Skip to content

Commit

Permalink
Add new resource filters can separate cluster and namespace scope res…
Browse files Browse the repository at this point in the history
…ources.

Signed-off-by: Xun Jiang <[email protected]>
  • Loading branch information
Xun Jiang committed Feb 28, 2023
1 parent ef05af1 commit d433bf0
Show file tree
Hide file tree
Showing 27 changed files with 2,382 additions and 134 deletions.
1 change: 1 addition & 0 deletions changelogs/unreleased/5838-blackpiglet
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add new resource filters can separate cluster and namespace scope resources.
33 changes: 33 additions & 0 deletions config/crd/v1/bases/velero.io_backups.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,22 @@ spec:
Use DefaultVolumesToFsBackup instead."
nullable: true
type: boolean
excludedClusterScopeResources:
description: ExcludedClusterScopeResources is a slice of cluster scope
resource type names to exclude from the backup. If set to "*", all
cluster scope resource types are excluded.
items:
type: string
nullable: true
type: array
excludedNamespacedResources:
description: ExcludedNamespacedResources is a slice of namespace scope
resource type names to exclude from the backup. If set to "*", all
namespace scope resource types are excluded.
items:
type: string
nullable: true
type: array
excludedNamespaces:
description: ExcludedNamespaces contains a list of namespaces that
are not included in the backup.
Expand Down Expand Up @@ -259,6 +275,23 @@ spec:
resources should be included for consideration in the backup.
nullable: true
type: boolean
includedClusterScopeResources:
description: IncludedClusterScopeResources is a slice of cluster scope
resource type names to include in the backup. If set to "*", all
cluster scope resource types are included. The default value is
empty, which means only related cluster scope resources are included.
items:
type: string
nullable: true
type: array
includedNamespacedResources:
description: IncludedNamespacedResources is a slice of namespace scope
resource type names to include in the backup. The default value
is "*".
items:
type: string
nullable: true
type: array
includedNamespaces:
description: IncludedNamespaces is a slice of namespace names to include
objects from. If empty, all namespaces are included.
Expand Down
34 changes: 34 additions & 0 deletions config/crd/v1/bases/velero.io_schedules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,22 @@ spec:
entirely in future. Use DefaultVolumesToFsBackup instead."
nullable: true
type: boolean
excludedClusterScopeResources:
description: ExcludedClusterScopeResources is a slice of cluster
scope resource type names to exclude from the backup. If set
to "*", all cluster scope resource types are excluded.
items:
type: string
nullable: true
type: array
excludedNamespacedResources:
description: ExcludedNamespacedResources is a slice of namespace
scope resource type names to exclude from the backup. If set
to "*", all namespace scope resource types are excluded.
items:
type: string
nullable: true
type: array
excludedNamespaces:
description: ExcludedNamespaces contains a list of namespaces
that are not included in the backup.
Expand Down Expand Up @@ -294,6 +310,24 @@ spec:
resources should be included for consideration in the backup.
nullable: true
type: boolean
includedClusterScopeResources:
description: IncludedClusterScopeResources is a slice of cluster
scope resource type names to include in the backup. If set to
"*", all cluster scope resource types are included. The default
value is empty, which means only related cluster scope resources
are included.
items:
type: string
nullable: true
type: array
includedNamespacedResources:
description: IncludedNamespacedResources is a slice of namespace
scope resource type names to include in the backup. The default
value is "*".
items:
type: string
nullable: true
type: array
includedNamespaces:
description: IncludedNamespaces is a slice of namespace names
to include objects from. If empty, all namespaces are included.
Expand Down
4 changes: 2 additions & 2 deletions config/crd/v1/crds/crds.go

Large diffs are not rendered by default.

64 changes: 30 additions & 34 deletions design/cluster-scope-resource-filter.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,26 @@
- [High-Level Design](#high-level-design)
- [Parameters Rules](#parameters-rules)
- [Using scenarios:](#using-scenarios)
- [no namespaced resources + no cluster resources](#no-namespaced-resources--no-cluster-resources)
- [no namespaced resources + some cluster resources](#no-namespaced-resources--some-cluster-resources)
- [no namespaced resources + all cluster resources](#no-namespaced-resources--all-cluster-resources)
- [some namespaced resources + no cluster resources](#some-namespaced-resources--no-cluster-resources)
- [scenario 1](#scenario-1)
- [scenario 2](#scenario-2)
- [scenario 3](#scenario-3)
- [scenario 4](#scenario-4)
- [some namespaced resources + only related cluster resources](#some-namespaced-resources--only-related-cluster-resources)
- [scenario 1](#scenario-1-1)
- [scenario 2](#scenario-2-1)
- [scenario 3](#scenario-3-1)
- [some namespaced resources + some additional cluster resources](#some-namespaced-resources--some-additional-cluster-resources)
- [scenario 1](#scenario-1-2)
- [scenario 2](#scenario-2-2)
- [scenario 3](#scenario-3-2)
- [scenario 4](#scenario-4-1)
- [some namespaced resources + all cluster resources](#some-namespaced-resources--all-cluster-resources)
- [scenario 1](#scenario-1-3)
- [scenario 2](#scenario-2-3)
- [scenario 3](#scenario-3-3)
- [all namespaced resources + no cluster resources](#all-namespaced-resources--no-cluster-resources)
- [all namespaced resources + some additional cluster resources](#all-namespaced-resources--some-additional-cluster-resources)
- [all namespaced resources + all cluster resources](#all-namespaced-resources--all-cluster-resources)
Expand Down Expand Up @@ -67,14 +80,9 @@ Restore and other code pieces also use resource filtering will be handled in fut

* If both `--include-cluster-scope-resources` and `--exclude-cluster-scope-resources` are not present, it means no additional cluster resource is included per resource type, just as the existing `--include-cluster-resources` parameter not setting value. Cluster resources are related to the namespace scope resources, which means those are returned in the namespace resources' BackupItemAction's result AdditionalItems array, are still included in backup by default. Taking backing up PVC scenario as an example, PVC is namespaced, PV is in cluster scope. PVC's BIA will include PVC related PV into backup too.

* If the backup contains no resource, validation failure should be returned.

### Using scenarios:
Please notice, if the scenario give the example of using old filtering parameters (`--include-cluster-resources`, `--include-resources` and `--exclude-resources`), that means the old parameters also work for this case. If old parameters example is not given, that means they don't work for this scenario, only new parameters (`--include-cluster-scope-resources`, `--include-namespaced-resources`, `--exclude-cluster-scope-resources` and `--exclude-namespaced-resources`) work.

#### no namespaced resources + no cluster resources
This is not allowed. Backup or restore cannot contain no resource.

#### no namespaced resources + some cluster resources
The following command means backup no namespaced resources and some cluster resources.

Expand All @@ -94,6 +102,7 @@ velero backup create <backup-name>
```

#### some namespaced resources + no cluster resources
##### scenario 1
The following commands mean backup all resources in namespaces default and kube-system, and no cluster resources.

Example of new parameters:
Expand All @@ -109,7 +118,7 @@ velero backup create <backup-name>
--include-namespaces=default,kube-system
--include-cluster-resources=false
```

##### scenario 2
The following commands mean backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in all namespaces, and no cluster resources. Although PVC's related PV should be included, due to no cluster resources are included, so they are ruled out too.

Example of new parameters:
Expand All @@ -125,7 +134,7 @@ velero backup create <backup-name>
--include-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
--include-cluster-resources=false
```

##### scenario 3
The following commands mean backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in namespace default and kube-system, and no cluster resources. Although PVC's related PV should be included, due to no cluster resources are included, so they are ruled out too.

Example of new parameters:
Expand All @@ -143,7 +152,7 @@ velero backup create <backup-name>
--include-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
--include-cluster-resources=false
```

##### scenario 4
The following commands mean backup all resources except Ingress type resources in all namespaces, and no cluster resources.

Example of new parameters:
Expand All @@ -161,42 +170,22 @@ velero backup create <backup-name>
```

#### some namespaced resources + only related cluster resources
##### scenario 1
This means backup all resources in namespaces default and kube-system, and related cluster resources.
``` bash
velero backup create <backup-name>
--include-namespaces=default,kube-system
```

The following commands mean backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in all namespaces, and related cluster resources (PVC's related PV).

Example of new parameters:
``` bash
velero backup create <backup-name>
--include-namespaced-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
```

Example of old parameters:
``` bash
velero backup create <backup-name>
--include-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
```

The following commands mean backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in namespaces default and kube-system, and related cluster resources. PVC related PV is included too.

Example of new parameters:
``` bash
velero backup create <backup-name>
--include-namespaces=default,kube-system
--include-namespaced-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
```

Example of old parameters:
##### scenario 2
This means backup pods and configmaps in namespaces default and kube-system, and related cluster resources.
``` bash
velero backup create <backup-name>
--include-namespaces=default,kube-system
--include-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
--include-namespaced-resources=pods,configmaps
```

##### scenario 3
This means backup all resources except Ingress type resources in all namespaces, and related cluster resources.

Example of new parameters:
Expand All @@ -212,20 +201,23 @@ velero backup create <backup-name>
```

#### some namespaced resources + some additional cluster resources
##### scenario 1
This means backup all resources in namespace in default, kube-system, and related cluster resources, plus all StorageClass cluster resources.
``` bash
velero backup create <backup-name>
--include-namespaces=default,kube-system
--include-cluster-scope-resources=storageclass
```

##### scenario 2
This means backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in all namespaces, and related cluster resources, plus all StorageClass cluster resources, and PVC related PV.
``` bash
velero backup create <backup-name>
--include-namespaced-resources=persistentvolumeclaim,deployment,service,endpoint,pod,replicaset
--include-cluster-scope-resources=storageclass
```

##### scenario 3
This means backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in default and kube-system namespaces, and related cluster resources, plus all StorageClass cluster resources, and PVC related PV.
``` bash
velero backup create <backup-name>
Expand All @@ -234,6 +226,7 @@ velero backup create <backup-name>
--include-cluster-scope-resources=storageclass
```

##### scenario 4
This means backup PVC, Deployment, Service, Endpoint, Pod and ReplicaSet resources in default and kube-system namespaces, and related cluster resources, plus all cluster scope resources except StorageClass type resources.
``` bash
velero backup create <backup-name>
Expand All @@ -243,6 +236,7 @@ velero backup create <backup-name>
```

#### some namespaced resources + all cluster resources
##### scenario 1
The following commands mean backup all resources in namespace in default, kube-system, and all cluster resources.

Example of new parameters:
Expand All @@ -259,13 +253,15 @@ velero backup create <backup-name>
--include-cluster-resources=true
```

##### scenario 2
This means backup Deployment, Service, Endpoint, Pod and ReplicaSet resources in all namespaces, and all cluster resources.
``` bash
velero backup create <backup-name>
--include-namespaced-resources=deployment,service,endpoint,pod,replicaset
--include-cluster-scope-resources=*
```

##### scenario 3
This means backup Deployment, Service, Endpoint, Pod and ReplicaSet resources in default and kube-system namespaces, and all cluster resources.
``` bash
velero backup create <backup-name>
Expand Down
4 changes: 2 additions & 2 deletions internal/hook/item_hook_handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1332,8 +1332,8 @@ func TestGetRestoreHooksFromSpec(t *testing.T) {
{
Name: "h1",
Selector: ResourceHookSelector{
Namespaces: collections.NewIncludesExcludes().Includes([]string{"ns1", "ns2", "ns3"}...).Excludes([]string{"ns4", "ns5", "ns6"}...),
Resources: collections.NewIncludesExcludes().Includes([]string{kuberesource.Pods.Resource}...),
Namespaces: collections.NewIncludesExcludes().Includes("ns1", "ns2", "ns3").Excludes("ns4", "ns5", "ns6"),
Resources: collections.NewIncludesExcludes().Includes(kuberesource.Pods.Resource),
},
RestoreHooks: []velerov1api.RestoreResourceHook{
{
Expand Down
30 changes: 30 additions & 0 deletions pkg/apis/velero/v1/backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,36 @@ type BackupSpec struct {
// +nullable
ExcludedResources []string `json:"excludedResources,omitempty"`

// IncludedClusterScopeResources is a slice of cluster scope
// resource type names to include in the backup.
// If set to "*", all cluster scope resource types are included.
// The default value is empty, which means only related cluster
// scope resources are included.
// +optional
// +nullable
IncludedClusterScopeResources []string `json:"includedClusterScopeResources,omitempty"`

// ExcludedClusterScopeResources is a slice of cluster scope
// resource type names to exclude from the backup.
// If set to "*", all cluster scope resource types are excluded.
// +optional
// +nullable
ExcludedClusterScopeResources []string `json:"excludedClusterScopeResources,omitempty"`

// IncludedNamespacedResources is a slice of namespace scope
// resource type names to include in the backup.
// The default value is "*".
// +optional
// +nullable
IncludedNamespacedResources []string `json:"includedNamespacedResources,omitempty"`

// ExcludedNamespacedResources is a slice of namespace scope
// resource type names to exclude from the backup.
// If set to "*", all namespace scope resource types are excluded.
// +optional
// +nullable
ExcludedNamespacedResources []string `json:"excludedNamespacedResources,omitempty"`

// LabelSelector is a metav1.LabelSelector to filter with
// when adding individual objects to the backup. If empty
// or nil, all objects are included. Optional.
Expand Down
20 changes: 20 additions & 0 deletions pkg/apis/velero/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 22 additions & 8 deletions pkg/backup/backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,22 @@ func (kb *kubernetesBackupper) BackupWithResolvers(log logrus.FieldLogger,
log.Infof("Including namespaces: %s", backupRequest.NamespaceIncludesExcludes.IncludesString())
log.Infof("Excluding namespaces: %s", backupRequest.NamespaceIncludesExcludes.ExcludesString())

backupRequest.ResourceIncludesExcludes = collections.GetResourceIncludesExcludes(kb.discoveryHelper, backupRequest.Spec.IncludedResources, backupRequest.Spec.ExcludedResources)
log.Infof("Including resources: %s", backupRequest.ResourceIncludesExcludes.IncludesString())
log.Infof("Excluding resources: %s", backupRequest.ResourceIncludesExcludes.ExcludesString())
if collections.UseOldResourceFilters(backupRequest.Spec) {
backupRequest.ResourceIncludesExcludes = collections.GetGlobalResourceIncludesExcludes(kb.discoveryHelper, log,
backupRequest.Spec.IncludedResources,
backupRequest.Spec.ExcludedResources,
backupRequest.Spec.IncludeClusterResources,
*backupRequest.NamespaceIncludesExcludes)
} else {
backupRequest.ResourceIncludesExcludes = collections.GetScopeResourceIncludesExcludes(kb.discoveryHelper, log,
backupRequest.Spec.IncludedNamespacedResources,
backupRequest.Spec.ExcludedNamespacedResources,
backupRequest.Spec.IncludedClusterScopeResources,
backupRequest.Spec.ExcludedClusterScopeResources,
*backupRequest.NamespaceIncludesExcludes,
)
}

log.Infof("Backing up all volumes using pod volume backup: %t", boolptr.IsSetToTrue(backupRequest.Backup.Spec.DefaultVolumesToFsBackup))

var err error
Expand Down Expand Up @@ -391,11 +404,12 @@ func (kb *kubernetesBackupper) BackupWithResolvers(log logrus.FieldLogger,
// no more progress updates will be sent on the 'update' channel
quit <- struct{}{}

// back up CRD for resource if found. We should only need to do this if we've backed up at least
// one item for the resource and IncludeClusterResources is nil. If IncludeClusterResources is false
// we don't want to back it up, and if it's true it will already be included.
if backupRequest.Spec.IncludeClusterResources == nil {
for gr := range backedUpGroupResources {
for gr := range backedUpGroupResources {
// back up CRD for resource if found. We should only need to do this if we've backed up at least
// one item for the resource, when CRD is not literally included or excluded. When CRD is
// excluded, no need to check whether the resource has CRD. When CRD's included, it is
// already involved.
if backupRequest.ResourceIncludesExcludes.ClusterResourceIsNotIncludedAndExcluded(gr.String()) {
kb.backupCRD(log, gr, itemBackupper)
}
}
Expand Down
Loading

0 comments on commit d433bf0

Please sign in to comment.