Skip to content

Commit 48b0eeb

Browse files
AlldaAllda
committed
feat: Replace podmand with oras in backup container
Signed-off-by: Ales Raszka <[email protected]>
1 parent efe0538 commit 48b0eeb

13 files changed

+80
-24
lines changed

apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,15 @@ type RegistryConfig struct {
7878
// +kubebuilder:validation:Required
7979
Path string `json:"path,omitempty"`
8080
// AuthSecret is the name of a Kubernetes secret of
81-
// type kubernetes.io/dockerconfigjson
81+
// type kubernetes.io/dockerconfigjson.
82+
// The secret is expected to be in the same namespace
83+
// as the DevWorkspaceOperatorCongfig.
8284
// +kubebuilder:validation:Optional
8385
AuthSecret string `json:"authSecret,omitempty"`
86+
87+
// ExtraArgs are additional arguments passed to the oras CLI
88+
// +kubebuilder:validation:Optional
89+
ExtraArgs string `json:"extraArgs,omitempty"`
8490
}
8591

8692
type BackupCronJobConfig struct {

controllers/backupcronjob/backupcronjob_controller.go

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -365,9 +365,10 @@ func (r *BackupCronJobReconciler) createBackupJob(
365365
Value: "/workspace/" + workspacePath,
366366
},
367367
{Name: "DEVWORKSPACE_BACKUP_REGISTRY", Value: backUpConfig.Registry.Path},
368-
{Name: "PODMAN_PUSH_OPTIONS", Value: "--tls-verify=false"},
368+
{Name: "ORAS_EXTRA_ARGS", Value: backUpConfig.Registry.ExtraArgs},
369369
},
370-
Image: images.GetProjectBackupImage(),
370+
Image: images.GetProjectBackupImage(),
371+
ImagePullPolicy: "Always",
371372
Args: []string{
372373
"/workspace-recovery.sh",
373374
"--backup",
@@ -383,7 +384,7 @@ func (r *BackupCronJobReconciler) createBackupJob(
383384
},
384385
},
385386
SecurityContext: &corev1.SecurityContext{
386-
RunAsUser: ptr.To[int64](1000),
387+
AllowPrivilegeEscalation: ptr.To[bool](false),
387388
},
388389
},
389390
},
@@ -422,12 +423,12 @@ func (r *BackupCronJobReconciler) createBackupJob(
422423
})
423424
job.Spec.Template.Spec.Containers[0].VolumeMounts = append(job.Spec.Template.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
424425
Name: "registry-auth-secret",
425-
MountPath: "/home/podman/.docker",
426+
MountPath: "/tmp/.docker",
426427
ReadOnly: true,
427428
})
428429
job.Spec.Template.Spec.Containers[0].Env = append(job.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
429430
Name: "REGISTRY_AUTH_FILE",
430-
Value: "/home/podman/.docker/.dockerconfigjson",
431+
Value: "/tmp/.docker/.dockerconfigjson",
431432
})
432433

433434
}

controllers/backupcronjob/backupcronjob_controller_test.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,8 @@ var _ = Describe("BackupCronJobReconciler", func() {
320320
Enable: &enabled,
321321
Schedule: schedule,
322322
Registry: &controllerv1alpha1.RegistryConfig{
323-
Path: "fake-registry",
323+
Path: "fake-registry",
324+
ExtraArgs: "--exta-arg1",
324325
},
325326
},
326327
},
@@ -349,7 +350,7 @@ var _ = Describe("BackupCronJobReconciler", func() {
349350
{Name: "WORKSPACE_ID", Value: "id-recent"},
350351
{Name: "BACKUP_SOURCE_PATH", Value: "/workspace/id-recent/projects"},
351352
{Name: "DEVWORKSPACE_BACKUP_REGISTRY", Value: "fake-registry"},
352-
{Name: "PODMAN_PUSH_OPTIONS", Value: "--tls-verify=false"},
353+
{Name: "ORAS_EXTRA_ARGS", Value: "--exta-arg1"},
353354
}
354355
Expect(container.Env).Should(ContainElements(expectedEnvs), "container env vars should include vars neeeded for backup")
355356

deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/deployment/kubernetes/combined.yaml

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/deployment/openshift/combined.yaml

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/config/sync.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -451,6 +451,9 @@ func mergeConfig(from, to *controller.OperatorConfiguration) {
451451
if from.Workspace.BackupCronJob.Registry.AuthSecret != "" {
452452
to.Workspace.BackupCronJob.Registry.AuthSecret = from.Workspace.BackupCronJob.Registry.AuthSecret
453453
}
454+
if from.Workspace.BackupCronJob.Registry.ExtraArgs != "" {
455+
to.Workspace.BackupCronJob.Registry.ExtraArgs = from.Workspace.BackupCronJob.Registry.ExtraArgs
456+
}
454457
}
455458
}
456459

0 commit comments

Comments
 (0)