Skip to content

oadp 1.4 onboard nac #1957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: oadp-1.4
Choose a base branch
from
Open

oadp 1.4 onboard nac #1957

wants to merge 4 commits into from

Conversation

@weshayutin
Copy link
Contributor

@weshayutin weshayutin commented Sep 15, 2025
edited
Loading

Why the changes were made

Building off of @mpryc's draft pr
#1946

Engineering effort to backport self-service into OADP-1.4
Related to: openshift/release#69401 The openshift release updates

How to test the changes made

With my friends :)

@openshift-ci
Copy link

openshift-ci bot commented Sep 15, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: weshayutin
Once this PR has been reviewed and has the lgtm label, please assign jwmatthews for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@weshayutin weshayutin added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2025
@weshayutin weshayutin changed the title Wes oadp 1.4 onboard nac DRAFT oadp 1.4 onboard nac Sep 15, 2025
@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 15, 2025
edited
Loading 

root@fedora:~# oc whoami
nacuser1
root@fedora:~# oc get nonadminbackups
NAME                     REQUEST-PHASE   VELERO-PHASE   AGE
nacuser1-backup-1        Created         Completed      141m
nacuser1-backup-2        Created         Completed      38m
nacuser1-backup-3-data   Created         Completed      35m
root@fedora:~# oc get nonadminrestores.oadp.openshift.io 
NAME                     REQUEST-PHASE   VELERO-PHASE   AGE
mysql-nonadmin-restore   Created         Completed      17m

oc oadp backup describe nacuser1-nacuser1-backup-3-1a3d4da8-0f97-4117-a9c6-19e2c97d978a --details
Name:         nacuser1-nacuser1-backup-3-1a3d4da8-0f97-4117-a9c6-19e2c97d978a
Namespace:    openshift-adp
Labels:       app.kubernetes.io/managed-by=oadp-nac-controller
              openshift.io/oadp=True
              openshift.io/oadp-nab-origin-nacuuid=nacuser1-nacuser1-backup-3-1a3d4da8-0f97-4117-a9c6-19e2c97d978a
              velero.io/storage-location=nacuser1-nacuser1-eb2708a9-d502-4c08-9c7b-e9fe35f89e5b
Annotations:  openshift.io/oadp-nab-origin-name=nacuser1-backup-3-data
              openshift.io/oadp-nab-origin-namespace=nacuser1
              velero.io/resource-timeout=10m0s
              velero.io/source-cluster-k8s-gitversion=v1.31.9
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=31

Phase:  Completed


Namespaces:
  Included:  nacuser1
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        nonadminbackups, nonadminrestores, nonadminbackupstoragelocations, securitycontextconstraints, clusterroles, clusterrolebindings, priorityclasses, customresourcedefinitions, virtualmachineclusterinstancetypes, virtualmachineclusterpreferences
  Cluster-scoped:  auto

Label selector:  <none>

Or label selector:  <none>

Storage Location:  nacuser1-nacuser1-eb2708a9-d502-4c08-9c7b-e9fe35f89e5b

Velero-Native Snapshot PVs:  auto
Snapshot Move Data:          false
Data Mover:                  velero

TTL:  720h0m0s

CSISnapshotTimeout:    10m0s
ItemOperationTimeout:  4h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2025-09-15 15:21:53 -0600 MDT
Completed:  2025-09-15 15:22:59 -0600 MDT

Expiration:  2025-10-15 15:21:53 -0600 MDT

Total items to be backed up:  79
Items backed up:              79

Backup Item Operations:
  Operation for volumesnapshots.snapshot.storage.k8s.io nacuser1/velero-mysql-tsvzp:
    Backup Item Action Plugin:  velero.io/csi-volumesnapshot-backupper
    Operation ID:               nacuser1/velero-mysql-tsvzp/2025-09-15T21:21:59Z
    Items to Update:
              volumesnapshots.snapshot.storage.k8s.io nacuser1/velero-mysql-tsvzp
              volumesnapshotcontents.snapshot.storage.k8s.io /snapcontent-5b837c56-064e-4cf9-bb3e-f1ea1565ddf5
    Phase:    Completed
    Created:  2025-09-15 15:21:59 -0600 MDT
    Started:  2025-09-15 15:21:59 -0600 MDT
    Updated:  2025-09-15 15:22:58 -0600 MDT
Resource List:
  apps.openshift.io/v1/DeploymentConfig:
    - nacuser1/todolist
  apps/v1/Deployment:
    - nacuser1/mysql
  apps/v1/ReplicaSet:
    - nacuser1/mysql-65584f86fc
  authorization.openshift.io/v1/RoleBinding:
    - nacuser1/nacuser1
    - nacuser1/system:deployers
    - nacuser1/system:image-builders
    - nacuser1/system:image-pullers
  discovery.k8s.io/v1/EndpointSlice:
    - nacuser1/mysql-9pcxn
    - nacuser1/todolist-886lc
  rbac.authorization.k8s.io/v1/RoleBinding:
    - nacuser1/nacuser1
    - nacuser1/system:deployers
    - nacuser1/system:image-builders
    - nacuser1/system:image-pullers
  route.openshift.io/v1/Route:
    - nacuser1/todolist-route
  snapshot.storage.k8s.io/v1/VolumeSnapshot:
    - nacuser1/velero-mysql-tsvzp
  snapshot.storage.k8s.io/v1/VolumeSnapshotClass:
    - csi-aws-vsc
  snapshot.storage.k8s.io/v1/VolumeSnapshotContent:
    - snapcontent-5b837c56-064e-4cf9-bb3e-f1ea1565ddf5
  v1/ConfigMap:
    - nacuser1/kube-root-ca.crt
    - nacuser1/openshift-service-ca.crt
  v1/Endpoints:
    - nacuser1/mysql
    - nacuser1/todolist
  v1/Event:
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba5555aa740
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba5e057108c
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba658a58a92
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba65a99c9d1
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba966ff41e2
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba96d01204b
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba96d71759c
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba96d7dd714
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba97000c16d
    - nacuser1/mysql-65584f86fc-lhrz2.18658ba97063fbfb
    - nacuser1/mysql-65584f86fc.18658ba4a0d7b3d9
    - nacuser1/mysql.18658ba492925734
    - nacuser1/mysql.18658ba49c3e46fb
    - nacuser1/mysql.18658ba4a245e5c7
    - nacuser1/mysql.18658ba4a25a2835
    - nacuser1/mysql.18658ba52b023b5a
    - nacuser1/todolist-1-5nk8z.18658ba566e81765
    - nacuser1/todolist-1-5nk8z.18658ba57fee329d
    - nacuser1/todolist-1-5nk8z.18658ba5813dafcc
    - nacuser1/todolist-1-5nk8z.18658ba5dc515a3a
    - nacuser1/todolist-1-5nk8z.18658ba5e314ef08
    - nacuser1/todolist-1-5nk8z.18658ba5e37852d7
    - nacuser1/todolist-1-5nk8z.18658bae4a88acbc
    - nacuser1/todolist-1-5nk8z.18658baf3d50d69f
    - nacuser1/todolist-1-5nk8z.18658baf41803037
    - nacuser1/todolist-1-5nk8z.18658baf41e8102c
    - nacuser1/todolist-1-deploy.18658ba4a9a5ae7a
    - nacuser1/todolist-1-deploy.18658ba4c301b68a
    - nacuser1/todolist-1-deploy.18658ba4c460a197
    - nacuser1/todolist-1-deploy.18658ba558e9b41f
    - nacuser1/todolist-1-deploy.18658ba55e1abf3a
    - nacuser1/todolist-1-deploy.18658ba55e800d96
    - nacuser1/todolist-1.18658ba5665c109b
    - nacuser1/todolist.18658ba4a4f9c28a
    - nacuser1/velero-mysql-kgpxw.186591735faaaad1
    - nacuser1/velero-mysql-kgpxw.186591739b233dc2
    - nacuser1/velero-mysql-kgpxw.186591811d34e142
    - nacuser1/velero-mysql-t8xg5.18658bce187464b6
    - nacuser1/velero-mysql-t8xg5.18658bce51b672aa
    - nacuser1/velero-mysql-t8xg5.18658bdbd3a9638c
  v1/Namespace:
    - nacuser1
  v1/PersistentVolume:
    - pvc-6a0e5c64-ad6e-476d-a9ff-01ef338293a4
  v1/PersistentVolumeClaim:
    - nacuser1/mysql
  v1/Pod:
    - nacuser1/mysql-65584f86fc-lhrz2
    - nacuser1/todolist-1-5nk8z
    - nacuser1/todolist-1-deploy
  v1/ReplicationController:
    - nacuser1/todolist-1
  v1/Secret:
    - nacuser1/builder-dockercfg-bzs7l
    - nacuser1/cloud-credentials
    - nacuser1/default-dockercfg-7v7wn
    - nacuser1/deployer-dockercfg-k74pv
    - nacuser1/nacuser1-sa-dockercfg-mlcb5
  v1/Service:
    - nacuser1/mysql
    - nacuser1/todolist
  v1/ServiceAccount:
    - nacuser1/builder
    - nacuser1/default
    - nacuser1/deployer
    - nacuser1/nacuser1-sa

Backup Volumes:
  Velero-Native Snapshots: <none included>

  CSI Snapshots:
    nacuser1/mysql:
      Snapshot:
        Operation ID: nacuser1/velero-mysql-tsvzp/2025-09-15T21:21:59Z
        Snapshot Content Name: snapcontent-5b837c56-064e-4cf9-bb3e-f1ea1565ddf5
        Storage Snapshot ID: snap-007f4be152abe7556
        Snapshot Size (bytes): 1073741824
        CSI Driver: ebs.csi.aws.com
        Result: 

  Pod Volume Backups: <none included>

HooksAttempted:  0
HooksFailed:     0

 oc get nonadminbackups nacuser1-backup-3-data -o yaml
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackup
metadata:
  creationTimestamp: "2025-09-15T21:21:53Z"
  finalizers:
  - nonadminbackup.oadp.openshift.io/finalizer
  generation: 2
  name: nacuser1-backup-3-data
  namespace: nacuser1
  resourceVersion: "2321392"
  uid: 161aa7b3-df1a-4aad-b248-82c2d1eec872
spec:
  backupSpec:
    csiSnapshotTimeout: 0s
    hooks: {}
    includedNamespaces:
    - nacuser1
    itemOperationTimeout: 0s
    metadata: {}
    storageLocation: nacuser1
    ttl: 720h0m0s
status:
  conditions:
  - lastTransitionTime: "2025-09-15T21:21:53Z"
    message: backup accepted
    reason: BackupAccepted
    status: "True"
    type: Accepted
  - lastTransitionTime: "2025-09-15T21:21:53Z"
    message: Created Velero Backup object
    reason: BackupScheduled
    status: "True"
    type: Queued
  dataMoverDataUploads: {}
  fileSystemPodVolumeBackups: {}
  phase: Created
  queueInfo:
    estimatedQueuePosition: 0
  veleroBackup:
    nacuuid: nacuser1-nacuser1-backup-3-1a3d4da8-0f97-4117-a9c6-19e2c97d978a
    name: nacuser1-nacuser1-backup-3-1a3d4da8-0f97-4117-a9c6-19e2c97d978a
    namespace: openshift-adp
    spec:
      csiSnapshotTimeout: 10m0s
      defaultVolumesToFsBackup: false
      excludedResources:
      - nonadminbackups
      - nonadminrestores
      - nonadminbackupstoragelocations
      - securitycontextconstraints
      - clusterroles
      - clusterrolebindings
      - priorityclasses
      - customresourcedefinitions
      - virtualmachineclusterinstancetypes
      - virtualmachineclusterpreferences
      hooks: {}
      includedNamespaces:
      - nacuser1
      itemOperationTimeout: 4h0m0s
      metadata: {}
      snapshotMoveData: false
      storageLocation: nacuser1-nacuser1-eb2708a9-d502-4c08-9c7b-e9fe35f89e5b
      ttl: 720h0m0s
      volumeSnapshotLocations:
      - dpa-sample-1
    status:
      backupItemOperationsAttempted: 1
      backupItemOperationsCompleted: 1
      completionTimestamp: "2025-09-15T21:22:59Z"
      csiVolumeSnapshotsAttempted: 1
      csiVolumeSnapshotsCompleted: 1
      expiration: "2025-10-15T21:21:53Z"
      formatVersion: 1.1.0
      hookStatus: {}
      phase: Completed
      progress:
        itemsBackedUp: 79
        totalItems: 79
      startTimestamp: "2025-09-15T21:21:53Z"
      version: 1

Still seeing a trace in non-admin-controller but things work..

name":"mysql-nonadmin-restore","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "mysql-nonadmin-restore", "reconcileID": "af7f1165-1ad0-4527-af22-4f16b330f83d", "error": "Operation cannot be fulfilled on nonadminrestores.oadp.openshift.io \"mysql-nonadmin-restore\": the object has been modified; please apply your changes to the latest version and try again"}
github.com/migtools/oadp-non-admin/internal/controller.(*NonAdminRestoreReconciler).createVeleroRestore
	/workspace/internal/controller/nonadminrestore_controller.go:425
github.com/migtools/oadp-non-admin/internal/controller.(*NonAdminRestoreReconciler).Reconcile
	/workspace/internal/controller/nonadminrestore_controller.go:111
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:116
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:303
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:263
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:224
2025-09-15T21:40:09.436Z	ERROR	Reconciler error	{"controller": "nonadminrestore", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminRestore", "NonAdminRestore": {"name":"mysql-nonadmin-restore","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "mysql-nonadmin-restore", "reconcileID": "af7f1165-1ad0-4527-af22-4f16b330f83d", "error": "Operation cannot be fulfilled on nonadminrestores.oadp.openshift.io \"mysql-nonadmin-restore\": the object has been modified; please apply your changes to the latest version and try again"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:263
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:224

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 17, 2025
@weshayutin weshayutin force-pushed the wes-oadp-1.4-onboard-nac branch from 274102d to 6af3a5f Compare September 17, 2025 17:12
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 17, 2025
@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 17, 2025

test bsl approval

  logFormat: text
  nonAdmin:
    enable: true
    requireApprovalForBSL: true
  snapshotLocations:
  - velero:
      config:

root@fedora:/home/whayutin/OADP/NAC/TEST# oc create -f nabsl.yaml 
nonadminbackupstoragelocation.oadp.openshift.io/nacuser1 created
root@fedora:/home/whayutin/OADP/NAC/TEST# oc get nonadminbackupstoragelocation
NAME       REQUEST-APPROVED   REQUEST-PHASE   VELERO-PHASE   AGE
nacuser1   False              New                            10s

root@fedora:/home/whayutin/OADP/NAC/TEST# cat nabsl.yaml 
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackupStorageLocation
metadata:
  name: nacuser1
  namespace: nacuser1
spec: 
  backupStorageLocationSpec:
    config:
#      checksumAlgorithm: ""
#      profile: default
      region: us-west-2
    credential:
      key: cloud
      name: cloud-credentials
    objectStorage:
      bucket: wesoadpnacuser1
      prefix: velero
    provider: aws  
root@fedora:/home/whayutin/OADP/NAC/TEST# oc whoami 
nacuser1
root@fedora:/home/whayutin/OADP/NAC/TEST# oc get nonadminbackupstoragelocation
NAME       REQUEST-APPROVED   REQUEST-PHASE   VELERO-PHASE   AGE
nacuser1   False              New                            95s
root@fedora:/home/whayutin/OADP/NAC/TEST# oc get nonadminbackupstoragelocation nacuser1 -o yaml
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackupStorageLocation
metadata:
  creationTimestamp: "2025-09-17T18:21:01Z"
  finalizers:
  - nonadminbackupstoragelocation.oadp.openshift.io/finalizer
  generation: 1
  name: nacuser1
  namespace: nacuser1
  resourceVersion: "3034139"
  uid: 1f078a21-77cb-4a24-89a2-833c3b54b88c
spec:
  backupStorageLocationSpec:
    config:
      region: us-west-2
    credential:
      key: cloud
      name: cloud-credentials
    objectStorage:
      bucket: wesoadpnacuser1
      prefix: velero
    provider: aws
status:
  conditions:
  - lastTransitionTime: "2025-09-17T18:21:01Z"
    message: NonAdminBackupStorageLocation spec validation successful
    reason: BslSpecValidation
    status: "True"
    type: Accepted
  - lastTransitionTime: "2025-09-17T18:21:01Z"
    message: NonAdminBackupStorageLocationRequest approval pending
    reason: BslSpecApprovalPending
    status: "False"
    type: ClusterAdminApproved
  phase: New
  veleroBackupStorageLocation:
    nacuuid: nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d
    name: nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d
    namespace: openshift-adp
root@fedora:/home/whayutin/OADP/NAC/TEST#

admin check

whayutin@fedora:~/OPENSHIFT/git/OADP/oadp-operator$ oc get nonadminbackupstoragelocationrequests.oadp.openshift.io 
NAME                                                     REQUEST-PHASE   REQUEST-NAMESPACE   REQUEST-NAME   AGE
nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d   Pending         nacuser1            nacuser1       3m7s
whayutin@fedora:~/OPENSHIFT/git/OADP/oadp-operator$ oc whoami
kube:admin

now approve

2025-09-17T18:26:50.043Z	INFO	Velero BSL Secret with label not found, creating one	{"controller": "nonadminbackupstoragelocation", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackupStorageLocation", "NonAdminBackupStorageLocation": {"name":"nacuser1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1", "reconcileID": "1a4a0a03-b285-46a1-8738-6707bfab3412", "oadpnamespace": "openshift-adp", "UUID": "nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d"}
2025-09-17T18:26:50.058Z	INFO	Velero BSL with label not found, creating one	{"controller": "nonadminbackupstoragelocation", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackupStorageLocation", "NonAdminBackupStorageLocation": {"name":"nacuser1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1", "reconcileID": "1a4a0a03-b285-46a1-8738-6707bfab3412", "oadpnamespace": "openshift-adp", "UUID": "nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d"}

oc get bsl
NAME                                                     PHASE       LAST VALIDATED   AGE   DEFAULT
dpa-sample-1                                             Available   10s              27m   true
nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d   Available   50s              50s   
whayutin@fedora:~/OPENSHIFT/git/OADP/oadp-operator$ 


Using project "nacuser1".
root@fedora:~# whoami
root
root@fedora:~# oc get nonadminbackupstoragelocation
NAME       REQUEST-APPROVED   REQUEST-PHASE   VELERO-PHASE   AGE
nacuser1   True               Created         Available      7m9s
root@fedora:~#

@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 17, 2025

test backup spec enformacement

  logFormat: text
  nonAdmin:
    enable: true
    enforceBackupSpec:
      snapshotMoveData: true
    requireApprovalForBSL: true
  snapshotLocations:
  - velero:

 cat backup_nacuser1.yaml 
apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackup
metadata:
  name: nacuser1-backup-enforcement-dm-1
  namespace: nacuser1
spec: 
  backupSpec:
    includedNamespaces:
    - nacuser1
    storageLocation: nacuser1
    ttl: 720h0m0s


oc get nonadminbackups
No resources found in nacuser1 namespace.
root@fedora:/home/whayutin/OADP/NAC/TEST# oc whoami
nacuser1
root@fedora:/home/whayutin/OADP/NAC/TEST# oc create -f backup_nacuser1.yaml 
nonadminbackup.oadp.openshift.io/nacuser1-backup-enforcement-dm-1 created
root@fedora:/home/whayutin/OADP/NAC/TEST# oc get nonadminbackups
NAME                               REQUEST-PHASE   VELERO-PHASE   AGE
nacuser1-backup-enforcement-dm-1   Created         InProgress     5s

 oc get datauploads.velero.io -n openshift-adp
NAME                                                              STATUS       STARTED   BYTES DONE   TOTAL BYTES   STORAGE LOCATION                                         AGE   NODE
nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29rf9md   InProgress   3s        1010                       nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d   44s   ip-10-0-51-71.us-west-2.compute.internal
whayutin@fedora:~/OPENSHIFT/git/OADP/oadp-operator$ 


apiVersion: oadp.openshift.io/v1alpha1
kind: NonAdminBackup
metadata:
  creationTimestamp: "2025-09-17T18:36:36Z"
  finalizers:
  - nonadminbackup.oadp.openshift.io/finalizer
  generation: 2
  name: nacuser1-backup-enforcement-dm-1
  namespace: nacuser1
  resourceVersion: "3038848"
  uid: 6aa95720-a119-47da-9453-bb99e2eaa3b3
spec:
  backupSpec:
    csiSnapshotTimeout: 0s
    hooks: {}
    includedNamespaces:
    - nacuser1
    itemOperationTimeout: 0s
    metadata: {}
    storageLocation: nacuser1
    ttl: 720h0m0s
status:
  conditions:
  - lastTransitionTime: "2025-09-17T18:36:36Z"
    message: backup accepted
    reason: BackupAccepted
    status: "True"
    type: Accepted
  - lastTransitionTime: "2025-09-17T18:36:36Z"
    message: Created Velero Backup object
    reason: BackupScheduled
    status: "True"
    type: Queued
  dataMoverDataUploads:
    completed: 1
    total: 1
  fileSystemPodVolumeBackups: {}
  phase: Created
  queueInfo:
    estimatedQueuePosition: 0
  veleroBackup:
    nacuuid: nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29a1b45
    name: nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29a1b45
    namespace: openshift-adp
    spec:
      csiSnapshotTimeout: 10m0s
      defaultVolumesToFsBackup: false
      excludedResources:
      - nonadminbackups
      - nonadminrestores
      - nonadminbackupstoragelocations
      - securitycontextconstraints
      - clusterroles
      - clusterrolebindings
      - priorityclasses
      - customresourcedefinitions
      - virtualmachineclusterinstancetypes
      - virtualmachineclusterpreferences
      hooks: {}
      includedNamespaces:
      - nacuser1
      itemOperationTimeout: 4h0m0s
      metadata: {}
      snapshotMoveData: true
      storageLocation: nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d
      ttl: 720h0m0s
      volumeSnapshotLocations:
      - dpa-sample-1
    status:
      backupItemOperationsAttempted: 1
      backupItemOperationsCompleted: 1
      completionTimestamp: "2025-09-17T18:37:30Z"
      expiration: "2025-10-17T18:36:36Z"
      formatVersion: 1.1.0
      hookStatus: {}
      phase: Completed
      progress:
        itemsBackedUp: 36
        totalItems: 36
      startTimestamp: "2025-09-17T18:36:36Z"
      version: 1

Name:         nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29a1b45
Namespace:    openshift-adp
Labels:       app.kubernetes.io/managed-by=oadp-nac-controller
              openshift.io/oadp=True
              openshift.io/oadp-nab-origin-nacuuid=nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29a1b45
              velero.io/storage-location=nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d
Annotations:  openshift.io/oadp-nab-origin-name=nacuser1-backup-enforcement-dm-1
              openshift.io/oadp-nab-origin-namespace=nacuser1
              velero.io/resource-timeout=10m0s
              velero.io/source-cluster-k8s-gitversion=v1.31.9
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=31

Phase:  Completed


Namespaces:
  Included:  nacuser1
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        nonadminbackups, nonadminrestores, nonadminbackupstoragelocations, securitycontextconstraints, clusterroles, clusterrolebindings, priorityclasses, customresourcedefinitions, virtualmachineclusterinstancetypes, virtualmachineclusterpreferences
  Cluster-scoped:  auto

Label selector:  <none>

Or label selector:  <none>

Storage Location:  nacuser1-nacuser1-621cb975-ee33-407d-b222-ea4c33ffc66d

Velero-Native Snapshot PVs:  auto
Snapshot Move Data:          true
Data Mover:                  velero

TTL:  720h0m0s

CSISnapshotTimeout:    10m0s
ItemOperationTimeout:  4h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2025-09-17 12:36:36 -0600 MDT
Completed:  2025-09-17 12:37:30 -0600 MDT

Expiration:  2025-10-17 12:36:36 -0600 MDT

Total items to be backed up:  36
Items backed up:              36

Backup Item Operations:
  Operation for persistentvolumeclaims nacuser1/mysql:
    Backup Item Action Plugin:  velero.io/csi-pvc-backupper
    Operation ID:               du-f691b0d0-01c4-49f1-a2a4-cb3936b2f4fb.44bf8df2-5ab0-4be942149
    Items to Update:
                           datauploads.velero.io openshift-adp/nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29rf9md
    Phase:                 Completed
    Progress:              108267998 of 108267998 complete (Bytes)
    Progress description:  Completed
    Created:               2025-09-17 12:36:43 -0600 MDT
    Started:               2025-09-17 12:37:24 -0600 MDT
    Updated:               2025-09-17 12:37:28 -0600 MDT
Resource List:
  apps.openshift.io/v1/DeploymentConfig:
    - nacuser1/todolist
  apps/v1/Deployment:
    - nacuser1/mysql
  apps/v1/ReplicaSet:
    - nacuser1/mysql-65584f86fc
  authorization.openshift.io/v1/RoleBinding:
    - nacuser1/nacuser1
    - nacuser1/system:deployers
    - nacuser1/system:image-builders
    - nacuser1/system:image-pullers
  discovery.k8s.io/v1/EndpointSlice:
    - nacuser1/mysql-rbcwz
    - nacuser1/todolist-zjp5l
  rbac.authorization.k8s.io/v1/RoleBinding:
    - nacuser1/nacuser1
    - nacuser1/system:deployers
    - nacuser1/system:image-builders
    - nacuser1/system:image-pullers
  route.openshift.io/v1/Route:
    - nacuser1/todolist-route
  v1/ConfigMap:
    - nacuser1/kube-root-ca.crt
    - nacuser1/openshift-service-ca.crt
  v1/Endpoints:
    - nacuser1/mysql
    - nacuser1/todolist
  v1/Namespace:
    - nacuser1
  v1/PersistentVolume:
    - pvc-44bf8df2-5ab0-4be8-946b-d67da71f7cc9
  v1/PersistentVolumeClaim:
    - nacuser1/mysql
  v1/Pod:
    - nacuser1/mysql-65584f86fc-lhrz2
    - nacuser1/todolist-1-deploy
    - nacuser1/todolist-1-jdpsw
  v1/ReplicationController:
    - nacuser1/todolist-1
  v1/Secret:
    - nacuser1/builder-dockercfg-bzs7l
    - nacuser1/cloud-credentials
    - nacuser1/default-dockercfg-7v7wn
    - nacuser1/deployer-dockercfg-k74pv
    - nacuser1/nacuser1-sa-dockercfg-mlcb5
  v1/Service:
    - nacuser1/mysql
    - nacuser1/todolist
  v1/ServiceAccount:
    - nacuser1/builder
    - nacuser1/default
    - nacuser1/deployer
    - nacuser1/nacuser1-sa

Backup Volumes:
  Velero-Native Snapshots: <none included>

  CSI Snapshots:
    nacuser1/mysql:
      Data Movement:
        Operation ID: du-f691b0d0-01c4-49f1-a2a4-cb3936b2f4fb.44bf8df2-5ab0-4be942149
        Data Mover: velero
        Uploader Type: kopia
        Moved data Size (bytes): 108267998
        Result: 

  Pod Volume Backups: <none included>

HooksAttempted:  0
HooksFailed:     0

@weshayutin weshayutin mentioned this pull request Sep 17, 2025
Merged
@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 17, 2025

crd/v1/bases/velero.io_backups.yaml diff 1.4 -> 1.5

diff --git a/velero.io_backups.yaml b/home/whayutin/OPENSHIFT/git/OADP/velero/config/crd/v1/bases/velero.io_backups.yaml
index 1e79dcdea..9a2a88e3f 100644
--- a/velero.io_backups.yaml
+++ b/home/whayutin/OPENSHIFT/git/OADP/velero/config/crd/v1/bases/velero.io_backups.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: backups.velero.io
 spec:
   group: velero.io
@@ -63,7 +63,6 @@ spec:
                   DefaultVolumesToRestic specifies whether restic should be used to take a
                   backup of all pod volumes by default.
 
-
                   Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead.
                 nullable: true
                 type: boolean
@@ -176,11 +175,13 @@ spec:
                                     items:
                                       type: string
                                     type: array
+                                    x-kubernetes-list-type: atomic
                                 required:
                                 - key
                                 - operator
                                 type: object
                               type: array
+                              x-kubernetes-list-type: atomic
                             matchLabels:
                               additionalProperties:
                                 type: string
@@ -364,11 +365,13 @@ spec:
                           items:
                             type: string
                           type: array
+                          x-kubernetes-list-type: atomic
                       required:
                       - key
                       - operator
                       type: object
                     type: array
+                    x-kubernetes-list-type: atomic
                   matchLabels:
                     additionalProperties:
                       type: string
@@ -425,11 +428,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                         - key
                         - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string

```

@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 17, 2025
edited
Loading

currently investigating the following:

025-09-17T18:33:29.871Z	INFO	Starting workers	{"controller": "nonadminbackup", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackup", "worker count": 1}
2025-09-17T18:33:29.871Z	INFO	Starting workers	{"controller": "nonadminbackupstoragelocation", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackupStorageLocation", "worker count": 1}
2025-09-17T18:36:36.103Z	INFO	VeleroBackup with label not found, creating one	{"controller": "nonadminbackup", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackup", "NonAdminBackup": {"name":"nacuser1-backup-enforcement-dm-1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1-backup-enforcement-dm-1", "reconcileID": "66a7acd9-2e56-48f2-afce-72cd36a505a6", "UUID": "nacuser1-nacuser1-backup-e-b9a51801-1db9-4e31-af75-201bf29a1b45"}
2025-09-17T18:36:36.110Z	INFO	VeleroBackup successfully created	{"controller": "nonadminbackup", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackup", "NonAdminBackup": {"name":"nacuser1-backup-enforcement-dm-1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1-backup-enforcement-dm-1", "reconcileID": "66a7acd9-2e56-48f2-afce-72cd36a505a6"}
2025-09-17T18:36:43.331Z	ERROR	Failed to update NonAdminBackup Status	{"controller": "nonadminbackup", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackup", "NonAdminBackup": {"name":"nacuser1-backup-enforcement-dm-1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1-backup-enforcement-dm-1", "reconcileID": "9a81bf6f-f365-4ad8-9a54-56ea94a4af8a", "error": "Operation cannot be fulfilled on nonadminbackups.oadp.openshift.io \"nacuser1-backup-enforcement-dm-1\": the object has been modified; please apply your changes to the latest version and try again"}
github.com/migtools/oadp-non-admin/internal/controller.(*NonAdminBackupReconciler).createVeleroBackupAndSyncWithNonAdminBackup
	/workspace/internal/controller/nonadminbackup_controller.go:802
github.com/migtools/oadp-non-admin/internal/controller.(*NonAdminBackupReconciler).Reconcile
	/workspace/internal/controller/nonadminbackup_controller.go:162
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:116
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:303
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:263
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:224
2025-09-17T18:36:43.331Z	ERROR	Reconciler error	{"controller": "nonadminbackup", "controllerGroup": "oadp.openshift.io", "controllerKind": "NonAdminBackup", "NonAdminBackup": {"name":"nacuser1-backup-enforcement-dm-1","namespace":"nacuser1"}, "namespace": "nacuser1", "name": "nacuser1-backup-enforcement-dm-1", "reconcileID": "9a81bf6f-f365-4ad8-9a54-56ea94a4af8a", "error": "Operation cannot be fulfilled on nonadminbackups.oadp.openshift.io \"nacuser1-backup-enforcement-dm-1\": the object has been modified; please apply your changes to the latest version and try again"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:263
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.3/pkg/internal/controller/controller.go:224

Testing w/ migtools/oadp-non-admin#314

@mpryc
Copy link
Contributor

mpryc commented Sep 17, 2025 

> # crd/v1/bases/velero.io_backups.yaml diff 1.4 -> 1.5
> +                                    x-kubernetes-list-type: atomic

This should be backwards and forwards compatible. atomic is for patching - it will cause entire list to be replaced during update/patch. I think it was introduced to this CRD by by kubernetes-sigs/controller-tools#753

@weshayutin weshayutin changed the title DRAFT oadp 1.4 onboard nac oadp 1.4 onboard nac Sep 26, 2025
@weshayutin weshayutin removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 26, 2025
@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 26, 2025

/retest

@weshayutin
Copy link
Contributor Author

weshayutin commented Sep 26, 2025

additional testing documented here https://hackmd.io/Wk845n48RDeLojOj038VmA

@weshayutin
Copy link
Contributor Author

weshayutin commented Oct 9, 2025

/retest all

@openshift-ci
Copy link

openshift-ci bot commented Oct 9, 2025

@weshayutin: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

/test 4.18-ci-index

/test 4.18-images

/test images

/test unit-test

The following commands are available to trigger optional jobs:

/test 4.18-e2e-test-aws

/test 4.18-e2e-test-hcp-aws

Use /test all to run all jobs.

In response to this:

/retest all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@weshayutin
Copy link
Contributor Author

weshayutin commented Oct 9, 2025

/test all

@openshift-ci
Copy link

openshift-ci bot commented Oct 9, 2025

@weshayutin: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/4.18-e2e-test-aws 7139994 link false /test 4.18-e2e-test-aws
ci/prow/4.18-e2e-test-hcp-aws 7139994 link false /test 4.18-e2e-test-hcp-aws

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@weshayutin weshayutin added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 16, 2025
@weshayutin
Copy link
Contributor Author

weshayutin commented Oct 16, 2025

/retest

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 16, 2025
@openshift-merge-robot
Copy link

openshift-merge-robot commented Oct 16, 2025

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaovilai kaovilai Awaiting requested review from kaovilai

@savitharaghunathan savitharaghunathan Awaiting requested review from savitharaghunathan

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@weshayutin @mpryc @openshift-merge-robot