Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Recipe shrink #2174

Open
wants to merge 8 commits into
base: scripts-dev
Choose a base branch
from
Open

[WIP] Recipe shrink #2174

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ae5fd4d
create v2 recipe, update label script accordingly
bluzarraga Aug 29, 2024
df93fdb
remove namespace designation
bluzarraga Aug 29, 2024
ffd8976
debug
bluzarraga Aug 29, 2024
4f3db9f
debug
bluzarraga Aug 29, 2024
2092e1e
debug
bluzarraga Aug 29, 2024
4569721
fix labeling problem
bluzarraga Aug 30, 2024
5f5c1f4
fix labeling problem single
bluzarraga Aug 30, 2024
c519280
functional recipe for cpd BR
bluzarraga Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions velero/backup/common-service/env.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ OPERATOR_NS="" # Pass the namespace where the cs operator is installed
SERVICES_NS=""
CONTROL_NS="" # Pass the control namespace if it is needed to be backed up

#Pass any additional namespaces in the tenant that are not the operator or services namespace. Comma delimited
TETHERED_NS=""

# Change to the namespace where cert-manager, licensing and LSR are installed
CERT_MANAGER_NAMESPACE="ibm-cert-manager"
LICENSING_NAMESPACE="ibm-licensing"
Expand Down
27 changes: 25 additions & 2 deletions velero/backup/common-service/label-common-service.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ function main() {
label_subscription
label_lsr
label_cs
if [[ $SERVICES_NS != "" ]]; then
label_nss
fi
success "Successfully labeled all the resources"
}

Expand Down Expand Up @@ -170,7 +173,6 @@ function label_configmap() {
title "Start to label the ConfigMaps... "
${OC} label configmap common-service-maps foundationservices.cloudpak.ibm.com=configmap -n kube-public --overwrite=true 2>/dev/null
${OC} label configmap cs-onprem-tenant-config foundationservices.cloudpak.ibm.com=configmap -n $SERVICES_NS --overwrite=true 2>/dev/null
${OC} label configmap platform-auth-idp foundationservices.cloudpak.ibm.com=configmap -n $SERVICES_NS --overwrite=true 2>/dev/null
echo ""
}

Expand Down Expand Up @@ -225,7 +227,28 @@ function label_cs(){
title "Start to label the CommonService CR... "
${OC} label customresourcedefinition commonservices.operator.ibm.com foundationservices.cloudpak.ibm.com=crd --overwrite=true 2>/dev/null
${OC} label commonservices common-service foundationservices.cloudpak.ibm.com=commonservice -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label operandconfig common-service foundationservices.cloudpak.ibm.com=operand -n $SERVICES_NS --overwrite=true 2>/dev/null
echo ""
}

function label_nss(){
title "Label Namespacescope resources"
local nss_pm="ibm-namespace-scope-operator"
${OC} label subscriptions.operators.coreos.com $nss_pm foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label namespacescopes.operator.ibm.com common-service foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label customresourcedefinition namespacescopes.operator.ibm.com foundationservices.cloudpak.ibm.com=nss --overwrite=true 2>/dev/null
${OC} label serviceaccount ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label role nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label role nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
${OC} label rolebinding nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
${OC} label rolebinding nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
${OC} label configmap namespace-scope foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
if [[ $TETHERED_NS != "" ]]; then
for namespace in ${TETHERED_NS//,/ }
do
${OC} label role nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $namespace --overwrite=true 2>/dev/null
${OC} label rolebinding nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $namespace --overwrite=true 2>/dev/null
done
fi
echo ""
}

Expand Down
306 changes: 306 additions & 0 deletions velero/spectrum-fusion/recipes/4.9-example-multi-ns-recipev2-cpd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,306 @@
apiVersion: spp-data-protection.isf.ibm.com/v1alpha1
kind: Recipe
metadata:
name: cs-recipe
namespace: ibm-spectrum-fusion-ns
spec:
appType: common-service
groups:
- includeClusterResources: true
name: backup-parent-group
type: resource
includedResourceTypes:
- secrets
- certificates.cert-manager.io
- issuers.cert-manager.io
- customresourcedefinitions.apiextensions.k8s.io
- ibmlicenseservicereporters.operator.ibm.com
- deployments
- serviceaccount
- role
- clusterrole
- rolebinding
- clusterrolebinding
- configmaps
- catalogsources.operators.coreos.com
- operatorgroups.operators.coreos.com
- subscriptions.operators.coreos.com
- commonservices.operator.ibm.com
- namespacescopes.operator.ibm.com
- operandrequests.operator.ibm.com
- zenservices.zen.cpd.ibm.com
- namespaces
labelSelector: foundationservices.cloudpak.ibm.com
- includeClusterResources: true
includedResourceTypes:
- secrets
- certificates.cert-manager.io
- issuers.cert-manager.io
- customresourcedefinitions.apiextensions.k8s.io
labelSelector: foundationservices.cloudpak.ibm.com=cert-manager
name: cert-manager-resources
type: resource
backupRef: backup-parent-group
- backupRef: backup-parent-group
includeClusterResources: true
includedResourceTypes:
- customresourcedefinitions.apiextensions.k8s.io
name: cert-manager-crd
type: resource
- includeClusterResources: true
includedResourceTypes:
- customresourcedefinitions.apiextensions.k8s.io
- secrets
- ibmlicenseservicereporters.operator.ibm.com
labelSelector: foundationservices.cloudpak.ibm.com=lsr
name: license-service-reporter-parent
type: resource
backupRef: backup-parent-group
- backupRef: backup-parent-group
includeClusterResources: true
includedResourceTypes:
- customresourcedefinitions.apiextensions.k8s.io
name: license-service-reporter-crd
type: resource
- backupRef: backup-parent-group
includeClusterResources: true
includedResourceTypes:
- secrets
- ibmlicenseservicereporters.operator.ibm.com
name: license-service-reporter-instances
type: resource
- labelSelector: foundationservices.cloudpak.ibm.com=licensing
name: licensing-resources
type: resource
backupRef: backup-parent-group
- includeClusterResources: true
includedResourceTypes:
- deployments
- serviceaccount
- role
- rolebinding
- configmaps
labelSelector: foundationservices.cloudpak.ibm.com=lsr-data
name: license-service-reporter-resources
type: resource
backupRef: backup-parent-group
- backupRef: backup-parent-group
includeClusterResources: true
includedResourceTypes:
- serviceaccount
- role
- rolebinding
- configmaps
name: lsr-pre-deploy
type: resource
- backupRef: backup-parent-group
includeClusterResources: true
includedResourceTypes:
- deployments
name: lsr-deployment
type: resource
- labelSelector: foundationservices.cloudpak.ibm.com=lsr-data
name: lsr-volume
type: volume
backupRef: backup-parent-volume
- includedResourceTypes:
- catalogsources.operators.coreos.com
labelSelector: foundationservices.cloudpak.ibm.com=catalog
name: common-services-catalogs
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- secrets
labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
name: pull-secret
type: resource
backupRef: backup-parent-group
- backupRef: backup-parent-group
includedResourceTypes:
- secrets
labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
name: ow-pull-secret
restoreOverwriteResources: true
type: resource
- includedResourceTypes:
- configmaps
labelSelector: foundationservices.cloudpak.ibm.com=configmap
name: common-services-configmaps
type: resource
backupRef: backup-parent-group
- includeClusterResources: true
labelSelector: foundationservices.cloudpak.ibm.com=namespace
name: common-services-namespace
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- operatorgroups.operators.coreos.com
labelSelector: foundationservices.cloudpak.ibm.com=operatorgroup
name: common-services-operatorgroups
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- subscriptions.operators.coreos.com
labelSelector: foundationservices.cloudpak.ibm.com=subscription
name: common-services-subscriptions
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- subscriptions.operators.coreos.com
labelSelector: foundationservices.cloudpak.ibm.com=singleton-subscription
name: singleton-subscriptions
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- subscriptions.operators.coreos.com
labelSelector: foundationservices.cloudpak.ibm.com=lsr
name: license-service-reporter-subscriptions
type: resource
backupRef: backup-parent-group
- includeClusterResources: true
includedResourceTypes:
- customresourcedefinitions.apiextensions.k8s.io
labelSelector: foundationservices.cloudpak.ibm.com=crd
name: commonservice-crd
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- commonservices.operator.ibm.com
labelSelector: foundationservices.cloudpak.ibm.com=commonservice
name: commonservice-cr
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- namespacescopes.operator.ibm.com
- customresourcedefinitions.apiextensions.k8s.io
- roles
- rolebindings
- serviceaccounts
- subscriptions.operators.coreos.com
- configmaps
labelSelector: foundationservices.cloudpak.ibm.com=nss
name: namespacescope
type: resource
backupRef: backup-parent-group
- includedResourceTypes:
- operandrequests.operator.ibm.com
labelSelector: foundationservices.cloudpak.ibm.com=operand
name: odlm-resources
type: resource
backupRef: backup-parent-group
hooks:
- chks:
- condition: '{$.status.phase} == {"Running"}'
name: podReady
onError: fail
timeout: 1200
labelSelector: app.kubernetes.io/name=operand-deployment-lifecycle-manager
name: odlm-check
namespace: <operator namespace>
onError: fail
selectResource: pod
timeout: 1200
type: check
- chks:
- condition: '{$.status.phase} == {"Running"}'
name: podReady
onError: fail
timeout: 600
labelSelector: app.kubernetes.io/name=cert-manager
name: cert-manager-operator-check
namespace: ibm-cert-manager
onError: fail
selectResource: pod
timeout: 600
type: check
- chks:
- condition: '{$.spec.replicas} == {$.status.readyReplicas}'
name: podReady
onError: fail
timeout: 600
name: cert-manager-webhook-check
nameSelector: cert-manager-webhook
namespace: ibm-cert-manager
onError: fail
selectResource: deployment
timeout: 600
type: check
- chks:
- condition: '{$.status.phase} == {"Running"}'
name: podReady
onError: fail
timeout: 600
name: license-service-reporter-check
labelSelector: app.kubernetes.io/name=ibm-license-service-reporter
namespace: <lsr namespace>
onError: fail
selectResource: pod
timeout: 600
type: check
- chks:
- condition: '{$.spec.replicas} == {$.status.readyReplicas}'
name: podReady
onError: fail
timeout: 600
labelSelector: foundationservices.cloudpak.ibm.com=lsr-data
name: lsr-deployment
namespace: <lsr namespace>
onError: fail
selectResource: deployment
timeout: 600
type: check
- labelSelector: foundationservices.cloudpak.ibm.com=lsr-data
name: lsr-data
namespace: <lsr namespace>
onError: fail
ops:
- command: |
["/bin/bash", "-c", "rm -rf /lsr/lsr-backup/database; /lsr/br_lsr.sh <lsr namespace> backup"]
container: lsr-backup-job
name: backup
timeout: 600
- command: |
["/bin/bash", "-c", "/lsr/br_lsr.sh <lsr namespace> restore"]
container: lsr-backup-job
name: restore
timeout: 2000
selectResource: pod
type: exec
workflows:
- failOn: any-error
name: backup
sequence:
- hook: lsr-data/backup
- group: backup-parent-group
- group: lsr-volume
- failOn: any-error
name: restore
sequence:
- group: common-services-namespace
- group: pull-secret
- group: ow-pull-secret
- group: common-services-catalogs
- group: common-services-operatorgroups
- group: common-services-configmaps
- group: commonservice-crd
- group: cert-manager-crd
- group: license-service-reporter-crd
- group: singleton-subscriptions
- group: commonservice-cr
- hook: cert-manager-operator-check/podReady
- hook: cert-manager-webhook-check/podReady
- group: cert-manager-resources
- group: licensing-resources
- group: license-service-reporter-subscriptions
- hook: license-service-reporter-check/podReady
- group: license-service-reporter-instances
- group: lsr-pre-deploy
- group: lsr-volume
- group: lsr-deployment
- hook: lsr-deployment/podReady
- hook: lsr-data/restore
- group: common-services-subscriptions
- group: namespacescope
- hook: odlm-check/podReady
- group: odlm-resources

Loading