Use claimName field in the filestore location secret for repository s…

…erver controller (#2146) * add unit tests for repository server controller * test * add prerequisites for tests * add server ready test * remove unwanted changes * fix lint issues * automate creation of repo server CRD * address review comments * add symbolic link * address comments * remove custom resource * renaming cli to kubecli * add more tests * fix lint issue * Add tests for Immutability Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Fix naming conventions Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update variables Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * add tests related to secrets * add secrets configuration for testutils * add base suite for repository server controller * use constants for location secret keys * add unit tests * make the constants local to the package * add licence headers * change package name * fix build errors * fix licence headers * fix lint issues * remove secret manager changes * remove unused functions and move to next PR * add utility functions * add tests for secrets and cache settings * fix build issues * move secret creation utils under test suite * resolve conflicts * add base suite for repository server controller * use constants for location secret keys * make the constants local to the package * add licence headers * fix licence headers * fix lint issues * remove unused functions and move to next PR * fix build issues * move secret creation utils under test suite * address review comments * add tests which got deleted during rebase * address review comments * updating tests to use the latest changed values for repository server progress field in status * honor claim Name in the location secret for file store * printf: github.com/pkg/errors.Wrapf call needs 2 args but has 4 args * add tests for pvc volume getting mounted on the repository server pod * move test utilities to pkg/testutil/testutil.go * rename kopia repository path constant name * improve tests and comments for better readability * refactor repository_test.go and secrets_manager_test.go for better readability * fix tests * test * fix tests * remove unnecessary whitespaces * rename conflicting env variables with s3compliant prefix * uncomment tests * move the env variable related comment at the right place * check error message for immuatability test * address comments related to better readability * fix test * change the error message for waitForRepoServerInfoUpdateInCR function * change the default repositoryserver struct from pointer tto local object * change waitForRepoServerInfoUpdateInCR function to return error if podName and serviceName are not set even after the polling time exceeds * fix waitForRepoServerInfoUpdateInCR * change the error message while getting pvc * remove unwanted changes * better error messages * address review comments --------- Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> Co-authored-by: Rajat Gupta <37516416+r4rajat@users.noreply.github.com> Co-authored-by: Rajat Gupta <rajat.gupta@veeam.com>
kanisterio · Jul 25, 2023 · d2f2442 · d2f2442
1 parent f876a47
commit d2f2442
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 2 deletions.
diff --git a/pkg/controllers/repositoryserver/handler.go b/pkg/controllers/repositoryserver/handler.go
@@ -217,7 +217,13 @@ func (h *RepoServerHandler) createPod(ctx context.Context, repoServerNamespace s
 	if err != nil {
 		return nil, nil, err
 	}
-	podOptions := getPodOptions(repoServerNamespace, podOverride, svc)
+
+	vols, err := getVolumes(ctx, h.KubeCli, h.RepositoryServerSecrets.storage, repoServerNamespace)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	podOptions := getPodOptions(repoServerNamespace, podOverride, svc, vols)
 	pod, envVars, err := h.setCredDataFromSecretInPod(ctx, podOptions)
 	if err != nil {
 		return nil, nil, err

diff --git a/pkg/controllers/repositoryserver/repositoryserver_controller_test.go b/pkg/controllers/repositoryserver/repositoryserver_controller_test.go
@@ -25,6 +25,7 @@ import (
 	"github.com/pkg/errors"
 	. "gopkg.in/check.v1"
 	v1 "k8s.io/api/core/v1"
+	k8sresource "k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -368,6 +369,56 @@ func (s *RepoServerControllerSuite) TestInvalidRepositoryPassword(c *C) {
 	}
 }
 
+func (s *RepoServerControllerSuite) TestFilestoreLocationVolumeMountOnRepoServerPod(c *C) {
+	var err error
+	ctx := context.Background()
+	repoServerCR := testutil.GetTestKopiaRepositoryServerCR(s.repoServerControllerNamespace)
+	setRepositoryServerSecretsInCR(&s.repoServerSecrets, &repoServerCR)
+	pvc := &v1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: "test-pvc-",
+		},
+		Spec: v1.PersistentVolumeClaimSpec{
+			AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
+			Resources: v1.ResourceRequirements{
+				Requests: v1.ResourceList{
+					v1.ResourceName(v1.ResourceStorage): k8sresource.MustParse("1Gi"),
+				},
+			},
+		},
+	}
+	pvc, err = s.kubeCli.CoreV1().PersistentVolumeClaims(s.repoServerControllerNamespace).Create(ctx, pvc, metav1.CreateOptions{})
+	c.Assert(err, IsNil)
+
+	storageSecret, err := s.CreateStorageLocationSecret(testutil.GetFileStoreLocationSecretData(pvc.Name))
+	c.Assert(err, IsNil)
+
+	repoServerCR.Spec.Storage.SecretRef.Name = storageSecret.Name
+
+	repoServerCRCreated, err := s.crCli.RepositoryServers(s.repoServerControllerNamespace).Create(ctx, &repoServerCR, metav1.CreateOptions{})
+	c.Assert(err, IsNil)
+
+	err = s.waitForRepoServerInfoUpdateInCR(repoServerCRCreated.Name)
+	c.Assert(err, IsNil)
+
+	//Get repository server CR with the updated server information
+	repoServerCRCreated, err = s.crCli.RepositoryServers(s.repoServerControllerNamespace).Get(ctx, repoServerCRCreated.Name, metav1.GetOptions{})
+	c.Assert(err, IsNil)
+
+	pod, err := s.kubeCli.CoreV1().Pods(s.repoServerControllerNamespace).Get(ctx, repoServerCRCreated.Status.ServerInfo.PodName, metav1.GetOptions{})
+	c.Assert(err, IsNil)
+
+	c.Assert(len(pod.Spec.Volumes), Equals, 3)
+
+	var volumeattached bool
+	for _, vol := range pod.Spec.Volumes {
+		if vol.PersistentVolumeClaim != nil && vol.PersistentVolumeClaim.ClaimName == pvc.Name {
+			volumeattached = true
+		}
+	}
+	c.Assert(volumeattached, Equals, true)
+}
+
 func (s *RepoServerControllerSuite) waitForRepoServerInfoUpdateInCR(repoServerName string) error {
 	ctxTimeout := 25 * time.Minute
 	ctx, cancel := context.WithTimeout(context.Background(), ctxTimeout)

diff --git a/pkg/controllers/repositoryserver/utils.go b/pkg/controllers/repositoryserver/utils.go
@@ -31,8 +31,11 @@ import (
 
 	"github.com/kanisterio/kanister/pkg/consts"
 	"github.com/kanisterio/kanister/pkg/format"
+	"github.com/kanisterio/kanister/pkg/kopia/command/storage"
 	"github.com/kanisterio/kanister/pkg/kube"
 	"github.com/kanisterio/kanister/pkg/poll"
+	secerrors "github.com/kanisterio/kanister/pkg/secrets/errors"
+	reposerver "github.com/kanisterio/kanister/pkg/secrets/repositoryserver"
 )
 
 const (
@@ -181,7 +184,7 @@ func addTLSCertConfigurationInPodOverride(podOverride *map[string]interface{}, t
 	return nil
 }
 
-func getPodOptions(namespace string, podOverride map[string]interface{}, svc *corev1.Service) *kube.PodOptions {
+func getPodOptions(namespace string, podOverride map[string]interface{}, svc *corev1.Service, vols map[string]string) *kube.PodOptions {
 	uidguid := int64(0)
 	nonRootBool := false
 	return &kube.PodOptions{
@@ -196,6 +199,7 @@ func getPodOptions(namespace string, podOverride map[string]interface{}, svc *co
 			RunAsUser:    &uidguid,
 			RunAsNonRoot: &nonRootBool,
 		},
+		Volumes: vols,
 	}
 }
 
@@ -225,3 +229,22 @@ func WaitTillCommandSucceed(ctx context.Context, cli kubernetes.Interface, cmd [
 	})
 	return err
 }
+
+func getVolumes(ctx context.Context, cli kubernetes.Interface, secret *corev1.Secret, namespace string) (map[string]string, error) {
+	vols := make(map[string]string, 0)
+	var claimName []byte
+	if len(secret.Data) == 0 {
+		return nil, errors.Errorf(secerrors.EmptySecretErrorMessage, secret.Namespace, secret.Name)
+	}
+	if locationType, ok := (secret.Data[reposerver.TypeKey]); ok && reposerver.LocType(string(locationType)) == reposerver.LocTypeFilestore {
+		if claimName, ok = secret.Data[reposerver.ClaimNameKey]; !ok {
+			return nil, errors.New("Claim name not set for file store location secret, failed to retrieve PVC")
+		}
+		claimNameString := string(claimName)
+		if _, err := cli.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, claimNameString, metav1.GetOptions{}); err != nil {
+			return nil, errors.Wrapf(err, "Failed to validate if PVC %s:%s exists", namespace, claimName)
+		}
+		vols[claimNameString] = storage.DefaultFSMountPath
+	}
+	return vols, nil
+}
diff --git a/pkg/secrets/repositoryserver/const.go b/pkg/secrets/repositoryserver/const.go
@@ -43,6 +43,8 @@ const (
 	RegionKey        = "region"
 	SkipSSLVerifyKey = "skipSSLVerify"
 	TypeKey          = "type"
+	// Location secret key to be used only for filestore location type
+	ClaimNameKey = "claimName"
 
 	// Kopia Repository Server secret keys
 	RepoPasswordKey  = "repo-password"

diff --git a/pkg/testutil/testutil.go b/pkg/testutil/testutil.go
@@ -536,3 +536,10 @@ func GetTestKopiaRepositoryServerCR(namespace string) crv1alpha1.RepositoryServe
 	}
 	return repositoryServer
 }
+
+func GetFileStoreLocationSecretData(claimName string) map[string][]byte {
+	return map[string][]byte{
+		reposerver.TypeKey:      []byte(reposerver.LocTypeFilestore),
+		reposerver.ClaimNameKey: []byte(claimName),
+	}
+}