mirror of
https://github.com/vmware-tanzu/velero.git
synced 2026-01-11 07:20:22 +00:00
Compare commits
11 Commits
copilot/fi
...
v1.7.1-rc.
| Author | SHA1 | Date | |
|---|---|---|---|
|
4729274d07 | ||
|
cdf3acab5a | ||
|
|
80b43f8f40 | ||
|
bf10709f98 | ||
|
|
8c6ed31528 | ||
|
|
37a712ef2f | ||
|
1da212b0e3 | ||
|
|
9996dc5ce9 | ||
|
|
9e52260568 | ||
|
|
4863ff4119 | ||
|
|
3327d209f7 |
5
.github/workflows/e2e-test-kind.yaml
vendored
5
.github/workflows/e2e-test-kind.yaml
vendored
@@ -71,6 +71,11 @@ jobs:
|
||||
- 1.22.0
|
||||
fail-fast: false
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
id: go
|
||||
- name: Check out the code
|
||||
uses: actions/checkout@v2
|
||||
- name: Install MinIO
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
FROM --platform=$BUILDPLATFORM golang:1.16 as builder-env
|
||||
FROM --platform=$BUILDPLATFORM golang:1.16.8 as builder-env
|
||||
|
||||
ARG GOPROXY
|
||||
ARG PKG
|
||||
@@ -50,7 +50,8 @@ RUN mkdir -p /output/usr/bin && \
|
||||
go build -o /output/${BIN} \
|
||||
-ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN}
|
||||
|
||||
FROM gcr.io/distroless/base-debian10:nonroot
|
||||
# The digest of tag "nonroot" at the time of v1.7.0
|
||||
FROM gcr.io/distroless/base-debian10@sha256:a74f307185001c69bc362a40dbab7b67d410a872678132b187774fa21718fa13
|
||||
|
||||
LABEL maintainer="Nolan Brubaker <brubakern@vmware.com>"
|
||||
|
||||
|
||||
4
Makefile
4
Makefile
@@ -81,8 +81,8 @@ buildx not enabled, refusing to run this recipe
|
||||
see: https://velero.io/docs/main/build-from-source/#making-images-and-updating-velero for more info
|
||||
endef
|
||||
|
||||
# The version of restic binary to be downloaded for power architecture
|
||||
RESTIC_VERSION ?= 0.12.0
|
||||
# The version of restic binary to be downloaded
|
||||
RESTIC_VERSION ?= 0.12.1
|
||||
|
||||
CLI_PLATFORMS ?= linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64 linux-ppc64le
|
||||
BUILDX_PLATFORMS ?= $(subst -,/,$(ARCH))
|
||||
|
||||
@@ -1,3 +1,23 @@
|
||||
## v1.7.1
|
||||
### 2021-11-22
|
||||
|
||||
### Download
|
||||
https://github.com/vmware-tanzu/velero/releases/tag/v1.7.1
|
||||
|
||||
### Container Image
|
||||
`velero/velero:v1.7.1`
|
||||
|
||||
### Documentation
|
||||
https://velero.io/docs/v1.7/
|
||||
|
||||
### Upgrading
|
||||
https://velero.io/docs/v1.7/upgrade-to-1.7/
|
||||
|
||||
### All changes
|
||||
|
||||
* fix buggy pager func (#4358, @alaypatel07)
|
||||
* Fix CVE-2020-29652 and CVE-2020-26160 (#4315, @ywk253100)
|
||||
|
||||
## v1.7.0
|
||||
### 2021-09-07
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
Add upgrade test in E2E test
|
||||
@@ -1 +0,0 @@
|
||||
Fix plugins incompatible issue in upgrade test
|
||||
@@ -205,8 +205,10 @@ spec:
|
||||
are expanded using the container''s environment.
|
||||
If a variable cannot be resolved, the
|
||||
reference in the input string will be
|
||||
unchanged. The $(VAR_NAME) syntax can
|
||||
be escaped with a double $$, ie: $$(VAR_NAME).
|
||||
unchanged. Double $$ are reduced to a
|
||||
single $, which allows for escaping the
|
||||
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
||||
will produce the string literal "$(VAR_NAME)".
|
||||
Escaped references will never be expanded,
|
||||
regardless of whether the variable exists
|
||||
or not. Cannot be updated. More info:
|
||||
@@ -221,12 +223,14 @@ spec:
|
||||
references $(VAR_NAME) are expanded using
|
||||
the container''s environment. If a variable
|
||||
cannot be resolved, the reference in the
|
||||
input string will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double $$,
|
||||
ie: $$(VAR_NAME). Escaped references will
|
||||
never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be
|
||||
updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
input string will be unchanged. Double
|
||||
$$ are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string
|
||||
literal "$(VAR_NAME)". Escaped references
|
||||
will never be expanded, regardless of
|
||||
whether the variable exists or not. Cannot
|
||||
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -244,17 +248,19 @@ spec:
|
||||
value:
|
||||
description: 'Variable references
|
||||
$(VAR_NAME) are expanded using the
|
||||
previous defined environment variables
|
||||
previously defined environment variables
|
||||
in the container and any service
|
||||
environment variables. If a variable
|
||||
cannot be resolved, the reference
|
||||
in the input string will be unchanged.
|
||||
The $(VAR_NAME) syntax can be escaped
|
||||
with a double $$, ie: $$(VAR_NAME).
|
||||
Escaped references will never be
|
||||
expanded, regardless of whether
|
||||
the variable exists or not. Defaults
|
||||
to "".'
|
||||
Double $$ are reduced to a single
|
||||
$, which allows for escaping the
|
||||
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
||||
will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references
|
||||
will never be expanded, regardless
|
||||
of whether the variable exists or
|
||||
not. Defaults to "".'
|
||||
type: string
|
||||
valueFrom:
|
||||
description: Source for the environment
|
||||
@@ -804,6 +810,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1006,6 +1036,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1017,7 +1071,7 @@ spec:
|
||||
resources:
|
||||
description: 'Compute Resources required
|
||||
by this container. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
properties:
|
||||
limits:
|
||||
additionalProperties:
|
||||
@@ -1028,7 +1082,7 @@ spec:
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Limits describes the maximum
|
||||
amount of compute resources allowed.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
@@ -1043,12 +1097,14 @@ spec:
|
||||
a container, it defaults to Limits
|
||||
if that is explicitly specified, otherwise
|
||||
to an implementation-defined value.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
type: object
|
||||
securityContext:
|
||||
description: 'Security options the pod should
|
||||
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
|
||||
description: 'SecurityContext defines the
|
||||
security options the container should
|
||||
be run with. If set, the fields of SecurityContext
|
||||
override the equivalent fields of PodSecurityContext.
|
||||
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
@@ -1217,6 +1273,25 @@ spec:
|
||||
is the name of the GMSA credential
|
||||
spec to use.
|
||||
type: string
|
||||
hostProcess:
|
||||
description: HostProcess determines
|
||||
if a container should be run as
|
||||
a 'Host Process' container. This
|
||||
field is alpha-level and will
|
||||
only be honored by components
|
||||
that enable the WindowsHostProcessContainers
|
||||
feature flag. Setting this field
|
||||
without the feature flag will
|
||||
result in errors when validating
|
||||
the Pod. All of a Pod's containers
|
||||
must have the same effective HostProcess
|
||||
value (it is not allowed to have
|
||||
a mix of HostProcess containers
|
||||
and non-HostProcess containers). In
|
||||
addition, if HostProcess is true
|
||||
then HostNetwork must also be
|
||||
set to true.
|
||||
type: boolean
|
||||
runAsUserName:
|
||||
description: The UserName in Windows
|
||||
to run the entrypoint of the container
|
||||
@@ -1369,6 +1444,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -202,12 +202,14 @@ spec:
|
||||
is not provided. Variable references $(VAR_NAME)
|
||||
are expanded using the container''s environment.
|
||||
If a variable cannot be resolved, the reference
|
||||
in the input string will be unchanged. The
|
||||
$(VAR_NAME) syntax can be escaped with a
|
||||
double $$, ie: $$(VAR_NAME). Escaped references
|
||||
will never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
in the input string will be unchanged. Double
|
||||
$$ are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references will never
|
||||
be expanded, regardless of whether the variable
|
||||
exists or not. Cannot be updated. More info:
|
||||
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -218,12 +220,14 @@ spec:
|
||||
references $(VAR_NAME) are expanded using
|
||||
the container''s environment. If a variable
|
||||
cannot be resolved, the reference in the
|
||||
input string will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double $$,
|
||||
ie: $$(VAR_NAME). Escaped references will
|
||||
never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
input string will be unchanged. Double $$
|
||||
are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references will never
|
||||
be expanded, regardless of whether the variable
|
||||
exists or not. Cannot be updated. More info:
|
||||
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -240,17 +244,19 @@ spec:
|
||||
type: string
|
||||
value:
|
||||
description: 'Variable references $(VAR_NAME)
|
||||
are expanded using the previous defined
|
||||
environment variables in the container
|
||||
and any service environment variables.
|
||||
If a variable cannot be resolved,
|
||||
the reference in the input string
|
||||
will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double
|
||||
$$, ie: $$(VAR_NAME). Escaped references
|
||||
will never be expanded, regardless
|
||||
of whether the variable exists or
|
||||
not. Defaults to "".'
|
||||
are expanded using the previously
|
||||
defined environment variables in the
|
||||
container and any service environment
|
||||
variables. If a variable cannot be
|
||||
resolved, the reference in the input
|
||||
string will be unchanged. Double $$
|
||||
are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax:
|
||||
i.e. "$$(VAR_NAME)" will produce the
|
||||
string literal "$(VAR_NAME)". Escaped
|
||||
references will never be expanded,
|
||||
regardless of whether the variable
|
||||
exists or not. Defaults to "".'
|
||||
type: string
|
||||
valueFrom:
|
||||
description: Source for the environment
|
||||
@@ -792,6 +798,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -991,6 +1020,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1002,7 +1054,7 @@ spec:
|
||||
resources:
|
||||
description: 'Compute Resources required by
|
||||
this container. Cannot be updated. More
|
||||
info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
properties:
|
||||
limits:
|
||||
additionalProperties:
|
||||
@@ -1013,7 +1065,7 @@ spec:
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Limits describes the maximum
|
||||
amount of compute resources allowed.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
@@ -1027,12 +1079,14 @@ spec:
|
||||
If Requests is omitted for a container,
|
||||
it defaults to Limits if that is explicitly
|
||||
specified, otherwise to an implementation-defined
|
||||
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
type: object
|
||||
securityContext:
|
||||
description: 'Security options the pod should
|
||||
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
|
||||
description: 'SecurityContext defines the
|
||||
security options the container should be
|
||||
run with. If set, the fields of SecurityContext
|
||||
override the equivalent fields of PodSecurityContext.
|
||||
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
@@ -1197,6 +1251,24 @@ spec:
|
||||
is the name of the GMSA credential
|
||||
spec to use.
|
||||
type: string
|
||||
hostProcess:
|
||||
description: HostProcess determines
|
||||
if a container should be run as
|
||||
a 'Host Process' container. This
|
||||
field is alpha-level and will only
|
||||
be honored by components that enable
|
||||
the WindowsHostProcessContainers
|
||||
feature flag. Setting this field
|
||||
without the feature flag will result
|
||||
in errors when validating the Pod.
|
||||
All of a Pod's containers must have
|
||||
the same effective HostProcess value
|
||||
(it is not allowed to have a mix
|
||||
of HostProcess containers and non-HostProcess
|
||||
containers). In addition, if HostProcess
|
||||
is true then HostNetwork must also
|
||||
be set to true.
|
||||
type: boolean
|
||||
runAsUserName:
|
||||
description: The UserName in Windows
|
||||
to run the entrypoint of the container
|
||||
@@ -1346,6 +1418,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
|
||||
File diff suppressed because one or more lines are too long
47
go.mod
47
go.mod
@@ -4,45 +4,44 @@ go 1.16
|
||||
|
||||
require (
|
||||
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
|
||||
github.com/Azure/go-autorest/autorest v0.11.1
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
|
||||
github.com/Azure/go-autorest/autorest v0.11.21
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.8
|
||||
github.com/Azure/go-autorest/autorest/to v0.3.0
|
||||
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
|
||||
github.com/aws/aws-sdk-go v1.28.2
|
||||
github.com/docker/spdystream v0.0.0-20170912183627-bc6354cbbc29 // indirect
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible
|
||||
github.com/fatih/color v1.10.0
|
||||
github.com/evanphx/json-patch v4.11.0+incompatible
|
||||
github.com/fatih/color v1.13.0
|
||||
github.com/gobwas/glob v0.2.3
|
||||
github.com/gofrs/uuid v3.2.0+incompatible
|
||||
github.com/golang/protobuf v1.4.3
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/google/uuid v1.1.2
|
||||
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd
|
||||
github.com/hashicorp/go-hclog v0.12.0
|
||||
github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1bc61569a26
|
||||
github.com/joho/godotenv v1.3.0
|
||||
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.0.0
|
||||
github.com/onsi/ginkgo v1.16.4
|
||||
github.com/onsi/gomega v1.10.2
|
||||
github.com/onsi/gomega v1.16.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/prometheus/client_golang v1.7.1
|
||||
github.com/prometheus/client_golang v1.11.0
|
||||
github.com/robfig/cron v1.1.0
|
||||
github.com/sirupsen/logrus v1.7.0
|
||||
github.com/spf13/afero v1.2.2
|
||||
github.com/spf13/cobra v1.1.1
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/spf13/afero v1.6.0
|
||||
github.com/spf13/cobra v1.2.1
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.6.1
|
||||
github.com/vmware-tanzu/crash-diagnostics v0.3.4
|
||||
golang.org/x/mod v0.3.0
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
|
||||
google.golang.org/grpc v1.31.0
|
||||
k8s.io/api v0.20.9
|
||||
k8s.io/apiextensions-apiserver v0.19.12
|
||||
k8s.io/apimachinery v0.20.9
|
||||
k8s.io/cli-runtime v0.20.9
|
||||
k8s.io/client-go v0.20.9
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/vmware-tanzu/crash-diagnostics v0.3.7
|
||||
golang.org/x/mod v0.4.2
|
||||
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
|
||||
google.golang.org/grpc v1.40.0
|
||||
k8s.io/api v0.22.2
|
||||
k8s.io/apiextensions-apiserver v0.22.2
|
||||
k8s.io/apimachinery v0.22.2
|
||||
k8s.io/cli-runtime v0.22.2
|
||||
k8s.io/client-go v0.22.2
|
||||
k8s.io/klog v1.0.0
|
||||
k8s.io/kube-aggregator v0.19.12
|
||||
sigs.k8s.io/cluster-api v0.3.11-0.20210106212952-b6c1b5b3db3d
|
||||
sigs.k8s.io/controller-runtime v0.7.1-0.20201215171748-096b2e07c091
|
||||
sigs.k8s.io/cluster-api v1.0.0
|
||||
sigs.k8s.io/controller-runtime v0.10.2
|
||||
)
|
||||
|
||||
replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
|
||||
|
||||
@@ -38,5 +38,10 @@ if [[ -n "${GOFLAGS:-}" ]]; then
|
||||
echo "GOFLAGS: ${GOFLAGS}"
|
||||
fi
|
||||
|
||||
go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
|
||||
# After bumping up "sigs.k8s.io/controller-runtime" to v0.10.2, get the error "panic: mkdir /.cache/kubebuilder-envtest: permission denied"
|
||||
# when running this script with "make test" command. This is caused by that "make test" runs inside a container with user and group specified,
|
||||
# but the user and group don't exist inside the container, when the code(https://github.com/kubernetes-sigs/controller-runtime/blob/v0.10.2/pkg/internal/testing/addr/manager.go#L44)
|
||||
# tries to get the cache directory, it gets the directory "/" and then get the permission error when trying to create directory under "/".
|
||||
# Specifying the cache directory by environment variable "XDG_CACHE_HOME" to workaround it
|
||||
XDG_CACHE_HOME=/tmp/ go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
|
||||
echo "Success!"
|
||||
|
||||
@@ -26,7 +26,7 @@ import (
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
@@ -293,7 +293,6 @@ func (r *itemCollector) getResourceItems(log logrus.FieldLogger, gv schema.Group
|
||||
if selector := r.backupRequest.Spec.LabelSelector; selector != nil {
|
||||
labelSelector = metav1.FormatLabelSelector(selector)
|
||||
}
|
||||
listOptions := metav1.ListOptions{LabelSelector: labelSelector}
|
||||
|
||||
log.Info("Listing items")
|
||||
unstructuredItems := make([]unstructured.Unstructured, 0)
|
||||
@@ -301,50 +300,42 @@ func (r *itemCollector) getResourceItems(log logrus.FieldLogger, gv schema.Group
|
||||
if r.pageSize > 0 {
|
||||
// If limit is positive, use a pager to split list over multiple requests
|
||||
// Use Velero's dynamic list function instead of the default
|
||||
listFunc := pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) {
|
||||
list, err := resourceClient.List(listOptions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return list, nil
|
||||
})
|
||||
listPager := pager.New(listFunc)
|
||||
listPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) {
|
||||
return resourceClient.List(opts)
|
||||
}))
|
||||
// Use the page size defined in the server config
|
||||
// TODO allow configuration of page buffer size
|
||||
listPager.PageSize = int64(r.pageSize)
|
||||
// Add each item to temporary slice
|
||||
var items []unstructured.Unstructured
|
||||
err := listPager.EachListItem(context.Background(), listOptions, func(object runtime.Object) error {
|
||||
item, isUnstructured := object.(*unstructured.Unstructured)
|
||||
if !isUnstructured {
|
||||
// We should never hit this
|
||||
log.Error("Got type other than Unstructured from pager func")
|
||||
return nil
|
||||
}
|
||||
items = append(items, *item)
|
||||
return nil
|
||||
})
|
||||
if statusError, isStatusError := err.(*apierrors.StatusError); isStatusError && statusError.Status().Reason == metav1.StatusReasonExpired {
|
||||
log.WithError(errors.WithStack(err)).Error("Error paging item list. Falling back on unpaginated list")
|
||||
unstructuredList, err := resourceClient.List(listOptions)
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing items")
|
||||
continue
|
||||
}
|
||||
items = unstructuredList.Items
|
||||
} else if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error paging item list")
|
||||
list, paginated, err := listPager.List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing resources")
|
||||
continue
|
||||
}
|
||||
if !paginated {
|
||||
log.Infof("list for groupResource %s was not paginated", gr)
|
||||
}
|
||||
err = meta.EachListItem(list, func(object runtime.Object) error {
|
||||
u, ok := object.(*unstructured.Unstructured)
|
||||
if !ok {
|
||||
log.WithError(errors.WithStack(fmt.Errorf("expected *unstructured.Unstructured but got %T", u))).Error("unable to understand entry in the list")
|
||||
return fmt.Errorf("expected *unstructured.Unstructured but got %T", u)
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, *u)
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("unable to understand paginated list")
|
||||
continue
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, items...)
|
||||
} else {
|
||||
// If limit is not positive, do not use paging. Instead, request all items at once
|
||||
unstructuredList, err := resourceClient.List(metav1.ListOptions{LabelSelector: labelSelector})
|
||||
unstructuredItems = append(unstructuredItems, unstructuredList.Items...)
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing items")
|
||||
continue
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, unstructuredList.Items...)
|
||||
}
|
||||
|
||||
log.Infof("Retrieved %d items", len(unstructuredItems))
|
||||
|
||||
@@ -312,7 +312,7 @@ func (c *backupSyncController) run() {
|
||||
c.deleteOrphanedBackups(location.Name, backupStoreBackups, log)
|
||||
|
||||
// update the location's last-synced time field
|
||||
statusPatch := client.MergeFrom(location.DeepCopyObject())
|
||||
statusPatch := client.MergeFrom(location.DeepCopy())
|
||||
location.Status.LastSyncedTime = &metav1.Time{Time: time.Now().UTC()}
|
||||
if err := c.kbClient.Status().Patch(context.Background(), &location, statusPatch); err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error patching backup location's last-synced time")
|
||||
|
||||
@@ -18,6 +18,7 @@ package clientmgmt
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
@@ -162,3 +163,37 @@ func (l *logrusAdapter) StandardLogger(opts *hclog.StandardLoggerOptions) *log.L
|
||||
func (l *logrusAdapter) SetLevel(_ hclog.Level) {
|
||||
return
|
||||
}
|
||||
|
||||
// ImpliedArgs returns With key/value pairs
|
||||
func (l *logrusAdapter) ImpliedArgs() []interface{} {
|
||||
panic("not implemented")
|
||||
}
|
||||
|
||||
// Args are alternating key, val pairs
|
||||
// keys must be strings
|
||||
// vals can be any type, but display is implementation specific
|
||||
// Emit a message and key/value pairs at a provided log level
|
||||
func (l *logrusAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
|
||||
switch level {
|
||||
case hclog.Trace:
|
||||
l.Trace(msg, args...)
|
||||
case hclog.Debug:
|
||||
l.Debug(msg, args...)
|
||||
case hclog.Info:
|
||||
l.Info(msg, args...)
|
||||
case hclog.Warn:
|
||||
l.Warn(msg, args...)
|
||||
case hclog.Error:
|
||||
l.Error(msg, args...)
|
||||
}
|
||||
}
|
||||
|
||||
// Returns the Name of the logger
|
||||
func (l *logrusAdapter) Name() string {
|
||||
return l.name
|
||||
}
|
||||
|
||||
// Return a value that conforms to io.Writer, which can be passed into log.SetOutput()
|
||||
func (l *logrusAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
|
||||
panic("not implemented")
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
v1 "k8s.io/client-go/applyconfigurations/core/v1"
|
||||
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
)
|
||||
|
||||
@@ -77,3 +78,13 @@ func (c *FakeNamespaceClient) UpdateStatus(ctx context.Context, namespace *corev
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
func (c *FakeNamespaceClient) Apply(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
func (c *FakeNamespaceClient) ApplyStatus(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
@@ -164,21 +164,13 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
|
||||
excludes := sets.NewString(excludesList...)
|
||||
|
||||
for _, itm := range includes.List() {
|
||||
// Although asterisks is not a valid Kubernetes namespace name, it is
|
||||
// allowed here.
|
||||
if itm != "*" {
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
}
|
||||
|
||||
for _, itm := range excludes.List() {
|
||||
// Asterisks in excludes list have been checked previously.
|
||||
if itm != "*" {
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -188,7 +180,18 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
|
||||
func validateNamespaceName(ns string) []error {
|
||||
var errs []error
|
||||
|
||||
if errMsgs := validation.ValidateNamespaceName(ns, false); errMsgs != nil {
|
||||
// Velero interprets empty string as "no namespace", so allow it even though
|
||||
// it is not a valid Kubernetes name.
|
||||
if ns == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Kubernetes does not allow asterisks in namespaces but Velero uses them as
|
||||
// wildcards. Replace asterisks with an arbitrary letter to pass Kubernetes
|
||||
// validation.
|
||||
tmpNamespace := strings.ReplaceAll(ns, "*", "x")
|
||||
|
||||
if errMsgs := validation.ValidateNamespaceName(tmpNamespace, false); errMsgs != nil {
|
||||
for _, msg := range errMsgs {
|
||||
errs = append(errs, errors.Errorf("invalid namespace %q: %s", ns, msg))
|
||||
}
|
||||
|
||||
@@ -207,11 +207,6 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
includes: []string{},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string is invalid",
|
||||
includes: []string{""},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "asterisk by itself is valid",
|
||||
includes: []string{"*"},
|
||||
@@ -232,7 +227,7 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
{
|
||||
name: "special characters in name is invalid",
|
||||
includes: []string{"foo?", "foo.bar", "bar_321"},
|
||||
excludes: []string{"$foo", "foo*bar", "bar=321"},
|
||||
excludes: []string{"$foo", "foo>bar", "bar=321"},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
@@ -240,11 +235,33 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
includes: []string{},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string includes is valid (includes nothing)",
|
||||
includes: []string{""},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string excludes is valid (excludes nothing)",
|
||||
excludes: []string{""},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "include everything using asterisk is valid",
|
||||
includes: []string{"*"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "excludes can contain wildcard",
|
||||
includes: []string{"foo", "bar"},
|
||||
excludes: []string{"nginx-ingress-*", "*-bar", "*-ingress-*"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "includes can contain wildcard",
|
||||
includes: []string{"*-foo", "kube-*", "*kube*"},
|
||||
excludes: []string{"bar"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "include everything not allowed with other includes",
|
||||
includes: []string{"*", "foo"},
|
||||
|
||||
@@ -236,6 +236,11 @@ func veleroBackupNamespace(ctx context.Context, veleroCLI string, veleroNamespac
|
||||
args = append(args, "--snapshot-volumes")
|
||||
} else {
|
||||
args = append(args, "--default-volumes-to-restic")
|
||||
// To workaround https://github.com/vmware-tanzu/velero-plugin-for-vsphere/issues/347 for vsphere plugin v1.1.1
|
||||
// if the "--snapshot-volumes=false" isn't specified explicitly, the vSphere plugin will always take snapshots
|
||||
// for the volumes even though the "--default-volumes-to-restic" is specified
|
||||
// TODO This can be removed if the logic of vSphere plugin bump up to 1.3
|
||||
args = append(args, "--snapshot-volumes=false")
|
||||
}
|
||||
if backupLocation != "" {
|
||||
args = append(args, "--storage-location", backupLocation)
|
||||
|
||||
Reference in New Issue
Block a user