feat(ScheduledVolumeSnapshot): Create new controller which determines…

… when to create a VolumeSnapshot (#159)

PROJECT

@@ -22,4 +22,13 @@ resources:
   kind: StatefulJob
   path: github.com/strangelove-ventures/cosmos-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: strange.love
+  group: cosmos
+  kind: ScheduledVolumeSnapshot
+  path: github.com/strangelove-ventures/cosmos-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/scheduledvolumesnapshot_types.go

@@ -0,0 +1,94 @@
+/*
+Copyright 2022 Strangelove Ventures LLC.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func init() {
+	SchemeBuilder.Register(&ScheduledVolumeSnapshot{}, &ScheduledVolumeSnapshotList{})
+}
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// ScheduledVolumeSnapshotSpec defines the desired state of ScheduledVolumeSnapshot
+// Creates recurring VolumeSnapshots of a PVC managed by a CosmosFullNode.
+// A VolumeSnapshot is a CRD (installed in GKE by default).
+// See: https://kubernetes.io/docs/concepts/storage/volume-snapshots/
+// This enables recurring, consistent backups.
+// To prevent data corruption, a pod is temporarily deleted while the snapshot takes place which could take
+// several minutes.
+// Therefore, if you create a ScheduledVolumeSnapshot, you must use replica count >= 2 to prevent downtime.
+// If <= 1 pod in a ready state, the controller will not temporarily delete the pod. The controller makes every
+// effort to prevent downtime.
+// Only 1 VolumeSnapshot is created at a time, so at most only 1 pod is temporarily deleted.
+// Multiple, parallel VolumeSnapshots are not supported.
+type ScheduledVolumeSnapshotSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// A crontab schedule using the standard as described in https://en.wikipedia.org/wiki/Cron.
+	// See https://crontab.guru for format.
+	// Kubernetes providers rate limit VolumeSnapshot creation. Therefore, setting a crontab that's
+	// too frequent may result in rate limiting errors.
+	Schedule string `json:"schedule"`
+
+	// The number of recent VolumeSnapshots to keep.
+	// Default is 3.
+	// +optional
+	Limit int32 `json:"limit"`
+}
+
+// ScheduledVolumeSnapshotStatus defines the observed state of ScheduledVolumeSnapshot
+type ScheduledVolumeSnapshotStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// The most recent generation observed by the controller.
+	ObservedGeneration int64 `json:"observedGeneration"`
+
+	// A generic message for the user. May contain errors.
+	// +optional
+	StatusMessage *string `json:"status"`
+
+	// The date when the CRD was created.
+	// Used as a reference when calculating the next time to create a snapshot.
+	CreatedAt metav1.Time `json:"createdAt"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// ScheduledVolumeSnapshot is the Schema for the scheduledvolumesnapshots API
+type ScheduledVolumeSnapshot struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ScheduledVolumeSnapshotSpec   `json:"spec,omitempty"`
+	Status ScheduledVolumeSnapshotStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// ScheduledVolumeSnapshotList contains a list of ScheduledVolumeSnapshot
+type ScheduledVolumeSnapshotList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ScheduledVolumeSnapshot `json:"items"`
+}

config/crd/bases/cosmos.strange.love_scheduledvolumesnapshots.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
+  name: scheduledvolumesnapshots.cosmos.strange.love
+spec:
+  group: cosmos.strange.love
+  names:
+    kind: ScheduledVolumeSnapshot
+    listKind: ScheduledVolumeSnapshotList
+    plural: scheduledvolumesnapshots
+    singular: scheduledvolumesnapshot
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ScheduledVolumeSnapshot is the Schema for the scheduledvolumesnapshots
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: 'ScheduledVolumeSnapshotSpec defines the desired state of
+              ScheduledVolumeSnapshot Creates recurring VolumeSnapshots of a PVC managed
+              by a CosmosFullNode. A VolumeSnapshot is a CRD (installed in GKE by
+              default). See: https://kubernetes.io/docs/concepts/storage/volume-snapshots/
+              This enables recurring, consistent backups. To prevent data corruption,
+              a pod is temporarily deleted while the snapshot takes place which could
+              take several minutes. Therefore, if you create a ScheduledVolumeSnapshot,
+              you must use replica count >= 2 to prevent downtime. If <= 1 pod in
+              a ready state, the controller will not temporarily delete the pod. The
+              controller makes every effort to prevent downtime. Only 1 VolumeSnapshot
+              is created at a time, so at most only 1 pod is temporarily deleted.
+              Multiple, parallel VolumeSnapshots are not supported.'
+            properties:
+              limit:
+                description: The number of recent VolumeSnapshots to keep. Default
+                  is 3.
+                format: int32
+                type: integer
+              schedule:
+                description: A crontab schedule using the standard as described in
+                  https://en.wikipedia.org/wiki/Cron. See https://crontab.guru for
+                  format. Kubernetes providers rate limit VolumeSnapshot creation.
+                  Therefore, setting a crontab that's too frequent may result in rate
+                  limiting errors.
+                type: string
+            required:
+            - schedule
+            type: object
+          status:
+            description: ScheduledVolumeSnapshotStatus defines the observed state
+              of ScheduledVolumeSnapshot
+            properties:
+              createdAt:
+                description: The date when the CRD was created. Used as a reference
+                  when calculating the next time to create a snapshot.
+                format: date-time
+                type: string
+              observedGeneration:
+                description: The most recent generation observed by the controller.
+                format: int64
+                type: integer
+              status:
+                description: A generic message for the user. May contain errors.
+                type: string
+            required:
+            - createdAt
+            - observedGeneration
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -4,19 +4,22 @@
 resources:
 - bases/cosmos.strange.love_cosmosfullnodes.yaml
 - bases/cosmos.strange.love_statefuljobs.yaml
+- bases/cosmos.strange.love_scheduledvolumesnapshots.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_cosmosfullnodes.yaml
 #- patches/webhook_in_statefuljobs.yaml
+#- patches/webhook_in_scheduledvolumesnapshots.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_cosmosfullnodes.yaml
 #- patches/cainjection_in_statefuljobs.yaml
+#- patches/cainjection_in_scheduledvolumesnapshots.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_scheduledvolumesnapshots.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: scheduledvolumesnapshots.cosmos.strange.love

config/crd/patches/webhook_in_scheduledvolumesnapshots.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: scheduledvolumesnapshots.cosmos.strange.love
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/role.yaml

@@ -65,6 +65,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - cosmos.strange.love
+  resources:
+  - scheduledvolumesnapshots
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cosmos.strange.love
+  resources:
+  - scheduledvolumesnapshots/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - cosmos.strange.love
+  resources:
+  - scheduledvolumesnapshots/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - cosmos.strange.love
   resources: