Design For OADP CLI MVP #1797
Design For OADP CLI MVP #1797
Conversation
|
Hi @NicholasYancey. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci
bot
added
the
needs-ok-to-test
weshayutin
added
ok-to-test
docs/design/kubectl-oadp.md
Outdated
| oc oadp backup create | ||
| oc oadp backup logs | ||
| oc oadp restore create | ||
| oc oadp restore logs |
There was a problem hiding this comment.
Would be nice to have some markdown code decorations for the code here.
| oc oadp backup create | |
| oc oadp backup logs | |
| oc oadp restore create | |
| oc oadp restore logs | |
| ```sh | |
| oc oadp backup create | |
| oc oadp backup logs | |
| oc oadp restore create | |
| oc oadp restore logs | |
| ``` |
weshayutin
added
the
do-not-merge/hold
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
docs/design/kubectl-oadp.md
Outdated
|
|
||
| ## Goals | ||
| - Customers can create backups and restores | ||
| - A non-cluster admin can create Non-Admin-Backups (NAB) |
There was a problem hiding this comment.
Would the non-admin backup/restore API calls be different? Since the CRDs are different, I imagine those would need different APIs here as well.
There was a problem hiding this comment.
@sseago you are correct, however because we are limited in time based on the internship timeframe. This design is only going to cover NAB's.
There was a problem hiding this comment.
Is the CLI compatibility across different OADP versions in-scope ?
- How you will tell the user that the CRD is not available on the system for Non Admin use case if the user tries to use this CLI against older OADP deployment. This is of course only for NAB due to time constrains.
There was a problem hiding this comment.
@weshayutin Oh, wait -- this is for NABs and not Velero backups? Oh, that wasn't clear from the mention of backups and restores. In that case, we need to be clear by referencing NABs and NARs and not Backups and Restores elsewhere.
There was a problem hiding this comment.
Changed doc to make it more clear to the reader
Co-authored-by: Copilot <[email protected]>
|
@shubham-pampattiwar @mpryc please provide a review today, tomorrow so we can get this through. |
|
|
||
| ## Non-Goals | ||
| - Non-Admin-Restore due to time constraints | ||
|
|
There was a problem hiding this comment.
Lets add a use-case section too
docs/design/kubectl-oadp.md
Outdated
|
|
||
| ## Goals | ||
| - Customers can create backups and restores | ||
| - A non-cluster admin can create Non-Admin-Backups (NAB) |
There was a problem hiding this comment.
Is the CLI compatibility across different OADP versions in-scope ?
- How you will tell the user that the CRD is not available on the system for Non Admin use case if the user tries to use this CLI against older OADP deployment. This is of course only for NAB due to time constrains.
| ## High-Level Design | ||
| Creating a kubectl plugin (kubectl-oadp) will be a good solution to the problem at hand. It will be able to create/delete backups and restores. Non-cluster admin will be able to create NABs without the need for cluster admin to do it for them. | ||
|
|
||
| ## Detailed Design |
There was a problem hiding this comment.
What plugin installation process will look like?
There was a problem hiding this comment.
I will leave it out of the design doc for now, but using krew for installations would be nice in the future
|
LET'S GO, move move move! |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
This PR adds a design document for the kubectl-oadp CLI plugin, outlining its purpose, architecture, and usage.
- Defines goals, non-goals, and use cases for both regular and non-admin backups/restores
- Presents high-level and detailed design with Go code snippets and CLI examples
- Covers security considerations, compatibility, and future work
Comments suppressed due to low confidence (2)
docs/design/kubectl-oadp.md:20
- Align this CLI usage with the examples below—use
kubectl oadp nonadmin backup create [backupName]instead ofkubectl oadp create nonadmin backup [backupname].
Creating a kubectl plugin (kubectl-oadp) will be a good solution to the problem at hand. It will be able to create/delete backups and restores. Non-cluster admin will be able to create NABs without the need for cluster admin to do it for them. A way to distinguish between creating either NABs or regular backups would be in the cli. For intstance, if you would like to create a NAB, you would have to do kubectl oadp create nonadmin backup [backupname].
docs/design/kubectl-oadp.md:72
- Fix the misspelling in the error message to 'Unauthorized Access'.
The security for the plugin is controlled by OpenShift RBAC, which allows cluster admins to control permissions of users below it. This is untilized to allows users to only be allowed to use the commands that they have permission to use by their namespace. The plugin would also create error statements like "Unautherized Access" whenever a user who does not have the right permissions tries to do unautherized commands.
There was a problem hiding this comment.
Some NITs and suggestions here and there.
Overall looks good ! Awesome job @NicholasYancey @Joeavaikath !
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Tiger Kaovilai <[email protected]>
Co-authored-by: Tiger Kaovilai <[email protected]>
|
@NicholasYancey: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-ci
bot
added
the
approved
There was a problem hiding this comment.
Nice work here. It takes time and work to thoroughly communicate details with regards to your intentions, plans and how you intend to implement an idea. If this design were not time constrained I suspect we would have gone a few more rounds of updates and reviews.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kaovilai, NicholasYancey, shubham-pampattiwar, weshayutin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
weshayutin
removed
the
do-not-merge/hold
|
/lgtm |
* DNM Design For OADP CLI NVP * Crucial edits to Design Doc * Update docs/design/kubectl-oadp.md Co-authored-by: Copilot <[email protected]> * Small edits to Design Doc * Much needed changes to Design Doc * Update docs/design/kubectl-oadp.md Co-authored-by: Copilot <[email protected]> * Update docs/design/kubectl-oadp.md Co-authored-by: Copilot <[email protected]> * Update docs/design/kubectl-oadp.md Co-authored-by: Copilot <[email protected]> * Update docs/design/kubectl-oadp.md Co-authored-by: Copilot <[email protected]> * Update docs/design/kubectl-oadp.md Co-authored-by: Tiger Kaovilai <[email protected]> * Finishing touches to Design Doc * Update docs/design/kubectl-oadp.md Co-authored-by: Tiger Kaovilai <[email protected]> --------- Co-authored-by: Nicholas Yancey <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Tiger Kaovilai <[email protected]>
Why the changes were made
Need the kubectl plugin design document peer reviewed
How to test the changes made
Please read