default datamover SC and add mover annotation (#1058)

openshift · Jun 3, 2023 · ad2f8cd · ad2f8cd
1 parent 2cfc5e7
commit ad2f8cd
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 39 deletions.
diff --git a/api/v1alpha1/oadp_types.go b/api/v1alpha1/oadp_types.go
@@ -267,10 +267,6 @@ type VolumeOptions struct {
 	// cacheAccessMode is the access mode to be used to provision the cache volume
 	//+optional
 	CacheAccessMode string `json:"cacheAccessMode,omitempty"`
-	// moverSecurityContext allows enabling the PodSecurityContext used in
-	// the application pod(s); default value is true
-	//+optional
-	MoverSecurityContext *bool `json:"moverSecurityContext,omitempty"`
 }
 
 // Features defines the configuration for the DPA to enable the tech preview features

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml b/bundle/manifests/oadp.openshift.io_dataprotectionapplications.yaml
@@ -735,9 +735,6 @@ spec:
                                   cacheStorageClassName:
                                     description: cacheStorageClassName is the storageClass that should be used when provisioning the data mover cache volume
                                     type: string
-                                  moverSecurityContext:
-                                    description: moverSecurityContext allows enabling the PodSecurityContext used in the application pod(s); default value is true
-                                    type: boolean
                                   storageClassName:
                                     description: storageClassName can be used to override the StorageClass of the source or destination PVC
                                     type: string
@@ -757,9 +754,6 @@ spec:
                                   cacheStorageClassName:
                                     description: cacheStorageClassName is the storageClass that should be used when provisioning the data mover cache volume
                                     type: string
-                                  moverSecurityContext:
-                                    description: moverSecurityContext allows enabling the PodSecurityContext used in the application pod(s); default value is true
-                                    type: boolean
                                   storageClassName:
                                     description: storageClassName can be used to override the StorageClass of the source or destination PVC
                                     type: string

diff --git a/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml b/config/crd/bases/oadp.openshift.io_dataprotectionapplications.yaml
@@ -735,9 +735,6 @@ spec:
                                   cacheStorageClassName:
                                     description: cacheStorageClassName is the storageClass that should be used when provisioning the data mover cache volume
                                     type: string
-                                  moverSecurityContext:
-                                    description: moverSecurityContext allows enabling the PodSecurityContext used in the application pod(s); default value is true
-                                    type: boolean
                                   storageClassName:
                                     description: storageClassName can be used to override the StorageClass of the source or destination PVC
                                     type: string
@@ -757,9 +754,6 @@ spec:
                                   cacheStorageClassName:
                                     description: cacheStorageClassName is the storageClass that should be used when provisioning the data mover cache volume
                                     type: string
-                                  moverSecurityContext:
-                                    description: moverSecurityContext allows enabling the PodSecurityContext used in the application pod(s); default value is true
-                                    type: boolean
                                   storageClassName:
                                     description: storageClassName can be used to override the StorageClass of the source or destination PVC
                                     type: string

diff --git a/controllers/datamover.go b/controllers/datamover.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 
 	"github.com/go-logr/logr"
@@ -93,6 +92,17 @@ func (r *DPAReconciler) ReconcileDataMoverController(log logr.Logger) (bool, err
 
 			return false, err
 		}
+
+		adpNS := corev1.Namespace{}
+		if err := r.Get(r.Context, types.NamespacedName{Name: r.NamespacedName.Namespace}, &adpNS); err != nil {
+			return false, err
+		}
+
+		// add volsync privileged mover annotation
+		err = r.addAnnotations(&adpNS, r.Log)
+		if err != nil {
+			return false, err
+		}
 	}
 
 	dataMoverDeployment := &appsv1.Deployment{
@@ -762,7 +772,7 @@ func (r *DPAReconciler) buildDataMoverConfigMap(dpa *oadpv1alpha1.DataProtection
 		return fmt.Errorf("DPA CR cannot be nil")
 	}
 	if cm == nil {
-		return fmt.Errorf("datamover deployment cannot be nil")
+		return fmt.Errorf("datamover configmap cannot be nil")
 	}
 
 	cmMap := map[string]string{}
@@ -789,13 +799,7 @@ func (r *DPAReconciler) buildDataMoverConfigMap(dpa *oadpv1alpha1.DataProtection
 		if len(sourceOptions.CacheCapacity) > 0 {
 			cmMap["SourceCacheCapacity"] = sourceOptions.CacheCapacity
 		}
-		if sourceOptions.MoverSecurityContext != nil {
-			cmMap["SourceMoverSecurityContext"] = strconv.FormatBool(*sourceOptions.MoverSecurityContext)
 
-			// default to true
-		} else {
-			cmMap["SourceMoverSecurityContext"] = "true"
-		}
 	}
 
 	// check for destination volume options
@@ -821,14 +825,6 @@ func (r *DPAReconciler) buildDataMoverConfigMap(dpa *oadpv1alpha1.DataProtection
 		if len(destinationOptions.CacheCapacity) > 0 {
 			cmMap["DestinationCacheCapacity"] = destinationOptions.CacheCapacity
 		}
-
-		if destinationOptions.MoverSecurityContext != nil {
-			cmMap["DestinationMoverSecurityContext"] = strconv.FormatBool(*destinationOptions.MoverSecurityContext)
-
-			// default to true
-		} else {
-			cmMap["DestinationMoverSecurityContext"] = "true"
-		}
 	}
 
 	// check for SnapshotRetainPolicy parameters
@@ -930,3 +926,21 @@ func (r *DPAReconciler) parseGCPSecret(secret corev1.Secret, secretKey string) (
 
 	return gcpcreds, nil
 }
+
+func (r *DPAReconciler) addAnnotations(ns *corev1.Namespace, log logr.Logger) error {
+
+	annotations := ns.ObjectMeta.GetAnnotations()
+	if ns.ObjectMeta.Annotations == nil {
+		annotations = map[string]string{}
+	}
+
+	annotations[common.VolsyncPrivilegedAnnotation] = "true"
+	ns.ObjectMeta.SetAnnotations(annotations)
+
+	err := r.Update(r.Context, ns, &client.UpdateOptions{})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/common/common.go b/pkg/common/common.go
@@ -18,6 +18,7 @@ const (
 	OADPOperatorServiceAccount   = "openshift-adp-controller-manager"
 	VolSyncDeploymentName        = "volsync-controller-manager"
 	VolSyncDeploymentNamespace   = "openshift-operators"
+	VolsyncPrivilegedAnnotation  = "volsync.backube/privileged-movers"
 )
 
 // Images