k8up-io · eunames · Feb 21, 2024 · Apr 1, 2024 · Apr 1, 2024 · Jun 6, 2024
@@ -11,6 +11,7 @@
   `bug`, `enhancement`, `documentation`, `change`, `breaking`, `dependency`
   as they show up in the changelog
 - [ ] PR contains the label `area:operator`
+- [ ] Commits are [signed off](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
 - [ ] Link this PR to related issues
 - [ ] I have not made _any_ changes in the `charts/` directory.
 
@@ -21,6 +22,7 @@
   as they show up in the changelog
 - [ ] PR contains the label `area:chart`
 - [ ] PR contains the chart label, e.g. `chart:k8up`
+- [ ] Commits are [signed off](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
 - [ ] Variables are documented in the values.yaml using the format required by [Helm-Docs](https://github.com/norwoodj/helm-docs#valuesyaml-metadata).
 - [ ] Chart Version bumped if immediate release after merging is planned
 - [ ] I have run `make chart-docs`

@@ -35,4 +35,7 @@ jobs:
           ${{ runner.os }}-go-
 
     - name: Run tests
+      run: make test
+
+    - name: Run integration tests
       run: make integration-test
@@ -42,3 +42,11 @@ e2e/debug
 # Charts
 .cr-release-packages/
 .cr-index/
+
+# Vagrant
+.vagrant/
+
+# Container volumes mount
+.config/
+.kube/
+.npm/
@@ -25,3 +25,4 @@ This list is sorted in the order that organizations were added to it.
 | [VSHN](https://www.vshn.ch)            | [@tobru](https://github.com/tobru/)               | K8up was born at VSHN because at that time there was no other mature enough backup operator around. Today, K8up is integral part of the service offering and protects precious data every day. |
 | [amazee.io](https://www.amazee.io)     | [@dasrecht](https://github.com/dasrecht/)         | We use K8up as an integral part of our Disaster Recovery procedures.                                                                                                                           |
 | [Lagoon](https://github.com/uselagoon) | [@tobybellwood](https://github.com/tobybellwood/) | We've adopted K8up within [Lagoon](https://github.com/uselagoon). This keeps the data of all Lagoon customers safe and restorable.                                                             |
+| [Kubezy](https://kubezy.com) | [@halil-bugol](https://github.com/halil-bugol/) | We use K8up as Backup Operator in our Kubernetes Management product.|
@@ -27,21 +27,22 @@ include Makefile.restic-integration.mk envtest/integration.mk
 # E2E tests
 -include e2e/Makefile
 
-go_build ?= go build -o $(BIN_FILENAME) $(K8UP_MAIN_GO)
+go_build ?= $(GO_EXEC) build -o $(BIN_FILENAME) $(K8UP_MAIN_GO)
 
 .PHONY: test
 test: ## Run tests
-	go test ./... -coverprofile cover.out
+	$(GO_EXEC) test ./... -coverprofile cover.out
 
 .PHONY: build
 build: generate fmt vet $(BIN_FILENAME) docs-update-usage ## Build manager binary
 
 .PHONY: run
+run: export ARGS := $(ARGS) operator
 run: export BACKUP_ENABLE_LEADER_ELECTION = $(ENABLE_LEADER_ELECTION)
 run: export K8UP_DEBUG = true
 run: export BACKUP_OPERATOR_NAMESPACE = default
 run: fmt vet ## Run against the configured Kubernetes cluster in ~/.kube/config. Use ARGS to pass arguments to the command, e.g. `make run ARGS="--help"`
-	go run $(K8UP_MAIN_GO) $(ARGS) $(CMD) $(CMD_ARGS)
+	$(GO_EXEC) run $(K8UP_MAIN_GO) $(ARGS) $(CMD) $(CMD_ARGS)
 
 .PHONY: run-operator
 run-operator: CMD := operator
@@ -80,21 +81,21 @@ deploy: kind-load-image install ## Deploy controller in the configured Kubernete
 .PHONY: generate
 generate: ## Generate manifests e.g. CRD, RBAC etc.
 	# Generate code
-	go run sigs.k8s.io/controller-tools/cmd/controller-gen object:headerFile=".github/boilerplate.go.txt" paths="./..."
+	$(GO_EXEC) run sigs.k8s.io/controller-tools/cmd/controller-gen object:headerFile=".github/boilerplate.go.txt" paths="./..."
 	# Generate CRDs
-	go run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=$(CRD_ROOT_DIR)/v1 crd:crdVersions=v1
+	$(GO_EXEC) run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=$(CRD_ROOT_DIR)/v1 crd:crdVersions=v1
 
 .PHONY: crd
 crd: generate ## Generate CRD to file
 	@yq $(CRD_ROOT_DIR)/v1/*.yaml > $(CRD_FILE)
 
 .PHONY: fmt
 fmt: ## Run go fmt against code
-	go fmt ./...
+	$(GO_EXEC) fmt ./...
 
 .PHONY: vet
 vet: ## Run go vet against code
-	go vet ./...
+	$(GO_EXEC) vet ./...
 
 .PHONY: lint
 lint: fmt vet golangci-lint ## Invokes all linting targets

@@ -13,7 +13,7 @@ restore_dir ?= $(integrationtest_dir)/restore
 
 stats_url ?= http://localhost:8091
 
-restic_version ?= $(shell go mod edit -json | jq -r '.Require[] | select(.Path == "github.com/restic/restic").Version' | sed "s/v//")
+restic_version ?= $(shell $(GO_EXEC) mod edit -json | jq -r '.Require[] | select(.Path == "github.com/restic/restic").Version' | sed "s/v//")
 restic_path ?= $(go_bin)/restic
 restic_pid ?= $(integrationtest_dir)/restic.pid
 restic_url ?= https://github.com/restic/restic/releases/download/v$(restic_version)/restic_$(restic_version)_$(os)_$(arch).bz2

@@ -1,5 +1,6 @@
 IMG_TAG ?= latest
 
+GO_EXEC ?= go
 K8UP_MAIN_GO ?= cmd/k8up/main.go
 K8UP_GOOS ?= linux
 K8UP_GOARCH ?= amd64

@@ -1,10 +1,12 @@
 package v1
 
 import (
+	"context"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // ArchiveSpec defines the desired state of Archive.
@@ -87,6 +89,13 @@ func (a *Archive) GetSuccessfulJobsHistoryLimit() *int {
 	return a.Spec.KeepJobs
 }
 
+func (a *Archive) GetPodConfig(ctx context.Context, c client.Client) (*PodConfig, error) {
+	if a.Spec.RunnableSpec.PodConfigRef == nil {
+		return nil, nil
+	}
+	return NewPodConfig(ctx, a.Spec.RunnableSpec.PodConfigRef.Name, a.GetNamespace(), c)
+}
+
 // GetJobObjects returns a sortable list of jobs
 func (a *ArchiveList) GetJobObjects() JobObjectList {
 	items := make(JobObjectList, len(a.Items))

@@ -25,6 +25,11 @@ type (
 		Swift   *SwiftSpec             `json:"swift,omitempty"`
 		B2      *B2Spec                `json:"b2,omitempty"`
 		Rest    *RestServerSpec        `json:"rest,omitempty"`
+		InsecureTLS bool                   `json:"insecureTLS,omitempty"`
+
+
+		TLSOptions   *TLSOptions           `json:"tlsOptions,omitempty"`
+		VolumeMounts *[]corev1.VolumeMount `json:"volumeMounts,omitempty"`
 	}
 
 	// +k8s:deepcopy-gen=false
@@ -279,3 +284,9 @@ func (in *RestServerSpec) String() string {
 	protocol, url, _ := strings.Cut(in.URL, "://")
 	return fmt.Sprintf("rest:%s://%s:%s@%s", protocol, "$(USER)", "$(PASSWORD)", url)
 }
+
+type TLSOptions struct {
+	CACert     string `json:"caCert,omitempty"`
+	ClientCert string `json:"clientCert,omitempty"`
+	ClientKey  string `json:"clientKey,omitempty"`
+}
@@ -1,10 +1,12 @@
 package v1
 
 import (
+	"context"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // BackupSpec defines a single backup. It must contain all information to connect to
@@ -127,6 +129,13 @@ func (b *Backup) GetSuccessfulJobsHistoryLimit() *int {
 	return b.Spec.KeepJobs
 }
 
+func (b *Backup) GetPodConfig(ctx context.Context, c client.Client) (*PodConfig, error) {
+	if b.Spec.RunnableSpec.PodConfigRef == nil {
+		return nil, nil
+	}
+	return NewPodConfig(ctx, b.Spec.RunnableSpec.PodConfigRef.Name, b.GetNamespace(), c)
+}
+
 // GetJobObjects returns a sortable list of jobs
 func (b *BackupList) GetJobObjects() JobObjectList {
 	items := make(JobObjectList, len(b.Items))

@@ -1,10 +1,12 @@
 package v1
 
 import (
+	"context"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // CheckSpec defines the desired state of Check. It needs to contain the repository
@@ -106,6 +108,13 @@ func (c *Check) GetSuccessfulJobsHistoryLimit() *int {
 	return c.Spec.KeepJobs
 }
 
+func (b *Check) GetPodConfig(ctx context.Context, c client.Client) (*PodConfig, error) {
+	if b.Spec.RunnableSpec.PodConfigRef == nil {
+		return nil, nil
+	}
+	return NewPodConfig(ctx, b.Spec.RunnableSpec.PodConfigRef.Name, b.GetNamespace(), c)
+}
+
 // GetJobObjects returns a sortable list of jobs
 func (c *CheckList) GetJobObjects() JobObjectList {
 	items := make(JobObjectList, len(c.Items))

@@ -1,6 +1,8 @@
 package v1
 
 import (
+	"context"
+
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -19,6 +21,8 @@ type JobObject interface {
 	GetPodSecurityContext() *corev1.PodSecurityContext
 	// GetActiveDeadlineSeconds returns the specified active deadline seconds timeout.
 	GetActiveDeadlineSeconds() *int64
+	// GetPodConfig returns the defined PodSpec
+	GetPodConfig(context.Context, client.Client) (*PodConfig, error)
 }
 
 // +k8s:deepcopy-gen=false

@@ -0,0 +1,60 @@
+package v1
+
+import (
+	"context"
+
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// +kubebuilder:rbac:groups=k8up.io,resources=podconfigs,verbs=get;list;watch
+
+// PodConfigSpec contains the podTemplate definition.
+type PodConfigSpec struct {
+	Template corev1.PodTemplateSpec `json:"template,omitempty"`
+}
+
+// PodConfigStatus defines the observed state of Snapshot
+type PodConfigStatus struct {
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// PodConfig is the Schema for the PodConcig API
+// Any annotations and labels set on this object will also be set on
+// the final pod.
+type PodConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PodConfigSpec   `json:"spec,omitempty"`
+	Status PodConfigStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// SnapshotList contains a list of Snapshot
+type PodConfigList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PodConfig `json:"items"`
+}
+
+func NewPodConfig(ctx context.Context, name, namespace string, c client.Client) (*PodConfig, error) {
+	config := &PodConfig{}
+	err := c.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, config)
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	return config, nil
+}
+
+func init() {
+	SchemeBuilder.Register(&PodConfig{}, &PodConfigList{})
+}
@@ -1,10 +1,12 @@
 package v1
 
 import (
+	"context"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // PruneSpec needs to contain the repository information as well as the desired
@@ -115,6 +117,13 @@ func (p *Prune) GetSuccessfulJobsHistoryLimit() *int {
 	return p.Spec.KeepJobs
 }
 
+func (p *Prune) GetPodConfig(ctx context.Context, c client.Client) (*PodConfig, error) {
+	if p.Spec.RunnableSpec.PodConfigRef == nil {
+		return nil, nil
+	}
+	return NewPodConfig(ctx, p.Spec.RunnableSpec.PodConfigRef.Name, p.GetNamespace(), c)
+}
+
 // GetJobObjects returns a sortable list of jobs
 func (p *PruneList) GetJobObjects() JobObjectList {
 	items := make(JobObjectList, len(p.Items))

@@ -1,10 +1,12 @@
 package v1
 
 import (
+	"context"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // RestoreSpec can either contain an S3 restore point or a local one. For the local
@@ -35,8 +37,10 @@ type RestoreSpec struct {
 // RestoreMethod contains how and where the restore should happen
 // all the settings are mutual exclusive.
 type RestoreMethod struct {
-	S3     *S3Spec        `json:"s3,omitempty"`
-	Folder *FolderRestore `json:"folder,omitempty"`
+	S3           *S3Spec               `json:"s3,omitempty"`
+	Folder       *FolderRestore        `json:"folder,omitempty"`
+	TLSOptions   *TLSOptions           `json:"tlsOptions,omitempty"`
+	VolumeMounts *[]corev1.VolumeMount `json:"volumeMounts,omitempty"`
 }
 
 type FolderRestore struct {
@@ -105,6 +109,13 @@ func (r *Restore) GetSuccessfulJobsHistoryLimit() *int {
 	return r.Spec.KeepJobs
 }
 
+func (r *Restore) GetPodConfig(ctx context.Context, c client.Client) (*PodConfig, error) {
+	if r.Spec.RunnableSpec.PodConfigRef == nil {
+		return nil, nil
+	}
+	return NewPodConfig(ctx, r.Spec.RunnableSpec.PodConfigRef.Name, r.GetNamespace(), c)
+}
+
 // GetJobObjects returns a sortable list of jobs
 func (r *RestoreList) GetJobObjects() JobObjectList {
 	items := make(JobObjectList, len(r.Items))

@@ -15,11 +15,40 @@ type RunnableSpec struct {
 	// PodSecurityContext describes the security context with which this action shall be executed.
 	PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"`
 
+	// PodConfigRef describes the pod spec with wich this action shall be executed.
+	// It takes precedence over the Resources or PodSecurityContext field.
+	// It does not allow changing the image or the command of the resulting pod.
+	// This is for advanced use-cases only. Please only set this if you know what you're doing.
+	PodConfigRef *corev1.LocalObjectReference `json:"podConfigRef,omitempty"`
+
+	// Volumes List of volumes that can be mounted by containers belonging to the pod.
+	Volumes *[]RunnableVolumeSpec `json:"volumes,omitempty"`
+
 	// ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it.
 	// Value must be positive integer if given.
 	ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"`
 }
 
+type RunnableVolumeSpec struct {
+	// name of the volume.
+	// Must be a DNS_LABEL and unique within the pod.
+	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+	Name string `json:"name"`
+
+	// persistentVolumeClaimVolumeSource represents a reference to a
+	// PersistentVolumeClaim in the same namespace.
+	// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+	// +optional
+	PersistentVolumeClaim *corev1.PersistentVolumeClaimVolumeSource `json:"persistentVolumeClaim,omitempty"`
+	// secret represents a secret that should populate this volume.
+	// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+	// +optional
+	Secret *corev1.SecretVolumeSource `json:"secret,omitempty"`
+	// configMap represents a configMap that should populate this volume
+	// +optional
+	ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty"`
+}
+
 // AppendEnvFromToContainer will add EnvFromSource from the given RunnableSpec to the Container
 func (in *RunnableSpec) AppendEnvFromToContainer(containerSpec *corev1.Container) {
 	if in.Backend != nil {