Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add readme files for Backup and Restore #596

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
135 changes: 134 additions & 1 deletion hack/runtime-migrator/README-rb.md
Original file line number Diff line number Diff line change
@@ -1 +1,134 @@
# Runtime Backuper
# Runtime Backuper

The `runtime-backup-and-switch` application
1. connects to a Gardener project
2. retrieves all existing shoot specifications
3. for each runtime on input list:
a) gets shoot, Cluster Role Bindings and OpenIDConnect resources
b) saves the backup on a disk
c) marks Cluster Role Bindings that were created by the Provisioner with `kyma-project.io/deprecation` label
d) switches the runtime to be controlled by KIM by setting `kyma-project.io/controlled-by-provisioner` label with `false` value

## Build

In order to build the app, run the following command:

```bash
go build -o ./bin/runtime-backup-and-switch ./cmd/backup
```

## Usage

### Dry run
```bash
./bin/runtime-backup-and-switch \
-gardener-kubeconfig-path=/Users/myuser/gardener-kubeconfig.yml \
-gardener-project-name=kyma-dev \
-kcp-kubeconfig-path=/Users/myuser/kcp-kubeconfig.yml \
-output-path=/tmp/ \
-dry-run=true \
-input-file-path=input/runtimeIds.txt \
-input-type=txt
```

The above **execution example** will:
1. take the input from the `input/runtimeIds.txt` file (each raw contains single `RuntimeID`)
1. proceed only with fetching `Shoot`, `Cluster Role Bindings` and `OpenIDConnect` resources
1. save output files in the `/tmp/<generated name>` directory. The output directory contains the following:
- `backup-results.json` - the output file with the backup results

### Backup and switch Runtime to be controlled by KIM

```bash
./bin/runtime-backup-and-switch \
-gardener-kubeconfig-path=/Users/myuser/gardener-kubeconfig.yml \
-gardener-project-name=kyma-dev \
-kcp-kubeconfig-path=/Users/myuser/kcp-kubeconfig.yml \
-output-path=/tmp/ \
-dry-run=false \
-input-file-path=input/runtimeIds.txt \
-set-controlled-by-kim=true \
-input-type=txt
```

The above **execution example** will:
1. take the input from the `input/runtimeIds.txt` file (each raw contains single `RuntimeID`)
1. proceed with fetching `Shoot`, `Cluster Role Bindings` and `OpenIDConnect` resource
1. save output files in the `/tmp/<generated name>` directory. The output directory contains the following:
- `backup-results.json` - the output file with the backup results
- `backup` - the directory with the backup files
1. label Cluster Role Bindings that were created by the Provisioner
1. switch Runtime to be controlled by KIM

### Output example

```
2025/01/10 09:27:49 INFO Starting runtime-backuper
2025/01/10 09:27:49 gardener-kubeconfig-path: /Users/myuser/Downloads/kubeconfig-garden-kyma-stage.yaml
2025/01/10 09:27:49 kcp-kubeconfig-path: /Users/myuser/dev/config/sap
2025/01/10 09:27:49 gardener-project-name: kyma-stage
2025/01/10 09:27:49 output-path: /Users/myuser/backup/results
2025/01/10 09:27:49 dry-run: false
2025/01/10 09:27:49 input-type: txt
2025/01/10 09:27:49 input-file-path: /Users/myuser/dev/runtime-ids-oidc.txt
2025/01/10 09:27:49 set-controlled-by-kim: true
2025/01/10 09:27:49
2025/01/10 09:27:49
2025/01/10 09:27:49 INFO Reading runtimeIds from input file
2025/01/10 09:27:54 INFO Runtime backup created successfully runtimeID=a774bae2-ed8b-464e-85cc-ab8acd4461d5
2025/01/10 09:27:54 ERROR Failed to fetch shoot: shoot was deleted or the runtimeID is incorrect runtimeID=exxe4b14-7bc2-4947-931c-f8673793b02f
2025/01/10 09:27:54 INFO Backup completed. Successfully stored backups: 1, Failed backups: 1
2025/01/10 09:27:54 INFO Backup results saved in: backup/results/backup-2025-01-10T09:27:49+01:00/backup-results.json
```

The backup results are saved in the `backup/results/backup-2025-01-10T09:27:49+01:00/backup-results.json` file.

The `backup-results.json` file contains the following content:
```json
[
{
"runtimeId": "a774bae2-ed8b-464e-85cc-ab8acd4461d5",
"shootName": "c-35a9898",
"status": "Success",
"backupDirPath": "backup/results/backup-2025-01-10T09:27:49+01:00/backup/a774bae2-ed8b-464e-85cc-ab8acd4461d5",
"deprecatedCRBs": [
"admin-cw4mz"
],
"setControlledByKIM": true
},
{
"runtimeId": "exxe4b14-7bc2-4947-931c-f8673793b02f",
"shootName": "",
"status": "Error",
"errorMessage": "Failed to fetch shoot: shoot was deleted or the runtimeID is incorrect",
"setControlledByKIM": false
}
]

```
The above example The runtime with the `exxe4b14-7bc2-4947-931c-f8673793b02f` identifier was not found ; the identifier may be incorrect, or the corresponding shoot was deleted for some reason.

The `backup/results/backup-2025-01-10T09:27:49+01:00/backup/a774bae2-ed8b-464e-85cc-ab8acd4461d5` directory contains the following:
- `c-35a9898-original.yaml` file
- `c-35a9898-to-restore.yaml` file
- `crb` folder
- `oidc` folder

The `c-35a9898-original.yaml` file contains the differences between the original shoot and the shoot that will be created based on the new Runtime CR. The `c-35a9898-to-restore.yaml` file contains the shoot that will be created based on the new Runtime CR. The `original-shoot.yaml` file contains the shoot fetched from the Gardener.
The `crb` directory contains the yaml files with Cluster Role Bindings that refer to `cluster-admin` role. The `oidc` folder contains yaml files with `OpenIDConnect` resources

## Configurable Parameters

This table lists the configurable parameters, their descriptions, and default values:

| Parameter | Description | Default value |
|------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
| **kcp-kubeconfig-path** | Path to the Kubeconfig file of KCP cluster. | `/path/to/kcp/kubeconfig` |
| **gardener-kubeconfig-path** | Path to the Kubeconfig file of Gardener cluster. | `/path/to/gardener/kubeconfig` |
| **gardener-project-name** | Name of the Gardener project. | `gardener-project-name` |
| **output-path** | Path where generated report, and yamls will be saved. Directory has to exist. | `/tmp/` |
| **dry-run** | Dry-run flag. Has to be set to **false**, otherwise migrator will not apply the CRs on the KCP cluster. | `true` |
| **input-type** | Type of input to be used. Possible values: **txt** (will expect text file with one runtime identifier per line, [see the example](input/runtimeids_sample.txt)), and **json** (will expect `json` array with runtime identifiers, [see the example](input/runtimeids_sample.json)). | `json` |
| **input-file-path** | Path to the file containing Runtimes to be migrated. | `/path/to/input/file` |
| **set-controlled-by-kim** | Flag determining whether Runtime CR should be modified to be controlled by KIM | `false` |

126 changes: 125 additions & 1 deletion hack/runtime-migrator/README-rr.md
Original file line number Diff line number Diff line change
@@ -1 +1,125 @@
# Runtime Restorer
# Runtime Restorer

The `runtime-restore` application
1. connects to a Gardener project
2. retrieves all existing shoot specifications
3. for each runtime on input list:
a) gets shoot, Cluster Role Bindings and OpenIDConnect resources from the backup
b) applies shoot if the current one is no more than one generation newer
c) applies Cluster Role Bindings from backup provided the objects doesn't exist on the runtime
d) applies OpenIDConnect from backup provided the objects doesn't exist on the runtime

## Build

In order to build the app, run the following command:

```bash
go build -o ./bin/runtime-restore ./cmd/restore
```

## Usage

### Dry run
```bash
cat ./bin/runtime-restore \
-gardener-kubeconfig-path=/Users/myuser/gardener-kubeconfig.yml \
-gardener-project-name=kyma-dev \
-kcp-kubeconfig-path=/Users/myuser/kcp-kubeconfig.yml \
-output-path=/tmp/ \
-dry-run=true \
-input-file-path=input/runtimeIds.txt \
-input-type=txt \
-backup-path=/Users/myuser/backup/results/backup-2025-01-10T09:27:49+01:00
```

The above **execution example** will:
1. take the input from the `input/runtimeIds.txt` file (each raw contains single `RuntimeID`)
1. proceed only with fetching `Shoot`, `Cluster Role Bindings` and `OpenIDConnect` resources from the backup directory
1. save output files in the `/tmp/<generated name>` directory. The output directory contains the following:
- `restore-results.json` - the output file with the backup results


### Restore runtime
```bash
./bin/runtime-restore \
-gardener-kubeconfig-path=/Users/myuser/gardener-kubeconfig.yml \
-gardener-project-name=kyma-dev \
-kcp-kubeconfig-path=/Users/myuser/kcp-kubeconfig.yml \
-output-path=/tmp/ \
-dry-run=true \
-input-file-path=input/runtimeIds.txt \
-input-type=txt \
-backup-path=/Users/myuser/backup/results/backup-2025-01-10T09:27:49+01:00
```

The above **execution example** will:
1. take the input from the `input/runtimeIds.txt` file (each row contains single `RuntimeID`)
1. proceed only with fetching `Shoot`, `Cluster Role Bindings` and `OpenIDConnect` resources from the backup directory
1. save output files in the `/tmp/<generated name>` directory. The output directory contains the following:
- `restore-results.json` - the output file with the backup results

### Backup and switch Runtime to be controlled by KIM

```bash
./bin/runtime-restore \
-gardener-kubeconfig-path=/Users/myuser/gardener-kubeconfig.yml \
-gardener-project-name=kyma-dev \
-kcp-kubeconfig-path=/Users/myuser/kcp-kubeconfig.yml \
-output-path=/tmp/ \
-dry-run=false \
-input-file-path=input/runtimeIds.txt \
-input-type=txt \
-backup-path=/Users/myuser/backup/results/backup-2025-01-10T09:27:49+01:00
```

The above **execution example** will:
1. take the input from the `input/runtimeIds.txt` file (each raw contains single `RuntimeID`)
1. proceed with fetching `Shoot`, `Cluster Role Bindings` and `OpenIDConnect` resources from the backup directory
1. save output files in the `/tmp/<generated name>` directory. The output directory contains the following:
- `restore-results.json` - the output file with the backup results
1. patch shoot with file from backup
1. create Cluster Role Bindings that doesn't exist on the runtime
1. create `OpenIDConnect` resources that doesn't exist on runtime.

### Output example
```
2025/01/10 14:04:14 INFO Starting runtime-restorer
2025/01/10 14:04:14 gardener-kubeconfig-path: /Users/myuser/kubeconfig-garden-kyma-stage.yaml
2025/01/10 14:04:14 kcp-kubeconfig-path: /Users/myuser/dev/config/sap
2025/01/10 14:04:14 gardener-project-name: kyma-stage
2025/01/10 14:04:14 output-path: /tmp
2025/01/10 14:04:14 dry-run: false
2025/01/10 14:04:14 input-type: txt
2025/01/10 14:04:14 input-file-path: /Users/myuser/input/runtime-ids-oidc.txt
2025/01/10 14:04:14 backup-path: /Users/myuser/backup/results/backup-2025-01-10T09:27:49+01:00
2025/01/10 14:04:14 restore-crb: true
2025/01/10 14:04:14 restore-oidc: true
2025/01/10 14:04:14
2025/01/10 14:04:14 INFO Reading runtimeIds from input file
2025/01/10 14:04:17 INFO Runtime restore performed successfully runtimeID=a774bae2-ed8b-464e-85cc-ab8acd4461d5
2025/01/10 14:04:17 ERROR Failed to fetch shoot: shoot was deleted or the runtimeID is incorrect runtimeID=exxe4b14-7bc2-4947-931c-f8673793b02f
2025/01/10 14:04:17 INFO Restore completed. Successfully restored backups: 1, Failed operations: 1
2025/01/10 14:04:17 INFO Restore results saved in: /tmp/restore-2025-01-10T14:04:14+01:00/restore-results.json
```

The restore results are saved in the `/tmp/restore-2025-01-10T14:04:14+01:00/restore-results.json` file.

The `restore-results.json` file contains the following content:
```
[
{
"runtimeId": "a774bae2-ed8b-464e-85cc-ab8acd4461d5",
"shootName": "c-35a9898",
"status": "Success",
"restoredOIDCs": [
"kyma-oidc-0"
]
},
{
"runtimeId": "exxe4b14-7bc2-4947-931c-f8673793b02f",
"shootName": "",
"status": "Error",
"errorMessage": "Failed to fetch shoot: shoot was deleted or the runtimeID is incorrect"
}
]
```
5 changes: 5 additions & 0 deletions hack/runtime-migrator/cmd/backup/backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ func (b Backup) Do(ctx context.Context, runtimeIDs []string) error {
errMsg := fmt.Sprintf("Failed to set the rutnime to be controlled by KIM: %v", err)
b.results.ErrorOccurred(runtimeID, shootToBackup.Name, errMsg)
slog.Error(errMsg, "runtimeID", runtimeID)
continue
}
}

Expand Down Expand Up @@ -218,6 +219,10 @@ func setControlledByKim(ctx context.Context, kcpClient client.Client, runtimeID
patchCtx, cancelPatch := context.WithTimeout(ctx, timeoutK8sOperation)
defer cancelPatch()

runtime.Kind = "Runtime"
runtime.APIVersion = "infrastructuremanager.kyma-project.io/v1"
runtime.ManagedFields = nil

return kcpClient.Patch(patchCtx, &runtime, client.Apply, &client.PatchOptions{
FieldManager: fieldManagerName,
})
Expand Down
2 changes: 2 additions & 0 deletions hack/runtime-migrator/cmd/backup/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"github.com/kyma-project/infrastructure-manager/hack/runtime-migrator-app/internal/initialisation"
"log"
"log/slog"
"os"
logf "sigs.k8s.io/controller-runtime/pkg/log"
Expand All @@ -15,6 +16,7 @@ func main() {
cfg := initialisation.NewBackupConfig()

initialisation.PrintBackupConfig(cfg)
log.Println("")

opts := zap.Options{
Development: true,
Expand Down
2 changes: 1 addition & 1 deletion hack/runtime-migrator/cmd/migration/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ func main() {
slog.Info("Starting runtime-migrator")
cfg := initialisation.NewConfig()

initialisation.PrintConfig(cfg)
initialisation.PrintConfig(cfg, true)

opts := zap.Options{
Development: true,
Expand Down
14 changes: 10 additions & 4 deletions hack/runtime-migrator/internal/initialisation/params.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,18 @@ const (
timeoutK8sOperation = 20 * time.Second
)

func PrintConfig(cfg Config) {
func PrintConfig(cfg Config, includeNewLine bool) {
log.Println("gardener-kubeconfig-path:", cfg.GardenerKubeconfigPath)
log.Println("kcp-kubeconfig-path:", cfg.KcpKubeconfigPath)
log.Println("gardener-project-name:", cfg.GardenerProjectName)
log.Println("output-path:", cfg.OutputPath)
log.Println("dry-run:", cfg.IsDryRun)
log.Println("input-type:", cfg.InputType)
log.Println("input-file-path:", cfg.InputFilePath)
log.Println("")

if includeNewLine {
log.Println("")
}
}

// newConfig - creates new application configuration base on passed flags
Expand Down Expand Up @@ -103,8 +106,9 @@ func NewBackupConfig() BackupConfig {
}

func PrintBackupConfig(cfg BackupConfig) {
PrintConfig(cfg.Config)
PrintConfig(cfg.Config, false)
log.Println("set-controlled-by-kim:", cfg.SetControlledByKim)
log.Println("")
}

type RestoreConfig struct {
Expand Down Expand Up @@ -133,8 +137,10 @@ func NewRestoreConfig() RestoreConfig {
}

func PrintRestoreConfig(cfg RestoreConfig) {
PrintConfig(cfg.Config)
PrintConfig(cfg.Config, false)
log.Println("backup-path:", cfg.BackupDir)
log.Println("restore-crb:", cfg.RestoreCRB)
log.Println("restore-oidc:", cfg.RestoreOIDC)

log.Println("")
}
Loading