Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add non-admin controller design #18

Merged
merged 5 commits into from
Oct 9, 2024
Merged

Add non-admin controller design #18

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
edf3b31
add non-admin controller design
shubham-pampattiwar Mar 13, 2024
d6ddfe9
add pre-requisites and backup workflow details diagram, update instal…
shubham-pampattiwar Mar 20, 2024
8dd58cd
update nac design: Restore workflow, Backup-Sync controller, NABSL co…
shubham-pampattiwar Apr 9, 2024
815de7f
moves images to miage dir and minor updates
shubham-pampattiwar Sep 5, 2024
8f902f2
Add note regarding ns perms
shubham-pampattiwar Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions docs/design/Non_Admin_Controller_design.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Non-Admin Backup/Restore Design

## Background
OADP (Openshift API for Data Protection) Operator currently requires cluster admin access for performing Backup and Restore operations of applications deployed on the OpenShift platform. This design intends to enable the ability to perform Backup and Restore operations of their own application namespace for namespace owners aka non-admin users.
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved

## Goals
- Enable non-admin backup operation
- Enable non-admin restore operation
- Enable non-admin configuration of BackupStorageLocation
mateusoliveira43 marked this conversation as resolved.
Show resolved Hide resolved

## Non-Goals
- Performance improvements of Backup and Restore Operations
- Parallel Backup and Restore Operations

## Use-Cases

### Backup Operation
- As a non-admin user/namespace owner with administrative priviledges for a particular namespace, the user should be able to:
- Create a Backup/Schedule of the namespace
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved
- Update the Backup/Schedule spec of the namespace
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this one I am confused of what will happen. Example: if I update after Velero started (or finished) the backup process, nothing will happen, right?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not even sure what happens to Velero if you update a backup after it starts. Not sure we need to make any promises here.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(for backups -- for schedules, those can be updated, but see above as to whether we need schedules for the first iteration)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess if you update backup spec, nac could create deleteBackupRequests, mark NAB as pending, then once old backup is gone, NAB will be processing with new backup of the same name.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In any case, updating backup spec makes sense as it just does exactly what a normal velero (admin) user modifying backup spec would do. If there's any modification that makes sense in velero, then it could be done here.

- View the status of the Backup/Schedule created for the particular namespace
- Delete the Backup/Schedule of the namespace

### Restore Operation
- As a non-admin user/namespace owner with administrative priviledges for a particular namespace, the user should be able to:
- Create a Restore of the namespace
- Update the Restore spec of the namespace
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved
- View the status of the Restore created for the particular namespace
- Delete the Restore of the namespace

### BackupStorageLocation(BSL) Configuration
- As a non-admin user/namespace owner, the user should be able to
- Create a backup storage location with their own credentials
- Update the BSL spec of the already configured BSL
- View the status of the BSL created
- Delete the BSL created


## Installation

- The Non-Admin Controller (NAC) will be installed via OADP Operator.
- The Data Protection Application (DPA) CR will consist of a root level spec flag called `enableNonAdminMode`
- If the `enableNonAdminMode` flag is set to `true`, the OADP Operator will install the NAC in OADP Operator's install namespace

## Pre-requisites
- Non-admin user with administrative priviledges for particular application namespace
- Create/Update/View/Delete verb support of all the Non-admin CRDs introduced in this feature design
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved

## High-Level design

### Components
- OADP Operator: OADP is the OpenShift API for Data Protection operator. This open source operator sets up and installs Velero on the OpenShift platform, allowing users to backup and restore applications.
- Controllers: The Non-Admin controller will pack the following controllers as part of it:
- Non-Admin Backup (NAB) Controller: The responsibilities of the NAB controller are:
- Validate whether the non-admin user has appropriate administrative namepsace access
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/namepsace/namespace/

- Validate Wehther the non-admin user has appropriate access to create/view/update /delete Non-Admin Backup CR
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved
- Listen to requests pertaining to Non-Admin Backup CRD across all the namespaces
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shubham-pampattiwar please update this such that more than one OADP/NAC combo can be installed on the same cluster. Requests will have to be namespace filtered. @mpryc @mateusoliveira43 I suppose the namespaces for the NAC will be configured in the DPA?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still not discussed, I believe. But one option, yes

- Process requests pertaining to Non-Admin Backup CRD across all the namespaces
- Update Non-Admin CR status with the status/events from Velero Backup CR
- Cascade Any actions performed on Non-Admin Backup CR to corresponding Velero backup CR
- Non-Admin Restore (NAR) Controller
- Non-Admin BackupStorageLocation (NABSL) Controller
- CRDs: The following CRDs will be provided to Non-Admin users:
- Non-Admin Backup (NAB) CRD: This iCRD will encapsulate the whole Velero Backup CRD and some additional spec felds that will be needed for non-admin feature.
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved
- Non-Admin Restore (NAR) CRD
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved
- Non-Admin BSL (NABSL) CRD


### Implementation details
- Backup Workflow
- Non-Admin user creates a Non-Admin backup CR
- NAB controller reconiles on this NAB CR
- NAB controller validates the NAB CR and then creates a corresponding Velero Backup CR
- NAB controller cascades the status backup from Velero CR to NAB CR

![NAB-Backup Workflow Diagram](nab-backup-workflow.jpg)
shubham-pampattiwar marked this conversation as resolved.
Show resolved Hide resolved

- Restore Workflow


## Open Questions and Know Limitations
- Velero command and pod logs
- Multiple instance of OADP Operator
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add:

  • status regarding the queue of backups pending or running that may be blocking the non-admin backup.
  • e.g. There are currently 5 OADP backups queued.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Multiple instances of OADP operator can exist, but we must make sure that no more than one of them enable non-admin. If a second DPA adds enableNonAdmin, that should trigger a validation error.

Binary file added docs/design/nab-backup-workflow.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading