search

openshift / oadp-operator

OADP Operator
Apache License 2.0
77 stars 70 forks source link

Design: CloudStorage API full support #1352

Open weshayutin opened 7 months ago

weshayutin commented 7 months ago

As noted in our public doc: https://docs.openshift.com/container-platform/4.15/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html

The cloudstorage api is tech-preivew: We need this to be fully supported across aws, gcp and azure.

The CloudStorage API is a Technology Preview feature when you use a CloudStorage object and want OADP to use the CloudStorage API to automatically create an S3 bucket for use as a BackupStorageLocation.

The CloudStorage API supports manually creating a BackupStorageLocation object by specifying an existing S3 bucket. The CloudStorage API that creates an S3 bucket automatically is currently only enabled for AWS S3 storage.

When OADP uses the CloudStorage API we should have an option in DPA that defaults to true for automatic bucket creation.

weshayutin commented 5 months ago

CloudStorage API for 1.4.0

  1. Current status
    1. AWS supported
    2. GCP not
    3. Azure not
  2. Cloud credential operator
    1. CCO doesn’t support WIF yet for standardized flow

High Level Breakdown of required work:

  1. Background work
    1. list out all related DPA config keys and value types
    2. list out all the cloud specific keys and value types for configuration per cloud ( AWS, GCP, Azure )
    3. Propose common user friendly variable names

CONTEXT

  1. The cloud storage api main purpose to simply auto create a bucket if no buckets exists.
  2. STS - auto create bucket
  3. Uncouple from STS

The work: AWS:

  1. current status of bucket creation
  2. Doc Review
  3. Uncouple from STS

GCP:

  1. current status of bucket creation
  2. auto create a bucket
  3. doc and test cases

Azure:

  1. current status of bucket creation
  2. Storage account, one level up from bucket. Extra steps here for azure
  3. auto create bucket from customer provided storage account
  4. Investigate STS support
  5. Doc and test cases

Post scope

WORKFLOW from Customer: STS enabled or no STS

  1. user creates secret for cloud auth
  2. user creates a dpa w/o BSL specificied but includes CloudStorage API - bucket key/value
    1. dpa.spec.backupLocation.velero - not filled out dpa.spec.backupLocation.bucket - user filled out
  3. bucket auto created for user
openshift-bot commented 2 months ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

kaovilai commented 2 months ago

/lifecycle frozen