Skip to content

Commit

Permalink
Added support for restic --verify flag
Browse files Browse the repository at this point in the history 
Added support for restic volume checksum verification.
This adds another pod annotation ('backup.velero.io/verify-volumes')
which is used to identify which volumes on the pod should get the
'--verify' flag passed to restic when restoring.

Stdout and stderr are logged to the restic pod logs. The PodVolumeRestore
CRD has three new status fields: Errors, VerifyErrors, and ResticPod,
which contain the number of total errors reported, the number of verify
errors reported, and the name of the restic pod that ran the restore
(to allow for the user to look in the pod logs for more detailed output).

The Restore CRD has two new Status fields: PodVolumeRestoreErrors
and PodVolumeRestoreVerifyErrors, which contain a slice of ObjectReferences
listing which PodVolumeRestores contained errors or verify errors.

There is not yet support built into restore describe to see the restore fields
via the velero client. Also, the restic daemonset will need to have an env
variable set for POD_NAME.

(cherry picked from commit da2df66)
(cherry picked from commit 5a05c6b)
Signed-off-by: Scott Seago <sseago@redhat.com>
  • Loading branch information
@sseago
sseago committed Sep 22, 2021
1 parent c83a50f commit 6d2729e
Show file tree
Hide file tree
Showing 14 changed files with 433 additions and 11 deletions.
15 changes: 15 additions & 0 deletions config/crd/v1/bases/velero.io_podvolumerestores.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,11 @@ spec:
format: date-time
nullable: true
type: string
errors:
description: Errors is a count of all error messages that were generated
during execution of the pod volume restore. The actual errors are
in the restic log
type: integer
message:
description: Message is a message about the pod volume restore's status.
type: string
Expand All @@ -126,12 +131,22 @@ spec:
format: int64
type: integer
type: object
resticPod:
description: ResticPod is the name of the restic pod which processed
the restore. Any errors referenced in Errors or VerifyErrors will
be logged in this pod's log.
type: string
startTimestamp:
description: StartTimestamp records the time a restore was started.
The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
verifyErrors:
description: VerifyErrors is a count of all verification-related error
messages that were generated during execution of the pod volume
restore. The actual errors are in the restic log
type: integer
type: object
type: object
served: true
Expand Down
132 changes: 132 additions & 0 deletions config/crd/v1/bases/velero.io_restores.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1651,6 +1651,138 @@ spec:
- PartiallyFailed
- Failed
type: string
podVolumeRestoreErrors:
description: PodVolumeRestoreErrors is a slice of all PodVolumeRestores
with errors (errors encountered by restic when restoring a pod)
(if applicable)
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many fields
which are not generally honored. For instance, ResourceVersion
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular restrictions
like, "must refer only to types A and B" or "UID not honored"
or "name must be restricted". Those cannot be well described
when embedded. 3. Inconsistent validation. Because the usages
are different, the validation rules are different by usage, which
makes it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this type will
affect numerous schemas. Don''t make new APIs embed an underspecified
API type they do not control. Instead of using this type, create
a locally provided and used type that is well-focused on your
reference. For example, ServiceReferences for admission registration:
https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
nullable: true
type: array
podVolumeRestoreVerifyErrors:
description: PodVolumeRestoreVerifyErrors is a slice of all PodVolumeRestore
errors from restore verification (errors encountered by restic when
verifying a pod restore) (if applicable)
items:
description: 'ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many fields
which are not generally honored. For instance, ResourceVersion
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular restrictions
like, "must refer only to types A and B" or "UID not honored"
or "name must be restricted". Those cannot be well described
when embedded. 3. Inconsistent validation. Because the usages
are different, the validation rules are different by usage, which
makes it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this type will
affect numerous schemas. Don''t make new APIs embed an underspecified
API type they do not control. Instead of using this type, create
a locally provided and used type that is well-focused on your
reference. For example, ServiceReferences for admission registration:
https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
nullable: true
type: array
progress:
description: Progress contains information about the restore's execution
progress. Note that this information is best-effort only -- if Velero
Expand Down
Loading

0 comments on commit 6d2729e

Please sign in to comment.