Merge pull request #7609 from blackpiglet/merge_csi

Merge CSI plugin code.
vmware-tanzu · Apr 11, 2024 · 6ef3836 · 6ef3836
2 parents bbb5d7d + 8df4e6a
commit 6ef3836
Show file tree

Hide file tree

Showing 71 changed files with 6,563 additions and 186 deletions.
diff --git a/changelogs/unreleased/7609-blackpiglet b/changelogs/unreleased/7609-blackpiglet
@@ -0,0 +1 @@
+Merge CSI plugin code into Velero.
diff --git a/internal/delete/actions/csi/volumesnapshot_action.go b/internal/delete/actions/csi/volumesnapshot_action.go
@@ -0,0 +1,120 @@
+/*
+Copyright the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package csi
+
+import (
+ "context"
+ "fmt"
+
+ snapshotv1api "github.com/kubernetes-csi/external-snapshotter/client/v7/apis/volumesnapshot/v1"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/runtime"
+ crclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+ "github.com/vmware-tanzu/velero/pkg/client"
+ plugincommon "github.com/vmware-tanzu/velero/pkg/plugin/framework/common"
+ "github.com/vmware-tanzu/velero/pkg/plugin/velero"
+ "github.com/vmware-tanzu/velero/pkg/util/csi"
+ kubeutil "github.com/vmware-tanzu/velero/pkg/util/kube"
+)
+
+// volumeSnapshotDeleteItemAction is a backup item action plugin for Velero.
+type volumeSnapshotDeleteItemAction struct {
+ log logrus.FieldLogger
+ crClient crclient.Client
+}
+
+// AppliesTo returns information indicating that the
+// VolumeSnapshotBackupItemAction should be invoked to backup
+// VolumeSnapshots.
+func (p *volumeSnapshotDeleteItemAction) AppliesTo() (velero.ResourceSelector, error) {
+ p.log.Debug("VolumeSnapshotBackupItemAction AppliesTo")
+
+ return velero.ResourceSelector{
+ IncludedResources: []string{"volumesnapshots.snapshot.storage.k8s.io"},
+ }, nil
+}
+
+func (p *volumeSnapshotDeleteItemAction) Execute(
+ input *velero.DeleteItemActionExecuteInput,
+) error {
+ p.log.Info("Starting VolumeSnapshotDeleteItemAction for volumeSnapshot")
+
+ var vs snapshotv1api.VolumeSnapshot
+
+ if err := runtime.DefaultUnstructuredConverter.FromUnstructured(
+ input.Item.UnstructuredContent(),
+ &vs,
+ ); err != nil {
+ return errors.Wrapf(err, "failed to convert input.Item from unstructured")
+ }
+
+ // We don't want this DeleteItemAction plugin to delete VolumeSnapshot
+ // taken outside of Velero. So skip deleting VolumeSnapshot objects
+ // that were not created in the process of creating the Velero
+ // backup being deleted.
+ if !kubeutil.HasBackupLabel(&vs.ObjectMeta, input.Backup.Name) {
+ p.log.Info(
+ "VolumeSnapshot %s/%s was not taken by backup %s, skipping deletion",
+ vs.Namespace, vs.Name, input.Backup.Name,
+ )
+ return nil
+ }
+
+ p.log.Infof("Deleting VolumeSnapshot %s/%s", vs.Namespace, vs.Name)
+ if vs.Status != nil && vs.Status.BoundVolumeSnapshotContentName != nil {
+ // we patch the DeletionPolicy of the VolumeSnapshotContent
+ // to set it to Delete. This ensures that the volume snapshot
+ // in the storage provider is also deleted.
+ err := csi.SetVolumeSnapshotContentDeletionPolicy(
+ *vs.Status.BoundVolumeSnapshotContentName,
+ p.crClient,
+ )
+ if err != nil && !apierrors.IsNotFound(err) {
+ return errors.Wrapf(
+ err,
+ fmt.Sprintf("failed to patch DeletionPolicy of volume snapshot %s/%s",
+ vs.Namespace, vs.Name),
+ )
+ }
+
+ if apierrors.IsNotFound(err) {
+ return nil
+ }
+ }
+ err := p.crClient.Delete(context.TODO(), &vs)
+ if err != nil && !apierrors.IsNotFound(err) {
+ return err
+ }
+ return nil
+}
+
+func NewVolumeSnapshotDeleteItemAction(f client.Factory) plugincommon.HandlerInitializer {
+ return func(logger logrus.FieldLogger) (interface{}, error) {
+ crClient, err := f.KubebuilderClient()
+ if err != nil {
+ return nil, errors.WithStack(err)
+ }
+
+ return &volumeSnapshotDeleteItemAction{
+ log: logger,
+ crClient: crClient,
+ }, nil
+ }
+}
diff --git a/internal/delete/actions/csi/volumesnapshotcontent_action.go b/internal/delete/actions/csi/volumesnapshotcontent_action.go
@@ -0,0 +1,126 @@
+/*
+Copyright the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package csi
+
+import (
+ "context"
+ "fmt"
+
+ snapshotv1api "github.com/kubernetes-csi/external-snapshotter/client/v7/apis/volumesnapshot/v1"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/runtime"
+ crclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+ "github.com/vmware-tanzu/velero/pkg/client"
+ plugincommon "github.com/vmware-tanzu/velero/pkg/plugin/framework/common"
+ "github.com/vmware-tanzu/velero/pkg/plugin/velero"
+ "github.com/vmware-tanzu/velero/pkg/util/csi"
+ kubeutil "github.com/vmware-tanzu/velero/pkg/util/kube"
+)
+
+// volumeSnapshotContentDeleteItemAction is a restore item action plugin for Velero
+type volumeSnapshotContentDeleteItemAction struct {
+ log logrus.FieldLogger
+ crClient crclient.Client
+}
+
+// AppliesTo returns information indicating
+// VolumeSnapshotContentRestoreItemAction action should be invoked
+// while restoring VolumeSnapshotContent.snapshot.storage.k8s.io resources
+func (p *volumeSnapshotContentDeleteItemAction) AppliesTo() (velero.ResourceSelector, error) {
+ return velero.ResourceSelector{
+ IncludedResources: []string{"volumesnapshotcontent.snapshot.storage.k8s.io"},
+ }, nil
+}
+
+func (p *volumeSnapshotContentDeleteItemAction) Execute(
+ input *velero.DeleteItemActionExecuteInput,
+) error {
+ p.log.Info("Starting VolumeSnapshotContentDeleteItemAction")
+
+ var snapCont snapshotv1api.VolumeSnapshotContent
+ if err := runtime.DefaultUnstructuredConverter.FromUnstructured(
+ input.Item.UnstructuredContent(),
+ &snapCont,
+ ); err != nil {
+ return errors.Wrapf(err, "failed to convert VolumeSnapshotContent from unstructured")
+ }
+
+ // We don't want this DeleteItemAction plugin to delete
+ // VolumeSnapshotContent taken outside of Velero.
+ // So skip deleting VolumeSnapshotContent not have the backup name
+ // in its labels.
+ if !kubeutil.HasBackupLabel(&snapCont.ObjectMeta, input.Backup.Name) {
+ p.log.Info(
+ "VolumeSnapshotContent %s was not taken by backup %s, skipping deletion",
+ snapCont.Name,
+ input.Backup.Name,
+ )
+ return nil
+ }
+
+ p.log.Infof("Deleting VolumeSnapshotContent %s", snapCont.Name)
+
+ if err := csi.SetVolumeSnapshotContentDeletionPolicy(
+ snapCont.Name,
+ p.crClient,
+ ); err != nil {
+ // #4764: Leave a warning when VolumeSnapshotContent cannot be found for deletion.
+ // Manual deleting VolumeSnapshotContent can cause this.
+ // It's tricky for Velero to handle this inconsistency.
+ // Even if Velero restores the VolumeSnapshotContent, CSI snapshot controller
+ // may not delete it correctly due to the snapshot represented by VolumeSnapshotContent
+ // already deleted on cloud provider.
+ if apierrors.IsNotFound(err) {
+ p.log.Warnf(
+ "VolumeSnapshotContent %s of backup %s cannot be found. May leave orphan snapshot %s on cloud provider.",
+ snapCont.Name, input.Backup.Name, *snapCont.Status.SnapshotHandle)
+ return nil
+ }
+ return errors.Wrapf(err, fmt.Sprintf(
+ "failed to set DeletionPolicy on volumesnapshotcontent %s. Skipping deletion",
+ snapCont.Name))
+ }
+
+ if err := p.crClient.Delete(
+ context.TODO(),
+ &snapCont,
+ ); err != nil && !apierrors.IsNotFound(err) {
+ p.log.Infof("VolumeSnapshotContent %s not found", snapCont.Name)
+ return err
+ }
+
+ return nil
+}
+
+func NewVolumeSnapshotContentDeleteItemAction(
+ f client.Factory,
+) plugincommon.HandlerInitializer {
+ return func(logger logrus.FieldLogger) (interface{}, error) {
+ crClient, err := f.KubebuilderClient()
+ if err != nil {
+ return nil, err
+ }
+
+ return &volumeSnapshotContentDeleteItemAction{
+ log: logger,
+ crClient: crClient,
+ }, nil
+ }
+}
diff --git a/pkg/apis/velero/v1/labels_annotations.go b/pkg/apis/velero/v1/labels_annotations.go
@@ -97,6 +97,10 @@ const (
  // VolumesToExcludeAnnotation is the annotation on a pod whose mounted volumes
  // should be excluded from pod volume backup.
  VolumesToExcludeAnnotation = "backup.velero.io/backup-volumes-excludes"
+
+ // ExcludeFromBackupLabel is the label to exclude k8s resource from backup,
+ // even if the resource contains a matching selector label.
+ ExcludeFromBackupLabel = "velero.io/exclude-from-backup"
 )
 
 type AsyncOperationIDPrefix string
@@ -111,3 +115,39 @@ type VeleroResourceUsage string
 const (
  VeleroResourceUsageDataUploadResult VeleroResourceUsage = "DataUpload"
 )
+
+// CSI related plugin actions' constant variable
+const (
+ VolumeSnapshotLabel = "velero.io/volume-snapshot-name"
+ VolumeSnapshotHandleAnnotation = "velero.io/csi-volumesnapshot-handle"
+ VolumeSnapshotRestoreSize = "velero.io/csi-volumesnapshot-restore-size"
+ DriverNameAnnotation = "velero.io/csi-driver-name"
+ DeleteSecretNameAnnotation = "velero.io/csi-deletesnapshotsecret-name" // #nosec G101
+ DeleteSecretNamespaceAnnotation = "velero.io/csi-deletesnapshotsecret-namespace" // #nosec G101
+ VSCDeletionPolicyAnnotation = "velero.io/csi-vsc-deletion-policy"
+ VolumeSnapshotClassSelectorLabel = "velero.io/csi-volumesnapshot-class"
+ VolumeSnapshotClassDriverBackupAnnotationPrefix = "velero.io/csi-volumesnapshot-class"
+ VolumeSnapshotClassDriverPVCAnnotation = "velero.io/csi-volumesnapshot-class"
+
+ // There is no release w/ these constants exported. Using the strings for now.
+ // CSI Annotation volumesnapshotclass
+ // https://github.com/kubernetes-csi/external-snapshotter/blob/master/pkg/utils/util.go#L59-L60
+ PrefixedListSecretNameAnnotation = "csi.storage.k8s.io/snapshotter-list-secret-name" // #nosec G101
+ PrefixedListSecretNamespaceAnnotation = "csi.storage.k8s.io/snapshotter-list-secret-namespace" // #nosec G101
+
+ // CSI Annotation volumesnapshotcontents
+ PrefixedSecretNameAnnotation = "csi.storage.k8s.io/snapshotter-secret-name" // #nosec G101
+ PrefixedSecretNamespaceAnnotation = "csi.storage.k8s.io/snapshotter-secret-namespace" // #nosec G101
+
+ // Velero checks this annotation to determine whether to skip resource excluding check.
+ MustIncludeAdditionalItemAnnotation = "backup.velero.io/must-include-additional-items"
+ // SkippedNoCSIPVAnnotation - Velero checks this annotation on processed PVC to
+ // find out if the snapshot was skipped b/c the PV is not provisioned via CSI
+ SkippedNoCSIPVAnnotation = "backup.velero.io/skipped-no-csi-pv"
+
+ // DynamicPVRestoreLabel is the label key for dynamic PV restore
+ DynamicPVRestoreLabel = "velero.io/dynamic-pv-restore"
+
+ // DataUploadNameAnnotation is the label key for the DataUpload name
+ DataUploadNameAnnotation = "velero.io/data-upload-name"
+)