Facilitate deletion of VeleroBackup object via NAB object #58 (#108)

Signed-off-by: Michal Pryc <[email protected]> Co-authored-by: Tiger Kaovilai <[email protected]>
migtools · Nov 13, 2024 · e652b45 · e652b45
1 parent ac5980d
commit e652b45
Show file tree

Hide file tree

Showing 15 changed files with 1,316 additions and 240 deletions.
diff --git a/api/v1alpha1/nonadminbackup_types.go b/api/v1alpha1/nonadminbackup_types.go
@@ -22,7 +22,7 @@ import (
 )
 
 // NonAdminBackupPhase is a simple one high-level summary of the lifecycle of an NonAdminBackup.
-// +kubebuilder:validation:Enum=New;BackingOff;Created
+// +kubebuilder:validation:Enum=New;BackingOff;Created;Deleting
 type NonAdminBackupPhase string
 
 const (
@@ -32,6 +32,8 @@ const (
 	NonAdminBackupPhaseBackingOff NonAdminBackupPhase = "BackingOff"
 	// NonAdminBackupPhaseCreated - Velero Backup was created. The Phase will not have additional informations about the Backup.
 	NonAdminBackupPhaseCreated NonAdminBackupPhase = "Created"
+	// NonAdminBackupPhaseDeleting - Velero Backup is pending deletion. The Phase will not have additional informations about the Backup.
+	NonAdminBackupPhaseDeleting NonAdminBackupPhase = "Deleting"
 )
 
 // NonAdminBackupSpec defines the desired state of NonAdminBackup
@@ -43,6 +45,16 @@ type NonAdminBackupSpec struct {
 	// +optional
 	// +kubebuilder:validation:Enum=trace;debug;info;warning;error;fatal;panic
 	LogLevel string `json:"logLevel,omitempty"`
+
+	// DeleteBackup removes the NonAdminBackup and its associated VeleroBackup from the cluster,
+	// as well as the corresponding object storage
+	// +optional
+	DeleteBackup bool `json:"deleteBackup,omitempty"`
+
+	// ForceDeleteBackup removes the NonAdminBackup and its associated VeleroBackup from the cluster,
+	// regardless of whether deletion from object storage succeeds or fails
+	// +optional
+	ForceDeleteBackup bool `json:"forceDeleteBackup,omitempty"`
 }
 
 // VeleroBackup contains information of the related Velero backup object.
@@ -51,20 +63,46 @@ type VeleroBackup struct {
 	// +optional
 	Status *velerov1.BackupStatus `json:"status,omitempty"`
 
-	// nameuuid references the Velero Backup object by it's label containing same NameUUID.
+	// nacuuid references the Velero Backup object by it's label containing same NACUUID.
 	// +optional
-	NameUUID string `json:"nameuuid,omitempty"`
+	NACUUID string `json:"nacuuid,omitempty"`
+
+	// references the Velero Backup object by it's name.
+	// +optional
+	Name string `json:"name,omitempty"`
 
 	// namespace references the Namespace in which Velero backup exists.
 	// +optional
 	Namespace string `json:"namespace,omitempty"`
 }
 
+// VeleroDeleteBackupRequest contains information of the related Velero delete backup request object.
+type VeleroDeleteBackupRequest struct {
+	// status captures the current status of the Velero delete backup request.
+	// +optional
+	Status *velerov1.DeleteBackupRequestStatus `json:"status,omitempty"`
+
+	// nacuuid references the Velero delete backup request object by it's label containing same NACUUID.
+	// +optional
+	NACUUID string `json:"nacuuid,omitempty"`
+
+	// name references the Velero delete backup request object by it's name.
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// namespace references the Namespace in which Velero delete backup request exists.
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+}
+
 // NonAdminBackupStatus defines the observed state of NonAdminBackup
 type NonAdminBackupStatus struct {
 	// +optional
 	VeleroBackup *VeleroBackup `json:"veleroBackup,omitempty"`
 
+	// +optional
+	VeleroDeleteBackupRequest *VeleroDeleteBackupRequest `json:"veleroDeleteBackupRequest,omitempty"`
+
 	Phase      NonAdminBackupPhase `json:"phase,omitempty"`
 	Conditions []metav1.Condition  `json:"conditions,omitempty"`
 }

diff --git a/api/v1alpha1/nonadmincontroller_types.go b/api/v1alpha1/nonadmincontroller_types.go
@@ -17,7 +17,7 @@ limitations under the License.
 package v1alpha1
 
 // NonAdminCondition are used for more detailed information supporing NonAdminBackupPhase state.
-// +kubebuilder:validation:Enum=Accepted;Queued
+// +kubebuilder:validation:Enum=Accepted;Queued;Deleting
 type NonAdminCondition string
 
 // Predefined conditions for NonAdminBackup.
@@ -27,4 +27,5 @@ type NonAdminCondition string
 const (
 	NonAdminConditionAccepted NonAdminCondition = "Accepted"
 	NonAdminConditionQueued   NonAdminCondition = "Queued"
+	NonAdminConditionDeleting NonAdminCondition = "Deleting"
 )
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/nac.oadp.openshift.io_nonadminbackups.yaml b/config/crd/bases/nac.oadp.openshift.io_nonadminbackups.yaml
@@ -515,6 +515,16 @@ spec:
                       type: string
                     type: array
                 type: object
+              deleteBackup:
+                description: |-
+                  DeleteBackup removes the NonAdminBackup and its associated VeleroBackup from the cluster,
+                  as well as the corresponding object storage
+                type: boolean
+              forceDeleteBackup:
+                description: |-
+                  ForceDeleteBackup removes the NonAdminBackup and its associated VeleroBackup from the cluster,
+                  regardless of whether deletion from object storage succeeds or fails
+                type: boolean
               logLevel:
                 description: NonAdminBackup log level (use debug for the most logging,
                   leave unset for default)
@@ -607,19 +617,23 @@ spec:
                 - New
                 - BackingOff
                 - Created
+                - Deleting
                 type: string
               veleroBackup:
                 description: VeleroBackup contains information of the related Velero
                   backup object.
                 properties:
+                  nacuuid:
+                    description: nacuuid references the Velero Backup object by it's
+                      label containing same NACUUID.
+                    type: string
+                  name:
+                    description: references the Velero Backup object by it's name.
+                    type: string
                   namespace:
                     description: namespace references the Namespace in which Velero
                       backup exists.
                     type: string
-                  nameuuid:
-                    description: nameuuid references the Velero Backup object by it's
-                      label containing same NameUUID.
-                    type: string
                   status:
                     description: status captures the current status of the Velero
                       backup.
@@ -769,6 +783,42 @@ spec:
                         type: integer
                     type: object
                 type: object
+              veleroDeleteBackupRequest:
+                description: VeleroDeleteBackupRequest contains information of the
+                  related Velero delete backup request object.
+                properties:
+                  nacuuid:
+                    description: nacuuid references the Velero delete backup request
+                      object by it's label containing same NACUUID.
+                    type: string
+                  name:
+                    description: name references the Velero delete backup request
+                      object by it's name.
+                    type: string
+                  namespace:
+                    description: namespace references the Namespace in which Velero
+                      delete backup request exists.
+                    type: string
+                  status:
+                    description: status captures the current status of the Velero
+                      delete backup request.
+                    properties:
+                      errors:
+                        description: Errors contains any errors that were encountered
+                          during the deletion process.
+                        items:
+                          type: string
+                        nullable: true
+                        type: array
+                      phase:
+                        description: Phase is the current state of the DeleteBackupRequest.
+                        enum:
+                        - New
+                        - InProgress
+                        - Processed
+                        type: string
+                    type: object
+                type: object
             type: object
         type: object
     served: true

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -36,6 +36,19 @@ rules:
   - backups
   verbs:
   - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - velero.io
+  resources:
+  - deletebackuprequests
+  verbs:
+  - create
+  - delete
   - get
   - list
   - patch

diff --git a/docs/design/Non_Admin_Controller_design.md b/docs/design/Non_Admin_Controller_design.md
@@ -18,7 +18,7 @@ This design intends to enable non-admin users the ability to perform Backup and
 - As a non-admin user/namespace owner with administrative privileges for a particular namespace, the user should be able to:
     - Create a Backup of the namespace
     - View the status of the Backup created for the particular namespace
-    - Delete the Backup of the namespace
+    - Delete the Backup and its corresponding object storage
 
 ### Restore Operation
 - As a non-admin user/namespace owner with administrative privileges for a particular namespace, the user should be able to:
@@ -141,7 +141,7 @@ This design intends to enable non-admin users the ability to perform Backup and
       labels:
         app.kubernetes.io/managed-by: <OADP NonAdminController id>
         openshift.io/oadp: 'True'
-        openshift.io/oadp-nab-origin-nameuuid: <NonAdminBackup's NameUUID from Status>
+        openshift.io/oadp-nab-origin-nacuuid: <NonAdminBackup's NACUUID from Status>
     ```
     - **Velero runs Backup**: Velero executes the backup operation based on the configuration specified in the Velero Backup object. Velero updates the status of the Velero Backup object to reflect the outcome of the backup process.
     - **Reconcile loop updates NonAdminBackup object Status**: Upon detecting changes in the status of the Velero Backup object, the NonAdminBackup controller's reconciliation loop updates the Status field of the corresponding NonAdminBackup object with the updated status from the Velero Backup object.
@@ -164,13 +164,36 @@ This design intends to enable non-admin users the ability to perform Backup and
     labels:
       app.kubernetes.io/managed-by: <OADP NonAdminController id>
       openshift.io/oadp: 'True'
-      openshift.io/oadp-nar-origin-nameuuid: <NonAdminRestore's NameUUID from Status>
+      openshift.io/oadp-nar-origin-nacuuid: <NonAdminRestore's NACUUID from Status>
   ```
 - **Velero runs Restore**: Velero executes the restore operation based on the configuration specified in the Velero Restore object. Velero updates the status of the Velero Restore object to reflect the outcome of the restore process.
 - **Reconcile loop updates NonAdminRestore object Status**: Upon detecting changes in the status of the Velero Restore object, the NonAdminRestore controller's reconciliation loop updates the Status field of the corresponding NonAdminRestore object with the updated status from the Velero Restore object.
 
 - // TODO: Diagram remaining
 
+#### Delete Backup Workflow
+- **Non-Admin backup exists:** Hard precondition that the Non-Admin backup exists and is not pending deletion
+- **Non-Admin set deleteBackup to true:** The user sets the `deleteBackup` field to true in the NonAdminBackup custom resource object's spec.
+- **NAB controller reconciles on this NAB CR:** The NonAdminBackup controller continuously reconciles the NonAdminBackup object's desired state with the actual state in the cluster.
+- **NAB controller creates DeleteBackupRequest CR:** When the NonAdminBackup controller detects that deleteBackup is set to true, it creates a Velero DeleteBackupRequest object in the OADP namespace. The resulting DeleteBackupRequest object is labeled with the following metadata:
+
+  ```yaml
+  metadata:
+    annotations:
+      openshift.io/oadp-nab-origin-name: <NonAdminBackup name>
+      openshift.io/oadp-nab-origin-namespace: <NonAdminBackup Namespace>
+    labels:
+      app.kubernetes.io/managed-by: <OADP NonAdminController id>
+      openshift.io/oadp: 'True'
+      openshift.io/oadp-nab-origin-nacuuid: <NonAdminBackup's NACUUID from Status>
+      velero.io/backup-name: <VeleroBackup name>
+      velero.io/backup-uid: <VeleroBackup UID>
+  ```
+- **Velero deletes the Backup:** Velero deletes the Backup object using the information provided in the DeleteBackupRequest object.
+- **Velero deletes the DeleteBackupRequest object:** Velero deletes the DeleteBackupRequest object.
+- **NAB controller deletes the NonAdminBackup object:** NAB controller reconciles on the NonAdminBackup object and detects that the Velero Backup object has been deleted, the NonAdminBackup controller deletes the NonAdminBackup object.
+// TODO: Diagram remaining
+
 #### Queuing mechanism on NAB/NAR CR status
   - We will introduce a Queue status on NAB/NAR CR status in order to give some transparency on what is the current backup/restore request status or a general idea when it will get processed so that the non-admin users are not left to wonder about what's happening with their backup/restore.
   - The queuing status would be added to the NAB/NAR CR status, and it would give a general idea about how many backup/restore request are still remaining to be processed before their own backup/restore operation gets triggered.