From 46edd86722b11ef31fba773c44f4cf8423ab5346 Mon Sep 17 00:00:00 2001 From: eunames Date: Mon, 1 Apr 2024 17:45:59 +0300 Subject: [PATCH] add insecure flag in the backend CDR --- api/v1/backend.go | 17 +++++++++-------- .../v1/k8up.io_archives.yaml | 2 ++ .../v1/k8up.io_backups.yaml | 2 ++ .../apiextensions.k8s.io/v1/k8up.io_checks.yaml | 2 ++ .../apiextensions.k8s.io/v1/k8up.io_prunes.yaml | 2 ++ .../v1/k8up.io_restores.yaml | 2 ++ .../v1/k8up.io_schedules.yaml | 12 ++++++++++++ operator/archivecontroller/executor.go | 7 +++++++ operator/backupcontroller/executor.go | 7 +++++++ operator/checkcontroller/executor.go | 7 +++++++ operator/prunecontroller/executor.go | 7 +++++++ operator/restorecontroller/executor.go | 9 +++++++++ 12 files changed, 68 insertions(+), 8 deletions(-) diff --git a/api/v1/backend.go b/api/v1/backend.go index 7afdf6034..956886992 100644 --- a/api/v1/backend.go +++ b/api/v1/backend.go @@ -17,14 +17,15 @@ type ( // RepoPasswordSecretRef references a secret key to look up the restic repository password RepoPasswordSecretRef *corev1.SecretKeySelector `json:"repoPasswordSecretRef,omitempty"` // EnvFrom adds all environment variables from a an external source to the Restic job. - EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"` - Local *LocalSpec `json:"local,omitempty"` - S3 *S3Spec `json:"s3,omitempty"` - GCS *GCSSpec `json:"gcs,omitempty"` - Azure *AzureSpec `json:"azure,omitempty"` - Swift *SwiftSpec `json:"swift,omitempty"` - B2 *B2Spec `json:"b2,omitempty"` - Rest *RestServerSpec `json:"rest,omitempty"` + EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"` + Local *LocalSpec `json:"local,omitempty"` + S3 *S3Spec `json:"s3,omitempty"` + GCS *GCSSpec `json:"gcs,omitempty"` + Azure *AzureSpec `json:"azure,omitempty"` + Swift *SwiftSpec `json:"swift,omitempty"` + B2 *B2Spec `json:"b2,omitempty"` + Rest *RestServerSpec `json:"rest,omitempty"` + InsecureTLS bool `json:"insecureTLS,omitempty"` } // +k8s:deepcopy-gen=false diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_archives.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_archives.yaml index 007a6cb3f..f3311f4e0 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_archives.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_archives.yaml @@ -247,6 +247,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_backups.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_backups.yaml index 1fcddb7c4..98db6bed0 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_backups.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_backups.yaml @@ -254,6 +254,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_checks.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_checks.yaml index afc226fa2..11270ec94 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_checks.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_checks.yaml @@ -249,6 +249,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_prunes.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_prunes.yaml index 318a94b15..4929305ef 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_prunes.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_prunes.yaml @@ -249,6 +249,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_restores.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_restores.yaml index 7431ea3b6..6cd8405f4 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_restores.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_restores.yaml @@ -249,6 +249,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/config/crd/apiextensions.k8s.io/v1/k8up.io_schedules.yaml b/config/crd/apiextensions.k8s.io/v1/k8up.io_schedules.yaml index 6e915dd40..5c26fbfe2 100644 --- a/config/crd/apiextensions.k8s.io/v1/k8up.io_schedules.yaml +++ b/config/crd/apiextensions.k8s.io/v1/k8up.io_schedules.yaml @@ -240,6 +240,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: @@ -897,6 +899,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: @@ -1229,6 +1233,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: @@ -1832,6 +1838,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: @@ -2610,6 +2618,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: @@ -3287,6 +3297,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object + insecureTLS: + type: boolean local: properties: mountPath: diff --git a/operator/archivecontroller/executor.go b/operator/archivecontroller/executor.go index 34b20e5e2..6ae841aca 100644 --- a/operator/archivecontroller/executor.go +++ b/operator/archivecontroller/executor.go @@ -48,6 +48,13 @@ func (a *ArchiveExecutor) Execute(ctx context.Context) error { return mutateErr } + if archive.Spec.Backend.InsecureTLS { + batchJob.Spec.Template.Spec.Containers[0].Env = append(batchJob.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ + Name: "SET_INSECURE_TLS_FLAG", + Value: "true", + }) + } + batchJob.Spec.Template.Spec.Containers[0].Env = a.setupEnvVars(ctx, archive) archive.Spec.AppendEnvFromToContainer(&batchJob.Spec.Template.Spec.Containers[0]) batchJob.Spec.Template.Spec.Containers[0].Args = a.setupArgs(archive) diff --git a/operator/backupcontroller/executor.go b/operator/backupcontroller/executor.go index 32456029f..58e4a7d05 100644 --- a/operator/backupcontroller/executor.go +++ b/operator/backupcontroller/executor.go @@ -269,6 +269,13 @@ func (b *BackupExecutor) startBackup(ctx context.Context) error { batchJob.job.Spec.Template.Spec.Volumes = batchJob.volumes batchJob.job.Spec.Template.Spec.Containers[0].VolumeMounts = b.newVolumeMounts(batchJob.job.Spec.Template.Spec.Volumes) + if b.backup.Spec.Backend.InsecureTLS { + batchJob.job.Spec.Template.Spec.Containers[0].Env = append(batchJob.job.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ + Name: "SET_INSECURE_TLS_FLAG", + Value: "true", + }) + } + index++ return nil }) diff --git a/operator/checkcontroller/executor.go b/operator/checkcontroller/executor.go index 58b9e95cb..0718df58e 100644 --- a/operator/checkcontroller/executor.go +++ b/operator/checkcontroller/executor.go @@ -49,6 +49,13 @@ func (c *CheckExecutor) Execute(ctx context.Context) error { return mutateErr } + if c.check.Spec.Backend.InsecureTLS { + batchJob.Spec.Template.Spec.Containers[0].Env = append(batchJob.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ + Name: "SET_INSECURE_TLS_FLAG", + Value: "true", + }) + } + batchJob.Spec.Template.Spec.Containers[0].Env = c.setupEnvVars(ctx) c.check.Spec.AppendEnvFromToContainer(&batchJob.Spec.Template.Spec.Containers[0]) batchJob.Spec.Template.Spec.Containers[0].Args = []string{"-check"} diff --git a/operator/prunecontroller/executor.go b/operator/prunecontroller/executor.go index ceef68ff9..1bff29969 100644 --- a/operator/prunecontroller/executor.go +++ b/operator/prunecontroller/executor.go @@ -42,6 +42,13 @@ func (p *PruneExecutor) Execute(ctx context.Context) error { return mutateErr } + if p.prune.Spec.Backend.InsecureTLS { + batchJob.Spec.Template.Spec.Containers[0].Env = append(batchJob.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ + Name: "SET_INSECURE_TLS_FLAG", + Value: "true", + }) + } + batchJob.Spec.Template.Spec.Containers[0].Env = p.setupEnvVars(ctx, p.prune) batchJob.Spec.Template.Spec.ServiceAccountName = cfg.Config.ServiceAccount p.prune.Spec.AppendEnvFromToContainer(&batchJob.Spec.Template.Spec.Containers[0]) diff --git a/operator/restorecontroller/executor.go b/operator/restorecontroller/executor.go index ecfb0677f..d03aca49a 100644 --- a/operator/restorecontroller/executor.go +++ b/operator/restorecontroller/executor.go @@ -20,6 +20,7 @@ const restorePath = "/restore" type RestoreExecutor struct { executor.Generic + restore *k8upv1.Restore } // NewRestoreExecutor will return a new executor for Restore jobs. @@ -67,6 +68,14 @@ func (r *RestoreExecutor) createRestoreObject(ctx context.Context, restore *k8up if mutateErr != nil { return mutateErr } + + if r.restore.Spec.Backend.InsecureTLS { + batchJob.Spec.Template.Spec.Containers[0].Env = append(batchJob.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ + Name: "SET_INSECURE_TLS_FLAG", + Value: "true", + }) + } + batchJob.Labels[job.K8upExclusive] = "true" batchJob.Spec.Template.Spec.Containers[0].Env = r.setupEnvVars(ctx, restore) restore.Spec.AppendEnvFromToContainer(&batchJob.Spec.Template.Spec.Containers[0])