Add GCP support and separate out plugin implementations

Signed-off-by: Danil Grigorev <danil.grigorev@suse.com>
Danil-Grigorev · Mar 3, 2024 · 91e6fd3 · 91e6fd3
1 parent 1afad01
commit 91e6fd3
Show file tree

Hide file tree

Showing 19 changed files with 750 additions and 211 deletions.
diff --git a/api/v1alpha1/veleroinstallation_operations.go b/api/v1alpha1/veleroinstallation_operations.go
@@ -22,6 +22,8 @@ func (p Provider) Name() string {
 		return "aws"
 	case p.Azure != nil:
 		return "azure"
+	case p.GCP != nil:
+		return "velero.io/gcp"
 	default:
 		panic("Unknown type of provider supplied")
 	}

diff --git a/api/v1alpha1/veleroinstallation_types.go b/api/v1alpha1/veleroinstallation_types.go
@@ -49,6 +49,7 @@ type VeleroInstallationSpec struct {
 type Provider struct {
 	AWS   *AWS   `json:"aws,omitempty"`
 	Azure *Azure `json:"azure,omitempty"`
+	GCP   *GCP   `json:"gcp,omitempty"`
 }
 
 type AWS struct {
@@ -77,6 +78,18 @@ type Azure struct {
 	Config AzureConfig `json:"config,omitempty"`
 }
 
+type GCP struct {
+	// +optional
+	PluginURL string `json:"pluginURL"`
+
+	// +optional
+	PluginTag string `json:"pluginTag"`
+
+	CredentialMap CredentialMap `json:"credentialMap,omitempty"`
+
+	Config GCPConfig `json:"config,omitempty"`
+}
+
 type AWSConfig struct {
 	// +optional
 	Region string `json:"region,omitempty"`
@@ -100,6 +113,40 @@ type AzureConfig struct {
 	// +optional
 	SubscriptionId string `json:"subscriptionId"`
 }
+
+type GCPConfig struct {
+	// Name of the GCP service account to use for this backup storage location. Specify the
+	// service account here if you want to use workload identity instead of providing the key file.
+	//
+	// Optional (defaults to "false").
+	// +optional
+	ServiceAccount string `json:"serviceAccount"`
+
+	// Name of the Cloud KMS key to use to encrypt backups stored in this location, in the form
+	// "projects/P/locations/L/keyRings/R/cryptoKeys/K". See customer-managed Cloud KMS keys
+	// (https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) for details.
+	// +optional
+	KMSKeyName string `json:"kmsKeyName"`
+
+	// The GCP location where snapshots should be stored. See the GCP documentation
+	// (https://cloud.google.com/storage/docs/locations#available_locations) for the
+	// full list. If not specified, snapshots are stored in the default location
+	// (https://cloud.google.com/compute/docs/disks/create-snapshots#default_location).
+	//
+	// Example: us-central1
+	// +optional
+	SnapshotLocation string `json:"snapshotLocation,omitempty"`
+
+	// The project ID where existing snapshots should be retrieved from during restores, if
+	// different than the project that your IAM account is in. This field has no effect on
+	// where new snapshots are created; it is only useful for restoring existing snapshots
+	// from a different project.
+	//
+	// Optional (defaults to the project that the GCP IAM account is in).
+	// Example: my-alternate-project
+	Project string `json:"project,omitempty"`
+}
+
 type VeleroHelmState struct {
 	DeployNodeAgent bool `json:"deployNodeAgent"`
 	CleanUpCRDs     bool `json:"cleanUpCRDs"`

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/addons.cluster.x-k8s.io_veleroinstallations.yaml b/config/crd/bases/addons.cluster.x-k8s.io_veleroinstallations.yaml
@@ -394,6 +394,68 @@ spec:
                       pluginURL:
                         type: string
                     type: object
+                  gcp:
+                    properties:
+                      config:
+                        properties:
+                          kmsKeyName:
+                            description: |-
+                              Name of the Cloud KMS key to use to encrypt backups stored in this location, in the form
+                              "projects/P/locations/L/keyRings/R/cryptoKeys/K". See customer-managed Cloud KMS keys
+                              (https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) for details.
+                            type: string
+                          project:
+                            description: |-
+                              The project ID where existing snapshots should be retrieved from during restores, if
+                              different than the project that your IAM account is in. This field has no effect on
+                              where new snapshots are created; it is only useful for restoring existing snapshots
+                              from a different project.
+
+
+                              Optional (defaults to the project that the GCP IAM account is in).
+                              Example: my-alternate-project
+                            type: string
+                          serviceAccount:
+                            description: |-
+                              Name of the GCP service account to use for this backup storage location. Specify the
+                              service account here if you want to use workload identity instead of providing the key file.
+
+
+                              Optional (defaults to "false").
+                            type: string
+                          snapshotLocation:
+                            description: |-
+                              The GCP location where snapshots should be stored. See the GCP documentation
+                              (https://cloud.google.com/storage/docs/locations#available_locations) for the
+                              full list. If not specified, snapshots are stored in the default location
+                              (https://cloud.google.com/compute/docs/disks/create-snapshots#default_location).
+
+
+                              Example: us-central1
+                            type: string
+                        type: object
+                      credentialMap:
+                        properties:
+                          from:
+                            type: string
+                          namespaceName:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          to:
+                            type: string
+                        type: object
+                      pluginTag:
+                        type: string
+                      pluginURL:
+                        type: string
+                    type: object
                 type: object
               state:
                 properties:

diff --git a/config/samples/gcp/_v1alpha1_velerobackup.yaml b/config/samples/gcp/_v1alpha1_velerobackup.yaml
@@ -0,0 +1,17 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: VeleroBackup
+metadata:
+  labels:
+    app.kubernetes.io/name: velerobackup
+    app.kubernetes.io/instance: gcpbackup-sample
+    app.kubernetes.io/part-of: cluster-api-addon-provider-velero
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: cluster-api-addon-provider-velero
+  name: gcpbackup-sample
+  namespace: creategitops-me7ee7
+spec:
+  installation:
+    ref:
+      kind: VeleroInstallation
+      name: gcpinstallation-sample
+      namespace: creategitops-me7ee7
diff --git a/config/samples/gcp/_v1alpha1_veleroinstallation.yaml b/config/samples/gcp/_v1alpha1_veleroinstallation.yaml
@@ -0,0 +1,24 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: VeleroInstallation
+metadata:
+  labels:
+    app.kubernetes.io/name: veleroinstallation
+    app.kubernetes.io/instance: gcpinstallation-sample
+    app.kubernetes.io/part-of: cluster-api-addon-provider-velero
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: cluster-api-addon-provider-velero
+  name: gcpinstallation-sample
+  namespace: creategitops-me7ee7
+spec:
+  bucket: dgrigore-bucket
+  namespace: velero-gcp
+  provider:
+    gcp:
+      credentialMap:
+        namespaceName:
+          name: gcp-credentials
+          namespace: default
+  state:
+    deployNodeAgent: true
+    cleanUpCRDs: true
+    credentials: {}
diff --git a/config/samples/gcp/_v1alpha1_velerorestore.yaml b/config/samples/gcp/_v1alpha1_velerorestore.yaml
@@ -0,0 +1,18 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: VeleroRestore
+metadata:
+  labels:
+    app.kubernetes.io/name: velerorestore
+    app.kubernetes.io/instance: gcprestore-sample
+    app.kubernetes.io/part-of: cluster-api-addon-provider-velero
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: cluster-api-addon-provider-velero
+  name: gcprestore-sample
+  namespace: creategitops-me7ee7
+spec:
+  backupName: gcpbackup-sample
+  installation:
+    ref:
+      kind: VeleroInstallation
+      name: gcpinstallation-sample
+      namespace: creategitops-me7ee7
diff --git a/config/samples/gcp/_v1alpha1_velerorestoreschedule.yaml b/config/samples/gcp/_v1alpha1_velerorestoreschedule.yaml
@@ -0,0 +1,19 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: VeleroRestore
+metadata:
+  labels:
+    app.kubernetes.io/name: velerorestore
+    app.kubernetes.io/instance: gcpschedule-sample
+    app.kubernetes.io/part-of: cluster-api-addon-provider-velero
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: cluster-api-addon-provider-velero
+  name: gcprestoreshedule-sample
+  namespace: creategitops-me7ee7
+spec:
+  backupName: ""
+  scheduleName: gcpschedule-sample
+  installation:
+    ref:
+      kind: VeleroInstallation
+      name: gcpinstallation-sample
+      namespace: creategitops-me7ee7
diff --git a/config/samples/gcp/_v1alpha1_veleroschedule.yaml b/config/samples/gcp/_v1alpha1_veleroschedule.yaml
@@ -0,0 +1,19 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: VeleroSchedule
+metadata:
+  labels:
+    app.kubernetes.io/name: veleroschedule
+    app.kubernetes.io/instance: gcpschedule-sample
+    app.kubernetes.io/part-of: cluster-api-addon-provider-velero
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: cluster-api-addon-provider-velero
+  name: gcpschedule-sample
+  namespace: creategitops-me7ee7
+spec:
+  template: {}
+  schedule: "* * * * *"
+  installation:
+    ref:
+      kind: VeleroInstallation
+      name: gcpinstallation-sample
+      namespace: creategitops-me7ee7
diff --git a/hack/setup-velero-bucket-gcp.sh b/hack/setup-velero-bucket-gcp.sh
@@ -0,0 +1,46 @@
+BUCKET=dgrigore-bucket
+gsutil mb gs://$BUCKET/
+
+PROJECT_ID=$(gcloud config get-value project)
+GSA_NAME=velero-dgrigore
+gcloud iam service-accounts create $GSA_NAME \
+    --display-name "Velero service account dgrigore"
+
+SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
+  --filter="displayName:Velero service account" \
+  --format 'value(email)')
+
+ROLE_PERMISSIONS=(
+    compute.disks.get
+    compute.disks.create
+    compute.disks.createSnapshot
+    compute.projects.get
+    compute.snapshots.get
+    compute.snapshots.create
+    compute.snapshots.useReadOnly
+    compute.snapshots.delete
+    compute.zones.get
+    storage.objects.create
+    storage.objects.delete
+    storage.objects.get
+    storage.objects.list
+    iam.serviceAccounts.signBlob
+)
+
+gcloud iam roles create dgrigorevelero.server \
+    --project $PROJECT_ID \
+    --title "Velero Server" \
+    --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
+
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
+    --role projects/$PROJECT_ID/roles/dgrigorevelero.server
+
+gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
+
+gcloud iam service-accounts keys create credentials-velero \
+    --iam-account $SERVICE_ACCOUNT_EMAIL
+
+kubectl create secret generic -n default gcp-credentials --from-file=gcp=credentials-velero
+
+rm credentials-velero
diff --git a/internal/controller/velerobackup_controller.go b/internal/controller/velerobackup_controller.go
@@ -59,12 +59,12 @@ func (r *VeleroBackupReconciler) SetupWithManager(ctx context.Context, mgr ctrl.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.0/pkg/reconcile
-func (r *VeleroBackupReconciler) Reconcile(ctx context.Context, clusterRef client.ObjectKey, installation *veleroaddonv1.VeleroInstallation, backup *veleroaddonv1.VeleroBackup) (ctrl.Result, error) {
+func (r *VeleroBackupReconciler) Reconcile(ctx context.Context, _ client.ObjectKey, installation *veleroaddonv1.VeleroInstallation, backup *veleroaddonv1.VeleroBackup) (ctrl.Result, error) {
 	_ = log.FromContext(ctx)
 
 	r.Backup = &velerov1.Backup{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      backup.Name + "-" + clusterRef.Name,
+			Name:      backup.Name,
 			Namespace: cmp.Or(installation.Spec.HelmSpec.ReleaseNamespace, installation.Spec.Namespace, "velero"),
 			Annotations: map[string]string{
 				proxyKeyAnnotation: string(veleroaddonv1.ToNamespaceName(backup)),