6090 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
lyndon-li	4a6756d57b	Merge pull request #9683 from Lyndon-Li/increase-repo-maintenance-history-queue-length ... Issue 9428: increase repo maintenance history queue length	2026-04-10 11:50:24 +08:00
Xun Jiang/Bruce Jiang	e1cc07cec3	Merge pull request #9695 from shubham-pampattiwar/bump-ext-snapshotter-v8.4-vgs-v1beta2 ... Bump external-snapshotter to v8.4.0 for VGS v1beta2 support	2026-04-10 11:38:24 +08:00
Lyndon-Li	1730b7f414	issue 9428: incremental repo maintenance history queue length ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-09 14:41:07 +08:00
lyndon-li	37abfb4bfa	Merge pull request #9682 from adam-jian-zhang/fix-restore-pvr-scope ... Fix PodVolumeBackup list scope during restore	2026-04-09 10:59:26 +08:00
Shubham Pampattiwar	0cf8f94268	Add changelog for PR #9695 ... Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>	2026-04-08 15:47:06 -07:00
Shubham Pampattiwar	1b5503e20b	Bump external-snapshotter to v8.4.0 for VGS v1beta2 support ... Kubernetes 1.34 introduced VolumeGroupSnapshot v1beta2 API and deprecated v1beta1. Distributions running K8s 1.34+ (e.g. OpenShift 4.21+) have removed v1beta1 VGS CRDs entirely, breaking Velero's VGS functionality on those clusters. This change bumps external-snapshotter/client/v8 from v8.2.0 to v8.4.0 and migrates all VGS API usage from v1beta1 to v1beta2. The v1beta2 API is structurally compatible - the Spec-level types (GroupSnapshotHandles, VolumeGroupSnapshotContentSource) are unchanged. The Status-level change (VolumeSnapshotHandlePairList replaced by VolumeSnapshotInfoList) does not affect Velero as it does not directly consume that type. Fixes #9694 Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>	2026-04-08 15:46:06 -07:00
Shubham Pampattiwar	e439977117	Fix VolumeGroupSnapshot restore failure with Ceph RBD CSI driver (#9516) ... * Fix VolumeGroupSnapshot restore on Ceph RBD This PR fixes two related issues affecting CSI snapshot restore on Ceph RBD: 1. VolumeGroupSnapshot restore fails because Ceph RBD populates volumeGroupSnapshotHandle on pre-provisioned VSCs, but Velero doesn't create the required VGSC during restore. 2. CSI snapshot restore fails because VolumeSnapshotClassName is removed from restored VSCs, preventing the CSI controller from getting credentials for snapshot verification. Changes: - Capture volumeGroupSnapshotHandle during backup as VS annotation - Create stub VGSC during restore with matching handle in status - Look up VolumeSnapshotClass by driver and set on restored VSC Fixes #9512 Fixes #9515 Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Add changelog for VGS restore fix Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Fix gofmt import order Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Add changelog for VGS restore fix Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Fix import alias corev1 to corev1api per lint config Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Fix: Add snapshot handles to existing stub VGSC and add unit tests When multiple VolumeSnapshots from the same VolumeGroupSnapshot are restored, they share the same VolumeGroupSnapshotHandle but have different individual snapshot handles. This commit: 1. Fixes incomplete logic where existing VGSC wasn't updated with new snapshot handles (addresses review feedback) 2. Fixes race condition where Create returning AlreadyExists would skip adding the snapshot handle 3. Adds comprehensive unit tests for ensureStubVGSCExists (5 cases) and addSnapshotHandleToVGSC (4 cases) functions Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Clean up stub VolumeGroupSnapshotContents during restore finalization Add cleanup logic for stub VGSCs created during VolumeGroupSnapshot restore. The stub VGSCs are temporary objects needed to satisfy CSI controller validation during VSC reconciliation. Once all related VSCs become ReadyToUse, the stub VGSCs are no longer needed and should be removed. The cleanup runs in the restore finalizer controller's execute() phase. Before deleting each VGSC, it polls until all related VolumeSnapshotContents (correlated by snapshot handle) are ReadyToUse, with a timeout fallback. Deletion failures and CRD-not-installed scenarios are treated as warnings rather than errors to avoid failing the restore. Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> * Fix lint: remove unused nolint directive and simplify cleanupStubVGSC return The cleanupStubVGSC function only produces warnings (not errors), so simplify its return signature. Also remove the now-unused nolint:unparam directive on execute() since warnings are no longer always nil. Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com> --------- Signed-off-by: Shubham Pampattiwar <spampatt@redhat.com>	2026-04-08 12:08:56 -07:00
Adam Zhang	dd82645909	Fix PodVolumeBackup list scope during restore ... Restrict the listing of PodVolumeBackup resources to the specific restore namespace in both the core restore controller and the pod volume restore action plugin. This prevents "Forbidden" errors when Velero is configured with namespace-scoped minimum privileges, avoiding the need for cluster-scoped list permissions for PodVolumeBackups. Fixes: #9681 Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>	2026-04-08 16:50:09 +08:00
lyndon-li	22f93ad457	Merge pull request #9676 from Lyndon-Li/remove-restic-for-repo ... Remove restic for repo	2026-04-08 14:21:17 +08:00
Lyndon-Li	9598c50295	Merge branch 'main' into remove-restic-for-repo	2026-04-08 13:37:34 +08:00
Wenkai Yin(尹文开)	54761092c1	Merge pull request #9677 from Lyndon-Li/remove-restic-for-uploader ... Remove restic for uploader	2026-04-08 12:32:58 +08:00
Lyndon-Li	dca3d3001f	remove restic for repo ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-08 11:11:15 +08:00
Scott Seago	e8fa708933	Add custom action type to volume policies (#9540) ... * Add custom action type to volume policies Signed-off-by: Scott Seago <sseago@redhat.com> * Update internal/resourcepolicies/resource_policies.go Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com> Signed-off-by: Scott Seago <sseago@redhat.com> * added "custom" to validation list Signed-off-by: Scott Seago <sseago@redhat.com> * responding to review comments Signed-off-by: Scott Seago <sseago@redhat.com> --------- Signed-off-by: Scott Seago <sseago@redhat.com> Co-authored-by: Tiger Kaovilai <passawit.kaovilai@gmail.com>	2026-04-07 10:22:38 -07:00
Lyndon-Li	fca4d405b1	remove restic for uploader ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-07 18:07:51 +08:00
Xun Jiang/Bruce Jiang	d3f4b2c67e	Merge pull request #9653 from BassinD/bugfix/nil-check-for-service-health-check-node-port-in-last-applied-config ... Fix service restore with null healthCheckNodePort in last-applied-configuration label	2026-04-07 16:41:23 +08:00
Lyndon-Li	235e579581	remove restic for repo ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-07 07:35:25 +00:00
Daniil Basin	dd1def9d33	Use strict minimal structure to parse last applied configuration JSON ... Signed-off-by: Daniil Basin <bassindanil@hotmail.com>	2026-04-07 09:12:51 +05:00
Xun Jiang/Bruce Jiang	baf2491344	Merge pull request #9668 from adam-jian-zhang/fix-node-agent-detection ... fix node-agent node detection logic	2026-04-03 14:19:20 +08:00
Adam Zhang	e79ad64a10	fix node-agent node detection logic ... Add namespace in ListOptions, to fix node-agent node detection in its deployed namespace. Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>	2026-04-03 13:23:57 +08:00
Xun Jiang/Bruce Jiang	e9226527de	Merge pull request #9634 from Lyndon-Li/let-go-for-unitialized-readonly-repo ... Issue 9626: let go for uninitialized repo under readonly mode	2026-04-03 13:15:16 +08:00
Wenkai Yin(尹文开)	78fba2146c	Merge pull request #9663 from Lyndon-Li/issue-fix-9659 ... Issue 9659: fix crash on cancel without loading data path	2026-04-03 12:40:44 +08:00
lyndon-li	4dbdd2df3a	Merge pull request #9520 from sseago/custom-volume-policy-design ... Design for custom volume policy action API changes	2026-04-02 16:29:02 +08:00
Lyndon-Li	6869b7bf54	issue 9659: fix crash on cancel without loading data path ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-02 16:14:12 +08:00
lyndon-li	30ddf3f35f	Merge branch 'main' into let-go-for-unitialized-readonly-repo	2026-04-02 15:29:12 +08:00
lyndon-li	38d9e96130	Merge branch 'main' into issue-fix-9659	2026-04-02 15:29:05 +08:00
lyndon-li	531fc4810f	Merge pull request #9664 from blackpiglet/xj014661/main/controller-runtime-tag ... Pin the sigs.k8s.io/controller-runtime to v0.23.2	2026-04-02 15:28:32 +08:00
Xun Jiang	94259e8a5c	Pin the sigs.k8s.io/controller-runtime to v0.23.2 ... The tag used to latest. Due to latest tag v0.23.3 already used Golang v1.26, Velero main still uses v1.25. Build failed. To fix this, pin the controller-runtime to v0.23.2 Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>	2026-04-02 11:41:39 +08:00
Gabriele Fedi	5433eb3081	feat: support backup hooks on native sidecars (#9403) ... * feat: support backup hooks on sidecars Add support for configuring Kubernates native Sidecars as target containrs for Backup Hooks commands. This is purely a validation level patch as the actual pods/exec API doesn't make any distinction between standard and sidecar containers. Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com> * test: extend unit tests Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com> * chore: changelog Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com> * style: fix linter issues Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com> --------- Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>	2026-04-01 14:27:18 -04:00
Lyndon-Li	238b1e1f13	issue 9659: fix crash on cancel without loading data path ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-01 18:11:26 +08:00
Lyndon-Li	ef7b468fb9	issue 9626: let go for uninitialized repo under readonly mode ... Signed-off-by: Lyndon-Li <lyonghui@vmware.com>	2026-04-01 13:09:29 +08:00
Xun Jiang/Bruce Jiang	f0aa64172e	Fix Repository Maintenance Job Configuration's global part E2E case. (#9633) ... Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>	2026-03-31 13:55:07 -04:00
Xun Jiang/Bruce Jiang	3f8e358849	Merge pull request #9614 from vmware-tanzu/xj014661/main/fix_extract_cve ... Add check for file extraction from tarball.	2026-03-31 16:59:13 +08:00
Wenkai Yin(尹文开)	bbd5ae079d	Merge pull request #9655 from blackpiglet/xj014661/main/trivy_action_fix ... [main] Update the trivy-action version from main to specific tag	2026-03-30 16:26:10 +08:00
Xun Jiang	91922103b4	Update the trivy-action version from main to specific tag to fix supply chain attack ... https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>	2026-03-27 16:09:53 +08:00
Anshul Ahuja	e6bdff61bd	Merge pull request #9643 from priyansh17/user/priyansh/issue-#9641 ... Refactor: simplify VolumeSnapshotContent deletion logic	2026-03-26 12:02:19 +05:30
Priyansh Choudhary	c74d5e7aba	refactor: streamline VolumeSnapshotContent deletion process and remove readiness checks ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-25 15:23:20 +05:30
Priyansh Choudhary	905a561c84	added changelog ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-24 20:49:16 +05:30
Priyansh Choudhary	e9d312c27e	refactor: simplify VolumeSnapshotContent deletion logic and remove unused timeout handling ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-24 20:35:51 +05:30
Adam Zhang	a5391e13e7	[main] fix configmap lookup in non-default namespaces (#9638) ... * fix configmap lookup in non-default namespaces o.Namespace is empty when Validate runs (Complete hasn't been called yet), causing VerifyJSONConfigs to query the default namespace instead of the intended one. Replace o.Namespace with f.Namespace() in all three ConfigMap validation calls so the factory's already-resolved namespace is used. Signed-off-by: Adam Zhang <adam.zhang@broadcom.com> * switch the call order of validate/complete switch the call order of validate/complete which accomplish the same effect. Signed-off-by: Adam Zhang <adam.zhang@broadcom.com> --------- Signed-off-by: Adam Zhang <adam.zhang@broadcom.com>	2026-03-24 04:05:20 -04:00
Xun Jiang/Bruce Jiang	e368fc8803	Merge pull request #9628 from priyansh17/9625-fixOrphanesVscCleanup ... Implement original VolumeSnapshotContent deletion for legacy backups - Fixes #9625	2026-03-23 15:53:19 +08:00
Xun Jiang/Bruce Jiang	b5734a6ba2	Merge branch 'main' into xj014661/main/fix_extract_cve	2026-03-20 10:59:55 +08:00
Priyansh Choudhary	65c88f3425	Merge branch 'main' into 9625-fixOrphanesVscCleanup	2026-03-19 20:10:16 +05:30
Wenkai Yin(尹文开)	bb9a94bebe	Merge pull request #9620 from vmware-tanzu/jxun/main/fix_NodeAgentConfig_e2e_error ... [main][cherry-pick] Compare affinity by string instead of exactly same compare.	2026-03-19 16:45:23 +08:00
Xun Jiang/Bruce Jiang	74401b20b0	Merge pull request #9630 from vmware-tanzu/dependabot/go_modules/google.golang.org/grpc-1.79.3 ... Bump google.golang.org/grpc from 1.77.0 to 1.79.3	2026-03-19 14:02:57 +08:00
dependabot[bot]	417d3d2562	Bump google.golang.org/grpc from 1.77.0 to 1.79.3 ... Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.77.0 to 1.79.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.77.0...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-19 05:05:16 +00:00
Priyansh Choudhary	68cee893f1	Enhance logging and error handling in VolumeSnapshotContent deletion process ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-19 03:17:45 +05:30
Priyansh Choudhary	fce276bca9	Added changelog ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-19 02:38:11 +05:30
Priyansh Choudhary	ade433ecbd	Implement original VolumeSnapshotContent deletion for legacy backups ... Signed-off-by: Priyansh Choudhary <im1706@gmail.com>	2026-03-19 02:30:39 +05:30
Xun Jiang/Bruce Jiang	48e66b1790	Merge pull request #9564 from hollycai05/add-e2e-tests-for-PR9255 ... Add e2e test case for PR 9255	2026-03-17 16:18:19 +08:00
Xun Jiang	29a9f80f10	Compare affinity by string instead of exactly same compare. ... From 1.18.1, Velero adds some default affinity in the backup/restore pod, so we can't directly compare the whole affinity, but we can verify if the expected affinity is contained in the pod affinity. Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>	2026-03-16 10:49:50 +08:00