add an overview of the nonadmin backup controller #79
Conversation
* yes this was written by ai :) Signed-off-by: Wesley Hayutin <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: weshayutin The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
|
||
| ## Purpose | ||
|
|
||
| The primary goal of this controller is to allow users with limited permissions (non-admins) to trigger and manage Velero backups within their namespaces. It acts as an intermediary between the non-admin user and Velero, ensuring that backups are created and managed securely within the defined boundaries. |
There was a problem hiding this comment.
?
Within the namespaces to which they have access to
There was a problem hiding this comment.
this sounds ai'ish, talk about everything and nothing:
ensuring that backups are created and managed securely within the defined boundaries.
| ### NonAdminBackup Custom Resource | ||
|
|
||
| * Represents a backup request initiated by a non-admin user. | ||
| * Contains a `BackupSpec` field, which mirrors the Velero `BackupSpec` and defines what to back up. |
There was a problem hiding this comment.
With the current discussion it doesn't mirror the Velero BackupSpec but it's used to create BackupSpec
| ### NonAdminBackupReconciler | ||
|
|
||
| * The core controller responsible for processing `NonAdminBackup` resources. | ||
| * Watches for changes to `NonAdminBackup` objects and triggers reconciliation loops. |
There was a problem hiding this comment.
It also watches changes to the Velero Backup and updaates the NonAdminBackup
| * **ValidateSpec:** Ensures the provided `BackupSpec` is valid and adheres to security constraints. | ||
| * Rejects backups targeting namespaces outside the user's allowed scope. | ||
| * Sets appropriate conditions on the `NonAdminBackup` object to indicate success or failure. | ||
| * **UpdateSpecStatus:** |
There was a problem hiding this comment.
Based on the comment from @shubham-pampattiwar this function will probably be changed to some other name.
| 1. **User Creates NonAdminBackup:** A non-admin user creates a `NonAdminBackup` object, specifying the resources to back up within their namespace. | ||
| 2. **Controller Detects Creation:** The `NonAdminBackupReconciler` detects the new object and triggers a reconciliation loop. | ||
| 3. **Validation and Creation:** The controller validates the `BackupSpec` and creates a corresponding `VeleroBackup` object in the designated OADP namespace. | ||
| 4. **Status Synchronization:** The controller continuously monitors the `VeleroBackup` and updates the `NonAdminBackup` status, reflecting the progress and completion state. |
Why the changes were made
A nice quick summary of the controller
How to test the changes made
read it