Skip restore of APIServices managed by Kubernetes #4028
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It was discovered during Velero 1.6.3 upgrade testing that Velero was restoring `APIService` objects for APIs that are no longer being served by Kubernetes 1.22. If these items were restored, it would break the behaviour of discovery within the cluster. This change introduces a new RestoreItemAction plugin that skips the restore of any `APIService` object which is managed by Kubernetes such as those for built-in APIs or CRDs. The `APIService`s for these will be created when the Kubernetes API server starts or when new CRDs are registered. These objects are identified by looking for the `kube-aggregator.kubernetes.io/automanaged` label. Signed-off-by: Bridget McErlean <[email protected]>
zubron
force-pushed
the
add-restore-item-action-to-skip-automanaged-apiservices
branch
from
75e384f to
984176f
Compare
github-actions
bot
added
Dependencies
sseago
previously approved these changes
Aug 11, 2021
dsu-igeek
suggested changes
Aug 11, 2021
pkg/restore/apiservice_action.go
Outdated
| output := velero.NewRestoreItemActionExecuteOutput(input.Item) | ||
|
|
||
| if _, ok := apiService.Labels[autoregister.AutoRegisterManagedLabel]; ok { | ||
| output = output.WithoutRestore() |
There was a problem hiding this comment.
We should log that it's being skipped
There was a problem hiding this comment.
We have logging in the outer scope that state that the item is being skipped due to a plugin but will add something here to explain why 👍
zubron
force-pushed
the
add-restore-item-action-to-skip-automanaged-apiservices
branch
2 times, most recently
from
231789a to
a64ceca
Compare
Instead of converting the unstructured item to check for the presence of the `kube-aggregator.kubernetes.io/automanaged` label, use this label in the `AppliesTo` to enable the restore logic to select the item. This means that any item that matches the selector will have restore skipped. Also add a new test case to the restore action test to check that label selectors are applied correctly. Signed-off-by: Bridget McErlean <[email protected]>
zubron
force-pushed
the
add-restore-item-action-to-skip-automanaged-apiservices
branch
from
a64ceca to
368098b
Compare
sseago
approved these changes
Aug 12, 2021
zubron
pushed a commit
to zubron/velero
that referenced
this pull request
Aug 12, 2021
…ion-to-skip-automanaged-apiservices Skip restore of APIServices managed by Kubernetes
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please add a summary of your change
It was discovered during Velero 1.6.3 upgrade testing that Velero was
restoring
APIServiceobjects for APIs that are no longer being servedby Kubernetes 1.22. If these items were restored, it would break the
behaviour of discovery within the cluster.
This change introduces a new RestoreItemAction plugin that skips the
restore of any
APIServiceobject which is managed by Kubernetes suchas those for built-in APIs or CRDs. The
APIServices for these will becreated when the Kubernetes API server starts or when new CRDs are
registered. These objects are identified by looking for the
kube-aggregator.kubernetes.io/automanagedlabel.Signed-off-by: Bridget McErlean [email protected]
Does your change fix a particular issue?
Fixes #4027
Please indicate you've done the following:
/kind changelog-not-required.site/content/docs/main.