From aef5257c3675cd25b8cdbca2de3b1e43221591a5 Mon Sep 17 00:00:00 2001 From: Vikas Kumar Date: Sat, 7 Oct 2023 12:13:21 +0000 Subject: [PATCH] PB-3046 :: Restrict portworx ns backup - Restrict backup of namespace where portworx is installed in case of all namespaces i.e. * - Restrict backup of namespace where portworx is installed in case of label-selector - Allow backup of namespace where portworx is installed in case API is specifically passing it i.e. namsespace=kube-system in API call --- .../controllers/applicationbackup.go | 9 +++++++-- pkg/utils/utils.go | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/pkg/applicationmanager/controllers/applicationbackup.go b/pkg/applicationmanager/controllers/applicationbackup.go index 2f4780eb2d..dded700e2b 100644 --- a/pkg/applicationmanager/controllers/applicationbackup.go +++ b/pkg/applicationmanager/controllers/applicationbackup.go @@ -221,9 +221,10 @@ func (a *ApplicationBackupController) updateWithAllNamespaces(backup *stork_api. if err != nil { return fmt.Errorf("error updating with all namespaces for wildcard: %v", err) } + pxNs, _ := utils.GetPortworxNamespace() namespacesToBackup := make([]string, 0) for _, ns := range namespaces.Items { - if ns.Name != "kube-system" { + if ns.Name != "kube-system" && ns.Name != pxNs { namespacesToBackup = append(namespacesToBackup, ns.Name) } } @@ -284,6 +285,7 @@ func (a *ApplicationBackupController) handle(ctx context.Context, backup *stork_ return nil } if labelSelector := backup.Spec.NamespaceSelector; len(labelSelector) != 0 { + var pxNs string namespaces, err := core.Instance().ListNamespacesV2(labelSelector) if err != nil { errMsg := fmt.Sprintf("error listing namespaces with label selectors: %v, error: %v", labelSelector, err) @@ -295,8 +297,11 @@ func (a *ApplicationBackupController) handle(ctx context.Context, backup *stork_ return nil } var selectedNamespaces []string + if len(backup.Spec.Namespaces) == 0 { + pxNs, _ = utils.GetPortworxNamespace() + } for _, namespace := range namespaces.Items { - if namespace.Name != "kube-system" { + if namespace.Name != "kube-system" && namespace.Name != pxNs { selectedNamespaces = append(selectedNamespaces, namespace.Name) } } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 08908f9a88..12ffbd190e 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -16,6 +16,7 @@ import ( "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation" ) @@ -93,6 +94,8 @@ const ( StorkAPIVersion = "stork.libopenstorage.org/v1alpha1" // BackupLocationKind CR kind BackupLocationKind = "BackupLocation" + // PXServiceName is the name of the portworx service in kubernetes + PXServiceName = "portworx-service" ) // ParseKeyValueList parses a list of key=values string into a map @@ -262,3 +265,18 @@ func GetStashedConfigMapName(objKind string, group string, objName string) strin } return cmName } + +func GetPortworxNamespace() (string, error) { + allServices, err := core.Instance().ListServices("", metav1.ListOptions{}) + if err != nil { + logrus.Errorf("error in getting list of all services") + return "", fmt.Errorf("failed to get list of services. Err: %v", err) + } + for _, svc := range allServices.Items { + if svc.Name == PXServiceName { + return svc.Namespace, nil + } + } + logrus.Warnf("unable to find [%s] service in cluster", PXServiceName) + return "", fmt.Errorf("can't find [%s] Portworx service from list of services", PXServiceName) +}