Enhance backup and restore (#446)

apis/apps/v1alpha1/nebulacluster.go

@@ -130,6 +130,13 @@ func (nc *NebulaCluster) AutoMountServerCerts() bool {
 	return nc.Spec.SSLCerts != nil && pointer.BoolDeref(nc.Spec.SSLCerts.AutoMountServerCerts, false)
 }
 
+func (nc *NebulaCluster) SslServerName() string {
+	if nc.Spec.SSLCerts != nil {
+		return nc.Spec.SSLCerts.ServerName
+	}
+	return ""
+}
+
 func (nc *NebulaCluster) IsGraphdSSLEnabled() bool {
 	return nc.Spec.Graphd.Config["enable_graph_ssl"] == "true"
 }

apis/apps/v1alpha1/nebulacluster_common.go

@@ -399,6 +399,10 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
 			initCmd += " --insecure_skip_verify"
 			brCmd += " --insecure_skip_verify"
 		}
+		if nc.SslServerName() != "" {
+			initCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName
+			brCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName
+		}
 	}
 
 	if init {
@@ -411,6 +415,12 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
 		Name:    AgentSidecarContainerName,
 		Image:   DefaultAgentImage,
 		Command: cmd,
+		Ports: []corev1.ContainerPort{
+			{
+				Name:          AgentPortNameGRPC,
+				ContainerPort: int32(DefaultAgentPortGRPC),
+			},
+		},
 	}
 	imagePullPolicy := nc.Spec.ImagePullPolicy
 	if imagePullPolicy != nil {
@@ -425,34 +435,33 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
 			agentImage = fmt.Sprintf("%s:%s", agentImage, nc.Spec.Agent.Version)
 		}
 		container.Image = agentImage
+		container.Env = nc.Spec.Agent.EnvVars
 		container.Resources = nc.Spec.Agent.Resources
 	}
 
-	if nc.IsBREnabled() {
-		if c.ComponentType() == MetadComponentType {
-			container.VolumeMounts = []corev1.VolumeMount{
-				{
-					Name:      dataVolume(componentType),
-					MountPath: "/usr/local/nebula/data",
-					SubPath:   "data",
-				},
-			}
-		} else if c.ComponentType() == StoragedComponentType {
-			container.VolumeMounts = getStoragedDataVolumeMounts(c)
-		}
-
-		container.Ports = []corev1.ContainerPort{
+	volumeMounts := make([]corev1.VolumeMount, 0)
+	if c.ComponentType() == MetadComponentType {
+		dataVolumeMounts := []corev1.VolumeMount{
 			{
-				Name:          AgentPortNameGRPC,
-				ContainerPort: int32(DefaultAgentPortGRPC),
+				Name:      dataVolume(componentType),
+				MountPath: "/usr/local/nebula/data",
+				SubPath:   "data",
 			},
 		}
+		volumeMounts = append(volumeMounts, dataVolumeMounts...)
+	} else if c.ComponentType() == StoragedComponentType {
+		dataVolumeMounts := getStoragedDataVolumeMounts(c)
+		volumeMounts = append(volumeMounts, dataVolumeMounts...)
 	}
 
-	if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && nc.IsBREnabled() && !EnableLocalCerts() {
+	if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && !EnableLocalCerts() {
 		certMounts := getClientCertVolumeMounts()
-		container.VolumeMounts = append(container.VolumeMounts, certMounts...)
+		volumeMounts = append(volumeMounts, certMounts...)
 	}
+	if nc.Spec.Agent != nil {
+		volumeMounts = append(volumeMounts, nc.Spec.Agent.VolumeMounts...)
+	}
+	container.VolumeMounts = volumeMounts
 
 	return container
 }
@@ -706,33 +715,31 @@ do
 done
 `
 
-	if len(dynamicFlags) > 0 {
-		envVars := []corev1.EnvVar{
-			{
-				Name: "MY_IP",
-				ValueFrom: &corev1.EnvVarSource{
-					FieldRef: &corev1.ObjectFieldSelector{
-						FieldPath: "status.podIP",
-					},
+	envVars := []corev1.EnvVar{
+		{
+			Name: "MY_IP",
+			ValueFrom: &corev1.EnvVarSource{
+				FieldRef: &corev1.ObjectFieldSelector{
+					FieldPath: "status.podIP",
 				},
 			},
-			{
-				Name:  "HTTP_PORT",
-				Value: strconv.Itoa(int(ports[1].ContainerPort)),
-			},
-			{
-				Name:  "SCRIPT",
-				Value: script,
-			},
-		}
-		baseContainer.Env = append(baseContainer.Env, envVars...)
-		baseContainer.Lifecycle = &corev1.Lifecycle{
-			PostStart: &corev1.LifecycleHandler{
-				Exec: &corev1.ExecAction{
-					Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`},
-				},
+		},
+		{
+			Name:  "HTTP_PORT",
+			Value: strconv.Itoa(int(ports[1].ContainerPort)),
+		},
+		{
+			Name:  "SCRIPT",
+			Value: script,
+		},
+	}
+	baseContainer.Env = append(baseContainer.Env, envVars...)
+	baseContainer.Lifecycle = &corev1.Lifecycle{
+		PostStart: &corev1.LifecycleHandler{
+			Exec: &corev1.ExecAction{
+				Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`},
 			},
-		}
+		},
 	}
 
 	containers = append(containers, baseContainer)

apis/apps/v1alpha1/nebulacluster_types.go

@@ -100,7 +100,6 @@ type NebulaClusterSpec struct {
 	// +optional
 	EnableAutoFailover *bool `json:"enableAutoFailover,omitempty"`
 
-	// +kubebuilder:default="5m"
 	// +optional
 	FailoverPeriod metav1.Duration `json:"failoverPeriod,omitempty"`
 
@@ -299,6 +298,7 @@ type AgentContainerSpec struct {
 	Image string `json:"image,omitempty"`
 
 	// Version tag for container image.
+	// +kubebuilder:default=latest
 	// +optional
 	Version string `json:"version,omitempty"`
 
@@ -310,9 +310,6 @@ type AgentContainerSpec struct {
 	// +optional
 	EnvVars []corev1.EnvVar `json:"env,omitempty"`
 
-	// +optional
-	Volumes []corev1.Volume `json:"volumes,omitempty"`
-
 	// +optional
 	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
 }
@@ -366,6 +363,13 @@ type SSLCertsSpec struct {
 	// +optional
 	InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
 
+	// ServerName is used to verify the hostname on the returned
+	// certificates unless InsecureSkipVerify is given. It is also included
+	// in the client's handshake to support virtual hosting unless it is
+	// an IP address.
+	// +optional
+	ServerName string `json:"serverName,omitempty"`
+
 	// AutoMountServerCerts controls whether operator mounts server's
 	// certificate from secret.
 	// +optional

apis/apps/v1alpha1/nebularestore_types.go

@@ -28,6 +28,7 @@ import (
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:shortName="nr"
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`,description="The current status of the restore"
+// +kubebuilder:printcolumn:name="RESTORED-CLUSTER",type=string,JSONPath=`.status.clusterName`,description="The name of restored nebula cluster"
 // +kubebuilder:printcolumn:name="Started",type=date,JSONPath=`.status.timeStarted`,description="The time at which the restore was started"
 // +kubebuilder:printcolumn:name="Completed",type=date,JSONPath=`.status.timeCompleted`,description="The time at which the restore was completed"
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`