Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fleet: init backup plugin api #378

Merged
merged 7 commits into from
Sep 7, 2023
Merged

fleet: init backup plugin api #378

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8b6a06d
fleet: init backup plugin api
Xieql Aug 31, 2023
112e907
fleet: update velero plugin api
Xieql Sep 4, 2023
ceeb5a7
fleet: update with review
Xieql Sep 4, 2023
3d51dbe
update
Xieql Sep 5, 2023
ad7db96
update
Xieql Sep 5, 2023
baaa9d8
update
Xieql Sep 6, 2023
d11c6a7
update
Xieql Sep 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
200 changes: 200 additions & 0 deletions docs/content/en/references/fleet_v1alpha1_types.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,197 @@ <h3 id="fleet.kurator.dev/v1alpha1.Fleet">Fleet
</table>
</div>
</div>
<h3 id="fleet.kurator.dev/v1alpha1.BackupConfig">BackupConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#fleet.kurator.dev/v1alpha1.PluginConfig">PluginConfig</a>)
</p>
<p>BackupConfig defines the configuration for backups.</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table td-content">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>chart</code><br>
<em>
<a href="#fleet.kurator.dev/v1alpha1.ChartConfig">
ChartConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Chart defines the helm chart configuration of the backup engine.
The default value is:</p>
<p>chart:
repository: <a href="https://vmware-tanzu.github.io/helm-charts">https://vmware-tanzu.github.io/helm-charts</a>
name: velero
version: 5.0.2</p>
</td>
</tr>
<tr>
<td>
<code>storage</code><br>
<em>
<a href="#fleet.kurator.dev/v1alpha1.BackupStorage">
BackupStorage
</a>
</em>
</td>
<td>
<p>Storage provides details on where the backup data should be stored.</p>
</td>
</tr>
<tr>
<td>
<code>extraArgs</code><br>
<em>
<a href="https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1?tab=doc#JSON">
Kubernetes /apiextensions/v1.JSON
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ExtraArgs provides the extra chart values for the backup engine chart.
For example, use the following configuration to change the image tag or pull policy:</p>
<p>extraArgs:
image:
repository: velero/velero
tag: v1.11.1
pullPolicy: IfNotPresent</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="fleet.kurator.dev/v1alpha1.BackupStorage">BackupStorage
</h3>
<p>
(<em>Appears on:</em>
<a href="#fleet.kurator.dev/v1alpha1.BackupConfig">BackupConfig</a>)
</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table td-content">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>location</code><br>
<em>
<a href="#fleet.kurator.dev/v1alpha1.BackupStorageLocation">
BackupStorageLocation
</a>
</em>
</td>
<td>
<p>Location specifies where the backup data will be stored.</p>
</td>
</tr>
<tr>
<td>
<code>secretName</code><br>
<em>
string
</em>
</td>
<td>
<p>SecretName represents the name of the secret containing the object store credentials.
To access the backup storage location, the secret must include the following keys:</p>
<ul>
<li><code>username</code>: The access-key/account/username for authentication.</li>
<li><code>password</code>: The secret-key/password for authentication.</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="fleet.kurator.dev/v1alpha1.BackupStorageLocation">BackupStorageLocation
</h3>
<p>
(<em>Appears on:</em>
<a href="#fleet.kurator.dev/v1alpha1.BackupStorage">BackupStorage</a>)
</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table td-content">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>bucket</code><br>
<em>
string
</em>
</td>
<td>
<p>Bucket specifies the storage bucket name.</p>
</td>
</tr>
<tr>
<td>
<code>provider</code><br>
<em>
string
</em>
</td>
<td>
<p>Provider specifies the storage provider type (e.g., aws).</p>
</td>
</tr>
<tr>
<td>
<code>s3Url</code><br>
<em>
string
</em>
</td>
<td>
<p>S3Url provides the endpoint URL for S3-compatible storage.</p>
</td>
</tr>
<tr>
<td>
<code>region</code><br>
<em>
string
</em>
</td>
<td>
<p>Region specifies the region of the storage.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="fleet.kurator.dev/v1alpha1.ChartConfig">ChartConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#fleet.kurator.dev/v1alpha1.BackupConfig">BackupConfig</a>,
<a href="#fleet.kurator.dev/v1alpha1.GrafanaConfig">GrafanaConfig</a>,
<a href="#fleet.kurator.dev/v1alpha1.KyvernoConfig">KyvernoConfig</a>,
<a href="#fleet.kurator.dev/v1alpha1.PrometheusConfig">PrometheusConfig</a>,
Expand Down Expand Up @@ -594,6 +781,19 @@ <h3 id="fleet.kurator.dev/v1alpha1.PluginConfig">PluginConfig
<p>Policy defines the configuration for the ploicy management.</p>
</td>
</tr>
<tr>
<td>
<code>backup</code><br>
<em>
<a href="#fleet.kurator.dev/v1alpha1.BackupConfig">
BackupConfig
</a>
</em>
</td>
<td>
<p>Backup defines the configuration for the backup engine(Velero).</p>
</td>
</tr>
</tbody>
</table>
</div>
Expand Down
72 changes: 72 additions & 0 deletions manifests/charts/fleet-manager/crds/fleet.kurator.dev_fleet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,78 @@ spec:
description: Plugin defines the plugins that would be installed in
the fleet.
properties:
backup:
description: Backup defines the configuration for the backup engine(Velero).
properties:
chart:
description: "Chart defines the helm chart configuration of
the backup engine. The default value is: \n chart: repository:
https://vmware-tanzu.github.io/helm-charts name: velero
version: 5.0.2"
properties:
name:
description: Name defines the name of the chart. Default
value depends on the kind of the component.
type: string
repository:
description: Repository defines the repository of chart.
Default value depends on the kind of the component.
type: string
version:
description: Version defines the version of the chart.
Default value depends on the kind of the component.
type: string
type: object
extraArgs:
description: "ExtraArgs provides the extra chart values for
the backup engine chart. For example, use the following
configuration to change the image tag or pull policy: \n
extraArgs: image: repository: velero/velero tag: v1.11.1
pullPolicy: IfNotPresent"
x-kubernetes-preserve-unknown-fields: true
storage:
description: Storage provides details on where the backup
data should be stored.
properties:
location:
description: Location specifies where the backup data
will be stored.
properties:
bucket:
description: Bucket specifies the storage bucket name.
type: string
provider:
description: Provider specifies the storage provider
type (e.g., aws).
type: string
region:
description: Region specifies the region of the storage.
type: string
s3Url:
description: S3Url provides the endpoint URL for S3-compatible
storage.
type: string
required:
- bucket
- provider
- region
- s3Url
type: object
secretName:
description: "SecretName represents the name of the secret
containing the object store credentials. To access the
backup storage location, the secret must include the
following keys: \n - `username`: The access-key/account/username
for authentication. - `password`: The secret-key/password
for authentication."
type: string
required:
- location
- secretName
type: object
required:
- storage
type: object
grafana:
description: Grafana defines the configuration for the grafana
installation and observation.
Expand Down
56 changes: 56 additions & 0 deletions pkg/apis/fleet/v1alpha1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ type PluginConfig struct {
Grafana *GrafanaConfig `json:"grafana,omitempty"`
// Policy defines the configuration for the ploicy management.
Policy *PolicyConfig `json:"policy,omitempty"`
// Backup defines the configuration for the backup engine(Velero).
Backup *BackupConfig `json:"backup,omitempty"`
}

type MetricConfig struct {
Expand Down Expand Up @@ -248,6 +250,60 @@ type PodSecurityPolicy struct {
ValidationFailureAction string `json:"validationFailureAction,omitempty"`
}

// BackupConfig defines the configuration for backups.
type BackupConfig struct {
// Chart defines the helm chart configuration of the backup engine.
// The default value is:
//
// chart:
// repository: https://vmware-tanzu.github.io/helm-charts
// name: velero
// version: 5.0.2
//
// +optional
Chart *ChartConfig `json:"chart,omitempty"`

// Storage provides details on where the backup data should be stored.
Storage BackupStorage `json:"storage"`

// ExtraArgs provides the extra chart values for the backup engine chart.
// For example, use the following configuration to change the image tag or pull policy:
//
// extraArgs:
// image:
// repository: velero/velero
// tag: v1.11.1
// pullPolicy: IfNotPresent
//
// +optional
ExtraArgs apiextensionsv1.JSON `json:"extraArgs,omitempty"`
}

type BackupStorage struct {
// Location specifies where the backup data will be stored.
Location BackupStorageLocation `json:"location"`

// SecretName represents the name of the secret containing the object store credentials.
// To access the backup storage location, the secret must include the following keys:
//
// - `username`: The access-key/account/username for authentication.
// - `password`: The secret-key/password for authentication.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for what storage do we need username password?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Velero can back up various types of Kubernetes resources, but when it comes to storing these backup data, Velero only supports object storage. Object storage solutions, such as AWS S3, Google Cloud Storage, Azure Blob Storage, and many others, often require authentication to ensure data security and integrity. This authentication is typically done using an access key or username, along with a secret key or password.

By providing the username and password (or equivalently, access key and secret key) in the BackupStorage configuration, we are ensuring that Velero can authenticate with the object storage solution and gain the necessary permissions to read and write backup data.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean username password are common used for accessing obs storage? Please do not paste AI generated text without matching the question

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we had discussed “A MinIO user consists of a unique access key (username) and corresponding secret key (password).”

velero use minio as example,and the name in aws (aws_access_key_id)is already discussed.

I am really not sure what “for what storage do we need username password?” means.

AI generation just for the text is well-reading,

Copy link
Contributor Author

@Xieql Xieql Sep 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

accessKey and secretKey may be more common used for accessing obs storage.

Minio
access key + secret key
see https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#minio-idp-service-account

s3 in AWS :
access key ID + secret access key
see https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html

OBS in HuaweiCloud:
Access Key Id(AK) + Secret Access Key(SK)
see https://support.huaweicloud.com/productdesc-obs/obs_03_0208.html

OSS in Aliyun:
AccessKey ID + AccessKey Secret
see https://help.aliyun.com/zh/oss/product-overview/what-is-oss?spm=a2c4g.11174283.0.i2

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so i think we need to say access-key and secret-key instead of user or passwd

//
// +required
SecretName string `json:"secretName"`
}

type BackupStorageLocation struct {
// Bucket specifies the storage bucket name.
Bucket string `json:"bucket"`
// Provider specifies the storage provider type (e.g., aws).
Provider string `json:"provider"`
// S3Url provides the endpoint URL for S3-compatible storage.
S3Url string `json:"s3Url"`
// Region specifies the region of the storage.
Region string `json:"region"`
}

// FleetStatus defines the observed state of the fleet
type FleetStatus struct {
// CredentialSecret is the secret name that holds credentials used for accessing the fleet control plane.
Expand Down
Loading
Loading