Support cluster resource Includes/Excludes #5120
Comments
|
Agreed that current combination of include/exclude filters of namespace resources and cluster resources causes confusion, IMO, ideally we should clarify that current include/exclude resource filters will only apply to namespace resources and we'll introduce new include/exclude cluster-resource filters for filtering cluster resources |
|
Actually, I think the current excludes/excludes do apply to cluster-scoped resources. If you include PersistentVolumes in excludedResources, then I don't think any will be backed up. If you have an includedResources list with both cluster-scoped and namespaced resources, then both sets will be included (but nothing else). The issue here is that once you have an includes list, then nothing outside the list is included. So you can't say "include all namespaced resources but only include X, Y, and Z cluster-scoped resources." It's worth noting that if lncludeClusterResources is nil (rather than true or false) then Velero will pull in certain resources as-needed. In particular, if your main use case for cluster-scoped resources is persistentVolumes, then you probably don't want to include all PVs, just the ones associated with PVCs you're backing up, so what you want is to set includeClusterResources to nil (or leave the field out of spec entirely, which is equivalent). |
@sseago The problem is that I do want to set includeClusterResources to true since I need some cluster resources. And the current filter (IncludedResources/ExcludedResources + IncludeClusterResources flag) can not meet most of the cases I mentioned above |
|
@27149chen Usually, Velero backup will not separate resources into namespace and cluster scope. Taking backup resources in namespace What is the background of the special use cases you mentioned?
|
it does not meet our requirement, we want to use includeClusterResources flag (according to you words, this is a "bad" flag which I should never use it, otherwise, some unexpected behavior will occur. If so, what's the point of its existence?) |
most of them are valid requirements from our customer |
|
@27149chen
By my understanding, the missing piece is a parameter to specify resources to include, and it will not exclude all the other things as the current parameter |
|
So setting includeClusterResources to nil does include some cluster resources, but it's limited to those resources that are directly relevant to other resources being backed up (this handles the usual needs for PVs, CRDs, etc.) If your use case is "I want all of cluster resources X, Y, and Z but none of A, B, and C" then you can handle that right now by just setting includeClusterResources to As @blackpiglet said, the only thing you can't do right now directly is "only include X, Y, and Z cluster resources" unless you're willing/able to list everything not A, B, and C in excludeResources. Will the "list all cluster resources you don't want in the exclude list" meet your needs? |
|
As for "no namespaced resources but all cluster resources", I wonder whether we can handle this by just excluding all namespaces while seting includeClusterResources to |
|
@sseago @blackpiglet , are we talking about workarounds or a formal solution? |
@sseago sorry but I think you do not understand my problem, if includeClusterResources is set to true, all pvs will be backed up, not just the relevant ones, see details in #5119 |
@sseago please test it first before adding this comment, AFAIK, it is a invalid config if an item is both in includes and excludes, and an error will be raised |
|
@27149chen |
|
@blackpiglet I'm happy if you can find a way to resolve this problem without adding two parameters for cluster resources. I have listed 16 cases in my issue description, and provided a way that I think is simple and effective. If you can find another way to do it clean and simple, please give your examples. Thanks. |
|
So one thing to consider -- if we were to implement your proposal, we'd need a different name. Your proposal doesn't account for the nil value of includeClusterResources -- i.e. only include relevant resources, vs. none vs. all. I think we would still need that even if we added some notion of additional filtering/including. For example, your proposal loses the abiliy to "only include PVs that are needed" So the include list would need to have a name other than the existing bool pointer "includeClusterResources" which has 3 valid values now -- true, false, and nil. Also, I've seen other requests to allow for wildcards on the exclude list. If implemented, this would allow for "no namespaced resources" by simply specifying "*" for excludedNamespaces. That would handle cases 1-3. Case 4 is already handled by setting includeClusterResources to For case 5, examples 1 and 4 already work today by setting includeClusterResources to The only way to do the above right now would be to reformat this into a list of all excludes or all includes. But how central is this use case? I imagine someone else might say "I want per-namespace include/exclude lists" -- but once we get to that level of granularity of control, the recommendation would be to create two backups. I wonder whether the same would work here -- a cluster-scoped backup and a namespaced backup. 6 and 8 are similar. The second example can be done today by just using the existing include/exclude lists. The first would need 2 backups. 7 and 9 are supported by the existing options. So out of the 16 total examples, it looks like 8 are supported today. 4 more would be supported by allowing for wildcards in excludeNamespaces, and 4 could be done today by using a partitioned backup scheme, but to do in a single backup would require two additional config params (but without removing/changing the existing true/false/nil includeClusterResources parameter). The concern here is that the cluster/namespaced partition in the config doesn't really feel natural to me. If we were going to redesign the selection mechanism to be more flexible than it is today, I'm not certain that this is the only use case we'd care about adding. I'd want a more flexible config that might be less confusing than some combination of include/excluderesources, includeClusterResources true/false/nil, and two new cluster-scoped include/exclude parameters. |
|
@sseago please give you resource filter spec for every case as I did in the description so that we can discuss one by one and find the gap |
reasonerjt
removed
the
1.10-candidate
|
I'd like to add the case "all resources in a namespace" + "some selected cluster resources", which seems to not be possible ATM. Well one can run two separate backups, ok, but ideally it should be possible in the same backup. |
|
Also, if I can suggest, a filter based on resource names (not labels) would be most welcome, at least for my use cases. |
|
Thanks! I subscribed to that one. |
|
After discussion, I think it's reasonable to create a new filtering parameter to focus on namespace resources, because currently there are three ways to filtering resources:
There are senarios that resource type based filter and namespace based filter interfere mutually. Seperate |
Describe the problem/challenge you have
The current filter (IncludedResources/ExcludedResources + IncludeClusterResources flag) is not enough for some special cases, such as:
Describe the solution you'd like
Add new field
IncludedClusterResourcesandExcludedClusterResources, examples:(wildcard rules: includeResources: empty for all, excludeResources/includeClusterResources: "*" for all, excludeResources/includeClusterResources/excludeClusterResources: empty for nothing)
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
velero version):kubectl version):/etc/os-release):Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.
The text was updated successfully, but these errors were encountered: