diff --git a/changelogs/unreleased/8257-shubham-pampattiwar b/changelogs/unreleased/8257-shubham-pampattiwar new file mode 100644 index 0000000000..422943690f --- /dev/null +++ b/changelogs/unreleased/8257-shubham-pampattiwar @@ -0,0 +1 @@ +Add Backup warning for inclusion of NS managed by ArgoCD \ No newline at end of file diff --git a/pkg/backup/backup.go b/pkg/backup/backup.go index 0304e71ced..18a1f181e9 100644 --- a/pkg/backup/backup.go +++ b/pkg/backup/backup.go @@ -30,6 +30,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" + corev1api "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -71,6 +72,9 @@ const BackupVersion = 1 // BackupFormatVersion is the current backup version for Velero, including major, minor, and patch. const BackupFormatVersion = "1.1.0" +// ArgoCD managed by namespace label key +const ArgoCDManagedByNamespaceLabel = "argocd.argoproj.io/managed-by" + // Backupper performs backups. type Backupper interface { // Backup takes a backup using the specification in the velerov1api.Backup and writes backup and log data @@ -244,6 +248,18 @@ func (kb *kubernetesBackupper) BackupWithResolvers( log.Infof("Including namespaces: %s", backupRequest.NamespaceIncludesExcludes.IncludesString()) log.Infof("Excluding namespaces: %s", backupRequest.NamespaceIncludesExcludes.ExcludesString()) + // check if there are any namespaces included in the backup which are managed by argoCD + // We will check for the existence of a ArgoCD label in the includedNamespaces and add a warning + // so that users are at least aware about the existence of argoCD managed ns in their backup + // Related Issue: https://github.com/vmware-tanzu/velero/issues/7905 + if len(backupRequest.Spec.IncludedNamespaces) > 0 { + nsManagedByArgoCD := getNamespacesManagedByArgoCD(kb.kbClient, backupRequest.Spec.IncludedNamespaces, log) + + if len(nsManagedByArgoCD) > 0 { + log.Warnf("backup operation may encounter complications and potentially produce undesirable results due to the inclusion of namespaces %v managed by ArgoCD in the backup.", nsManagedByArgoCD) + } + } + if collections.UseOldResourceFilters(backupRequest.Spec) { backupRequest.ResourceIncludesExcludes = collections.GetGlobalResourceIncludesExcludes(kb.discoveryHelper, log, backupRequest.Spec.IncludedResources, @@ -1107,3 +1123,26 @@ func putVolumeInfos( return backupStore.PutBackupVolumeInfos(backupName, backupVolumeInfoBuf) } + +func getNamespacesManagedByArgoCD(kbClient kbclient.Client, includedNamespaces []string, log logrus.FieldLogger) []string { + var nsManagedByArgoCD []string + + for _, nsName := range includedNamespaces { + ns := corev1api.Namespace{} + if err := kbClient.Get(context.Background(), kbclient.ObjectKey{Name: nsName}, &ns); err != nil { + // check for only those ns that exist and are included in backup + // here we ignore cases like "" or "*" specified under includedNamespaces + if apierrors.IsNotFound(err) { + continue + } + log.WithError(err).Errorf("error getting namespace %s", nsName) + continue + } + + nsLabels := ns.GetLabels() + if len(nsLabels[ArgoCDManagedByNamespaceLabel]) > 0 { + nsManagedByArgoCD = append(nsManagedByArgoCD, nsName) + } + } + return nsManagedByArgoCD +}