Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enhancement] Adding new feature for supporting self-signed certificate #949

Merged
merged 39 commits into from
Apr 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
43f750c
[ADD] Ignoring vagrant dir in git
poyaz Mar 18, 2024
2ea688a
[ADD] Add GO_EXEC variable for using multiply version of go binary
poyaz Mar 18, 2024
8eb0703
[ADD] Add Volume for using secret or configmap in k8s, Add VolumeMoun…
poyaz Mar 18, 2024
e13ba45
[ADD] Add vardir command option for mount emptyDir in pod
poyaz Mar 18, 2024
e2622c6
[ADD] Supporting self certificate authority and mTls when using S3 ob…
poyaz Mar 18, 2024
a0f78d7
[ADD] Adding container volumes when they are mounting
poyaz Mar 22, 2024
c42e748
[UPDATE] Generating new crd according to adding VolumeMounts to Backe…
poyaz Mar 22, 2024
ece84c7
[UPDATE] Addin VolumeMounts to BackendSpec and RestoreMethod
poyaz Mar 22, 2024
a56d465
[UPDATE] Generating new crd according to adding VolumeMounts to Backe…
poyaz Mar 22, 2024
2af7fd6
[ADD] Adding new resource definitions for e2e test in TLS and mTls mode
poyaz Mar 22, 2024
f391110
[ADD] Add some fucntions for checking e2e test
poyaz Mar 22, 2024
5270d54
[ADD] Adding new e2e test for supporting self-signed issuer
poyaz Mar 22, 2024
97e03e0
Merge remote-tracking branch 'upstream/master' into feature/custom-tls
poyaz Mar 22, 2024
a9cf8fd
[FIX] Fixning problem in attach mode when failer happend in pod
poyaz Mar 22, 2024
11f0945
[ADD] Adding RESTORE_CA_CERT_FILE, RESTORE_CA_CERT_FILE, RESTORE_CLIE…
poyaz Mar 23, 2024
800b819
[UPDATE] Update operator and restic cli help according to new values …
poyaz Mar 23, 2024
fe51211
[FIX] Removing unnecessary snipped tag (tag: <SNIP>)
poyaz Mar 23, 2024
b2b83e1
[ADD] Adding document about how to use TLS and mTls in api refrence
poyaz Mar 23, 2024
6b659b8
[UPDATE] Update api-refrence according to supporting volume, volumeMo…
poyaz Mar 23, 2024
bd2c880
[UPDATE] Update cert-manager to v1.14.4
poyaz Mar 23, 2024
41825f9
[ADD] Adding e2e definitaions for using env for TLS and mTls
poyaz Mar 23, 2024
da60a0b
ADD] Adding e2e test over using env for TLS and mTls
poyaz Mar 23, 2024
c668b25
[FIX] Fixing integration test for restic s3. Missing CaCert arguments
poyaz Mar 23, 2024
295e5bf
[ADD] Adding variable GO_EXEC in Makefile to choose different version…
poyaz Mar 23, 2024
9f776fe
[FIX] Fix test for expected args
poyaz Mar 23, 2024
f6b0f12
[DELETE] Delete command "sleep 3"
poyaz Apr 6, 2024
8713c81
[UPDATE] Formatting go files to old style (Remove idea customziation …
poyaz Apr 6, 2024
d1319f0
[FIX] Fix typo and document's grammers
poyaz Apr 6, 2024
9b4216a
[DELETE] Delete unnecessary error param in setupArgs function
poyaz Apr 8, 2024
01cb120
[CHANGE] Rename options to tlsOptions
poyaz Apr 8, 2024
b59589a
[UPDATE] Update documents because of changing options to tlsOptions
poyaz Apr 10, 2024
0acef98
[UPDATE] Refactoring code for duplciate fucntions in operators
poyaz Apr 10, 2024
dc9f803
[ADD] Add cmctl command for check cert-manager is ready
poyaz Apr 10, 2024
7d121ff
[ADD] Add two e2e test for restore and archive
poyaz Apr 10, 2024
22de53e
[DELETE] Delete e2e test self signed tls becuase it has too many test…
poyaz Apr 10, 2024
df889cb
[UPDATE] Add unit test for utils file and refactoring ZeroLen function
poyaz Apr 11, 2024
1fc3b16
[UPDATE] Rename argument "--varDir" to "-varDir"
poyaz Apr 11, 2024
ad78959
[FIX] Fix execute ps for alpine and BusyBox
poyaz Apr 11, 2024
80b2ddd
[ADD] Add integration test for TLS and Mutual TLS options
poyaz Apr 11, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,11 @@ e2e/debug
# Charts
.cr-release-packages/
.cr-index/

# Vagrant
.vagrant/

# Container volumes mount
.config/
.kube/
.npm/
14 changes: 7 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ include Makefile.restic-integration.mk envtest/integration.mk
# E2E tests
-include e2e/Makefile

go_build ?= go build -o $(BIN_FILENAME) $(K8UP_MAIN_GO)
go_build ?= $(GO_EXEC) build -o $(BIN_FILENAME) $(K8UP_MAIN_GO)

.PHONY: test
test: ## Run tests
go test ./... -coverprofile cover.out
$(GO_EXEC) test ./... -coverprofile cover.out

.PHONY: build
build: generate fmt vet $(BIN_FILENAME) docs-update-usage ## Build manager binary
Expand All @@ -41,7 +41,7 @@ run: export BACKUP_ENABLE_LEADER_ELECTION = $(ENABLE_LEADER_ELECTION)
run: export K8UP_DEBUG = true
run: export BACKUP_OPERATOR_NAMESPACE = default
run: fmt vet ## Run against the configured Kubernetes cluster in ~/.kube/config. Use ARGS to pass arguments to the command, e.g. `make run ARGS="--help"`
go run $(K8UP_MAIN_GO) $(ARGS) $(CMD) $(CMD_ARGS)
$(GO_EXEC) run $(K8UP_MAIN_GO) $(ARGS) $(CMD) $(CMD_ARGS)

.PHONY: run-operator
run-operator: CMD := operator
Expand Down Expand Up @@ -80,21 +80,21 @@ deploy: kind-load-image install ## Deploy controller in the configured Kubernete
.PHONY: generate
generate: ## Generate manifests e.g. CRD, RBAC etc.
# Generate code
go run sigs.k8s.io/controller-tools/cmd/controller-gen object:headerFile=".github/boilerplate.go.txt" paths="./..."
$(GO_EXEC) run sigs.k8s.io/controller-tools/cmd/controller-gen object:headerFile=".github/boilerplate.go.txt" paths="./..."
# Generate CRDs
go run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=$(CRD_ROOT_DIR)/v1 crd:crdVersions=v1
$(GO_EXEC) run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=$(CRD_ROOT_DIR)/v1 crd:crdVersions=v1

.PHONY: crd
crd: generate ## Generate CRD to file
@yq $(CRD_ROOT_DIR)/v1/*.yaml > $(CRD_FILE)

.PHONY: fmt
fmt: ## Run go fmt against code
go fmt ./...
$(GO_EXEC) fmt ./...

.PHONY: vet
vet: ## Run go vet against code
go vet ./...
$(GO_EXEC) vet ./...

.PHONY: lint
lint: fmt vet golangci-lint ## Invokes all linting targets
Expand Down
2 changes: 1 addition & 1 deletion Makefile.restic-integration.vars.mk
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ restore_dir ?= $(integrationtest_dir)/restore

stats_url ?= http://localhost:8091

restic_version ?= $(shell go mod edit -json | jq -r '.Require[] | select(.Path == "github.com/restic/restic").Version' | sed "s/v//")
restic_version ?= $(shell $(GO_EXEC) mod edit -json | jq -r '.Require[] | select(.Path == "github.com/restic/restic").Version' | sed "s/v//")
restic_path ?= $(go_bin)/restic
restic_pid ?= $(integrationtest_dir)/restic.pid
restic_url ?= https://github.com/restic/restic/releases/download/v$(restic_version)/restic_$(restic_version)_$(os)_$(arch).bz2
Expand Down
1 change: 1 addition & 0 deletions Makefile.vars.mk
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
IMG_TAG ?= latest

GO_EXEC ?= go
K8UP_MAIN_GO ?= cmd/k8up/main.go
K8UP_GOOS ?= linux
K8UP_GOARCH ?= amd64
Expand Down
9 changes: 9 additions & 0 deletions api/v1/backend.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ type (
Swift *SwiftSpec `json:"swift,omitempty"`
B2 *B2Spec `json:"b2,omitempty"`
Rest *RestServerSpec `json:"rest,omitempty"`

TLSOptions *TLSOptions `json:"tlsOptions,omitempty"`
VolumeMounts *[]corev1.VolumeMount `json:"volumeMounts,omitempty"`
}

// +k8s:deepcopy-gen=false
Expand Down Expand Up @@ -279,3 +282,9 @@ func (in *RestServerSpec) String() string {
protocol, url, _ := strings.Cut(in.URL, "://")
return fmt.Sprintf("rest:%s://%s:%s@%s", protocol, "$(USER)", "$(PASSWORD)", url)
}

type TLSOptions struct {
CACert string `json:"caCert,omitempty"`
ClientCert string `json:"clientCert,omitempty"`
ClientKey string `json:"clientKey,omitempty"`
}
6 changes: 4 additions & 2 deletions api/v1/restore_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,10 @@ type RestoreSpec struct {
// RestoreMethod contains how and where the restore should happen
// all the settings are mutual exclusive.
type RestoreMethod struct {
S3 *S3Spec `json:"s3,omitempty"`
Folder *FolderRestore `json:"folder,omitempty"`
S3 *S3Spec `json:"s3,omitempty"`
Folder *FolderRestore `json:"folder,omitempty"`
TLSOptions *TLSOptions `json:"tlsOptions,omitempty"`
VolumeMounts *[]corev1.VolumeMount `json:"volumeMounts,omitempty"`
}

type FolderRestore struct {
Expand Down
23 changes: 23 additions & 0 deletions api/v1/runnable_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,34 @@ type RunnableSpec struct {
// PodSecurityContext describes the security context with which this action shall be executed.
PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"`

// Volumes List of volumes that can be mounted by containers belonging to the pod.
Volumes *[]RunnableVolumeSpec `json:"volumes,omitempty"`

// ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it.
// Value must be positive integer if given.
ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"`
}

type RunnableVolumeSpec struct {
// name of the volume.
// Must be a DNS_LABEL and unique within the pod.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Name string `json:"name"`

// persistentVolumeClaimVolumeSource represents a reference to a
// PersistentVolumeClaim in the same namespace.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
// +optional
PersistentVolumeClaim *corev1.PersistentVolumeClaimVolumeSource `json:"persistentVolumeClaim,omitempty"`
// secret represents a secret that should populate this volume.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
// +optional
Secret *corev1.SecretVolumeSource `json:"secret,omitempty"`
// configMap represents a configMap that should populate this volume
// +optional
ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty"`
}

// AppendEnvFromToContainer will add EnvFromSource from the given RunnableSpec to the Container
func (in *RunnableSpec) AppendEnvFromToContainer(containerSpec *corev1.Container) {
if in.Backend != nil {
Expand Down
88 changes: 88 additions & 0 deletions api/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion clean.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@ pidfile_exists() {
}

pid_alive() {
xargs ps -p >/dev/null < "${1}"
if ps --help 2>&1 | grep -q BusyBox; then
xargs ps p >/dev/null < "${1}"
else
xargs ps -p >/dev/null < "${1}"
fi

return $?
}

Expand Down
2 changes: 2 additions & 0 deletions cmd/operator/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ var (
&cli.BoolFlag{Destination: &cfg.Config.SkipWithoutAnnotation, Name: "skip-pvcs-without-annotation", EnvVars: []string{"BACKUP_SKIP_WITHOUT_ANNOTATION"}, Value: false, DefaultText: "disabled", Usage: "skip selecting PVCs that don't have the BACKUP_ANNOTATION"},
&cli.StringFlag{Destination: &cfg.Config.BackupCheckSchedule, Name: "checkschedule", EnvVars: []string{"BACKUP_CHECKSCHEDULE"}, Value: "0 0 * * 0", Usage: "the default check schedule"},
&cli.StringFlag{Destination: &cfg.Config.OperatorNamespace, Name: "operator-namespace", EnvVars: []string{"BACKUP_OPERATOR_NAMESPACE"}, Required: true, Usage: "set the namespace in which the K8up operator itself runs"},

&cli.StringFlag{Destination: &cfg.Config.PodVarDir, Name: "vardir", EnvVars: []string{"VAR_DIR"}, Value: "/k8up", Usage: "the var data dir for read/write k8up data or temp file in the backup pod"},
},
}
)
Expand Down
4 changes: 2 additions & 2 deletions cmd/restic/integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func initTest(t *testing.T) *testEnvironment {

func connectToS3Server(t *testing.T, ctx context.Context) *s3.Client {
repo := getS3Repo()
s3client := s3.New(repo, os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("AWS_SECRET_ACCESS_KEY"))
s3client := s3.New(repo, os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("AWS_SECRET_ACCESS_KEY"), s3.Cert{})

err := s3client.Connect(ctx)
require.NoErrorf(t, err, "Unable to connect to S3 repo '%s'", repo)
Expand Down Expand Up @@ -211,7 +211,7 @@ func testBackup(t *testing.T) *testEnvironment {
}

func testCheckS3Restore(t *testing.T, ctx context.Context) {
s3c := s3.New(os.Getenv("RESTORE_S3ENDPOINT"), os.Getenv("RESTORE_ACCESSKEYID"), os.Getenv("RESTORE_SECRETACCESSKEY"))
s3c := s3.New(os.Getenv("RESTORE_S3ENDPOINT"), os.Getenv("RESTORE_ACCESSKEYID"), os.Getenv("RESTORE_SECRETACCESSKEY"), s3.Cert{})
err := s3c.Connect(ctx)
require.NoError(t, err)
files, err := s3c.ListObjects(ctx)
Expand Down
Loading
Loading