exclude vols mounting secrets and configmaps from defaultVolumesToRestic (#2762)

Signed-off-by: Ashish Amarnath <ashisham@vmware.com>
2020-07-27 20:27:49 -07:00 · 2020-07-27 20:27:49 -07:00 · 028818a053
parent 94872ea2fc
commit 028818a053
3 changed files with 53 additions and 0 deletions
--- a/changelogs/unreleased/2762-ashish-amarnath
+++ b/changelogs/unreleased/2762-ashish-amarnath
@ -0,0 +1 @@
+Exclude volumes mounting secrets and configmaps from defaulting volume backups to restic
--- a/pkg/restic/common.go
+++ b/pkg/restic/common.go
@ -170,6 +170,14 @@ func GetPodVolumesUsingRestic(pod *corev1api.Pod, defaultVolumesToRestic bool) [
 		if pv.HostPath != nil {
 			continue
 		}
+		// don't backup volumes mounting secrets. Secrets will be backed up separately.
+		if pv.Secret != nil {
+			continue
+		}
+		// don't backup volumes mounting config maps. Config maps will be backed up separately.
+		if pv.ConfigMap != nil {
+			continue
+		}
 		// don't backup volumes that are included in the exclude list.
 		if contains(volsToExclude, pv.Name) {
 			continue
--- a/pkg/restic/common_test.go
+++ b/pkg/restic/common_test.go
@ -507,6 +507,50 @@ func TestGetPodVolumesUsingRestic(t *testing.T) {
 			},
 			expected: []string{"resticPV1", "resticPV2", "resticPV3"},
 		},
+		{
+			name:                   "should exclude volumes mounting secrets",
+			defaultVolumesToRestic: true,
+			pod: &corev1api.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						VolumesToExcludeAnnotation: "nonResticPV1,nonResticPV2,nonResticPV3",
+					},
+				},
+				Spec: corev1api.PodSpec{
+					Volumes: []corev1api.Volume{
+						// Restic Volumes
+						{Name: "resticPV1"}, {Name: "resticPV2"}, {Name: "resticPV3"},
+						/// Excluded from restic through annotation
+						{Name: "nonResticPV1"}, {Name: "nonResticPV2"}, {Name: "nonResticPV3"},
+						// Excluded from restic because hostpath
+						{Name: "superSecret", VolumeSource: corev1api.VolumeSource{Secret: &corev1api.SecretVolumeSource{SecretName: "super-secret"}}},
+					},
+				},
+			},
+			expected: []string{"resticPV1", "resticPV2", "resticPV3"},
+		},
+		{
+			name:                   "should exclude volumes mounting config maps",
+			defaultVolumesToRestic: true,
+			pod: &corev1api.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						VolumesToExcludeAnnotation: "nonResticPV1,nonResticPV2,nonResticPV3",
+					},
+				},
+				Spec: corev1api.PodSpec{
+					Volumes: []corev1api.Volume{
+						// Restic Volumes
+						{Name: "resticPV1"}, {Name: "resticPV2"}, {Name: "resticPV3"},
+						/// Excluded from restic through annotation
+						{Name: "nonResticPV1"}, {Name: "nonResticPV2"}, {Name: "nonResticPV3"},
+						// Excluded from restic because hostpath
+						{Name: "appCOnfig", VolumeSource: corev1api.VolumeSource{ConfigMap: &corev1api.ConfigMapVolumeSource{LocalObjectReference: corev1api.LocalObjectReference{Name: "app-config"}}}},
+					},
+				},
+			},
+			expected: []string{"resticPV1", "resticPV2", "resticPV3"},
+		},
 	}

 	for _, tc := range testCases {
				`@ -0,0 +1 @@`
				`Exclude volumes mounting secrets and configmaps from defaulting volume backups to restic`