Optimize tenant backup and restore

Makefile

@@ -1,3 +1,5 @@
+include make/*
+
 VERSION ?= 2.0.0
 # Image URL to use all building/pushing image targets
 IMG ?= oceanbasedev/ob-operator:${VERSION}
@@ -44,175 +46,3 @@ all: build
 .PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
-
-##@ Development
-
-.PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
-
-.PHONY: generate
-generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
-
-.PHONY: fmt
-fmt: ## Run go fmt against code.
-	go fmt ./...
-
-.PHONY: vet
-vet: ## Run go vet against code.
-	go vet ./...
-
-.PHONY: test
-test: manifests generate fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -timeout 60m  -v ./... -coverprofile cover.out
-
-##@ Build
-
-.PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
-	go build -o bin/manager cmd/main.go
-
-.PHONY: run
-run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./cmd/main.go
-
-# If you wish built the manager image targeting other platforms you can use the --platform flag.
-# (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
-# More info: https://docs.docker.com/develop/develop-images/build_enhancements/
-.PHONY: docker-build
-docker-build: ## Build docker image with the manager.
-	sudo docker build -t ${IMG} --build-arg GOPROXY=${GOPROXY} --build-arg GOSUMDB=${GOSUMDB} --build-arg RACE=${RACE} .
-
-.PHONY: docker-push
-docker-push: ## Push docker image with the manager.
-	sudo docker push ${IMG}
-
-# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
-# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
-# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
-# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
-# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
-# To properly provided solutions that supports more than one platform you should use this option.
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
-.PHONY: docker-buildx
-docker-buildx: test ## Build and push docker image for the manager for cross-platform support
-	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
-	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
-	- docker buildx create --name project-v3-builder
-	docker buildx use project-v3-builder
-	- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
-	- docker buildx rm project-v3-builder
-	rm Dockerfile.cross
-
-##@ Deployment
-
-ifndef ignore-not-found
-  ignore-not-found = false
-endif
-
-.PHONY: install
-install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
-
-.PHONY: uninstall
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
-
-.PHONY: deploy
-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
-
-.PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
-
-.PHONY: redeploy
-redeploy: undeploy uninstall export-crd export-operator install deploy ## redeploy crd and controller to the K8s cluster specified in ~/.kube/config.
-
-.PHONY: export-crd
-export-crd: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd > deploy/crd.yaml
-
-.PHONY: export-operator
-export-operator: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default > deploy/operator.yaml
-
-
-##@ Build Dependencies
-
-## Location to install dependencies to
-LOCALBIN ?= $(shell pwd)/bin
-$(LOCALBIN):
-	mkdir -p $(LOCALBIN)
-
-## Tool Binaries
-KUSTOMIZE ?= $(LOCALBIN)/kustomize
-CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
-ENVTEST ?= $(LOCALBIN)/setup-envtest
-YQ ?= $(LOCALBIN)/yq
-SEMVER ?= $(LOCALBIN)/semver
-
-$(YQ):
-	curl -o $(LOCALBIN)/yq ${YQ_DOWNLOAD_URL}
-	chmod +x $(LOCALBIN)/yq
-
-$(SEMVER):
-	curl -o $(LOCALBIN)/semver ${SEMVER_DOWNLOAD_URL}
-	chmod +x $(LOCALBIN)/semver
-
-## Tool Versions
-KUSTOMIZE_VERSION ?= v5.0.0
-CONTROLLER_TOOLS_VERSION ?= v0.13.0 # v0.11.3 can not support webhook manifests' generation, update to v0.13.0
-
-KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
-.PHONY: kustomize
-kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
-$(KUSTOMIZE): $(LOCALBIN)
-	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
-		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
-		rm -rf $(LOCALBIN)/kustomize; \
-	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
-
-.PHONY: controller-gen
-controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
-$(CONTROLLER_GEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
-	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
-
-.PHONY: envtest
-envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
-$(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
-
-.PHONY: tools
-tools: $(YQ) $(SEMVER)
-
-.PHONY: GOLANGCI_LINT
-GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
-$(GOLANGCI_LINT):
-	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANG_CI_VERSION}
-
-.PHONY: lint
-lint: $(GOLANGCI_LINT) ## Run linting.
-	$(GOLANGCI_LINT) run -v --timeout=10m
-
-.PHONY: commit-hook
-commit-hook: $(GOLANGCI_LINT) ## Install commit hook.
-	touch .git/hooks/pre-commit
-	chmod +x .git/hooks/pre-commit
-	echo "#!/bin/sh" > .git/hooks/pre-commit
-	echo "make lint" >> .git/hooks/pre-commit
-
-.PHONY: connect
-connect:
-ifdef TENANT
-	$(eval nodeHost = $(shell kubectl get pods -o jsonpath='{.items[1].status.podIP}'))
-	$(eval pwd = $(shell kubectl get secret $(shell kubectl get obtenant ${TENANT} -o jsonpath='{.status.credentials.root}') -o jsonpath='{.data.password}' | base64 -d))
-	$(if $(strip $(pwd)), mysql -h$(nodeHost) -P2881 -A -uroot@${TENANT} -p$(pwd) -Doceanbase, mysql -h$(nodeHost) -P2881 -A -uroot@${TENANT} -Doceanbase)
-else
-	mysql -h$(shell kubectl get pods -o jsonpath='{.items[1].status.podIP}') -P2881 -A -uroot -p -Doceanbase
-endif

api/types/types.go

@@ -18,9 +18,11 @@ type BackupPolicyStatusType string
 type BackupDestType string
 type LogArchiveDestState string
 type ArchiveBinding string
+
 type BackupDestination struct {
-	Type BackupDestType `json:"type,omitempty"`
-	Path string         `json:"path,omitempty"`
+	Path            string         `json:"path"`
+	Type            BackupDestType `json:"type,omitempty"`
+	OSSAccessSecret string         `json:"ossAccessSecret,omitempty"`
 }
 
 type RestoreJobStatus string

api/v1alpha1/obtenant_types.go

@@ -62,20 +62,6 @@ type TenantSourceSpec struct {
 	Restore *RestoreSourceSpec `json:"restore,omitempty"`
 }
 
-type RestoreSourceSpec struct {
-	SourceUri      string              `json:"sourceUri"`
-	Until          RestoreUntilConfig  `json:"until"`
-	Description    *string             `json:"description,omitempty"`
-	ReplayLogUntil *RestoreUntilConfig `json:"replayLogUntil,omitempty"`
-	Cancel         bool                `json:"cancel,omitempty"`
-}
-
-type RestoreUntilConfig struct {
-	Timestamp *string `json:"timestamp,omitempty"`
-	Scn       *string `json:"scn,omitempty"`
-	Unlimited bool    `json:"unlimited,omitempty"`
-}
-
 type ResourcePoolSpec struct {
 	Zone string `json:"zone"`
 	//+kubebuilder:default=1

api/v1alpha1/obtenant_webhook.go

@@ -19,6 +19,7 @@ package v1alpha1
 import (
 	"context"
 
+	v1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -58,7 +59,6 @@ func (r *OBTenant) Default() {
 	if err != nil {
 		tenantlog.Error(err, "Failed to get cluster")
 	} else {
-		tenantlog.Info("Get cluster", "cluster", cluster)
 		r.SetOwnerReferences([]metav1.OwnerReference{{
 			APIVersion: cluster.APIVersion,
 			Kind:       cluster.Kind,
@@ -91,6 +91,10 @@ func (r *OBTenant) ValidateUpdate(old runtime.Object) (admission.Warnings, error
 }
 
 func (r *OBTenant) validateMutation() error {
+	// Ignore deleted object
+	if r.GetDeletionTimestamp() != nil {
+		return nil
+	}
 	var allErrs field.ErrorList
 
 	// 1. Standby tenant must have a source
@@ -110,6 +114,63 @@ func (r *OBTenant) validateMutation() error {
 		}
 	}
 
+	// 3. Tenant restoring from OSS type Backup Data must have a OSSAccessSecret
+	if r.Spec.Source != nil && r.Spec.Source.Restore != nil {
+		res := r.Spec.Source.Restore
+
+		if res.ArchiveSource == nil && res.BakDataSource == nil && res.SourceUri == "" {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore"), res, "Restore must have a source option, but both archiveSource, bakDataSource and sourceUri are nil now"))
+		}
+
+		if res.ArchiveSource != nil && res.ArchiveSource.Type == constants.BackupDestTypeOSS {
+			if res.ArchiveSource.OSSAccessSecret == "" {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "Tenant restoring from OSS type backup data must have a OSSAccessSecret"))
+			}
+			secret := &v1.Secret{}
+			err := tenantClt.Get(context.Background(), types.NamespacedName{
+				Namespace: r.GetNamespace(),
+				Name:      res.ArchiveSource.OSSAccessSecret,
+			}, secret)
+			if err != nil {
+				if apierrors.IsNotFound(err) {
+					allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "Given OSSAccessSecret not found"))
+				}
+				allErrs = append(allErrs, field.InternalError(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), err))
+			}
+
+			if _, ok := secret.Data["accessId"]; !ok {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "accessId field not found in given OSSAccessSecret"))
+			}
+			if _, ok := secret.Data["accessKey"]; !ok {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("archiveSource").Child("ossAccessSecret"), res.ArchiveSource.OSSAccessSecret, "accessKey field not found in given OSSAccessSecret"))
+			}
+		}
+
+		if res.BakDataSource != nil && res.BakDataSource.Type == constants.BackupDestTypeOSS {
+			if res.BakDataSource.OSSAccessSecret == "" {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "Tenant restoring from OSS type backup data must have a OSSAccessSecret"))
+			}
+			secret := &v1.Secret{}
+			err := tenantClt.Get(context.Background(), types.NamespacedName{
+				Namespace: r.GetNamespace(),
+				Name:      res.BakDataSource.OSSAccessSecret,
+			}, secret)
+			if err != nil {
+				if apierrors.IsNotFound(err) {
+					allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "Given OSSAccessSecret not found"))
+				}
+				allErrs = append(allErrs, field.InternalError(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), err))
+			}
+
+			if _, ok := secret.Data["accessId"]; !ok {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "accessId field not found in given OSSAccessSecret"))
+			}
+			if _, ok := secret.Data["accessKey"]; !ok {
+				allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("source").Child("restore").Child("bakDataSource").Child("ossAccessSecret"), res.BakDataSource.OSSAccessSecret, "accessKey field not found in given OSSAccessSecret"))
+			}
+		}
+	}
+
 	if len(allErrs) == 0 {
 		return nil
 	}

api/v1alpha1/obtenantbackup_types.go

@@ -29,12 +29,13 @@ type OBTenantBackupSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	// Foo is an example field of OBTenantBackup. Edit obtenantbackup_types.go to remove/update
 	Type          apitypes.BackupJobType `json:"type"`
 	TenantName    string                 `json:"tenantName"`
 	TenantSecret  string                 `json:"tenantSecret"`
 	ObClusterName string                 `json:"obClusterName"`
 	Path          string                 `json:"path,omitempty"`
+
+	EncryptionSecret string `json:"encryptionSecret,omitempty"`
 }
 
 // +kubebuilder:object:generate=false