Merge pull request #1045 from danielpodwysocki/master

implement filtering PVCs/preBackupPods using labelSelectors

Author: Kidswiss

Makefile

@@ -75,7 +75,7 @@ deploy: kind-load-image install ## Deploy controller in the configured Kubernete
 		--set image.registry=$(E2E_REGISTRY) \
 		--set image.repository=$(E2E_REPO) \
 		--set image.tag=$(E2E_TAG) \
-		--values ./e2e/definitions/operator/deploy.yaml \
+		--values ./e2e/definitions/operator/values.yaml \
 		--wait $(deploy_args)
 
 .PHONY: generate

api/v1/backup_types.go

@@ -40,6 +40,11 @@ type BackupSpec struct {
 
 	// Tags is a list of arbitrary tags that get added to the backup via Restic's tagging system
 	Tags []string `json:"tags,omitempty"`
+
+	// LabelSelectors is a list of selectors that we filter for.
+	// When defined, only PVCs and PreBackupPods matching them are backed up.
+	// +optional
+	LabelSelectors []metav1.LabelSelector `json:"labelSelectors,omitempty"`
 }
 
 type BackupTemplate struct {

api/v1/zz_generated.deepcopy.go

@@ -448,6 +448,58 @@ spec:
 
                   Deprecated: Use FailedJobsHistoryLimit and SuccessfulJobsHistoryLimit respectively.
                 type: integer
+              labelSelectors:
+                description: |-
+                  LabelSelectors is a list of selectors that we filter for.
+                  When defined, only PVCs and PreBackupPods matching them are backed up.
+                items:
+                  description: |-
+                    A label selector is a label query over a set of resources. The result of matchLabels and
+                    matchExpressions are ANDed. An empty label selector matches all objects. A null
+                    label selector matches no objects.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      type: object
+                  type: object
+                  x-kubernetes-map-type: atomic
+                type: array
               podConfigRef:
                 description: |-
                   PodConfigRef describes the pod spec with wich this action shall be executed.

config/crd/apiextensions.k8s.io/v1/k8up.io_backups.yaml

@@ -1756,6 +1756,58 @@ spec:
 
                       Deprecated: Use FailedJobsHistoryLimit and SuccessfulJobsHistoryLimit respectively.
                     type: integer
+                  labelSelectors:
+                    description: |-
+                      LabelSelectors is a list of selectors that we filter for.
+                      When defined, only PVCs and PreBackupPods matching them are backed up.
+                    items:
+                      description: |-
+                        A label selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty label selector matches all objects. A null
+                        label selector matches no objects.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    type: array
                   podConfigRef:
                     description: |-
                       PodConfigRef describes the pod spec with wich this action shall be executed.

config/crd/apiextensions.k8s.io/v1/k8up.io_schedules.yaml

@@ -11,6 +11,7 @@ OPTIONS:
    --annotation value                                  the annotation to be used for filtering (default: "k8up.io/backup") [$BACKUP_ANNOTATION]
    --backupcommandannotation value                     set the annotation name that identify the backup commands on Pods (default: "k8up.io/backupcommand") [$BACKUP_BACKUPCOMMANDANNOTATION]
    --fileextensionannotation value                     set the annotation name where the file extension is stored for backup commands (default: "k8up.io/file-extension") [$BACKUP_FILEEXTENSIONANNOTATION]
+   --global-backoff-limit value                        set the backoff limit for all backup jobs (default: 6) [$BACKUP_GLOBAL_BACKOFF_LIMIT]
    --global-failed-jobs-history-limit value            set the number of old, failed jobs to keep when cleaning up, applies to all job types (default: 3) [$BACKUP_GLOBAL_FAILED_JOBS_HISTORY_LIMIT]
    --global-successful-jobs-history-limit value        set the number of old, successful jobs to keep when cleaning up, applies to all job types (default: 3) [$BACKUP_GLOBAL_SUCCESSFUL_JOBS_HISTORY_LIMIT]
    --global-concurrent-archive-jobs-limit value        set the limit of concurrent archive jobs (default: unlimited) [$BACKUP_GLOBAL_CONCURRENT_ARCHIVE_JOBS_LIMIT]

docs/modules/ROOT/examples/usage/operator.txt

@@ -219,3 +219,70 @@ spec:
   podConfigRef:
     name: podconfig
 ----
+
+== Target specific PVCs or PreBackupPods
+
+An optional labelSelectors field can be specified to target PVCs or PreBackupPods matching those expressions.
+You can specify multiple selectors - as long as at least one matches, the PVC/PreBackupPod will be included in the backup.
+
+Keep in mind that does NOT apply to terms within an individual labelSelector - this will be processed as usual, as we use the standard K8s API for this.
+To find out how selectors themselves work, you can consult the upstream Kubernetes documentation: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+Below you can find a practical example. It would back up any resources with "my-label-key" defined OR "another-label-key" with one of the accepted values.
+
+[source,yaml]
+----
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: backup-test
+spec:
+  labelSelectors:
+    - matchExpressions:
+      - key: my-label-key
+        operator: Exists
+    - matchExpressions:
+      - key: another-label-key
+        operator: In
+	values:
+	  - acceptable-value
+	  - another-acceptable-value
+  failedJobsHistoryLimit: 2
+  successfulJobsHistoryLimit: 2
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    s3:
+      endpoint: http://minio:9000
+      bucket: backups
+      accessKeyIDSecretRef:
+        name: minio-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: minio-credentials
+        key: password
+
+----
+
+If you'd like to only target entities having both labels, you can use a single labelSelector.
+This change will cause the backup to select only entities matching both conditions.
+
+[source,yaml]
+----
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: backup-test
+spec:
+  labelSelectors:
+    - matchExpressions:
+      - key: my-label-key
+        operator: Exists
+      - key: another-label-key
+        operator: In
+	values:
+	  - acceptable-value
+	  - another-acceptable-value
+...
+----

docs/modules/ROOT/pages/how-tos/backup.adoc

@@ -257,6 +257,8 @@ KeepJobs is used property is not specified.
 information about the snapshots to. This is in addition to the prometheus
 pushgateway.
 | *`tags`* __string array__ | Tags is a list of arbitrary tags that get added to the backup via Restic's tagging system
+| *`labelSelectors`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta[$$LabelSelector$$] array__ | LabelSelectors is a list of selectors that we filter for.
+When defined, only PVCs and PreBackupPods matching them are backed up.
 |===
 
 
@@ -299,6 +301,8 @@ KeepJobs is used property is not specified.
 information about the snapshots to. This is in addition to the prometheus
 pushgateway.
 | *`tags`* __string array__ | Tags is a list of arbitrary tags that get added to the backup via Restic's tagging system
+| *`labelSelectors`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta[$$LabelSelector$$] array__ | LabelSelectors is a list of selectors that we filter for.
+When defined, only PVCs and PreBackupPods matching them are backed up.
 |===
 
 

docs/modules/ROOT/pages/references/api-reference.adoc

@@ -0,0 +1,34 @@
+---
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: k8up-backup-selectors
+  namespace: k8up-e2e-subject
+spec:
+  labelSelectors:
+    - matchExpressions:
+      - key: exists
+        operator: Exists
+    - matchExpressions:
+      - key: specific-values
+        operator: In
+        values:
+          - specific-value-1
+          - specific-value-2
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    s3:
+      endpoint: http://minio.minio-e2e.svc.cluster.local:9000
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+  podSecurityContext:
+    runAsUser: $ID

e2e/definitions/backup/backup-selectors.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: k8up.io/v1
+kind: PreBackupPod
+metadata:
+  name: prebackup-label-specific-value-1
+  namespace: k8up-e2e-subject
+  labels:
+    specific-values: specific-value-1
+spec:
+  backupCommand: sh -c 'echo hello there'
+  pod:
+    spec:
+      containers:
+        - image: busybox
+          command:
+            - 'sleep'
+            - 'infinity'
+          imagePullPolicy: Always
+          name: specific-label-value-1
+---
+apiVersion: k8up.io/v1
+kind: PreBackupPod
+metadata:
+  name: prebackup-label-exists
+  namespace: k8up-e2e-subject
+  labels:
+    exists: arbitrary
+spec:
+  backupCommand: sh -c 'echo whatup'
+  pod:
+    spec:
+      containers:
+        - image: busybox
+          command:
+            - 'sleep'
+            - 'infinity'
+          imagePullPolicy: Always
+          name: arbitrary-label-value