panic + // 1 = Fatal + // 2 = Error + // 3 = Warn + // 4 = Info + // 5 = Debug + // 6 = Trace + LogLevelEnvVar = "LOG_LEVEL" + LogFormatEnvVar = "LOG_FORMAT" +) + +// EmptyString defines a constant for the empty string +const EmptyString = "" + +// NameDelimiter defines character that is used to separate name parts +const NameDelimiter = "-" + +// TrueString defines a constant for the True string +const TrueString = "True" + +// NamespaceString defines a constant for the Namespace string +const NamespaceString = "Namespace" + +// NameString defines a constant for the Name string +const NameString = "name" + +// CurrentPhaseString defines a constant for the Current Phase string +const CurrentPhaseString = "currentPhase" + +// UUIDString defines a constant for the UUID string +const UUIDString = "UUID" + +// JSONTagString defines a constant for the JSON tag string +const JSONTagString = "json" + +// CommaString defines a constant for the comma string +const CommaString = "," + +// MaximumNacObjectNameLength represents Generated Non Admin Object Name and +// must be below 63 characters, because it's used within object Label Value +const MaximumNacObjectNameLength = validation.DNS1123LabelMaxLength + +// NABRestrictedErr holds an error message template for a non-admin backup operation that is restricted. +const NABRestrictedErr = "NonAdminBackup %s is restricted" + +// NARRestrictedErr holds an error message template for a non-admin restore operation that is restricted. +const NARRestrictedErr = "NonAdminRestore %s is restricted" + +// Magic numbers +const ( + Base10 = 10 + Bits32 = 32 +) diff --git a/main.go b/main.go index 250148fb6cd..fc0cf69f5d6 100644 --- a/main.go +++ b/main.go @@ -220,10 +220,22 @@ func main() { os.Exit(1) } + dpaClientScheme := runtime.NewScheme() + utilruntime.Must(oadpv1alpha1.AddToScheme(dpaClientScheme)) + utilruntime.Must(appsv1.AddToScheme(dpaClientScheme)) + dpaClient, err := client.New(kubeconf, client.Options{ + Scheme: dpaClientScheme, + }) + if err != nil { + setupLog.Error(err, "unable to create Kubernetes client") + os.Exit(1) + } + if err = (&controllers.DPAReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - EventRecorder: mgr.GetEventRecorderFor("DPA-controller"), + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + EventRecorder: mgr.GetEventRecorderFor("DPA-controller"), + ClusterWideClient: dpaClient, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "DataProtectionApplication") os.Exit(1) diff --git a/pkg/common/common.go b/pkg/common/common.go index 73c47dedf9d..5fe8a146903 100644 --- a/pkg/common/common.go +++ b/pkg/common/common.go @@ -94,6 +94,8 @@ const ( HTTPProxyEnvVar = "HTTP_PROXY" HTTPSProxyEnvVar = "HTTPS_PROXY" NoProxyEnvVar = "NO_PROXY" + LogLevelEnvVar = "LOG_LEVEL" + LogFormatEnvVar = "LOG_FORMAT" ) // Unsupported Server Args annotation keys diff --git a/pkg/common/common_test.go b/pkg/common/common_test.go index a5d8972a3c0..26f7b3cc432 100644 --- a/pkg/common/common_test.go +++ b/pkg/common/common_test.go @@ -295,6 +295,7 @@ func TestGenerateCliArgsFromConfigMap(t *testing.T) { Data: map[string]string{ "--default-volume-snapshot-locations": "aws:backups-primary,azure:backups-secondary", "--log-level": "debug", + "--log-format": "json", "--default-snapshot-move-data": "True", "-v": "3", "a": "somearg", @@ -305,6 +306,7 @@ func TestGenerateCliArgsFromConfigMap(t *testing.T) { "--a=somearg", "--default-snapshot-move-data=true", "--default-volume-snapshot-locations=aws:backups-primary,azure:backups-secondary", + "--log-format=json", "--log-level=debug", "-v=3", },