Merge branch 'release/v0.5.0' into main

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v0.5.0] - 2023-11-09
+### Added
+- [#8] Functionality to schedule backups via a `BackupSchedule` Resource
+
 ## [v0.4.0] - 2023-10-25
 ### Added
 - [#7] Functionality to restore a backup to the namespace where the backup-operator is deployed

Dockerfile

@@ -34,7 +34,7 @@ RUN make compile-generic
 FROM gcr.io/distroless/static:nonroot
 LABEL maintainer="[email protected]" \
       NAME="k8s-backup-operator" \
-      VERSION="0.4.0"
+      VERSION="0.5.0"
 
 WORKDIR /
 COPY --from=builder /workspace/target/k8s-backup-operator .

Jenkinsfile

@@ -21,6 +21,8 @@ repositoryName = "k8s-backup-operator"
 project = "github.com/${repositoryOwner}/${repositoryName}"
 registry = "registry.cloudogu.com"
 registry_namespace = "k8s"
+helmTemplateDir = "target/helm/${repositoryName}/templates"
+helmCrdTemplateDir = "target/helm/${repositoryName}-crd/templates"
 
 // Configuration of branches
 productionReleaseBranch = "main"
@@ -64,6 +66,15 @@ node('docker') {
                                 make 'k8s-create-temporary-resource'
                                 archiveArtifacts 'target/*.yaml'
                             }
+
+                            stage('Generate Helm Resources') {
+                                String controllerVersion = makefile.getVersion()
+                                make 'helm-package-release'
+                                sh ".bin/helm template ${repositoryName} target/helm/${repositoryName}-${controllerVersion}.tgz --output-dir=target/helm"
+
+                                make 'crd-helm-package'
+                                sh ".bin/helm template ${repositoryName}-crd target/helm-crd/${repositoryName}-crd-${controllerVersion}.tgz --output-dir=target/helm"
+                            }
                         }
 
         stage("Lint k8s Resources") {
@@ -88,7 +99,7 @@ node('docker') {
                 imageName = k3d.buildAndPushToLocalRegistry("cloudogu/${repositoryName}", controllerVersion)
             }
 
-            GString sourceDeploymentYaml = "target/${repositoryName}_${controllerVersion}.yaml"
+            GString sourceDeploymentYaml = "${helmTemplateDir}/${repositoryName}_${controllerVersion}.yaml"
             stage('Update development resources') {
                 docker.image('mikefarah/yq:4.22.1')
                         .mountJenkinsUser()
@@ -107,7 +118,8 @@ node('docker') {
             }
 
             stage('Deploy Manager') {
-                k3d.kubectl("apply -f ${sourceDeploymentYaml}")
+                k3d.kubectl("apply -f ${helmCrdTemplateDir}")
+                k3d.kubectl("apply -f ${helmTemplateDir}")
             }
 
             stage('Wait for Ready Rollout') {

Makefile

@@ -1,12 +1,12 @@
 # Set these to the desired values
 ARTIFACT_ID=k8s-backup-operator
-VERSION=0.4.0
+VERSION=0.5.0
 ## Image URL to use all building/pushing image targets
 IMAGE_DEV=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID}:${VERSION}
 IMAGE=cloudogu/${ARTIFACT_ID}:${VERSION}
 GOTAG?=1.21
 MAKEFILES_VERSION=8.7.0
-LINT_VERSION=v1.52.1
+LINT_VERSION=v1.55.2
 STAGE?=production
 
 ADDITIONAL_CLEAN=dist-clean
@@ -39,6 +39,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 	@$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 	@cp config/crd/bases/k8s.cloudogu.com_backups.yaml pkg/api/v1/
 	@cp config/crd/bases/k8s.cloudogu.com_restores.yaml pkg/api/v1/
+	@cp config/crd/bases/k8s.cloudogu.com_backupschedules.yaml pkg/api/v1/
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -55,6 +56,8 @@ install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	@$(KUSTOMIZE) build config/crd | kubectl delete --wait=false --ignore-not-found=true -f -
 	@kubectl patch crd/backups.k8s.cloudogu.com -p '{"metadata":{"finalizers":[]}}' --type=merge || true
+	@kubectl patch crd/restores.k8s.cloudogu.com -p '{"metadata":{"finalizers":[]}}' --type=merge || true
+	@kubectl patch crd/backupschedules.k8s.cloudogu.com -p '{"metadata":{"finalizers":[]}}' --type=merge || true
 
 .PHONY: template-stage
 template-stage:

PROJECT

@@ -26,4 +26,13 @@ resources:
   kind: Backup
   path: github.com/cloudogu/k8s-backup-operator/pkg/api/v1
   version: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cloudogu.com
+  group: k8s
+  kind: BackupSchedule
+  path: github.com/cloudogu/k8s-backup-operator/pkg/api/v1
+  version: v1
 version: "3"

config/crd/bases/k8s.cloudogu.com_backupschedules.yaml

@@ -0,0 +1,68 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: backupschedules.k8s.cloudogu.com
+spec:
+  group: k8s.cloudogu.com
+  names:
+    kind: BackupSchedule
+    listKind: BackupScheduleList
+    plural: backupschedules
+    singular: backupschedule
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: BackupSchedule is the Schema for the backupschedules API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BackupScheduleSpec defines the desired state of BackupSchedule
+            properties:
+              provider:
+                description: Provider defines the backup provider which should be
+                  used for the scheduled backups.
+                type: string
+              schedule:
+                description: Schedule is a cron expression defining when to run the
+                  backup.
+                type: string
+            type: object
+          status:
+            description: BackupScheduleStatus defines the observed state of BackupSchedule
+            properties:
+              currentKubectlImage:
+                description: CurrentKubectlImage is the image currently used to create
+                  scheduled backups.
+                type: string
+              requeueTimeNanos:
+                description: RequeueTimeNanos contains the time in nanoseconds to
+                  wait until the next requeue.
+                format: int64
+                type: integer
+              status:
+                description: Status represents the state of the backup.
+                type: string
+            required:
+            - currentKubectlImage
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -4,19 +4,22 @@
 resources:
 - bases/k8s.cloudogu.com_restores.yaml
 - bases/k8s.cloudogu.com_backups.yaml
+- bases/k8s.cloudogu.com_backupschedules.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patches:
+# patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- path: patches/webhook_in_restores.yaml
 #- path: patches/webhook_in_backups.yaml
+#- path: patches/webhook_in_backupschedules.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- path: patches/cainjection_in_restores.yaml
 #- path: patches/cainjection_in_backups.yaml
+#- path: patches/cainjection_in_backupschedules.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_backupschedules.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: backupschedules.k8s.cloudogu.com

config/crd/patches/webhook_in_backupschedules.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: backupschedules.k8s.cloudogu.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 images:
   - name: controller
     newName: cloudogu/k8s-backup-operator
-    newTag: 0.4.0
+    newTag: 0.5.0

config/rbac/backup_editor_role_binding.yaml

@@ -16,3 +16,5 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: controller-manager
+  - kind: ServiceAccount
+    name: scheduled-backup-creator-manager

config/rbac/backupschedule_editor_role.yaml

@@ -0,0 +1,39 @@
+# permissions for end users to edit backupschedules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: backupschedule-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8s-backup-operator
+    app.kubernetes.io/part-of: k8s-backup-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: backupschedule-editor-role
+rules:
+- apiGroups:
+  - k8s.cloudogu.com
+  resources:
+  - backupschedules
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+    - k8s.cloudogu.com
+  resources:
+    - backupschedules/finalizers
+  verbs:
+    - update
+- apiGroups:
+  - k8s.cloudogu.com
+  resources:
+  - backupschedules/status
+  verbs:
+  - get
+  - patch
+  - update

config/rbac/backupschedule_editor_role_binding.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8s-backup-operator
+    app.kubernetes.io/part-of: k8s-backup-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: backupschedule-editor-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: backupschedule-editor-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager

config/rbac/backupschedule_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view backupschedules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: backupschedule-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8s-backup-operator
+    app.kubernetes.io/part-of: k8s-backup-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: backupschedule-viewer-role
+rules:
+- apiGroups:
+  - k8s.cloudogu.com
+  resources:
+  - backupschedules
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - k8s.cloudogu.com
+  resources:
+  - backupschedules/status
+  verbs:
+  - get

config/rbac/cronjob_editor_role.yaml

@@ -0,0 +1,25 @@
+# permissions for end users to edit backupschedules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: cronjob-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8s-backup-operator
+    app.kubernetes.io/part-of: k8s-backup-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: cronjob-editor-role
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - cronjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

config/rbac/cronjob_editor_role_binding.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8s-backup-operator
+    app.kubernetes.io/part-of: k8s-backup-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: cronjob-editor-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cronjob-editor-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager

config/rbac/kustomization.yaml

@@ -26,3 +26,5 @@ resources:
 - restore_editor_role.yaml
 - restore_editor_role_binding.yaml
 - restore_viewer_role.yaml
+- cronjob_editor_role.yaml
+- cronjob_editor_role_binding.yaml