Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Type S3Compliant to Kopia Repository Storage Args #2159

Merged
merged 8 commits into from
Jul 7, 2023
Merged

Add Type S3Compliant to Kopia Repository Storage Args #2159

merged 8 commits into from
Jul 7, 2023

Conversation

r4rajat
Copy link
Contributor

@r4rajat r4rajat commented Jul 6, 2023
edited by pavannd1

Change Overview

Add Type S3Compliant to Kopia Repository Storage Args

Pull request type

Please check the type of change your PR introduces:

  • 🚧 Work in Progress
  • 🌈 Refactoring (no functional changes, no api changes)
  • 🐹 Trivial/Minor
  • 🐛 Bugfix
  • 🌻 Feature
  • 🗺️ Documentation
  • 🤖 Test

Issues

  • fixes #issue-number

Test Plan

  • 💪 Manual
  • ⚡ Unit test
  • 💚 E2E

Manual Testing Steps

1) Create Images for Kanister and Repo Server controller

git tag -fa v21-repo-server-rajat -m "Testing"

bash build/gorelease.sh

docker tag ghcr.io/kanisterio/controller:v21-repo-server-rajat r4rajat/controller:v21-repo-server-rajat

docker tag ghcr.io/kanisterio/repo-server-controller:v21-repo-server-rajat r4rajat/repo-server-controller:v21-repo-server-rajat

docker push r4rajat/controller:v21-repo-server-rajat && docker push r4rajat/repo-server-controller:v21-repo-server-rajat

2) Install Kanister

helm install kanister ./helm/kanister-operator \
--namespace kanister \
--set image.repository=r4rajat/controller \
--set image.tag=v21-repo-server-rajat \
--set repositoryServerImage.repository=r4rajat/repo-server-controller \
--set repositoryServerImage.tag=v21-repo-server-rajat \
--set controller.parallelism=10 \
--create-namespace

3) Apply Repo Server CRD

kubectl apply -f pkg/customresource/repositoryserver.yaml -n kanister

4) Create Test Application [Time Logger]

kubectl create namespace time-logger

kubectl create -f ./examples/time-log/time-logger-deployment.yaml -n time-logger

5) Create OpenSSL Certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

6) Create S3 Location and Location Secret Config Files

  • S3 Location Secret [ Created for minio as s3Compliant Storage from make install-minio target]
vi s3_location_creds.yaml

apiVersion: v1
kind: Secret
metadata:
   name: s3-creds
   namespace: kanister
   labels:
      repo.kanister.io/target-namespace: monitoring
type: secrets.kanister.io/aws
data:
   # required: base64 encoded value for key with proper permissions for the bucket
   aws_access_key_id: <REDACTED>
   # required: base64 encoded value for the secret corresponding to the key above
   aws_secret_access_key: <REDACTED>
  • S3 Location
vi s3_location.yaml

apiVersion: v1
kind: Secret
metadata:
   name: s3-location
   namespace: kanister
   labels:
      repo.kanister.io/target-namespace: monitoring
type: Opaque
data:
   type: czNjb21wbGFudA==
   bucket: <REDACTED>
   path: cmVwb3NpdG9yeS1zZXJ2ZXItdGVzdA==
   region: <REDACTED>
   endpoint: <REDACTED>

7) Apply Secrets

kubectl create secret tls repository-server-tls-cert --cert=certificate.pem --key=key.pem -n kanister

kubectl create secret generic repository-server-user-access -n kanister --from-literal=localhost=test1234

kubectl create secret generic repository-admin-user -n kanister --from-literal=username=admin@testpod1 --from-literal=password=<REDACTED>

kubectl create secret generic repo-pass -n kanister --from-literal=repo-password=<REDACTED>

kubectl apply -f s3_location_creds.yaml -n kanister

kubectl apply -f s3_location.yaml -n kanister

8) Create Repository

kopia --log-level=error --config-file=/tmp/kopia-repository.config --log-dir=/tmp/kopia-cache repository create --no-check-for-updates --cache-directory=/tmp/cache.dir --content-cache-size-mb=0 --metadata-cache-size-mb=500 --override-hostname=mysql.app --override-username=kanisterAdmin s3 --bucket=tests.kanister.io --prefix=repository-server-test --region=us-west-2 --access-key=<REDACTED> --secret-access-key=<REDACTED>--endpoint=<REDACTED>

9) Create Repository Server CR

vi repo-server-cr.yaml

apiVersion: cr.kanister.io/v1alpha1
kind: RepositoryServer
metadata:
  labels:
    app.kubernetes.io/name: repositoryserver
    app.kubernetes.io/instance: repositoryserver-sample
    app.kubernetes.io/part-of: kanister
    app.kuberentes.io/managed-by: kustomize
    app.kubernetes.io/created-by: kanister
  name: kopia-repo-server-1
  namespace: kanister
spec:
  storage:
    secretRef:
      name: s3-location
      namespace: kanister
    credentialSecretRef:
      name: s3-creds
      namespace: kanister
  repository:
    rootPath: /repo-controller/
    passwordSecretRef:
      name: repo-pass
      namespace: kanister
    username: kanisterAdmin
    hostname: mysql.app
  server:
    adminSecretRef:
      name: repository-admin-user
      namespace: kanister
    tlsSecretRef:
      name: repository-server-tls-cert
      namespace: kanister
    userAccess:
      userAccessSecretRef:
        name: repository-server-user-access
        namespace: kanister
      username: kanisteruser

kubectl apply -f repo-server-cr.yaml -n kanister

Wait till the status of Repository Server CR gets to ServerReady , You could check it by running following command

kubectl describe -n kanister repositoryserver.cr.kanister.io/kopia-repo-server-1

10) Create Blueprint

vi test-blueprint.yaml

apiVersion: cr.kanister.io/v1alpha1
kind: Blueprint
metadata:
  name: backupdate-bp
  namespace: kanister
actions:
  backup:
    outputArtifacts:
      timeLog:
        keyValue:
          path: '/repo-controller/time-logger/'
      backupIdentifier:
        keyValue:
          id: "{{ .Phases.backupToS3.Output.backupID }}"
    phases:
    - func: BackupDataUsingKopiaServer
      name: backupToS3
      args:
        namespace: "{{ .Deployment.Namespace }}"
        pod: "{{ index .Deployment.Pods 0 }}"
        container: test-container
        includePath: /var/log

  restore:
    inputArtifactNames:
    - timeLog
    - backupIdentifier
    phases:
    - func: ScaleWorkload
      name: shutdownPod
      args:
        namespace: "{{ .Deployment.Namespace }}"
        name: "{{ .Deployment.Name }}"
        kind: Deployment
        replicas: 0
    - func: RestoreDataUsingKopiaServer
      name: restoreFromS3
      args:
        namespace: "{{ .Deployment.Namespace }}"
        pod: "{{ index .Deployment.Pods 0 }}"
        image: ghcr.io/kanisterio/kanister-tools:0.89.0
        backupIdentifier: "{{ .ArtifactsIn.backupIdentifier.KeyValue.id }}"
        restorePath: /var/log
    - func: ScaleWorkload
      name: bringupPod
      args:
        namespace: "{{ .Deployment.Namespace }}"
        name: "{{ .Deployment.Name }}"
        kind: Deployment
        replicas: 1

kubectl create -f test-blueprint.yaml -n kanister

11) Build kanctl with latest changes

go build -o kanctl cmd/kanctl/main.go

12) Take Backup of the Application

./kanctl create actionset --action backup --namespace kanister --blueprint backupdate-bp --deployment time-logger/time-logger --repository-server=kopia-repo-server-1

actionset backup-7m5lh created

Check Status of the actionset

kubectl describe actionsets -n kanister backup-7m5lh

Events:
  Type    Reason           Age   From                 Message
  ----    ------           ----  ----                 -------
  Normal  Started Action   9s    Kanister Controller  Executing action backup
  Normal  Started Phase    9s    Kanister Controller  Executing phase backupToS3
  Normal  Ended Phase      3s    Kanister Controller  Completed phase backupToS3
  Normal  Update Complete  3s    Kanister Controller  Updated ActionSet 'backup-7m5lh' Status->complete

13) Restore the Application

  • Delete the files in /var/log folder in time-logger pod
kubectl exec -n time-logger time-logger-6c95887764-lrzjg -it sh

sh-5.1# cd /var/log/

sh-5.1# rm -rf time.log
  • Run Restore Action
./kanctl --namespace kanister create actionset --action restore --from  "backup-7m5lh"

Check status

kubectl describe actionsets -n kanister restore-backup-7m5lh-crwlw

Events:
  Type    Reason           Age   From                 Message
  ----    ------           ----  ----                 -------
  Normal  Started Action   43s   Kanister Controller  Executing action restore
  Normal  Started Phase    43s   Kanister Controller  Executing phase shutdownPod
  Normal  Ended Phase      11s   Kanister Controller  Completed phase shutdownPod
  Normal  Started Phase    11s   Kanister Controller  Executing phase restoreFromS3
  Normal  Ended Phase      5s    Kanister Controller  Completed phase restoreFromS3
  Normal  Started Phase    5s    Kanister Controller  Executing phase bringupPod
  Normal  Ended Phase      1s    Kanister Controller  Completed phase bringupPod
  Normal  Update Complete  1s    Kanister Controller  Updated ActionSet 'restore-backup-7m5lh-crwlw' Status->complete
  • Verify the restore
kubectl exec -n time-logger time-logger-7z87759646-mvtkb -it sh

sh-5.1# cd /var/log/

sh-5.1# ls
time.log

@r4rajat
Add S3Compliant to Storage Args
b875ce5 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat r4rajat requested a review from kale-amruta July 6, 2023 09:07
@github-actions
Copy link
Contributor

github-actions bot commented Jul 6, 2023

Thanks for submitting this pull request 🎉. The team will review it soon and get back to you.

If you haven't already, please take a moment to review our project contributing guideline and Code of Conduct document.

@infraq infraq added this to In Progress in Kanister Jul 6, 2023
@PrasadG193
Copy link
Contributor

@r4rajat could you please add a test plan? Against which objectstore have you tested these changes?

@r4rajat
Copy link
Contributor Author

r4rajat commented Jul 6, 2023
edited

@r4rajat could you please add a test plan? Against which objectstore have you tested these changes?

@PrasadG193 , these changes would be used for

  • Integration Tests for Kopia Repository Server Based Blueprints
  • Updated kando command line code

kale-amruta
kale-amruta reviewed Jul 6, 2023
View reviewed changes
pkg/secrets/secrets.go Outdated
@@ -60,6 +60,8 @@ func getLocationSecret(secret *corev1.Secret) (reposerver.Secret, error) {
switch reposerver.LocType(string(locationType)) {
case reposerver.LocTypeS3:
return reposerver.NewAWSLocation(secret), nil
case reposerver.LocTypes3Compliant:
return reposerver.NewAWSLocation(secret), nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

endpoint is compulsory for S3Compliant but not S3, hence we may need to add validation for endpont key for LocTypeS3Compliant under pkg/secrets.
You can refer to #1940 PR to see how to add validation

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added !

r4rajat and others added 7 commits July 6, 2023 18:04
@r4rajat
Add Test for s3Compliant storage args
7a8c166 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat
Add Validation for s3Compliant Location
c15d65d 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat
Format Imports
0d59bca 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat
Merge branch 'master' into add-s3compliant-location-ype-for-kopia-rep…
a397ad0 
…ository
@r4rajat
Merge branch 'master' into add-s3compliant-location-ype-for-kopia-rep…
fbaafe8 
…ository
@r4rajat
Add Bucket Validation
346a438 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat
Add Tests for S3 Compliant Secrets Validation
111fd02 
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@r4rajat r4rajat requested a review from kale-amruta July 7, 2023 08:54
PrasadG193
PrasadG193 approved these changes Jul 7, 2023
View reviewed changes
Copy link
Contributor

@PrasadG193 PrasadG193 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Kanister automation moved this from In Progress to Reviewer approved Jul 7, 2023
@r4rajat r4rajat added the kueue label Jul 7, 2023
@mergify mergify bot merged commit e1bcb16 into master Jul 7, 2023
14 checks passed
Kanister automation moved this from Reviewer approved to Done Jul 7, 2023
@mergify mergify bot deleted the add-s3compliant-location-ype-for-kopia-repository branch July 7, 2023 19:07
kale-amruta pushed a commit that referenced this pull request Jul 11, 2023
@r4rajat @kale-amruta
Add Type S3Compliant to Kopia Repository Storage Args (#2159)
a8f9a9e 
* Add S3Compliant to Storage Args

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Test for s3Compliant storage args

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Validation for s3Compliant Location

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Format Imports

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Bucket Validation

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Tests for S3 Compliant Secrets Validation

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

---------

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
mellon-collie pushed a commit that referenced this pull request Jul 20, 2023
@r4rajat @mellon-collie
Add Type S3Compliant to Kopia Repository Storage Args (#2159)
eb29fa8 
* Add S3Compliant to Storage Args

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Test for s3Compliant storage args

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Validation for s3Compliant Location

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Format Imports

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Bucket Validation

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

* Add Tests for S3 Compliant Secrets Validation

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>

---------

Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PrasadG193 PrasadG193 PrasadG193 approved these changes

@ankitjain235 ankitjain235 Awaiting requested review from ankitjain235

@kale-amruta kale-amruta Awaiting requested review from kale-amruta

Assignees

@PrasadG193 PrasadG193

Labels
kueue
Projects
Kanister
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@r4rajat @PrasadG193 @kale-amruta