Added the parsed name of the CRD, nsxlbmonitors.vmware.com, to the bl…

…ock list on restore (#334) Signed-off-by: Lintong Jiang <[email protected]>
vmware-tanzu · Apr 8, 2021 · 8c3f94e · 8c3f94e
1 parent 121bb7a
commit 8c3f94e
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 19 deletions.
diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -113,10 +113,10 @@ const (
 )
 
 const (
-	VCSecretNs             = "kube-system"
-	VCSecretNsSupervisor   = "vmware-system-csi"
-	VCSecret               = "vsphere-config-secret"
-	VCSecretTKG            = "csi-vsphere-config"
+	VCSecretNs           = "kube-system"
+	VCSecretNsSupervisor = "vmware-system-csi"
+	VCSecret             = "vsphere-config-secret"
+	VCSecretTKG          = "csi-vsphere-config"
 )
 
 const (
@@ -201,7 +201,7 @@ var ResourcesToBlock = map[string]bool{
 	"haproxyloadbalancerconfigs.netoperator.vmware.com":       true,
 	"httproutes.networking.x-k8s.io":                          true,
 	"imagedisks.imagecontroller.vmware.com":                   true,
-	"images.imagecontroller.vmware.com":                       true,
+	//"images.imagecontroller.vmware.com":                     true, // DO NOT ADD IT BACK
 	"installoptions.appplatform.wcp.vmware.com":               true,
 	"installrequirements.appplatform.wcp.vmware.com":          true,
 	"ipamblocks.crd.projectcalico.org":                        true,
@@ -227,8 +227,8 @@ var ResourcesToBlock = map[string]bool{
 	"networkinterfaces.netoperator.vmware.com":                true,
 	"networks.netoperator.vmware.com":                         true,
 	"nsxerrors.nsx.vmware.com":                                true,
-	"nsxlbmonitors.vmware.com":                                true,
-	"nsxloadbalancermonitors.vmware.com":                      true,
+	//"nsxlbmonitors.vmware.com":                              true, // DO NOT ADD IT BACK
+	//"nsxloadbalancermonitors.vmware.com":                    true, // DO NOT ADD IT BACK
 	"nsxlocks.nsx.vmware.com":                                 true,
 	"nsxnetworkinterfaces.nsx.vmware.com":                     true,
 	"orders.acme.cert-manager.io":                             true,
@@ -277,16 +277,26 @@ var ResourcesToBlock = map[string]bool{
 var ResourcesToBlockOnRestore = map[string]bool{
 	// Kubernetes with vSphere Supervisor Cluster resources
 
-	// The image resource is backed up everytime when a container
-	// is backed up on Supervisor Cluster.
-	// We should skip it at restore time.
-	"images.imagecontroller.vmware.com": true,
-
 	// We need to remove some metadata from the Pod resource on
 	// Supervisor Cluster, i.e., annotation "vmware-system-vm-uuid"
 	// before the restore as the existing VM UUID is associated with
 	// the old VM that does not exist any more
 	"pods": true,
+
+	// The following resources are backed up everytime when a container
+	// is backed up on Supervisor Cluster.
+	// We should skip it at restore time.
+	"images.imagecontroller.vmware.com": true,
+
+	// "nsxlbmonitors.vmware.com" is the real name for this resource,
+	// however, our existing name parsing mechanism for resource matches
+	// with the parsed name. Adding both of them to the list.
+	// The real name will be used to make sure the resource is
+	// picked up in the AppliesTo func of item action plugin, while
+	// the parsed name will be used to skip restoring the resource
+	// in the Execute func of item action plugin.
+	"nsxlbmonitors.vmware.com":           true, // real name
+	"nsxloadbalancermonitors.vmware.com": true, // parsed name
 }
 
 var ResourcesToHandle = map[string]bool{

diff --git a/pkg/plugin/backup_pvc_action_plugin.go b/pkg/plugin/backup_pvc_action_plugin.go
@@ -53,8 +53,7 @@ func (p *NewPVCBackupItemAction) Execute(item runtime.Unstructured, backup *vele
 	}
 
 	if blocked {
-		p.Log.Infof("Resource CRD %s is blocked, skipping", crdName)
-		return nil, nil, nil
+		return nil, nil, errors.Errorf("Resource CRD %s is blocked in backup, skipping", crdName)
 	}
 
 	var pvc corev1.PersistentVolumeClaim

diff --git a/pkg/plugin/restore_pvc_action_plugin.go b/pkg/plugin/restore_pvc_action_plugin.go
@@ -45,29 +45,31 @@ func (p *NewPVCRestoreItemAction) AppliesTo() (velero.ResourceSelector, error) {
 
 func (p *NewPVCRestoreItemAction) Execute(input *velero.RestoreItemActionExecuteInput) (*velero.RestoreItemActionExecuteOutput, error) {
 	blocked, crdName, err := utils.IsObjectBlocked(input.ItemFromBackup) // Use ItemFromBackup here so that selflink is available
-
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed during IsObjectBlocked check")
 	}
 
 	if blocked == false {
-		// "pods" and "images" are two additional resources
+		// "pods", "images" and "nsxlbmonitors" are additional resources
 		// blocked on restore only for now
 		blocked = utils.IsResourceBlockedOnRestore(crdName)
 	}
 	item := input.Item // Use Item for everything else so that previous actions had a chance to modify the object
 	// (e.g. Velero removes extraneous metadata earlier in the restore process)
 
+	p.Log.Infof("Restoring resource %v: blocked = %v", crdName, blocked)
+
 	if blocked {
 		if crdName == "pods" {
 			return p.createPod(item)
-		} else if crdName == "images.imagecontroller.vmware.com" {
-			// Skip the restore of image resources on Supervisor Cluster
+		} else if utils.IsResourceBlockedOnRestore(crdName) {
+			// Skip the restore of image and nsxlbmonitor resources on Supervisor Cluster
+			p.Log.Infof("Skipping resource %s on restore", crdName)
 			return &velero.RestoreItemActionExecuteOutput{
 				SkipRestore: true,
 			}, nil
 		}
-		return nil, errors.Errorf("Resource CRD %s is blocked, skipping", crdName)
+		return nil, errors.Errorf("Resource CRD %s is blocked in restore, skipping", crdName)
 	}
 
 	var pvc corev1.PersistentVolumeClaim