Skip to content

Commit 22fe7d1

Browse files
committed
fix(backup): no more crashes in restore-datadir
* drop /bin/sh from restore: collapse restore-agent + restore-datadir into a single Go initContainer using etcdutl/v3/snapshot.NewV3() * PodSecurityContext.FSGroup=65532 when bootstrap.restore is set so the nonroot restore-agent can mkdir into a freshly-mounted PVC * tighten restore-agent: require all 5 env vars, trim cluster envs symmetrically, log + os.RemoveAll on partial state before retry, sentinel-based skip-check instead of bare member/ * bump default restore-agent memory limit (etcdutl Restore() runs in-process and OOM-kills on multi-GB snapshots at 512Mi) * mirror PVC.SubPath hardening on the restore side (validatePVCSubPath) * treat Job.Status.CompletionTime==nil in the errNoMarker grace branch as "still within grace" — finalize-empty is unrecoverable * Go toolchain bump 1.22.4 -> 1.23.0 (Dockerfile + 5 workflows) required by go.etcd.io/etcd/etcdutl/v3 v3.5.21 * controller-gen bump v0.15.0 -> v0.16.5 (needed for Go 1.23 build); regenerate CRD + RBAC + deepcopy on top * new CI workflow: codegen-drift gate runs make manifests generate helm-crd-copy and fails on dirty git status * e2e: harden the kubectl port-forward race by wrapping health- check in Eventually; add restore continuation spec exercising the full PVC restore path against a live cluster Signed-off-by: Andrey Kolkov <androndo@gmail.com>
1 parent c5d6906 commit 22fe7d1

25 files changed

Lines changed: 908 additions & 288 deletions
Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
name: Codegen Drift Check
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened]
6+
paths:
7+
- 'api/**'
8+
- 'config/crd/bases/**'
9+
- 'config/rbac/**'
10+
- 'charts/etcd-operator/crds/**'
11+
- 'hack/boilerplate.go.txt'
12+
- 'Makefile'
13+
- 'go.mod'
14+
- 'go.sum'
15+
- '.github/workflows/codegen-drift.yaml'
16+
17+
concurrency:
18+
group: codegen-drift-${{ github.workflow }}-${{ github.event.pull_request.number }}
19+
cancel-in-progress: true
20+
21+
jobs:
22+
codegen-drift:
23+
name: Verify generated code is up to date
24+
runs-on: ubuntu-22.04
25+
steps:
26+
- uses: actions/checkout@v4.1.7
27+
- uses: actions/setup-go@v5.0.1
28+
with:
29+
go-version-file: go.mod
30+
cache: true
31+
# Three deterministic codegen targets:
32+
# - manifests: CRD + RBAC + webhook (controller-gen)
33+
# - generate: zz_generated.deepcopy.go (controller-gen)
34+
# - helm-crd-copy: mirrors config/crd/bases → charts/etcd-operator/crds
35+
# generate-docs is intentionally NOT included — it shells out to
36+
# crd-ref-docs@latest, which is unpinned in the Makefile and so
37+
# produces environment-dependent rendering differences that would
38+
# flap this gate. If that ever gets pinned, add `generate-docs`
39+
# to the line below and include `site/content/**` in the paths
40+
# filter.
41+
- name: Run codegen
42+
run: make manifests generate helm-crd-copy
43+
- name: Fail on drift
44+
run: |
45+
if [ -n "$(git status --porcelain)" ]; then
46+
echo "::error::codegen produced changes. Run 'make manifests generate helm-crd-copy' locally and commit the result."
47+
git status --short
48+
git diff --color=always
49+
exit 1
50+
fi

.github/workflows/make-test-e2e.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
- uses: actions/checkout@v4.1.7
2727
- uses: actions/setup-go@v5.0.1
2828
with:
29-
go-version: 1.22.4
29+
go-version: 1.23.0
3030
- uses: docker/setup-buildx-action@v3.3.0
3131
- uses: tale/kubectl-action@v1.4.0
3232
with:

.github/workflows/make-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
- uses: actions/checkout@v4.1.7
2727
- uses: actions/setup-go@v5.0.1
2828
with:
29-
go-version: 1.22.4
29+
go-version: 1.23.0
3030
- run: |
3131
if [ "${{ matrix.k8s.version }}" = "default" ]; then
3232
# For latest version use default from Makefile

.github/workflows/nilaway-lint.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,5 @@ jobs:
1010
- uses: actions/checkout@v4.1.7
1111
- uses: actions/setup-go@v5.0.1
1212
with:
13-
go-version: 1.22.4
13+
go-version: 1.23.0
1414
- run: make nilaway-lint

.github/workflows/pre-commit.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,5 @@ jobs:
1010
- uses: actions/checkout@v4.1.7
1111
- uses: actions/setup-go@v5.0.1
1212
with:
13-
go-version: 1.22.4
13+
go-version: 1.23.0
1414
- uses: pre-commit/action@v3.0.1

.github/workflows/release-assets.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
- uses: actions/checkout@v4.1.7
2020
- uses: actions/setup-go@v5.0.1
2121
with:
22-
go-version: 1.22.4
22+
go-version: 1.23.0
2323
- name: Get tag from current run
2424
run: |
2525
TAG=${{ github.ref_name }}

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Build the manager binary
2-
FROM golang:1.22.4 AS builder
2+
FROM golang:1.23.0 AS builder
33
ARG TARGETOS TARGETARCH
44

55
WORKDIR /workspace

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -265,10 +265,10 @@ CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs
265265
# renovate: datasource=github-tags depName=kubernetes-sigs/kustomize
266266
KUSTOMIZE_VERSION ?= v5.3.0
267267
# renovate: datasource=github-tags depName=kubernetes-sigs/controller-tools
268-
CONTROLLER_TOOLS_VERSION ?= v0.15.0
268+
CONTROLLER_TOOLS_VERSION ?= v0.16.5
269269
ENVTEST_VERSION ?= latest
270270
# renovate: datasource=github-tags depName=golangci/golangci-lint
271-
GOLANGCI_LINT_VERSION ?= v1.59.1
271+
GOLANGCI_LINT_VERSION ?= v1.60.0
272272
# renovate: datasource=github-tags depName=kubernetes-sigs/kind
273273
KIND_VERSION ?= v0.23.0
274274
# renovate: datasource=github-tags depName=helm/helm

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 15 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

charts/etcd-operator/crds/etcd-backup-schedule.yaml

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
33
metadata:
44
annotations:
55
cert-manager.io/inject-ca-from: etcd-operator-system/etcd-operator-serving-cert
6-
controller-gen.kubebuilder.io/version: v0.15.0
6+
controller-gen.kubebuilder.io/version: v0.16.5
77
name: etcdbackupschedules.etcd.aenix.io
88
spec:
99
conversion:
@@ -64,9 +64,7 @@ spec:
6464
This field is effectively required, but due to backwards compatibility is
6565
allowed to be empty. Instances of this type with an empty value here are
6666
almost certainly wrong.
67-
TODO: Add other useful fields. apiVersion, kind, uid?
6867
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
69-
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
7068
type: string
7169
type: object
7270
x-kubernetes-map-type: atomic
@@ -103,9 +101,7 @@ spec:
103101
This field is effectively required, but due to backwards compatibility is
104102
allowed to be empty. Instances of this type with an empty value here are
105103
almost certainly wrong.
106-
TODO: Add other useful fields. apiVersion, kind, uid?
107104
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
108-
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
109105
type: string
110106
type: object
111107
x-kubernetes-map-type: atomic
@@ -155,7 +151,7 @@ spec:
155151
properties:
156152
conditions:
157153
items:
158-
description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}"
154+
description: Condition contains details for one aspect of the current state of this API Resource.
159155
properties:
160156
lastTransitionTime:
161157
description: |-
@@ -196,12 +192,7 @@ spec:
196192
- Unknown
197193
type: string
198194
type:
199-
description: |-
200-
type of condition in CamelCase or in foo.example.com/CamelCase.
201-
---
202-
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
203-
useful (see .node.status.conditions), the ability to deconflict is important.
204-
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
195+
description: type of condition in CamelCase or in foo.example.com/CamelCase.
205196
maxLength: 316
206197
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
207198
type: string

0 commit comments

Comments
 (0)