mirror of
https://github.com/vmware-tanzu/velero.git
synced 2026-01-11 15:30:34 +00:00
Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f2fc105094 | ||
|
dd41c75118 | ||
|
|
9bf3aa8600 | ||
|
|
ec8c4cf3a5 | ||
|
|
3845f205cf | ||
|
|
bc94c8784b | ||
|
|
12a8c17137 | ||
|
|
be3e4cc391 | ||
|
87b84e29ae | ||
|
|
212550c5a9 | ||
|
|
f9f9c291f2 | ||
|
|
b20bbdaa80 | ||
|
|
1236a38daf | ||
|
|
599b686596 | ||
|
|
4729274d07 | ||
|
|
cdf3acab5a | ||
|
|
80b43f8f40 | ||
|
bf10709f98 | ||
|
|
8c6ed31528 | ||
|
|
37a712ef2f | ||
|
1da212b0e3 | ||
|
|
9996dc5ce9 | ||
|
|
9e52260568 | ||
|
|
4863ff4119 | ||
|
|
3327d209f7 |
2
.github/workflows/crds-verify-kind.yaml
vendored
2
.github/workflows/crds-verify-kind.yaml
vendored
@@ -14,7 +14,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
id: go
|
||||
# Look for a CLI that's made for this PR
|
||||
- name: Fetch built CLI
|
||||
|
||||
7
.github/workflows/e2e-test-kind.yaml
vendored
7
.github/workflows/e2e-test-kind.yaml
vendored
@@ -14,7 +14,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
id: go
|
||||
# Look for a CLI that's made for this PR
|
||||
- name: Fetch built CLI
|
||||
@@ -71,6 +71,11 @@ jobs:
|
||||
- 1.22.0
|
||||
fail-fast: false
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.17
|
||||
id: go
|
||||
- name: Check out the code
|
||||
uses: actions/checkout@v2
|
||||
- name: Install MinIO
|
||||
|
||||
2
.github/workflows/pr-ci-check.yml
vendored
2
.github/workflows/pr-ci-check.yml
vendored
@@ -8,7 +8,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
id: go
|
||||
- name: Check out the code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
6
.github/workflows/push.yml
vendored
6
.github/workflows/push.yml
vendored
@@ -2,7 +2,9 @@ name: Main CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
branches:
|
||||
- 'main'
|
||||
- 'release-**'
|
||||
tags:
|
||||
- '*'
|
||||
|
||||
@@ -16,7 +18,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
FROM --platform=$BUILDPLATFORM golang:1.16 as builder-env
|
||||
FROM --platform=$BUILDPLATFORM golang:1.17.7 as builder-env
|
||||
|
||||
ARG GOPROXY
|
||||
ARG PKG
|
||||
@@ -50,7 +50,8 @@ RUN mkdir -p /output/usr/bin && \
|
||||
go build -o /output/${BIN} \
|
||||
-ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN}
|
||||
|
||||
FROM gcr.io/distroless/base-debian10:nonroot
|
||||
# The digest of tag "nonroot" at the time of v1.7.0
|
||||
FROM gcr.io/distroless/base-debian10@sha256:a74f307185001c69bc362a40dbab7b67d410a872678132b187774fa21718fa13
|
||||
|
||||
LABEL maintainer="Nolan Brubaker <brubakern@vmware.com>"
|
||||
|
||||
|
||||
4
Makefile
4
Makefile
@@ -81,8 +81,8 @@ buildx not enabled, refusing to run this recipe
|
||||
see: https://velero.io/docs/main/build-from-source/#making-images-and-updating-velero for more info
|
||||
endef
|
||||
|
||||
# The version of restic binary to be downloaded for power architecture
|
||||
RESTIC_VERSION ?= 0.12.0
|
||||
# The version of restic binary to be downloaded
|
||||
RESTIC_VERSION ?= 0.12.1
|
||||
|
||||
CLI_PLATFORMS ?= linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64 linux-ppc64le
|
||||
BUILDX_PLATFORMS ?= $(subst -,/,$(ARCH))
|
||||
|
||||
@@ -1,3 +1,44 @@
|
||||
## v1.7.2
|
||||
### 2022-02-23
|
||||
|
||||
### Download
|
||||
https://github.com/vmware-tanzu/velero/releases/tag/v1.7.2
|
||||
|
||||
### Container Image
|
||||
`velero/velero:v1.7.2`
|
||||
|
||||
### Documentation
|
||||
https://velero.io/docs/v1.7/
|
||||
|
||||
### Upgrading
|
||||
https://velero.io/docs/v1.7/upgrade-to-1.7/
|
||||
|
||||
### All changes
|
||||
|
||||
* Bump up golang to 1.17.7 (#4667, @ywk253100)
|
||||
* Check for nil before logging DefaultVolumesToRestic value(#4674, @ywk253100)
|
||||
|
||||
|
||||
## v1.7.1
|
||||
### 2021-11-22
|
||||
|
||||
### Download
|
||||
https://github.com/vmware-tanzu/velero/releases/tag/v1.7.1
|
||||
|
||||
### Container Image
|
||||
`velero/velero:v1.7.1`
|
||||
|
||||
### Documentation
|
||||
https://velero.io/docs/v1.7/
|
||||
|
||||
### Upgrading
|
||||
https://velero.io/docs/v1.7/upgrade-to-1.7/
|
||||
|
||||
### All changes
|
||||
|
||||
* fix buggy pager func (#4358, @alaypatel07)
|
||||
* Fix CVE-2020-29652 and CVE-2020-26160 (#4315, @ywk253100)
|
||||
|
||||
## v1.7.0
|
||||
### 2021-09-07
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
Add upgrade test in E2E test
|
||||
@@ -1 +0,0 @@
|
||||
Fix plugins incompatible issue in upgrade test
|
||||
@@ -205,8 +205,10 @@ spec:
|
||||
are expanded using the container''s environment.
|
||||
If a variable cannot be resolved, the
|
||||
reference in the input string will be
|
||||
unchanged. The $(VAR_NAME) syntax can
|
||||
be escaped with a double $$, ie: $$(VAR_NAME).
|
||||
unchanged. Double $$ are reduced to a
|
||||
single $, which allows for escaping the
|
||||
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
||||
will produce the string literal "$(VAR_NAME)".
|
||||
Escaped references will never be expanded,
|
||||
regardless of whether the variable exists
|
||||
or not. Cannot be updated. More info:
|
||||
@@ -221,12 +223,14 @@ spec:
|
||||
references $(VAR_NAME) are expanded using
|
||||
the container''s environment. If a variable
|
||||
cannot be resolved, the reference in the
|
||||
input string will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double $$,
|
||||
ie: $$(VAR_NAME). Escaped references will
|
||||
never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be
|
||||
updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
input string will be unchanged. Double
|
||||
$$ are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string
|
||||
literal "$(VAR_NAME)". Escaped references
|
||||
will never be expanded, regardless of
|
||||
whether the variable exists or not. Cannot
|
||||
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -244,17 +248,19 @@ spec:
|
||||
value:
|
||||
description: 'Variable references
|
||||
$(VAR_NAME) are expanded using the
|
||||
previous defined environment variables
|
||||
previously defined environment variables
|
||||
in the container and any service
|
||||
environment variables. If a variable
|
||||
cannot be resolved, the reference
|
||||
in the input string will be unchanged.
|
||||
The $(VAR_NAME) syntax can be escaped
|
||||
with a double $$, ie: $$(VAR_NAME).
|
||||
Escaped references will never be
|
||||
expanded, regardless of whether
|
||||
the variable exists or not. Defaults
|
||||
to "".'
|
||||
Double $$ are reduced to a single
|
||||
$, which allows for escaping the
|
||||
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
||||
will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references
|
||||
will never be expanded, regardless
|
||||
of whether the variable exists or
|
||||
not. Defaults to "".'
|
||||
type: string
|
||||
valueFrom:
|
||||
description: Source for the environment
|
||||
@@ -804,6 +810,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1006,6 +1036,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1017,7 +1071,7 @@ spec:
|
||||
resources:
|
||||
description: 'Compute Resources required
|
||||
by this container. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
properties:
|
||||
limits:
|
||||
additionalProperties:
|
||||
@@ -1028,7 +1082,7 @@ spec:
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Limits describes the maximum
|
||||
amount of compute resources allowed.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
@@ -1043,12 +1097,14 @@ spec:
|
||||
a container, it defaults to Limits
|
||||
if that is explicitly specified, otherwise
|
||||
to an implementation-defined value.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
type: object
|
||||
securityContext:
|
||||
description: 'Security options the pod should
|
||||
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
|
||||
description: 'SecurityContext defines the
|
||||
security options the container should
|
||||
be run with. If set, the fields of SecurityContext
|
||||
override the equivalent fields of PodSecurityContext.
|
||||
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
@@ -1217,6 +1273,25 @@ spec:
|
||||
is the name of the GMSA credential
|
||||
spec to use.
|
||||
type: string
|
||||
hostProcess:
|
||||
description: HostProcess determines
|
||||
if a container should be run as
|
||||
a 'Host Process' container. This
|
||||
field is alpha-level and will
|
||||
only be honored by components
|
||||
that enable the WindowsHostProcessContainers
|
||||
feature flag. Setting this field
|
||||
without the feature flag will
|
||||
result in errors when validating
|
||||
the Pod. All of a Pod's containers
|
||||
must have the same effective HostProcess
|
||||
value (it is not allowed to have
|
||||
a mix of HostProcess containers
|
||||
and non-HostProcess containers). In
|
||||
addition, if HostProcess is true
|
||||
then HostNetwork must also be
|
||||
set to true.
|
||||
type: boolean
|
||||
runAsUserName:
|
||||
description: The UserName in Windows
|
||||
to run the entrypoint of the container
|
||||
@@ -1369,6 +1444,30 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time
|
||||
when the processes are forcibly halted
|
||||
with a kill signal. Set this value
|
||||
longer than the expected cleanup time
|
||||
for your process. If this value is
|
||||
nil, the pod's terminationGracePeriodSeconds
|
||||
will be used. Otherwise, this value
|
||||
overrides the value provided by the
|
||||
pod spec. Value must be non-negative
|
||||
integer. The value zero indicates
|
||||
stop immediately via the kill signal
|
||||
(no opportunity to shut down). This
|
||||
is a beta field and requires enabling
|
||||
ProbeTerminationGracePeriod feature
|
||||
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -202,12 +202,14 @@ spec:
|
||||
is not provided. Variable references $(VAR_NAME)
|
||||
are expanded using the container''s environment.
|
||||
If a variable cannot be resolved, the reference
|
||||
in the input string will be unchanged. The
|
||||
$(VAR_NAME) syntax can be escaped with a
|
||||
double $$, ie: $$(VAR_NAME). Escaped references
|
||||
will never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
in the input string will be unchanged. Double
|
||||
$$ are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references will never
|
||||
be expanded, regardless of whether the variable
|
||||
exists or not. Cannot be updated. More info:
|
||||
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -218,12 +220,14 @@ spec:
|
||||
references $(VAR_NAME) are expanded using
|
||||
the container''s environment. If a variable
|
||||
cannot be resolved, the reference in the
|
||||
input string will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double $$,
|
||||
ie: $$(VAR_NAME). Escaped references will
|
||||
never be expanded, regardless of whether
|
||||
the variable exists or not. Cannot be updated.
|
||||
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
input string will be unchanged. Double $$
|
||||
are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string literal
|
||||
"$(VAR_NAME)". Escaped references will never
|
||||
be expanded, regardless of whether the variable
|
||||
exists or not. Cannot be updated. More info:
|
||||
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -240,17 +244,19 @@ spec:
|
||||
type: string
|
||||
value:
|
||||
description: 'Variable references $(VAR_NAME)
|
||||
are expanded using the previous defined
|
||||
environment variables in the container
|
||||
and any service environment variables.
|
||||
If a variable cannot be resolved,
|
||||
the reference in the input string
|
||||
will be unchanged. The $(VAR_NAME)
|
||||
syntax can be escaped with a double
|
||||
$$, ie: $$(VAR_NAME). Escaped references
|
||||
will never be expanded, regardless
|
||||
of whether the variable exists or
|
||||
not. Defaults to "".'
|
||||
are expanded using the previously
|
||||
defined environment variables in the
|
||||
container and any service environment
|
||||
variables. If a variable cannot be
|
||||
resolved, the reference in the input
|
||||
string will be unchanged. Double $$
|
||||
are reduced to a single $, which allows
|
||||
for escaping the $(VAR_NAME) syntax:
|
||||
i.e. "$$(VAR_NAME)" will produce the
|
||||
string literal "$(VAR_NAME)". Escaped
|
||||
references will never be expanded,
|
||||
regardless of whether the variable
|
||||
exists or not. Defaults to "".'
|
||||
type: string
|
||||
valueFrom:
|
||||
description: Source for the environment
|
||||
@@ -792,6 +798,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -991,6 +1020,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
@@ -1002,7 +1054,7 @@ spec:
|
||||
resources:
|
||||
description: 'Compute Resources required by
|
||||
this container. Cannot be updated. More
|
||||
info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
properties:
|
||||
limits:
|
||||
additionalProperties:
|
||||
@@ -1013,7 +1065,7 @@ spec:
|
||||
x-kubernetes-int-or-string: true
|
||||
description: 'Limits describes the maximum
|
||||
amount of compute resources allowed.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
@@ -1027,12 +1079,14 @@ spec:
|
||||
If Requests is omitted for a container,
|
||||
it defaults to Limits if that is explicitly
|
||||
specified, otherwise to an implementation-defined
|
||||
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||
type: object
|
||||
type: object
|
||||
securityContext:
|
||||
description: 'Security options the pod should
|
||||
run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
|
||||
description: 'SecurityContext defines the
|
||||
security options the container should be
|
||||
run with. If set, the fields of SecurityContext
|
||||
override the equivalent fields of PodSecurityContext.
|
||||
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||
properties:
|
||||
allowPrivilegeEscalation:
|
||||
@@ -1197,6 +1251,24 @@ spec:
|
||||
is the name of the GMSA credential
|
||||
spec to use.
|
||||
type: string
|
||||
hostProcess:
|
||||
description: HostProcess determines
|
||||
if a container should be run as
|
||||
a 'Host Process' container. This
|
||||
field is alpha-level and will only
|
||||
be honored by components that enable
|
||||
the WindowsHostProcessContainers
|
||||
feature flag. Setting this field
|
||||
without the feature flag will result
|
||||
in errors when validating the Pod.
|
||||
All of a Pod's containers must have
|
||||
the same effective HostProcess value
|
||||
(it is not allowed to have a mix
|
||||
of HostProcess containers and non-HostProcess
|
||||
containers). In addition, if HostProcess
|
||||
is true then HostNetwork must also
|
||||
be set to true.
|
||||
type: boolean
|
||||
runAsUserName:
|
||||
description: The UserName in Windows
|
||||
to run the entrypoint of the container
|
||||
@@ -1346,6 +1418,29 @@ spec:
|
||||
required:
|
||||
- port
|
||||
type: object
|
||||
terminationGracePeriodSeconds:
|
||||
description: Optional duration in seconds
|
||||
the pod needs to terminate gracefully
|
||||
upon probe failure. The grace period
|
||||
is the duration in seconds after the
|
||||
processes running in the pod are sent
|
||||
a termination signal and the time when
|
||||
the processes are forcibly halted with
|
||||
a kill signal. Set this value longer
|
||||
than the expected cleanup time for your
|
||||
process. If this value is nil, the pod's
|
||||
terminationGracePeriodSeconds will be
|
||||
used. Otherwise, this value overrides
|
||||
the value provided by the pod spec.
|
||||
Value must be non-negative integer.
|
||||
The value zero indicates stop immediately
|
||||
via the kill signal (no opportunity
|
||||
to shut down). This is a beta field
|
||||
and requires enabling ProbeTerminationGracePeriod
|
||||
feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
||||
is used if unset.
|
||||
format: int64
|
||||
type: integer
|
||||
timeoutSeconds:
|
||||
description: 'Number of seconds after
|
||||
which the probe times out. Defaults
|
||||
|
||||
File diff suppressed because one or more lines are too long
122
go.mod
122
go.mod
@@ -1,48 +1,118 @@
|
||||
module github.com/vmware-tanzu/velero
|
||||
|
||||
go 1.16
|
||||
go 1.17
|
||||
|
||||
require (
|
||||
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
|
||||
github.com/Azure/go-autorest/autorest v0.11.1
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
|
||||
github.com/Azure/go-autorest/autorest v0.11.21
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.8
|
||||
github.com/Azure/go-autorest/autorest/to v0.3.0
|
||||
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
|
||||
github.com/aws/aws-sdk-go v1.28.2
|
||||
github.com/docker/spdystream v0.0.0-20170912183627-bc6354cbbc29 // indirect
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible
|
||||
github.com/fatih/color v1.10.0
|
||||
github.com/evanphx/json-patch v4.11.0+incompatible
|
||||
github.com/fatih/color v1.13.0
|
||||
github.com/gobwas/glob v0.2.3
|
||||
github.com/gofrs/uuid v3.2.0+incompatible
|
||||
github.com/golang/protobuf v1.4.3
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/google/uuid v1.1.2
|
||||
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd
|
||||
github.com/hashicorp/go-hclog v0.12.0
|
||||
github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1bc61569a26
|
||||
github.com/joho/godotenv v1.3.0
|
||||
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.0.0
|
||||
github.com/onsi/ginkgo v1.16.4
|
||||
github.com/onsi/gomega v1.10.2
|
||||
github.com/onsi/gomega v1.16.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/prometheus/client_golang v1.7.1
|
||||
github.com/prometheus/client_golang v1.11.0
|
||||
github.com/robfig/cron v1.1.0
|
||||
github.com/sirupsen/logrus v1.7.0
|
||||
github.com/spf13/afero v1.2.2
|
||||
github.com/spf13/cobra v1.1.1
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/spf13/afero v1.6.0
|
||||
github.com/spf13/cobra v1.2.1
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.6.1
|
||||
github.com/vmware-tanzu/crash-diagnostics v0.3.4
|
||||
golang.org/x/mod v0.3.0
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
|
||||
google.golang.org/grpc v1.31.0
|
||||
k8s.io/api v0.20.9
|
||||
k8s.io/apiextensions-apiserver v0.19.12
|
||||
k8s.io/apimachinery v0.20.9
|
||||
k8s.io/cli-runtime v0.20.9
|
||||
k8s.io/client-go v0.20.9
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/vmware-tanzu/crash-diagnostics v0.3.7
|
||||
golang.org/x/mod v0.4.2
|
||||
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
|
||||
google.golang.org/grpc v1.40.0
|
||||
k8s.io/api v0.22.2
|
||||
k8s.io/apiextensions-apiserver v0.22.2
|
||||
k8s.io/apimachinery v0.22.2
|
||||
k8s.io/cli-runtime v0.22.2
|
||||
k8s.io/client-go v0.22.2
|
||||
k8s.io/klog v1.0.0
|
||||
k8s.io/kube-aggregator v0.19.12
|
||||
sigs.k8s.io/cluster-api v0.3.11-0.20210106212952-b6c1b5b3db3d
|
||||
sigs.k8s.io/controller-runtime v0.7.1-0.20201215171748-096b2e07c091
|
||||
sigs.k8s.io/cluster-api v1.0.0
|
||||
sigs.k8s.io/controller-runtime v0.10.2
|
||||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.93.3 // indirect
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.14 // indirect
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 // indirect
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
|
||||
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
|
||||
github.com/Azure/go-autorest/logger v0.2.1 // indirect
|
||||
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/blang/semver v3.5.1+incompatible // indirect
|
||||
github.com/cespare/xxhash/v2 v2.1.1 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/dimchansky/utfbom v1.1.1 // indirect
|
||||
github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
|
||||
github.com/fsnotify/fsnotify v1.5.1 // indirect
|
||||
github.com/go-logr/logr v0.4.0 // indirect
|
||||
github.com/go-logr/zapr v0.4.0 // indirect
|
||||
github.com/gobuffalo/flect v0.2.3 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/google/go-cmp v0.5.6 // indirect
|
||||
github.com/google/gofuzz v1.2.0 // indirect
|
||||
github.com/googleapis/gnostic v0.5.5 // indirect
|
||||
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
|
||||
github.com/imdario/mergo v0.3.12 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.0.0 // indirect
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af // indirect
|
||||
github.com/json-iterator/go v1.1.11 // indirect
|
||||
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
|
||||
github.com/mattn/go-colorable v0.1.9 // indirect
|
||||
github.com/mattn/go-isatty v0.0.14 // indirect
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
|
||||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||
github.com/mitchellh/go-testing-interface v1.0.0 // indirect
|
||||
github.com/moby/spdystream v0.2.0 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/modern-go/reflect2 v1.0.1 // indirect
|
||||
github.com/nxadm/tail v1.4.8 // indirect
|
||||
github.com/oklog/run v1.0.0 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/client_model v0.2.0 // indirect
|
||||
github.com/prometheus/common v0.26.0 // indirect
|
||||
github.com/prometheus/procfs v0.6.0 // indirect
|
||||
github.com/stretchr/objx v0.2.0 // indirect
|
||||
github.com/vladimirvivien/gexe v0.1.1 // indirect
|
||||
go.starlark.net v0.0.0-20201006213952-227f4aabceb5 // indirect
|
||||
go.uber.org/atomic v1.7.0 // indirect
|
||||
go.uber.org/multierr v1.6.0 // indirect
|
||||
go.uber.org/zap v1.19.0 // indirect
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
|
||||
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
|
||||
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
|
||||
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71 // indirect
|
||||
google.golang.org/protobuf v1.27.1 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
k8s.io/component-base v0.22.2 // indirect
|
||||
k8s.io/klog/v2 v2.9.0 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
|
||||
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
|
||||
sigs.k8s.io/yaml v1.3.0 // indirect
|
||||
)
|
||||
|
||||
replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
FROM golang:1.16
|
||||
FROM golang:1.17.7
|
||||
|
||||
ARG GOPROXY
|
||||
|
||||
|
||||
@@ -56,26 +56,24 @@ elif [[ "$triggeredBy" == "tags" ]]; then
|
||||
TAG=$(echo $GITHUB_REF | cut -d / -f 3)
|
||||
fi
|
||||
|
||||
if [[ "$BRANCH" == "main" ]]; then
|
||||
VERSION="$BRANCH"
|
||||
elif [[ ! -z "$TAG" ]]; then
|
||||
TAG_LATEST=false
|
||||
if [[ ! -z "$TAG" ]]; then
|
||||
echo "We're building tag $TAG"
|
||||
VERSION="$TAG"
|
||||
# Explicitly checkout tags when building from a git tag.
|
||||
# This is not needed when building from main
|
||||
git fetch --tags
|
||||
# Calculate the latest release if there's a tag.
|
||||
highest_release
|
||||
VERSION="$TAG"
|
||||
if [[ "$TAG" == "$HIGHEST" ]]; then
|
||||
TAG_LATEST=true
|
||||
fi
|
||||
else
|
||||
echo "We're not on main and we're not building a tag, exit early."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Assume we're not tagging `latest` by default, and never on main.
|
||||
TAG_LATEST=false
|
||||
if [[ "$BRANCH" == "main" ]]; then
|
||||
echo "Building main, not tagging latest."
|
||||
elif [[ "$TAG" == "$HIGHEST" ]]; then
|
||||
TAG_LATEST=true
|
||||
echo "We're on branch $BRANCH"
|
||||
VERSION="$BRANCH"
|
||||
if [[ "$VERSION" == release-* ]]; then
|
||||
VERSION=${VERSION}-dev
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "$BUILDX_PLATFORMS" ]]; then
|
||||
@@ -87,6 +85,7 @@ echo "Highest tag found: $HIGHEST"
|
||||
echo "BRANCH: $BRANCH"
|
||||
echo "TAG: $TAG"
|
||||
echo "TAG_LATEST: $TAG_LATEST"
|
||||
echo "VERSION: $VERSION"
|
||||
echo "BUILDX_PLATFORMS: $BUILDX_PLATFORMS"
|
||||
|
||||
echo "Building and pushing container images."
|
||||
|
||||
@@ -38,5 +38,10 @@ if [[ -n "${GOFLAGS:-}" ]]; then
|
||||
echo "GOFLAGS: ${GOFLAGS}"
|
||||
fi
|
||||
|
||||
go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
|
||||
# After bumping up "sigs.k8s.io/controller-runtime" to v0.10.2, get the error "panic: mkdir /.cache/kubebuilder-envtest: permission denied"
|
||||
# when running this script with "make test" command. This is caused by that "make test" runs inside a container with user and group specified,
|
||||
# but the user and group don't exist inside the container, when the code(https://github.com/kubernetes-sigs/controller-runtime/blob/v0.10.2/pkg/internal/testing/addr/manager.go#L44)
|
||||
# tries to get the cache directory, it gets the directory "/" and then get the permission error when trying to create directory under "/".
|
||||
# Specifying the cache directory by environment variable "XDG_CACHE_HOME" to workaround it
|
||||
XDG_CACHE_HOME=/tmp/ go test -installsuffix "static" -short -timeout 60s "${TARGETS[@]}"
|
||||
echo "Success!"
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
|
||||
@@ -47,6 +47,7 @@ import (
|
||||
"github.com/vmware-tanzu/velero/pkg/plugin/velero"
|
||||
"github.com/vmware-tanzu/velero/pkg/podexec"
|
||||
"github.com/vmware-tanzu/velero/pkg/restic"
|
||||
"github.com/vmware-tanzu/velero/pkg/util/boolptr"
|
||||
"github.com/vmware-tanzu/velero/pkg/util/collections"
|
||||
)
|
||||
|
||||
@@ -224,7 +225,7 @@ func (kb *kubernetesBackupper) Backup(log logrus.FieldLogger, backupRequest *Req
|
||||
backupRequest.ResourceIncludesExcludes = collections.GetResourceIncludesExcludes(kb.discoveryHelper, backupRequest.Spec.IncludedResources, backupRequest.Spec.ExcludedResources)
|
||||
log.Infof("Including resources: %s", backupRequest.ResourceIncludesExcludes.IncludesString())
|
||||
log.Infof("Excluding resources: %s", backupRequest.ResourceIncludesExcludes.ExcludesString())
|
||||
log.Infof("Backing up all pod volumes using restic: %t", *backupRequest.Backup.Spec.DefaultVolumesToRestic)
|
||||
log.Infof("Backing up all pod volumes using restic: %t", boolptr.IsSetToTrue(backupRequest.Backup.Spec.DefaultVolumesToRestic))
|
||||
|
||||
var err error
|
||||
backupRequest.ResourceHooks, err = getResourceHooks(backupRequest.Spec.Hooks.Resources, kb.discoveryHelper)
|
||||
|
||||
@@ -26,7 +26,7 @@ import (
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
@@ -293,7 +293,6 @@ func (r *itemCollector) getResourceItems(log logrus.FieldLogger, gv schema.Group
|
||||
if selector := r.backupRequest.Spec.LabelSelector; selector != nil {
|
||||
labelSelector = metav1.FormatLabelSelector(selector)
|
||||
}
|
||||
listOptions := metav1.ListOptions{LabelSelector: labelSelector}
|
||||
|
||||
log.Info("Listing items")
|
||||
unstructuredItems := make([]unstructured.Unstructured, 0)
|
||||
@@ -301,50 +300,42 @@ func (r *itemCollector) getResourceItems(log logrus.FieldLogger, gv schema.Group
|
||||
if r.pageSize > 0 {
|
||||
// If limit is positive, use a pager to split list over multiple requests
|
||||
// Use Velero's dynamic list function instead of the default
|
||||
listFunc := pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) {
|
||||
list, err := resourceClient.List(listOptions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return list, nil
|
||||
})
|
||||
listPager := pager.New(listFunc)
|
||||
listPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) {
|
||||
return resourceClient.List(opts)
|
||||
}))
|
||||
// Use the page size defined in the server config
|
||||
// TODO allow configuration of page buffer size
|
||||
listPager.PageSize = int64(r.pageSize)
|
||||
// Add each item to temporary slice
|
||||
var items []unstructured.Unstructured
|
||||
err := listPager.EachListItem(context.Background(), listOptions, func(object runtime.Object) error {
|
||||
item, isUnstructured := object.(*unstructured.Unstructured)
|
||||
if !isUnstructured {
|
||||
// We should never hit this
|
||||
log.Error("Got type other than Unstructured from pager func")
|
||||
return nil
|
||||
}
|
||||
items = append(items, *item)
|
||||
return nil
|
||||
})
|
||||
if statusError, isStatusError := err.(*apierrors.StatusError); isStatusError && statusError.Status().Reason == metav1.StatusReasonExpired {
|
||||
log.WithError(errors.WithStack(err)).Error("Error paging item list. Falling back on unpaginated list")
|
||||
unstructuredList, err := resourceClient.List(listOptions)
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing items")
|
||||
continue
|
||||
}
|
||||
items = unstructuredList.Items
|
||||
} else if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error paging item list")
|
||||
list, paginated, err := listPager.List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing resources")
|
||||
continue
|
||||
}
|
||||
if !paginated {
|
||||
log.Infof("list for groupResource %s was not paginated", gr)
|
||||
}
|
||||
err = meta.EachListItem(list, func(object runtime.Object) error {
|
||||
u, ok := object.(*unstructured.Unstructured)
|
||||
if !ok {
|
||||
log.WithError(errors.WithStack(fmt.Errorf("expected *unstructured.Unstructured but got %T", u))).Error("unable to understand entry in the list")
|
||||
return fmt.Errorf("expected *unstructured.Unstructured but got %T", u)
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, *u)
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("unable to understand paginated list")
|
||||
continue
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, items...)
|
||||
} else {
|
||||
// If limit is not positive, do not use paging. Instead, request all items at once
|
||||
unstructuredList, err := resourceClient.List(metav1.ListOptions{LabelSelector: labelSelector})
|
||||
unstructuredItems = append(unstructuredItems, unstructuredList.Items...)
|
||||
if err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error listing items")
|
||||
continue
|
||||
}
|
||||
unstructuredItems = append(unstructuredItems, unstructuredList.Items...)
|
||||
}
|
||||
|
||||
log.Infof("Retrieved %d items", len(unstructuredItems))
|
||||
|
||||
@@ -312,7 +312,7 @@ func (c *backupSyncController) run() {
|
||||
c.deleteOrphanedBackups(location.Name, backupStoreBackups, log)
|
||||
|
||||
// update the location's last-synced time field
|
||||
statusPatch := client.MergeFrom(location.DeepCopyObject())
|
||||
statusPatch := client.MergeFrom(location.DeepCopy())
|
||||
location.Status.LastSyncedTime = &metav1.Time{Time: time.Now().UTC()}
|
||||
if err := c.kbClient.Status().Patch(context.Background(), &location, statusPatch); err != nil {
|
||||
log.WithError(errors.WithStack(err)).Error("Error patching backup location's last-synced time")
|
||||
|
||||
@@ -18,6 +18,7 @@ package clientmgmt
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
@@ -162,3 +163,37 @@ func (l *logrusAdapter) StandardLogger(opts *hclog.StandardLoggerOptions) *log.L
|
||||
func (l *logrusAdapter) SetLevel(_ hclog.Level) {
|
||||
return
|
||||
}
|
||||
|
||||
// ImpliedArgs returns With key/value pairs
|
||||
func (l *logrusAdapter) ImpliedArgs() []interface{} {
|
||||
panic("not implemented")
|
||||
}
|
||||
|
||||
// Args are alternating key, val pairs
|
||||
// keys must be strings
|
||||
// vals can be any type, but display is implementation specific
|
||||
// Emit a message and key/value pairs at a provided log level
|
||||
func (l *logrusAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
|
||||
switch level {
|
||||
case hclog.Trace:
|
||||
l.Trace(msg, args...)
|
||||
case hclog.Debug:
|
||||
l.Debug(msg, args...)
|
||||
case hclog.Info:
|
||||
l.Info(msg, args...)
|
||||
case hclog.Warn:
|
||||
l.Warn(msg, args...)
|
||||
case hclog.Error:
|
||||
l.Error(msg, args...)
|
||||
}
|
||||
}
|
||||
|
||||
// Returns the Name of the logger
|
||||
func (l *logrusAdapter) Name() string {
|
||||
return l.name
|
||||
}
|
||||
|
||||
// Return a value that conforms to io.Writer, which can be passed into log.SetOutput()
|
||||
func (l *logrusAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
|
||||
panic("not implemented")
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
v1 "k8s.io/client-go/applyconfigurations/core/v1"
|
||||
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
)
|
||||
|
||||
@@ -77,3 +78,13 @@ func (c *FakeNamespaceClient) UpdateStatus(ctx context.Context, namespace *corev
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
func (c *FakeNamespaceClient) Apply(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
func (c *FakeNamespaceClient) ApplyStatus(ctx context.Context, namespace *v1.NamespaceApplyConfiguration, opts metav1.ApplyOptions) (result *corev1api.Namespace, err error) {
|
||||
args := c.Called(namespace)
|
||||
return args.Get(0).(*corev1api.Namespace), args.Error(1)
|
||||
}
|
||||
|
||||
@@ -164,21 +164,13 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
|
||||
excludes := sets.NewString(excludesList...)
|
||||
|
||||
for _, itm := range includes.List() {
|
||||
// Although asterisks is not a valid Kubernetes namespace name, it is
|
||||
// allowed here.
|
||||
if itm != "*" {
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
}
|
||||
|
||||
for _, itm := range excludes.List() {
|
||||
// Asterisks in excludes list have been checked previously.
|
||||
if itm != "*" {
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
if nsErrs := validateNamespaceName(itm); nsErrs != nil {
|
||||
errs = append(errs, nsErrs...)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -188,7 +180,18 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
|
||||
func validateNamespaceName(ns string) []error {
|
||||
var errs []error
|
||||
|
||||
if errMsgs := validation.ValidateNamespaceName(ns, false); errMsgs != nil {
|
||||
// Velero interprets empty string as "no namespace", so allow it even though
|
||||
// it is not a valid Kubernetes name.
|
||||
if ns == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Kubernetes does not allow asterisks in namespaces but Velero uses them as
|
||||
// wildcards. Replace asterisks with an arbitrary letter to pass Kubernetes
|
||||
// validation.
|
||||
tmpNamespace := strings.ReplaceAll(ns, "*", "x")
|
||||
|
||||
if errMsgs := validation.ValidateNamespaceName(tmpNamespace, false); errMsgs != nil {
|
||||
for _, msg := range errMsgs {
|
||||
errs = append(errs, errors.Errorf("invalid namespace %q: %s", ns, msg))
|
||||
}
|
||||
|
||||
@@ -207,11 +207,6 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
includes: []string{},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string is invalid",
|
||||
includes: []string{""},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "asterisk by itself is valid",
|
||||
includes: []string{"*"},
|
||||
@@ -232,7 +227,7 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
{
|
||||
name: "special characters in name is invalid",
|
||||
includes: []string{"foo?", "foo.bar", "bar_321"},
|
||||
excludes: []string{"$foo", "foo*bar", "bar=321"},
|
||||
excludes: []string{"$foo", "foo>bar", "bar=321"},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
@@ -240,11 +235,33 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
|
||||
includes: []string{},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string includes is valid (includes nothing)",
|
||||
includes: []string{""},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty string excludes is valid (excludes nothing)",
|
||||
excludes: []string{""},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "include everything using asterisk is valid",
|
||||
includes: []string{"*"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "excludes can contain wildcard",
|
||||
includes: []string{"foo", "bar"},
|
||||
excludes: []string{"nginx-ingress-*", "*-bar", "*-ingress-*"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "includes can contain wildcard",
|
||||
includes: []string{"*-foo", "kube-*", "*kube*"},
|
||||
excludes: []string{"bar"},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "include everything not allowed with other includes",
|
||||
includes: []string{"*", "foo"},
|
||||
|
||||
@@ -236,6 +236,11 @@ func veleroBackupNamespace(ctx context.Context, veleroCLI string, veleroNamespac
|
||||
args = append(args, "--snapshot-volumes")
|
||||
} else {
|
||||
args = append(args, "--default-volumes-to-restic")
|
||||
// To workaround https://github.com/vmware-tanzu/velero-plugin-for-vsphere/issues/347 for vsphere plugin v1.1.1
|
||||
// if the "--snapshot-volumes=false" isn't specified explicitly, the vSphere plugin will always take snapshots
|
||||
// for the volumes even though the "--default-volumes-to-restic" is specified
|
||||
// TODO This can be removed if the logic of vSphere plugin bump up to 1.3
|
||||
args = append(args, "--snapshot-volumes=false")
|
||||
}
|
||||
if backupLocation != "" {
|
||||
args = append(args, "--storage-location", backupLocation)
|
||||
|
||||
Reference in New Issue
Block a user