feat: Permit specifying annotations for the BackupPVC

Signed-off-by: Clément Nussbaumer <clement.nussbaumer@postfinance.ch>
2025-12-23 06:15:21 +00:00 · 2025-08-05 16:26:16 +02:00
parent 04fb20676d
commit 248a840918
5 changed files with 23 additions and 7 deletions
--- a/changelogs/unreleased/9173-clementnuss
+++ b/changelogs/unreleased/9173-clementnuss
@@ -0,0 +1 @@
+feat: Permit specifying annotations for the BackupPVC
--- a/pkg/exposer/csi_snapshot.go
+++ b/pkg/exposer/csi_snapshot.go
@@ -188,6 +188,7 @@ func (e *csiSnapshotExposer) Expose(ctx context.Context, ownerObject corev1api.O
 	backupPVCStorageClass := csiExposeParam.StorageClass
 	backupPVCReadOnly := false
 	spcNoRelabeling := false
+	backupPVCAnnotations := map[string]string{}
 	if value, exists := csiExposeParam.BackupPVCConfig[csiExposeParam.StorageClass]; exists {
 		if value.StorageClass != "" {
 			backupPVCStorageClass = value.StorageClass
@@ -201,9 +202,13 @@ func (e *csiSnapshotExposer) Expose(ctx context.Context, ownerObject corev1api.O
 				curLog.WithField("vs name", volumeSnapshot.Name).Warn("Ignoring spcNoRelabling for read-write volume")
 			}
 		}
+
+		if len(value.Annotations) > 0 {
+			backupPVCAnnotations = value.Annotations
+		}
 	}

-	backupPVC, err := e.createBackupPVC(ctx, ownerObject, backupVS.Name, backupPVCStorageClass, csiExposeParam.AccessMode, volumeSize, backupPVCReadOnly)
+	backupPVC, err := e.createBackupPVC(ctx, ownerObject, backupVS.Name, backupPVCStorageClass, csiExposeParam.AccessMode, volumeSize, backupPVCReadOnly, backupPVCAnnotations)
 	if err != nil {
 		return errors.Wrap(err, "error to create backup pvc")
 	}
@@ -485,7 +490,7 @@ func (e *csiSnapshotExposer) createBackupVSC(ctx context.Context, ownerObject co
 	return e.csiSnapshotClient.VolumeSnapshotContents().Create(ctx, vsc, metav1.CreateOptions{})
 }

-func (e *csiSnapshotExposer) createBackupPVC(ctx context.Context, ownerObject corev1api.ObjectReference, backupVS, storageClass, accessMode string, resource resource.Quantity, readOnly bool) (*corev1api.PersistentVolumeClaim, error) {
+func (e *csiSnapshotExposer) createBackupPVC(ctx context.Context, ownerObject corev1api.ObjectReference, backupVS, storageClass, accessMode string, resource resource.Quantity, readOnly bool, annotations map[string]string) (*corev1api.PersistentVolumeClaim, error) {
 	backupPVCName := ownerObject.Name

 	volumeMode, err := getVolumeModeByAccessMode(accessMode)
@@ -507,8 +512,9 @@ func (e *csiSnapshotExposer) createBackupPVC(ctx context.Context, ownerObject co

 	pvc := &corev1api.PersistentVolumeClaim{
 		ObjectMeta: metav1.ObjectMeta{
-			Namespace: ownerObject.Namespace,
-			Name:      backupPVCName,
+			Namespace:   ownerObject.Namespace,
+			Name:        backupPVCName,
+			Annotations: annotations,
 			OwnerReferences: []metav1.OwnerReference{
 				{
 					APIVersion: ownerObject.APIVersion,
--- a/pkg/exposer/csi_snapshot_test.go
+++ b/pkg/exposer/csi_snapshot_test.go
@@ -1114,7 +1114,7 @@ func Test_csiSnapshotExposer_createBackupPVC(t *testing.T) {
 					APIVersion: tt.ownerBackup.APIVersion,
 				}
 			}
-			got, err := e.createBackupPVC(t.Context(), ownerObject, tt.backupVS, tt.storageClass, tt.accessMode, tt.resource, tt.readOnly)
+			got, err := e.createBackupPVC(t.Context(), ownerObject, tt.backupVS, tt.storageClass, tt.accessMode, tt.resource, tt.readOnly, map[string]string{})
 			if !tt.wantErr(t, err, fmt.Sprintf("createBackupPVC(%v, %v, %v, %v, %v, %v)", ownerObject, tt.backupVS, tt.storageClass, tt.accessMode, tt.resource, tt.readOnly)) {
 				return
 			}
--- a/pkg/types/node_agent.go
+++ b/pkg/types/node_agent.go
@@ -56,6 +56,9 @@ type BackupPVC struct {
 	// SPCNoRelabeling sets Spec.SecurityContext.SELinux.Type to "spc_t" for the pod mounting the backupPVC
 	// ignored if ReadOnly is false
 	SPCNoRelabeling bool `json:"spcNoRelabeling,omitempty"`
+
+	// Annotations permits setting annotations for the backupPVC
+	Annotations map[string]string `json:"annotations,omitempty"`
 }

 type RestorePVC struct {
--- a/site/content/docs/main/data-movement-backup-pvc-configuration.md
+++ b/site/content/docs/main/data-movement-backup-pvc-configuration.md
@@ -37,6 +37,9 @@ default the source PVC's storage class will be used.
 The users can specify the ConfigMap name during velero installation by CLI:
 `velero install --node-agent-configmap=<ConfigMap-Name>`

+- `annotations`: permits to set annotations on the backupPVC itself. typically useful for some CSI provider which cannot mount
+  a VolumeSnapshot without a custom annotation.
+
 A sample of `backupPVC` config as part of the ConfigMap would look like:
 ```json
 {
@@ -49,8 +52,11 @@ A sample of `backupPVC` config as part of the ConfigMap would look like:
            "storageClass": "backupPVC-storage-class"
        },
        "storage-class-3": {
-            "readOnly": true
-        }        
+            "readOnly": true,
+            "annotations": {
+              "some-csi.provider.io/readOnlyClone": true
+            }
+        },
        "storage-class-4": {
            "readOnly": true,
            "spcNoRelabeling": true
				`@@ -0,0 +1 @@`
				`feat: Permit specifying annotations for the BackupPVC`