add an overview of the nonadmin backup controller #79
+48
−0
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| # OADP NonAdminBackup Controller | ||
|
|
||
| The OADP NonAdminBackup Kubernetes controller manages the lifecycle of custom resources called `NonAdminBackup`. Let's break down the code and understand its functionality. | ||
|
|
||
| ## Purpose | ||
|
|
||
| The primary goal of this controller is to allow users with limited permissions (non-admins) to trigger and manage Velero backups within their namespaces. It acts as an intermediary between the non-admin user and Velero, ensuring that backups are created and managed securely within the defined boundaries. | ||
|
|
||
| ## Key Components | ||
|
|
||
| ### NonAdminBackup Custom Resource | ||
|
|
||
| * Represents a backup request initiated by a non-admin user. | ||
| * Contains a `BackupSpec` field, which mirrors the Velero `BackupSpec` and defines what to back up. | ||
|
There was a problem hiding this comment. With the current discussion it doesn't mirror the Velero |
||
| * Tracks the status of the backup process through the `Status` field. | ||
|
|
||
| ### NonAdminBackupReconciler | ||
|
|
||
| * The core controller responsible for processing `NonAdminBackup` resources. | ||
| * Watches for changes to `NonAdminBackup` objects and triggers reconciliation loops. | ||
|
There was a problem hiding this comment. It also watches changes to the Velero Backup and updaates the |
||
|
|
||
| ### Reconciliation Loop | ||
|
|
||
| * **Init:** Initializes the `NonAdminBackup` status if it's a new object. | ||
| * **ValidateSpec:** Ensures the provided `BackupSpec` is valid and adheres to security constraints. | ||
| * Rejects backups targeting namespaces outside the user's allowed scope. | ||
| * Sets appropriate conditions on the `NonAdminBackup` object to indicate success or failure. | ||
| * **UpdateSpecStatus:** | ||
|
There was a problem hiding this comment. Based on the comment from @shubham-pampattiwar this function will probably be changed to some other name. |
||
| * If the `VeleroBackup` doesn't exist, it creates one based on the validated `BackupSpec`. | ||
| * If the `VeleroBackup` exists, it synchronizes the `NonAdminBackup` status with the `VeleroBackup` status. | ||
| * Updates the `NonAdminBackup` object with relevant information from the `VeleroBackup`. | ||
|
|
||
| ## Workflow | ||
|
|
||
| 1. **User Creates NonAdminBackup:** A non-admin user creates a `NonAdminBackup` object, specifying the resources to back up within their namespace. | ||
| 2. **Controller Detects Creation:** The `NonAdminBackupReconciler` detects the new object and triggers a reconciliation loop. | ||
| 3. **Validation and Creation:** The controller validates the `BackupSpec` and creates a corresponding `VeleroBackup` object in the designated OADP namespace. | ||
| 4. **Status Synchronization:** The controller continuously monitors the `VeleroBackup` and updates the `NonAdminBackup` status, reflecting the progress and completion state. | ||
|
|
||
|
|
||
| ## Security Considerations | ||
|
|
||
| * **Namespace Isolation:** The controller ensures that non-admin users can only trigger backups within their own namespaces, preventing unauthorized access to resources in other namespaces. | ||
| * **Spec Validation:** The `ValidateSpec` function plays a crucial role in enforcing security policies. It verifies that the requested backup scope aligns with the user's permissions. | ||
|
|
||
| ## Benefits | ||
|
|
||
| * **Self-Service Backups:** Empowers non-admin users to manage their backups without requiring elevated privileges. | ||
| * **Improved Security Posture:** Enforces strict access controls and prevents unauthorized backup operations. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?
Within the namespaces to which they have access toThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this sounds ai'ish, talk about everything and nothing:
ensuring that backups are created and managed securely within the defined boundaries.