Merge pull request #1196 from xantrix/skip-snapshot-sync

Kidswiss · web-flow · commit 013920978074 · 2026-04-08T09:22:59.000+02:00
Add BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC flag
diff --git a/charts/k8up/README.md b/charts/k8up/README.md
@@ -61,6 +61,7 @@ Document your changes in values.yaml and let `make docs:helm` generate this sect
 | k8up.globalResources.requests.cpu | string | `""` | Global CPU resource requests applied to jobs. See [supported units][resource-units]. |
 | k8up.globalResources.requests.memory | string | `""` | Global Memory resource requests applied to jobs. See [supported units][resource-units]. |
 | k8up.operatorNamespace | string | `""` | Specifies the namespace in which K8up's `EffectiveSchedules` are stored. Defaults to release namespace if left empty. |
+| k8up.skipSnapshotSync | bool | `false` | Specifies whether K8up should skip synchronizing Snapshot custom resources to the cluster after backup or prune operations. When enabled, the operator passes `BACKUP_SKIP_SNAPSHOT_SYNC=true` to backup and prune job pods. Webhook notifications are still sent. |
 | k8up.skipWithoutAnnotation | bool | `false` | Specifies whether K8up should ignore PVCs without the backup annotation (by default, `k8up.io/backup`) |
 | k8up.timezone | string | `""` | Specifies the timezone K8up is using for scheduling. Empty value defaults to the timezone in which Kubernetes is deployed. Accepts `tz database` compatible entries, e.g. `Europe/Zurich` |
 | metrics.grafanaDashboard.additionalLabels | object | `{}` | Add labels to the Grafana Dashboard object |
diff --git a/charts/k8up/templates/deployment.yaml b/charts/k8up/templates/deployment.yaml
@@ -41,6 +41,8 @@ spec:
               value: "{{ .Values.k8up.enableLeaderElection }}"
             - name: BACKUP_SKIP_WITHOUT_ANNOTATION
               value: "{{ .Values.k8up.skipWithoutAnnotation }}"
+            - name: BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC
+              value: "{{ .Values.k8up.skipSnapshotSync }}"
             - name: BACKUP_OPERATOR_NAMESPACE
           {{- if .Values.k8up.operatorNamespace }}
               value: "{{ .Values.k8up.operatorNamespace }}"
diff --git a/charts/k8up/test/deployment_test.go b/charts/k8up/test/deployment_test.go
@@ -38,12 +38,13 @@ func Test_Deployment_ShouldRender_EnvironmentVariables(t *testing.T) {
 	assert.Equal(t, "TZ", envs[1].Name)
 	assert.Equal(t, wantTimezone, envs[1].Value)
 	assert.Equal(t, "BACKUP_SKIP_WITHOUT_ANNOTATION", envs[3].Name)
-	assert.Equal(t, "BACKUP_OPERATOR_NAMESPACE", envs[4].Name)
-	assert.Equal(t, "metadata.namespace", envs[4].ValueFrom.FieldRef.FieldPath)
-	assert.Equal(t, "BACKUP_GLOBAL_CPU_REQUEST", envs[5].Name, "Deployment does not use configured Env Name")
-	assert.Equal(t, wantCpuRequest, envs[5].Value, "Deployment does not use configured Env Value")
-	assert.Equal(t, "VARIABLE", envs[6].Name, "Deployment does not use configured Env Name")
-	assert.Equal(t, "VALUE", envs[6].Value, "Deployment does not use configured Env Value")
+	assert.Equal(t, "BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC", envs[4].Name)
+	assert.Equal(t, "BACKUP_OPERATOR_NAMESPACE", envs[5].Name)
+	assert.Equal(t, "metadata.namespace", envs[5].ValueFrom.FieldRef.FieldPath)
+	assert.Equal(t, "BACKUP_GLOBAL_CPU_REQUEST", envs[6].Name, "Deployment does not use configured Env Name")
+	assert.Equal(t, wantCpuRequest, envs[6].Value, "Deployment does not use configured Env Value")
+	assert.Equal(t, "VARIABLE", envs[7].Name, "Deployment does not use configured Env Name")
+	assert.Equal(t, "VALUE", envs[7].Value, "Deployment does not use configured Env Value")
 }
 
 func Test_Deployment_ShouldRender_Affinity(t *testing.T) {
@@ -92,8 +93,8 @@ func Test_Deployment_ShouldRender_OverrideNamespace(t *testing.T) {
 	got := renderDeployment(t, options, false)
 
 	assert.Equal(t, overrideNamespace, got.Namespace, "Deployment should use the overridden namespace")
-	assert.Equal(t, "BACKUP_OPERATOR_NAMESPACE", got.Spec.Template.Spec.Containers[0].Env[3].Name)
-	assert.Equal(t, "metadata.namespace", got.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.FieldRef.FieldPath)
+	assert.Equal(t, "BACKUP_OPERATOR_NAMESPACE", got.Spec.Template.Spec.Containers[0].Env[4].Name)
+	assert.Equal(t, "metadata.namespace", got.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.FieldRef.FieldPath)
 }
 
 func Test_Deployment_ShouldRender_Resources(t *testing.T) {
diff --git a/charts/k8up/values.yaml b/charts/k8up/values.yaml
@@ -56,6 +56,10 @@ k8up:
   # -- Specifies whether K8up should ignore PVCs without the backup annotation (by default, `k8up.io/backup`)
   skipWithoutAnnotation: false
 
+  # -- Specifies whether K8up should skip synchronizing Snapshot custom resources to the cluster after backup or prune operations.
+  # When enabled, the operator passes `BACKUP_SKIP_SNAPSHOT_SYNC=true` to backup and prune job pods. Webhook notifications are still sent.
+  skipSnapshotSync: false
+
   # -- Specifies the namespace in which K8up's `EffectiveSchedules` are stored.
   # Defaults to release namespace if left empty.
   operatorNamespace: ""
diff --git a/cmd/operator/main.go b/cmd/operator/main.go
@@ -85,6 +85,7 @@ var (
 			&cli.BoolFlag{Destination: &cfg.Config.EnableLeaderElection, Name: "enable-leader-election", EnvVars: []string{"BACKUP_ENABLE_LEADER_ELECTION"}, Value: true, DefaultText: "enabled", Usage: "enable leader election within the operator Pod"},
 			&cli.BoolFlag{Destination: &cfg.Config.EnableRelaxedScheduling, Name: "enable-relaxed-scheduling", EnvVars: []string{"BACKUP_ENABLE_RELAXED_SCHEDULING"}, Value: false, DefaultText: "disabled", Usage: "enable relaxed scheduling of backup jobs relying on the Kubernetes scheduler"},
 			&cli.BoolFlag{Destination: &cfg.Config.SkipWithoutAnnotation, Name: "skip-pvcs-without-annotation", EnvVars: []string{"BACKUP_SKIP_WITHOUT_ANNOTATION"}, Value: false, DefaultText: "disabled", Usage: "skip selecting PVCs that don't have the BACKUP_ANNOTATION"},
+			&cli.BoolFlag{Destination: &cfg.Config.SkipSnapshotSync, Name: "global-skip-snapshot-sync", EnvVars: []string{"BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC"}, Value: false, DefaultText: "disabled", Usage: "if set, skip synchronizing Snapshot custom resources to the cluster after backup or prune operations. This sets the BACKUP_SKIP_SNAPSHOT_SYNC env var on backup and prune job pods."},
 			&cli.StringFlag{Destination: &cfg.Config.BackupCheckSchedule, Name: "checkschedule", EnvVars: []string{"BACKUP_CHECKSCHEDULE"}, Value: "0 0 * * 0", Usage: "the default check schedule"},
 			&cli.StringFlag{Destination: &cfg.Config.OperatorNamespace, Name: "operator-namespace", EnvVars: []string{"BACKUP_OPERATOR_NAMESPACE"}, Required: true, Usage: "set the namespace in which the K8up operator itself runs"},
 
diff --git a/docs/modules/ROOT/examples/usage/operator.txt b/docs/modules/ROOT/examples/usage/operator.txt
@@ -49,6 +49,7 @@ OPTIONS:
    --enable-leader-election                            enable leader election within the operator Pod (default: enabled) [$BACKUP_ENABLE_LEADER_ELECTION]
    --enable-relaxed-scheduling                         enable relaxed scheduling of backup jobs relying on the Kubernetes scheduler (default: disabled) [$BACKUP_ENABLE_RELAXED_SCHEDULING]
    --skip-pvcs-without-annotation                      skip selecting PVCs that don't have the BACKUP_ANNOTATION (default: disabled) [$BACKUP_SKIP_WITHOUT_ANNOTATION]
+   --global-skip-snapshot-sync                         if set, skip synchronizing Snapshot custom resources to the cluster after backup or prune operations. This sets the BACKUP_SKIP_SNAPSHOT_SYNC env var on backup and prune job pods. (default: disabled) [$BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC]
    --checkschedule value                               the default check schedule (default: "0 0 * * 0") [$BACKUP_CHECKSCHEDULE]
    --operator-namespace value                          set the namespace in which the K8up operator itself runs [$BACKUP_OPERATOR_NAMESPACE]
    --insecure-allow-podexec-spdy-fallback              enable fallback to SPDY connections for data streaming used by application aware backups. Might need to be enabled if the cluster has Kubernetes version 1.30 or lower. K8up uses WebSockets by default. CAUTION: Has been observed to cause silent data corruption in some network setups, use at own risk! (default: false) [$INSECURE_ALLOW_PODEXEC_SPDY_FALLBACK]
diff --git a/docs/modules/ROOT/pages/how-tos/backup.adoc b/docs/modules/ROOT/pages/how-tos/backup.adoc
@@ -15,6 +15,8 @@ TIP: Deploying this configuration also creates a Backup of the current state and
 
 TIP: By default, all PVCs are backed up automatically. Adding the annotation `k8up.io/backup=false` to a PVC object will exclude it from all following backups. Alternatively, you can set the environment variable `BACKUP_SKIP_WITHOUT_ANNOTATION=true` if you want K8up to ignore objects without the annotation.
 
+TIP: By default, K8up synchronizes Snapshot custom resources to the cluster after backup operations. You can disable this globally by setting the operator environment variable `BACKUP_GLOBAL_SKIP_SNAPSHOT_SYNC=true`. Webhook notifications are still sent even when snapshot synchronization is disabled.
+
 == Self-signed issuer and Mutual TLS
 
 If you are using self-signed issuer or using mutual tls for authenticate client, you're able use a volume for mounting cert files into the backup object.
diff --git a/operator/backupcontroller/backup_utils.go b/operator/backupcontroller/backup_utils.go
@@ -193,6 +193,10 @@ func (b *BackupExecutor) setupEnvVars() ([]corev1.EnvVar, error) {
 	vars.SetString("BACKUPCOMMAND_ANNOTATION", cfg.Config.BackupCommandAnnotation)
 	vars.SetString("FILEEXTENSION_ANNOTATION", cfg.Config.FileExtensionAnnotation)
 
+	if cfg.Config.SkipSnapshotSync {
+		vars.SetString("BACKUP_SKIP_SNAPSHOT_SYNC", "true")
+	}
+
 	err := vars.Merge(executor.DefaultEnv(b.backup.GetNamespace()))
 	if err != nil {
 		return nil, fmt.Errorf("cannot merge environment variables: %w", err)
diff --git a/operator/cfg/config.go b/operator/cfg/config.go
@@ -84,6 +84,7 @@ type Configuration struct {
 	ClusterName                      string
 	RestartPolicy                    string
 	SkipWithoutAnnotation            bool
+	SkipSnapshotSync                 bool
 	EnableRelaxedScheduling          bool
 	InsecureAllowPodExecSPDYFallback bool
 
diff --git a/operator/prunecontroller/executor.go b/operator/prunecontroller/executor.go
@@ -136,6 +136,10 @@ func (p *PruneExecutor) setupEnvVars(ctx context.Context, prune *k8upv1.Prune) [
 
 	vars.SetString("PROM_URL", cfg.Config.PromURL)
 
+	if cfg.Config.SkipSnapshotSync {
+		vars.SetString("BACKUP_SKIP_SNAPSHOT_SYNC", "true")
+	}
+
 	err := vars.Merge(executor.DefaultEnv(p.Obj.GetNamespace()))
 	if err != nil {
 		log.Error(err, "error while merging the environment variables", "name", p.Obj.GetName(), "namespace", p.Obj.GetNamespace())
