Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Parameter *insecureTLS* for kanister functions using restic #2589

Merged
Merged
Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docker/kanister-mongodb-replicaset/image/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ ADD . /kanister

RUN /kanister/install.sh && rm -rf /kanister && rm -rf /tmp && mkdir /tmp

COPY --from=restic/restic:0.11.0 /usr/bin/restic /usr/local/bin/restic
COPY --from=restic/restic:0.16.2 /usr/bin/restic /usr/local/bin/restic

CMD ["tail", "-f", "/dev/null"]
15 changes: 11 additions & 4 deletions pkg/function/backup_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@ const (
BackupDataOutputBackupSize = "size"
// BackupDataOutputBackupPhysicalSize is the key used for returning physical size taken by the snapshot
BackupDataOutputBackupPhysicalSize = "phySize"
// InsecureTLS is the key name which provides an option to a user to disable tls
InsecureTLS = "insecureTLS"
PrasadG193 marked this conversation as resolved.
Show resolved Hide resolved
)

func init() {
Expand All @@ -83,6 +85,7 @@ func (b *backupDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args

var namespace, pod, container, includePath, backupArtifactPrefix, encryptionKey string
var err error
var insecureTLS bool
if err = Arg(args, BackupDataNamespaceArg, &namespace); err != nil {
return nil, err
}
Expand All @@ -101,6 +104,9 @@ func (b *backupDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args
if err = OptArg(args, BackupDataEncryptionKeyArg, &encryptionKey, restic.GeneratePassword()); err != nil {
return nil, err
}
if err = OptArg(args, InsecureTLS, &insecureTLS, false); err != nil {
return nil, err
}

if err = ValidateProfile(tp.Profile); err != nil {
return nil, errors.Wrapf(err, "Failed to validate Profile")
Expand All @@ -114,7 +120,7 @@ func (b *backupDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args
}
ctx = field.Context(ctx, consts.PodNameKey, pod)
ctx = field.Context(ctx, consts.ContainerNameKey, container)
backupOutputs, err := backupData(ctx, cli, namespace, pod, container, backupArtifactPrefix, includePath, encryptionKey, tp)
backupOutputs, err := backupData(ctx, cli, namespace, pod, container, backupArtifactPrefix, includePath, encryptionKey, insecureTLS, tp)
if err != nil {
return nil, errors.Wrapf(err, "Failed to backup data")
}
Expand Down Expand Up @@ -147,6 +153,7 @@ func (*backupDataFunc) Arguments() []string {
BackupDataIncludePathArg,
BackupDataBackupArtifactPrefixArg,
BackupDataEncryptionKeyArg,
InsecureTLS,
}
}

Expand All @@ -158,19 +165,19 @@ type backupDataParsedOutput struct {
phySize string
}

func backupData(ctx context.Context, cli kubernetes.Interface, namespace, pod, container, backupArtifactPrefix, includePath, encryptionKey string, tp param.TemplateParams) (backupDataParsedOutput, error) {
func backupData(ctx context.Context, cli kubernetes.Interface, namespace, pod, container, backupArtifactPrefix, includePath, encryptionKey string, insecureTLS bool, tp param.TemplateParams) (backupDataParsedOutput, error) {
pw, err := GetPodWriter(cli, ctx, namespace, pod, container, tp.Profile)
if err != nil {
return backupDataParsedOutput{}, err
}
defer CleanUpCredsFile(ctx, pw, namespace, pod, container)
if err = restic.GetOrCreateRepository(cli, namespace, pod, container, backupArtifactPrefix, encryptionKey, tp.Profile); err != nil {
if err = restic.GetOrCreateRepository(cli, namespace, pod, container, backupArtifactPrefix, encryptionKey, insecureTLS, tp.Profile); err != nil {
return backupDataParsedOutput{}, err
}

// Create backup and dump it on the object store
backupTag := rand.String(10)
cmd, err := restic.BackupCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, includePath, encryptionKey)
cmd, err := restic.BackupCommandByTag(tp.Profile, backupArtifactPrefix, backupTag, includePath, encryptionKey, insecureTLS)
if err != nil {
return backupDataParsedOutput{}, err
}
Expand Down
12 changes: 9 additions & 3 deletions pkg/function/backup_data_all.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ func (b *backupDataAllFunc) Exec(ctx context.Context, tp param.TemplateParams, a

var namespace, pods, container, includePath, backupArtifactPrefix, encryptionKey string
var err error
var insecureTLS bool
if err = Arg(args, BackupDataAllNamespaceArg, &namespace); err != nil {
return nil, err
}
Expand All @@ -99,6 +100,9 @@ func (b *backupDataAllFunc) Exec(ctx context.Context, tp param.TemplateParams, a
if err = OptArg(args, BackupDataAllEncryptionKeyArg, &encryptionKey, restic.GeneratePassword()); err != nil {
return nil, err
}
if err = OptArg(args, InsecureTLS, &insecureTLS, false); err != nil {
return nil, err
}

if err = ValidateProfile(tp.Profile); err != nil {
return nil, errors.Wrapf(err, "Failed to validate Profile")
Expand All @@ -124,7 +128,7 @@ func (b *backupDataAllFunc) Exec(ctx context.Context, tp param.TemplateParams, a
ps = strings.Fields(pods)
}
ctx = field.Context(ctx, consts.ContainerNameKey, container)
return backupDataAll(ctx, cli, namespace, ps, container, backupArtifactPrefix, includePath, encryptionKey, tp)
return backupDataAll(ctx, cli, namespace, ps, container, backupArtifactPrefix, includePath, encryptionKey, insecureTLS, tp)
}

func (*backupDataAllFunc) RequiredArgs() []string {
Expand All @@ -144,18 +148,20 @@ func (*backupDataAllFunc) Arguments() []string {
BackupDataAllBackupArtifactPrefixArg,
BackupDataAllPodsArg,
BackupDataAllEncryptionKeyArg,
InsecureTLS,
}
}

func backupDataAll(ctx context.Context, cli kubernetes.Interface, namespace string, ps []string, container string, backupArtifactPrefix, includePath, encryptionKey string, tp param.TemplateParams) (map[string]interface{}, error) {
func backupDataAll(ctx context.Context, cli kubernetes.Interface, namespace string, ps []string, container string, backupArtifactPrefix, includePath, encryptionKey string,
insecureTLS bool, tp param.TemplateParams) (map[string]interface{}, error) {
errChan := make(chan error, len(ps))
outChan := make(chan BackupInfo, len(ps))
Output := make(map[string]BackupInfo)
// Run the command
for _, pod := range ps {
go func(pod string, container string) {
ctx = field.Context(ctx, consts.PodNameKey, pod)
backupOutputs, err := backupData(ctx, cli, namespace, pod, container, fmt.Sprintf("%s/%s", backupArtifactPrefix, pod), includePath, encryptionKey, tp)
backupOutputs, err := backupData(ctx, cli, namespace, pod, container, fmt.Sprintf("%s/%s", backupArtifactPrefix, pod), includePath, encryptionKey, insecureTLS, tp)
errChan <- errors.Wrapf(err, "Failed to backup data for pod %s", pod)
outChan <- BackupInfo{PodName: pod, BackupID: backupOutputs.backupID, BackupTag: backupOutputs.backupTag}
}(pod, container)
Expand Down
14 changes: 11 additions & 3 deletions pkg/function/checkRepository.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func (*CheckRepositoryFunc) Name() string {
return CheckRepositoryFuncName
}

func CheckRepository(ctx context.Context, cli kubernetes.Interface, tp param.TemplateParams, encryptionKey, targetPaths, jobPrefix string, podOverride crv1alpha1.JSONMap) (map[string]interface{}, error) {
func CheckRepository(ctx context.Context, cli kubernetes.Interface, tp param.TemplateParams, encryptionKey, targetPaths, jobPrefix string, insecureTLS bool, podOverride crv1alpha1.JSONMap) (map[string]interface{}, error) {
namespace, err := kube.GetControllerNamespace()
if err != nil {
return nil, errors.Wrapf(err, "Failed to get controller namespace")
Expand All @@ -59,7 +59,7 @@ func CheckRepository(ctx context.Context, cli kubernetes.Interface, tp param.Tem
PodOverride: podOverride,
}
pr := kube.NewPodRunner(cli, options)
podFunc := CheckRepositoryPodFunc(cli, tp, encryptionKey, targetPaths)
podFunc := CheckRepositoryPodFunc(cli, tp, encryptionKey, targetPaths, insecureTLS)
return pr.Run(ctx, podFunc)
}

Expand All @@ -68,6 +68,7 @@ func CheckRepositoryPodFunc(
tp param.TemplateParams,
encryptionKey,
targetPath string,
insecureTLS bool,
) func(ctx context.Context, pc kube.PodController) (map[string]interface{}, error) {
return func(ctx context.Context, pc kube.PodController) (map[string]interface{}, error) {
pod := pc.Pod()
Expand All @@ -89,6 +90,7 @@ func CheckRepositoryPodFunc(
tp.Profile,
targetPath,
encryptionKey,
insecureTLS,
cli,
pod.Namespace,
pod.Name,
Expand Down Expand Up @@ -126,12 +128,17 @@ func (c *CheckRepositoryFunc) Exec(ctx context.Context, tp param.TemplateParams,
defer func() { c.progressPercent = progress.CompletedPercent }()

var checkRepositoryArtifactPrefix, encryptionKey string
var insecureTLS bool
if err := Arg(args, CheckRepositoryArtifactPrefixArg, &checkRepositoryArtifactPrefix); err != nil {
return nil, err
}
if err := OptArg(args, CheckRepositoryEncryptionKeyArg, &encryptionKey, restic.GeneratePassword()); err != nil {
return nil, err
}
if err := OptArg(args, InsecureTLS, &insecureTLS, false); err != nil {
return nil, err
}

podOverride, err := GetPodSpecOverride(tp, args, CheckRepositoryPodOverrideArg)
if err != nil {
return nil, err
Expand All @@ -147,7 +154,7 @@ func (c *CheckRepositoryFunc) Exec(ctx context.Context, tp param.TemplateParams,
if err != nil {
return nil, errors.Wrapf(err, "Failed to create Kubernetes client")
}
return CheckRepository(ctx, cli, tp, encryptionKey, checkRepositoryArtifactPrefix, CheckRepositoryJobPrefix, podOverride)
return CheckRepository(ctx, cli, tp, encryptionKey, checkRepositoryArtifactPrefix, CheckRepositoryJobPrefix, insecureTLS, podOverride)
}

func (*CheckRepositoryFunc) RequiredArgs() []string {
Expand All @@ -158,6 +165,7 @@ func (*CheckRepositoryFunc) Arguments() []string {
return []string{
CheckRepositoryArtifactPrefixArg,
CheckRepositoryEncryptionKeyArg,
InsecureTLS,
}
}
func (c *CheckRepositoryFunc) ExecutionProgress() (crv1alpha1.PhaseProgress, error) {
Expand Down
14 changes: 11 additions & 3 deletions pkg/function/copy_volume_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ func copyVolumeData(
pvcName,
targetPath,
encryptionKey string,
insecureTLS bool,
podOverride map[string]interface{},
) (map[string]interface{}, error) {
// Validate PVC exists
Expand All @@ -99,7 +100,7 @@ func copyVolumeData(
PodOverride: podOverride,
}
pr := kube.NewPodRunner(cli, options)
podFunc := copyVolumeDataPodFunc(cli, tp, mountPoint, targetPath, encryptionKey)
podFunc := copyVolumeDataPodFunc(cli, tp, mountPoint, targetPath, encryptionKey, insecureTLS)
return pr.Run(ctx, podFunc)
}

Expand All @@ -109,6 +110,7 @@ func copyVolumeDataPodFunc(
mountPoint,
targetPath,
encryptionKey string,
insecureTLS bool,
) func(ctx context.Context, pc kube.PodController) (map[string]interface{}, error) {
return func(ctx context.Context, pc kube.PodController) (map[string]interface{}, error) {
// Wait for pod to reach running state
Expand All @@ -133,13 +135,14 @@ func copyVolumeDataPodFunc(
pod.Spec.Containers[0].Name,
targetPath,
encryptionKey,
insecureTLS,
tp.Profile,
); err != nil {
return nil, err
}
// Copy data to object store
backupTag := rand.String(10)
cmd, err := restic.BackupCommandByTag(tp.Profile, targetPath, backupTag, mountPoint, encryptionKey)
cmd, err := restic.BackupCommandByTag(tp.Profile, targetPath, backupTag, mountPoint, encryptionKey, insecureTLS)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -184,6 +187,7 @@ func (c *copyVolumeDataFunc) Exec(ctx context.Context, tp param.TemplateParams,

var namespace, vol, targetPath, encryptionKey string
var err error
var insecureTLS bool
if err = Arg(args, CopyVolumeDataNamespaceArg, &namespace); err != nil {
return nil, err
}
Expand All @@ -196,6 +200,9 @@ func (c *copyVolumeDataFunc) Exec(ctx context.Context, tp param.TemplateParams,
if err = OptArg(args, CopyVolumeDataEncryptionKeyArg, &encryptionKey, restic.GeneratePassword()); err != nil {
return nil, err
}
if err = OptArg(args, InsecureTLS, &insecureTLS, false); err != nil {
return nil, err
}
podOverride, err := GetPodSpecOverride(tp, args, CopyVolumeDataPodOverrideArg)
if err != nil {
return nil, err
Expand All @@ -211,7 +218,7 @@ func (c *copyVolumeDataFunc) Exec(ctx context.Context, tp param.TemplateParams,
if err != nil {
return nil, errors.Wrapf(err, "Failed to create Kubernetes client")
}
return copyVolumeData(ctx, cli, tp, namespace, vol, targetPath, encryptionKey, podOverride)
return copyVolumeData(ctx, cli, tp, namespace, vol, targetPath, encryptionKey, insecureTLS, podOverride)
}

func (*copyVolumeDataFunc) RequiredArgs() []string {
Expand All @@ -228,6 +235,7 @@ func (*copyVolumeDataFunc) Arguments() []string {
CopyVolumeDataVolumeArg,
CopyVolumeDataArtifactPrefixArg,
CopyVolumeDataEncryptionKeyArg,
InsecureTLS,
}
}

Expand Down
20 changes: 14 additions & 6 deletions pkg/function/delete_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ func deleteData(
reclaimSpace bool,
namespace,
encryptionKey string,
insecureTLS bool,
targetPaths,
deleteTags,
deleteIdentifiers []string,
Expand All @@ -97,7 +98,7 @@ func deleteData(
PodOverride: podOverride,
}
pr := kube.NewPodRunner(cli, options)
podFunc := deleteDataPodFunc(tp, reclaimSpace, encryptionKey, targetPaths, deleteTags, deleteIdentifiers)
podFunc := deleteDataPodFunc(tp, reclaimSpace, encryptionKey, insecureTLS, targetPaths, deleteTags, deleteIdentifiers)
return pr.Run(ctx, podFunc)
}

Expand All @@ -106,6 +107,7 @@ func deleteDataPodFunc(
tp param.TemplateParams,
reclaimSpace bool,
encryptionKey string,
insecureTLS bool,
targetPaths,
deleteTags,
deleteIdentifiers []string,
Expand Down Expand Up @@ -133,7 +135,7 @@ func deleteDataPodFunc(
}

for i, deleteTag := range deleteTags {
cmd, err := restic.SnapshotsCommandByTag(tp.Profile, targetPaths[i], deleteTag, encryptionKey)
cmd, err := restic.SnapshotsCommandByTag(tp.Profile, targetPaths[i], deleteTag, encryptionKey, insecureTLS)
if err != nil {
return nil, err
}
Expand All @@ -153,7 +155,7 @@ func deleteDataPodFunc(
}
var spaceFreedTotal int64
for i, deleteIdentifier := range deleteIdentifiers {
cmd, err := restic.ForgetCommandByID(tp.Profile, targetPaths[i], deleteIdentifier, encryptionKey)
cmd, err := restic.ForgetCommandByID(tp.Profile, targetPaths[i], deleteIdentifier, encryptionKey, insecureTLS)
if err != nil {
return nil, err
}
Expand All @@ -166,7 +168,7 @@ func deleteDataPodFunc(
return nil, errors.Wrapf(err, "Failed to forget data")
}
if reclaimSpace {
spaceFreedStr, err := pruneData(tp, pod, podCommandExecutor, encryptionKey, targetPaths[i])
spaceFreedStr, err := pruneData(tp, pod, podCommandExecutor, encryptionKey, targetPaths[i], insecureTLS)
if err != nil {
return nil, errors.Wrapf(err, "Error executing prune command")
}
Expand All @@ -186,8 +188,9 @@ func pruneData(
podCommandExecutor kube.PodCommandExecutor,
encryptionKey,
targetPath string,
insecureTLS bool,
) (string, error) {
cmd, err := restic.PruneCommand(tp.Profile, targetPath, encryptionKey)
cmd, err := restic.PruneCommand(tp.Profile, targetPath, encryptionKey, insecureTLS)
if err != nil {
return "", err
}
Expand All @@ -209,6 +212,7 @@ func (d *deleteDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args
var namespace, deleteArtifactPrefix, deleteIdentifier, deleteTag, encryptionKey string
var reclaimSpace bool
var err error
var insecureTLS bool
if err = Arg(args, DeleteDataNamespaceArg, &namespace); err != nil {
return nil, err
}
Expand All @@ -227,6 +231,9 @@ func (d *deleteDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args
if err = OptArg(args, DeleteDataReclaimSpace, &reclaimSpace, false); err != nil {
return nil, err
}
if err = OptArg(args, InsecureTLS, &insecureTLS, false); err != nil {
return nil, err
}
podOverride, err := GetPodSpecOverride(tp, args, DeleteDataPodOverrideArg)
if err != nil {
return nil, err
Expand All @@ -242,7 +249,7 @@ func (d *deleteDataFunc) Exec(ctx context.Context, tp param.TemplateParams, args
if err != nil {
return nil, errors.Wrapf(err, "Failed to create Kubernetes client")
}
return deleteData(ctx, cli, tp, reclaimSpace, namespace, encryptionKey, strings.Fields(deleteArtifactPrefix), strings.Fields(deleteTag), strings.Fields(deleteIdentifier), deleteDataJobPrefix, podOverride)
return deleteData(ctx, cli, tp, reclaimSpace, namespace, encryptionKey, insecureTLS, strings.Fields(deleteArtifactPrefix), strings.Fields(deleteTag), strings.Fields(deleteIdentifier), deleteDataJobPrefix, podOverride)
}

func (*deleteDataFunc) RequiredArgs() []string {
Expand All @@ -260,6 +267,7 @@ func (*deleteDataFunc) Arguments() []string {
DeleteDataBackupTagArg,
DeleteDataEncryptionKeyArg,
DeleteDataReclaimSpace,
InsecureTLS,
}
}

Expand Down
Loading