PB-3046 :: Restrict portworx ns backup

- Restrict backup of namespace where portworx is installed in case of all namespaces i.e. * - Restrict backup of namespace where portworx is installed in case of label-selector - Allow backup of namespace where portworx is installed in case API is specifically passing it i.e. namsespace=kube-system in API call
libopenstorage · Oct 11, 2023 · aef5257 · aef5257
1 parent 9c01d43
commit aef5257
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/pkg/applicationmanager/controllers/applicationbackup.go b/pkg/applicationmanager/controllers/applicationbackup.go
@@ -221,9 +221,10 @@ func (a *ApplicationBackupController) updateWithAllNamespaces(backup *stork_api.
 	if err != nil {
 		return fmt.Errorf("error updating with all namespaces for wildcard: %v", err)
 	}
+	pxNs, _ := utils.GetPortworxNamespace()
 	namespacesToBackup := make([]string, 0)
 	for _, ns := range namespaces.Items {
-		if ns.Name != "kube-system" {
+		if ns.Name != "kube-system" && ns.Name != pxNs {
 			namespacesToBackup = append(namespacesToBackup, ns.Name)
 		}
 	}
@@ -284,6 +285,7 @@ func (a *ApplicationBackupController) handle(ctx context.Context, backup *stork_
 		return nil
 	}
 	if labelSelector := backup.Spec.NamespaceSelector; len(labelSelector) != 0 {
+		var pxNs string
 		namespaces, err := core.Instance().ListNamespacesV2(labelSelector)
 		if err != nil {
 			errMsg := fmt.Sprintf("error listing namespaces with label selectors: %v, error: %v", labelSelector, err)
@@ -295,8 +297,11 @@ func (a *ApplicationBackupController) handle(ctx context.Context, backup *stork_
 			return nil
 		}
 		var selectedNamespaces []string
+		if len(backup.Spec.Namespaces) == 0 {
+			pxNs, _ = utils.GetPortworxNamespace()
+		}
 		for _, namespace := range namespaces.Items {
-			if namespace.Name != "kube-system" {
+			if namespace.Name != "kube-system" && namespace.Name != pxNs {
 				selectedNamespaces = append(selectedNamespaces, namespace.Name)
 			}
 		}

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -16,6 +16,7 @@ import (
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation"
 )
@@ -93,6 +94,8 @@ const (
 	StorkAPIVersion = "stork.libopenstorage.org/v1alpha1"
 	// BackupLocationKind CR kind
 	BackupLocationKind = "BackupLocation"
+	// PXServiceName is the name of the portworx service in kubernetes
+	PXServiceName = "portworx-service"
 )
 
 // ParseKeyValueList parses a list of key=values string into a map
@@ -262,3 +265,18 @@ func GetStashedConfigMapName(objKind string, group string, objName string) strin
 	}
 	return cmName
 }
+
+func GetPortworxNamespace() (string, error) {
+	allServices, err := core.Instance().ListServices("", metav1.ListOptions{})
+	if err != nil {
+		logrus.Errorf("error in getting list of all services")
+		return "", fmt.Errorf("failed to get list of services. Err: %v", err)
+	}
+	for _, svc := range allServices.Items {
+		if svc.Name == PXServiceName {
+			return svc.Namespace, nil
+		}
+	}
+	logrus.Warnf("unable to find [%s] service in cluster", PXServiceName)
+	return "", fmt.Errorf("can't find [%s] Portworx service from list of services", PXServiceName)
+}