Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance backup and restore #446

Merged
merged 2 commits into from
Feb 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions apis/apps/v1alpha1/nebulacluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,13 @@ func (nc *NebulaCluster) AutoMountServerCerts() bool {
return nc.Spec.SSLCerts != nil && pointer.BoolDeref(nc.Spec.SSLCerts.AutoMountServerCerts, false)
}

func (nc *NebulaCluster) SslServerName() string {
if nc.Spec.SSLCerts != nil {
return nc.Spec.SSLCerts.ServerName
}
return ""
}

func (nc *NebulaCluster) IsGraphdSSLEnabled() bool {
return nc.Spec.Graphd.Config["enable_graph_ssl"] == "true"
}
Expand Down
91 changes: 49 additions & 42 deletions apis/apps/v1alpha1/nebulacluster_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,10 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
initCmd += " --insecure_skip_verify"
brCmd += " --insecure_skip_verify"
}
if nc.SslServerName() != "" {
initCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName
brCmd += " --server_name=" + nc.Spec.SSLCerts.ServerName
}
}

if init {
Expand All @@ -411,6 +415,12 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
Name: AgentSidecarContainerName,
Image: DefaultAgentImage,
Command: cmd,
Ports: []corev1.ContainerPort{
{
Name: AgentPortNameGRPC,
ContainerPort: int32(DefaultAgentPortGRPC),
},
},
}
imagePullPolicy := nc.Spec.ImagePullPolicy
if imagePullPolicy != nil {
Expand All @@ -425,34 +435,33 @@ func generateAgentContainer(c NebulaClusterComponent, init bool) corev1.Containe
agentImage = fmt.Sprintf("%s:%s", agentImage, nc.Spec.Agent.Version)
}
container.Image = agentImage
container.Env = nc.Spec.Agent.EnvVars
container.Resources = nc.Spec.Agent.Resources
}

if nc.IsBREnabled() {
if c.ComponentType() == MetadComponentType {
container.VolumeMounts = []corev1.VolumeMount{
{
Name: dataVolume(componentType),
MountPath: "/usr/local/nebula/data",
SubPath: "data",
},
}
} else if c.ComponentType() == StoragedComponentType {
container.VolumeMounts = getStoragedDataVolumeMounts(c)
}

container.Ports = []corev1.ContainerPort{
volumeMounts := make([]corev1.VolumeMount, 0)
if c.ComponentType() == MetadComponentType {
dataVolumeMounts := []corev1.VolumeMount{
{
Name: AgentPortNameGRPC,
ContainerPort: int32(DefaultAgentPortGRPC),
Name: dataVolume(componentType),
MountPath: "/usr/local/nebula/data",
SubPath: "data",
},
}
volumeMounts = append(volumeMounts, dataVolumeMounts...)
} else if c.ComponentType() == StoragedComponentType {
dataVolumeMounts := getStoragedDataVolumeMounts(c)
volumeMounts = append(volumeMounts, dataVolumeMounts...)
}

if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && nc.IsBREnabled() && !EnableLocalCerts() {
if (nc.IsMetadSSLEnabled() || nc.IsClusterSSLEnabled()) && !EnableLocalCerts() {
certMounts := getClientCertVolumeMounts()
container.VolumeMounts = append(container.VolumeMounts, certMounts...)
volumeMounts = append(volumeMounts, certMounts...)
}
if nc.Spec.Agent != nil {
volumeMounts = append(volumeMounts, nc.Spec.Agent.VolumeMounts...)
}
container.VolumeMounts = volumeMounts

return container
}
Expand Down Expand Up @@ -706,33 +715,31 @@ do
done
`

if len(dynamicFlags) > 0 {
envVars := []corev1.EnvVar{
{
Name: "MY_IP",
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
envVars := []corev1.EnvVar{
{
Name: "MY_IP",
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
},
{
Name: "HTTP_PORT",
Value: strconv.Itoa(int(ports[1].ContainerPort)),
},
{
Name: "SCRIPT",
Value: script,
},
}
baseContainer.Env = append(baseContainer.Env, envVars...)
baseContainer.Lifecycle = &corev1.Lifecycle{
PostStart: &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`},
},
},
{
Name: "HTTP_PORT",
Value: strconv.Itoa(int(ports[1].ContainerPort)),
},
{
Name: "SCRIPT",
Value: script,
},
}
baseContainer.Env = append(baseContainer.Env, envVars...)
baseContainer.Lifecycle = &corev1.Lifecycle{
PostStart: &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"/bin/sh", "-c", `echo "$SCRIPT" > /tmp/post-start-script && sh /tmp/post-start-script`},
},
}
},
}

containers = append(containers, baseContainer)
Expand Down
12 changes: 8 additions & 4 deletions apis/apps/v1alpha1/nebulacluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,6 @@ type NebulaClusterSpec struct {
// +optional
EnableAutoFailover *bool `json:"enableAutoFailover,omitempty"`

// +kubebuilder:default="5m"
// +optional
FailoverPeriod metav1.Duration `json:"failoverPeriod,omitempty"`

Expand Down Expand Up @@ -299,6 +298,7 @@ type AgentContainerSpec struct {
Image string `json:"image,omitempty"`

// Version tag for container image.
// +kubebuilder:default=latest
// +optional
Version string `json:"version,omitempty"`

Expand All @@ -310,9 +310,6 @@ type AgentContainerSpec struct {
// +optional
EnvVars []corev1.EnvVar `json:"env,omitempty"`

// +optional
Volumes []corev1.Volume `json:"volumes,omitempty"`

// +optional
VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
}
Expand Down Expand Up @@ -366,6 +363,13 @@ type SSLCertsSpec struct {
// +optional
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`

// ServerName is used to verify the hostname on the returned
// certificates unless InsecureSkipVerify is given. It is also included
// in the client's handshake to support virtual hosting unless it is
// an IP address.
// +optional
ServerName string `json:"serverName,omitempty"`

// AutoMountServerCerts controls whether operator mounts server's
// certificate from secret.
// +optional
Expand Down
1 change: 1 addition & 0 deletions apis/apps/v1alpha1/nebularestore_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
// +kubebuilder:subresource:status
// +kubebuilder:resource:shortName="nr"
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`,description="The current status of the restore"
// +kubebuilder:printcolumn:name="RESTORED-CLUSTER",type=string,JSONPath=`.status.clusterName`,description="The name of restored nebula cluster"
// +kubebuilder:printcolumn:name="Started",type=date,JSONPath=`.status.timeStarted`,description="The time at which the restore was started"
// +kubebuilder:printcolumn:name="Completed",type=date,JSONPath=`.status.timeCompleted`,description="The time at which the restore was completed"
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
Expand Down
7 changes: 0 additions & 7 deletions apis/apps/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading