Restore workspace from backup #1572
Conversation
Allda
requested review from
akurinnoy,
dkwon17,
ibuziuk and
rohanKanojia
as code owners
Allda
force-pushed
the
23570-restore-workspace
branch
from
1b95d94 to
5480c1c
Compare
|
@Allda : I'm facing a strange issue while testing this functionality on CRC cluster . I've tried on both amd64 and arm64 variants but face same issue. I used samples/plain-workspace.yaml for testing. Everything goes fine till step 4, but when I create the restore backup manifest I can see devworkspace resource is created but there is no corresponding pod for it: oc create -f restore-dw.yaml
devworkspace.workspace.devfile.io/plain-devworkspace created
oc get dw
NAME DEVWORKSPACE ID PHASE INFO
plain-devworkspace workspace612b8ddca9ff45d5 Running Workspace is running
oc get pods
No resources found in rokumar-dev namespace.I had just modified the name from the restore manifest you shared: kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
labels:
controller.devfile.io/creator: ""
name: plain-devworkspace
spec:
started: true
routingClass: 'basic'
template:
attributes:
controller.devfile.io/storage-type: common
controller.devfile.io/restore-workspace: 'true'Could you please check if I'm missing something? |
I am not sure why it doesn't work on your system. I tried the workspace you mentioned and the backup and other pods were created successfully. Are there any logs you can share or see if the workspace has any pods at the very start? |
|
@Allda : Okay, I'll try it again and report back |
Allda
force-pushed
the
23570-restore-workspace
branch
from
368a98f to
9db9b7c
Compare
|
I was able to successfully restore a real Dev Spaces project: |
pkg/library/restore/restore.go
Outdated
|
|
||
| if !hasContainerComponents(workspaceTemplate) { | ||
| // Avoid adding restore init container when DevWorkspace does not define any containers | ||
| return nil, nil |
There was a problem hiding this comment.
@rohanKanojia for your comment: #1572 (comment)
I believe you're running into this case?
There was a problem hiding this comment.
Yeah I'm trying to literally create the same DevWorkspace manifest as provided in the description.
It started working when I provided full DevWorkspace manifest with restore attribute
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Allda, ibuziuk The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
New changes are detected. LGTM label has been removed. |
A new init container is added to the workspace deployment in case user choose to restore the workspace from backup. By setting workspace attribute "controller.devfile.io/restore-workspace" the controller sets a new init container instead of cloning data from git repository. By default an automated path to restore image is used based on cluster settings. However user is capable overwrite that value using another attribute "controller.devfile.io/restore-source-image". The restore container runs a wokspace-recovery.sh script that pull an image using oras an extract files to a /project directory. Signed-off-by: Ales Raszka <araszka@redhat.com>
A new tests that verifies the workspace is created from a backup. It checks if a deployment is ready and if it contains a new restore init container with proper configuration. There are 2 tests - one focused on common pvc and other that have per-workspace storage. Signed-off-by: Ales Raszka <araszka@redhat.com>
The condition whether an workspace should be restored from workspace was in the restore module itself. This make a reading a code more difficult. Now the condition is checked in the controller itself and restore container is only added when enabled. This commit also fixes few minor changes based on the code review comments: - Licence header - Attribute validation - Add a test for disabled workspace recovery - Typos Signed-off-by: Ales Raszka <araszka@redhat.com>
A new config is added to control the restore container. Default values are set for the new init container. It can be changed by user in the config. The config uses same logic as the project clone container config. Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
The function handleRegistryAuthSecret is also needed for restore action. The backup controller is not a right place for it as it can't be reused. Moving it to separate module to be reusable. Signed-off-by: Ales Raszka <araszka@redhat.com>
The workspace restore process now support access to registries that require authentication. The default operator config is used to detect a right secret name and the secret is injected to the container as a volume. The second part of the commit adds support for OCP build-in registry. With this registry a user doesn't have to provide any secrets because a workspace service account have image puller role associated using role bindings. Signed-off-by: Ales Raszka <araszka@redhat.com>
The image stream created by the backup mechanism can't be owned by the workspace otherwise a deletion of the workspace also deletes the image stream. Removing the reference keep these 2 objects unrelated. Signed-off-by: Ales Raszka <araszka@redhat.com>
In case a workspace directory is not empty the restore process should just log the event and skip the restoration. This logic is added to not override data in case a workspace is resumed. Usual flow: - create a workspace and enable restoration - a restore container restores data from backup - a user updates files in workspace - a user stops a workspace - a user resumes a workspace - a restore container skips the restore process due to not empty dir Signed-off-by: Ales Raszka <araszka@redhat.com>
A new sample image is created in the CI and is used in the integration tests. Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
In case the backup config is not present the value might be null and fails. The new condition handles it. Signed-off-by: Ales Raszka <araszka@redhat.com>
The delay between checking the empty dir and copying a backup content might cause an issue. This fix moves the check right before the content is being copied which minimize the delay. Signed-off-by: Ales Raszka <araszka@redhat.com>
The previous solution always deleted a secret if exist and re-create it. This can lead to potential issues. The new code uses SyncObjectWithCluster that is used across a whole codebase and minimize the risk of issues. Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: Ales Raszka <araszka@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
dkwon17
force-pushed
the
23570-restore-workspace
branch
from
1ebf152 to
460cd25
Compare
|
Added new commit to fix the rolebinding issue: 460cd25 and rebased. I will merge this PR shortly |
|
@Allda: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
7 participants
What does this PR do?
Add init container for workspace restoration
A new init container is added to the workspace deployment in case user choose to restore the workspace from backup.
By setting the workspace attribute "controller.devfile.io/restore-workspace" the controller sets a new init container instead of cloning data from git repository.
By default an automated path to restore image is used based on cluster settings. However user is capable overwrite that value using another attribute "controller.devfile.io/restore-source-image".
The restore container runs a wokspace-recovery.sh script that pull an image using oras an extract files to a /project directory.
What issues does this PR fix or reference?
#1525
Is it tested? How?
No automated tests are available in the first phase. I will add tests once I get the first approval that the concept is ok.
How to test:
kubectl delete devworkspace restore-workspace-2controller.devfile.io/restore-workspace)PR Checklist
/test v8-devworkspace-operator-e2e, v8-che-happy-pathto trigger)v8-devworkspace-operator-e2e: DevWorkspace e2e testv8-che-happy-path: Happy path for verification integration with CheWhat's missing: