From 0fcccda94d83f9f4295644820814558fac679cea Mon Sep 17 00:00:00 2001 From: Johannes Frey Date: Tue, 16 Apr 2024 09:39:59 +0200 Subject: [PATCH] Prevent distro and backingstore switch (#1668) * feat: Annotate initial distro and backing store type to config secret Change-Id: I4f1068842002b2ccd0485741115a9cef5f9b933e Signed-off-by: Thomas Kosiewski * refactor: Use helm history and heuristics to determine distro and backing storage type Change-Id: I7310910b61617d382f220834bf0366815c0408cd Signed-off-by: Thomas Kosiewski * refactor: helm & logic improvements * refactor: helm & logic improvements * fix: Added missing error return Change-Id: I504a2dd42484e5a9c9470854ecebcb15d7ce9a6e Signed-off-by: Thomas Kosiewski --------- Signed-off-by: Thomas Kosiewski Co-authored-by: Thomas Kosiewski Co-authored-by: Fabian Kramm --- .github/workflows/e2e.yaml | 2 +- .github/workflows/unit-tests.yaml | 2 +- .gitignore | 1 + .goreleaser.yaml | 6 +- Dockerfile.cli | 6 +- Justfile | 12 +- cmd/vcluster/cmd/start.go | 2 +- cmd/vclusterctl/cmd/create.go | 30 ++- config/config.go | 17 ++ config/default_extra_values.go | 9 + config/diff.go | 15 +- go.mod | 2 +- hack/{embed-charts.sh => embed-chart.sh} | 4 +- pkg/config/config.go | 28 +-- pkg/config/legacyconfig/config.go | 6 +- pkg/embed/embed_disabled.go | 2 +- pkg/embed/embed_enabled.go | 6 +- pkg/helm/secrets.go | 43 ++++ pkg/setup/config.go | 255 ++++++++++++++++++++++- pkg/setup/controller_context.go | 6 +- pkg/setup/controllers.go | 14 +- pkg/setup/initialize.go | 6 +- 22 files changed, 408 insertions(+), 66 deletions(-) rename hack/{embed-charts.sh => embed-chart.sh} (84%) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index eb2502d822..3f3289eb15 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -13,7 +13,7 @@ on: - "!**.md" - "Dockerfile.release" - ".github/workflows/e2e.yaml" - - "charts/**" + - "chart/**" - "manifests/**" concurrency: diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index 32f02aedd4..a9d04c0e65 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -11,7 +11,7 @@ on: - "!test/**" # exclude changes in e2e tests - ".github/workflows/unit-tests.yaml" - "hack/test.sh" - - "charts/**" + - "chart/**" concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} diff --git a/.gitignore b/.gitignore index 6a6642925d..cca311ad3d 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ profile.out /release /cmd/vclusterctl/cmd/charts/ /pkg/embed/charts/vcluster-* +/pkg/embed/chart/vcluster-* /dist *.test tests/__snapshot__ diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 70f108f15b..b5e1413a15 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -3,7 +3,7 @@ project_name: vcluster before: hooks: - go mod tidy - - just embed-charts {{ .Version }} + - just embed-chart {{ .Version }} - just clean-release - just copy-assets - just generate-vcluster-images {{ .Version }} @@ -29,7 +29,7 @@ builds: - -mod - vendor tags: - - embed_charts + - embed_chart ldflags: - -s -w - -X github.com/loft-sh/vcluster/pkg/telemetry.SyncerVersion={{.Version}} @@ -64,7 +64,7 @@ builds: - -mod - vendor tags: - - embed_charts + - embed_chart ldflags: - -s -w - -X main.version={{.Version}} diff --git a/Dockerfile.cli b/Dockerfile.cli index dade5b2c26..1edc6edd4d 100644 --- a/Dockerfile.cli +++ b/Dockerfile.cli @@ -18,9 +18,9 @@ COPY pkg/ pkg/ COPY cmd/ cmd/ # Copy and embed the helm charts -COPY charts/ charts/ +COPY chart/ chart/ COPY hack/ hack/ -RUN go generate -tags embed_charts ./... +RUN go generate -tags embed_chart ./... ENV GO111MODULE on ENV DEBUG true @@ -30,7 +30,7 @@ RUN mkdir -p /.cache ENV GOCACHE=/.cache # Build cmd -RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -tags embed_charts -o /vcluster cmd/vclusterctl/main.go +RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -tags embed_chart -o /vcluster cmd/vclusterctl/main.go # we use alpine for easier debugging FROM alpine:3.19 diff --git a/Justfile b/Justfile index 795707f584..b7c5ff808a 100644 --- a/Justfile +++ b/Justfile @@ -75,10 +75,10 @@ generate-cli-docs: generate-config-schema: go run -mod vendor ./hack/schema/main.go -# Embed the charts into the vcluster binary +# Embed the chart into the vcluster binary [private] -embed-charts version="0.0.0": - RELEASE_VERSION={{ version }} go generate -tags embed_charts ./... +embed-chart version="0.0.0": + RELEASE_VERSION={{ version }} go generate -tags embed_chart ./... # Run e2e tests e2e distribution="k3s" path="./test/e2e" multinamespace="false": create-kind && delete-kind @@ -107,7 +107,7 @@ e2e distribution="k3s" path="./test/e2e" multinamespace="false": create-kind && --debug \ --connect=false \ --distro={{ distribution }} \ - --local-chart-dir ./charts/{{ distribution }} \ + --local-chart-dir ./chart/ \ -f ./dist/commonValues.yaml \ -f {{ path }}/values.yaml \ $([[ "{{ multinamespace }}" = "true" ]] && echo "-f ./test/multins_values.yaml" || echo "") @@ -122,8 +122,8 @@ e2e distribution="k3s" path="./test/e2e" multinamespace="false": create-kind && go test -v -ginkgo.v -ginkgo.skip='.*NetworkPolicy.*' -ginkgo.fail-fast cli version="0.0.0" *ARGS="": - RELEASE_VERSION={{ version }} go generate -tags embed_charts ./... - go run -tags embed_charts -mod vendor -ldflags "-X main.version={{ version }}" ./cmd/vclusterctl/main.go {{ ARGS }} + RELEASE_VERSION={{ version }} go generate -tags embed_chart ./... + go run -tags embed_chart -mod vendor -ldflags "-X main.version={{ version }}" ./cmd/vclusterctl/main.go {{ ARGS }} # --- Docs --- diff --git a/cmd/vcluster/cmd/start.go b/cmd/vcluster/cmd/start.go index cf5aed03cc..b992b4cea2 100644 --- a/cmd/vcluster/cmd/start.go +++ b/cmd/vcluster/cmd/start.go @@ -70,7 +70,7 @@ func ExecuteStart(ctx context.Context, options *StartOptions) error { } // init config - err = setup.InitConfig(vConfig) + err = setup.InitAndValidateConfig(ctx, vConfig) if err != nil { return err } diff --git a/cmd/vclusterctl/cmd/create.go b/cmd/vclusterctl/cmd/create.go index 1a9d88a754..b41c62ecea 100644 --- a/cmd/vclusterctl/cmd/create.go +++ b/cmd/vclusterctl/cmd/create.go @@ -300,6 +300,34 @@ func (cmd *CreateCmd) Run(ctx context.Context, args []string) error { return err } + // check if vcluster already exists + if !cmd.Upgrade { + release, err := helm.NewSecrets(cmd.kubeClient).Get(ctx, args[0], cmd.Namespace) + if err != nil && !kerrors.IsNotFound(err) { + return errors.Wrap(err, "get helm releases") + } else if release != nil && + release.Chart != nil && + release.Chart.Metadata != nil && + (release.Chart.Metadata.Name == "vcluster" || release.Chart.Metadata.Name == "vcluster-k0s" || release.Chart.Metadata.Name == "vcluster-k8s" || release.Chart.Metadata.Name == "vcluster-eks") && + release.Secret != nil && + release.Secret.Labels != nil && + release.Secret.Labels["status"] == "deployed" { + if cmd.Connect { + connectCmd := &ConnectCmd{ + GlobalFlags: cmd.GlobalFlags, + UpdateCurrent: cmd.UpdateCurrent, + KubeConfigContextName: cmd.KubeConfigContextName, + KubeConfig: "./kubeconfig.yaml", + Log: cmd.log, + } + + return connectCmd.Connect(ctx, args[0], nil) + } + + return fmt.Errorf("vcluster %s already exists in namespace %s\n- Use `vcluster create %s -n %s --upgrade` to upgrade the vcluster\n- Use `vcluster connect %s -n %s` to access the vcluster", args[0], cmd.Namespace, args[0], cmd.Namespace, args[0], cmd.Namespace) + } + } + // we have to upgrade / install the chart err = cmd.deployChart(ctx, args[0], chartValues, helmBinaryPath) if err != nil { @@ -393,7 +421,7 @@ func (cmd *CreateCmd) deployChart(ctx context.Context, vClusterName, chartValues if cmd.ChartVersion == upgrade.GetVersion() { // use embedded chart if default version embeddedChartName := fmt.Sprintf("%s-%s.tgz", cmd.ChartName, upgrade.GetVersion()) // not using filepath.Join because the embed.FS separator is not OS specific - embeddedChartPath := fmt.Sprintf("charts/%s", embeddedChartName) + embeddedChartPath := fmt.Sprintf("chart/%s", embeddedChartName) embeddedChartFile, err := embed.Charts.ReadFile(embeddedChartPath) if err != nil && errors.Is(err, fs.ErrNotExist) { cmd.log.Infof("Chart not embedded: %q, pulling from helm repository.", err) diff --git a/config/config.go b/config/config.go index c12dfbf8cc..d050f1f52b 100644 --- a/config/config.go +++ b/config/config.go @@ -102,6 +102,23 @@ func (c *Config) DecodeYAML(r io.Reader) error { return nil } +// BackingStoreType returns the backing store type of the vCluster. +// If no backing store is enabled, it returns StoreTypeUnknown. +func (c *Config) BackingStoreType() StoreType { + switch { + case c.ControlPlane.BackingStore.Etcd.Embedded.Enabled: + return StoreTypeEmbeddedEtcd + case c.ControlPlane.BackingStore.Etcd.Deploy.Enabled: + return StoreTypeExternalEtcd + case c.ControlPlane.BackingStore.Database.Embedded.Enabled: + return StoreTypeEmbeddedDatabase + case c.ControlPlane.BackingStore.Database.External.Enabled: + return StoreTypeExternalDatabase + default: + return StoreTypeEmbeddedDatabase + } +} + func (c *Config) Distro() string { if c.ControlPlane.Distro.K3S.Enabled { return K3SDistro diff --git a/config/default_extra_values.go b/config/default_extra_values.go index 73e866eaa5..b845cdca55 100644 --- a/config/default_extra_values.go +++ b/config/default_extra_values.go @@ -15,6 +15,15 @@ const ( Unknown = "unknown" ) +type StoreType string + +const ( + StoreTypeEmbeddedEtcd StoreType = "embedded-etcd" + StoreTypeExternalEtcd StoreType = "external-etcd" + StoreTypeEmbeddedDatabase StoreType = "embedded-database" + StoreTypeExternalDatabase StoreType = "external-database" +) + // K3SVersionMap holds the supported k3s versions var K3SVersionMap = map[string]string{ "1.29": "rancher/k3s:v1.29.0-k3s1", diff --git a/config/diff.go b/config/diff.go index 0127e5371a..97754c3ce1 100644 --- a/config/diff.go +++ b/config/diff.go @@ -9,10 +9,8 @@ import ( "github.com/ghodss/yaml" ) -var ( - // ErrUnsupportedType is returned if the type is not implemented - ErrUnsupportedType = errors.New("unsupported type") -) +// ErrUnsupportedType is returned if the type is not implemented +var ErrUnsupportedType = errors.New("unsupported type") func Diff(fromConfig *Config, toConfig *Config) (string, error) { // convert to map[string]interface{} @@ -151,11 +149,12 @@ func (f *StrBool) UnmarshalJSON(data []byte) error { } func (f *StrBool) MarshalJSON() ([]byte, error) { - if *f == "true" { + switch *f { + case "true": return []byte("true"), nil - } else if *f == "false" { + case "false": return []byte("false"), nil + default: + return []byte("\"" + *f + "\""), nil } - - return []byte("\"" + *f + "\""), nil } diff --git a/go.mod b/go.mod index 80ba707ffe..df375a768a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/loft-sh/vcluster -go 1.22.0 +go 1.22.1 require ( github.com/blang/semver v3.5.1+incompatible diff --git a/hack/embed-charts.sh b/hack/embed-chart.sh similarity index 84% rename from hack/embed-charts.sh rename to hack/embed-chart.sh index aa12b2a205..384afdd35f 100755 --- a/hack/embed-charts.sh +++ b/hack/embed-chart.sh @@ -7,10 +7,10 @@ set -eu VCLUSTER_ROOT="$(dirname ${0})/.." RELEASE_VERSION="${RELEASE_VERSION:-0.0.1}" RELEASE_VERSION="${RELEASE_VERSION#"v"}" # remove "v" prefix -EMBED_DIR="${VCLUSTER_ROOT}/pkg/embed/charts" +EMBED_DIR="${VCLUSTER_ROOT}/pkg/embed/chart" rm -rfv "${EMBED_DIR}" mkdir "${EMBED_DIR}" touch "${EMBED_DIR}/gitkeep.tgz" -helm package --version "${RELEASE_VERSION}" "${VCLUSTER_ROOT}/chart" -d "${EMBED_DIR}"; +helm package --version "${RELEASE_VERSION}" "${VCLUSTER_ROOT}/chart" -d "${EMBED_DIR}" diff --git a/pkg/config/config.go b/pkg/config/config.go index 693743c43e..50d5424cc1 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -22,6 +22,18 @@ type VirtualClusterConfig struct { // Holds the vCluster config config.Config `json:",inline"` + // WorkloadConfig is the config to access the workload cluster + WorkloadConfig *rest.Config `json:"-"` + + // WorkloadClient is the client to access the workload cluster + WorkloadClient kubernetes.Interface `json:"-"` + + // ControlPlaneConfig is the config to access the control plane cluster + ControlPlaneConfig *rest.Config `json:"-"` + + // ControlPlaneClient is the client to access the control plane cluster + ControlPlaneClient kubernetes.Interface `json:"-"` + // Name is the name of the vCluster Name string `json:"name"` @@ -39,22 +51,10 @@ type VirtualClusterConfig struct { // ControlPlaneNamespace is the namespace where the vCluster control plane is running ControlPlaneNamespace string `json:"controlPlaneNamespace,omitempty"` - - // WorkloadConfig is the config to access the workload cluster - WorkloadConfig *rest.Config `json:"-"` - - // WorkloadClient is the client to access the workload cluster - WorkloadClient kubernetes.Interface `json:"-"` - - // ControlPlaneConfig is the config to access the control plane cluster - ControlPlaneConfig *rest.Config `json:"-"` - - // ControlPlaneClient is the client to access the control plane cluster - ControlPlaneClient kubernetes.Interface `json:"-"` } func (v VirtualClusterConfig) EmbeddedDatabase() bool { - return !v.Config.ControlPlane.BackingStore.Database.External.Enabled && !v.Config.ControlPlane.BackingStore.Etcd.Embedded.Enabled && !v.Config.ControlPlane.BackingStore.Etcd.Deploy.Enabled + return !v.ControlPlane.BackingStore.Database.External.Enabled && !v.ControlPlane.BackingStore.Etcd.Embedded.Enabled && !v.ControlPlane.BackingStore.Etcd.Deploy.Enabled } func (v VirtualClusterConfig) VirtualClusterKubeConfig() config.VirtualClusterKubeConfig { @@ -86,7 +86,7 @@ func (v VirtualClusterConfig) VirtualClusterKubeConfig() config.VirtualClusterKu } } - retConfig := v.Config.Experimental.VirtualClusterKubeConfig + retConfig := v.Experimental.VirtualClusterKubeConfig if retConfig.KubeConfig == "" { retConfig.KubeConfig = distroConfig.KubeConfig } diff --git a/pkg/config/legacyconfig/config.go b/pkg/config/legacyconfig/config.go index c5a730a935..5afc51490f 100644 --- a/pkg/config/legacyconfig/config.go +++ b/pkg/config/legacyconfig/config.go @@ -329,8 +329,10 @@ type Record struct { Namespace *string `json:"namespace,omitempty"` } -type RecordType string -type TargetMode string +type ( + RecordType string + TargetMode string +) type Target struct { Mode TargetMode `json:"mode,omitempty"` diff --git a/pkg/embed/embed_disabled.go b/pkg/embed/embed_disabled.go index cd79a23a43..b062611cc5 100644 --- a/pkg/embed/embed_disabled.go +++ b/pkg/embed/embed_disabled.go @@ -1,4 +1,4 @@ -//go:build !embed_charts +//go:build !embed_chart package embed diff --git a/pkg/embed/embed_enabled.go b/pkg/embed/embed_enabled.go index b74bf6204a..5c8d2e7026 100644 --- a/pkg/embed/embed_enabled.go +++ b/pkg/embed/embed_enabled.go @@ -1,9 +1,9 @@ -//go:build embed_charts +//go:build embed_chart package embed import "embed" -//go:generate ../../hack/embed-charts.sh -//go:embed charts/*.tgz +//go:generate ../../hack/embed-chart.sh +//go:embed chart/*.tgz var Charts embed.FS diff --git a/pkg/helm/secrets.go b/pkg/helm/secrets.go index 866b7d9587..e4f577ec58 100644 --- a/pkg/helm/secrets.go +++ b/pkg/helm/secrets.go @@ -22,6 +22,7 @@ import ( "encoding/json" "fmt" "io" + "sort" corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" @@ -170,6 +171,48 @@ func (secrets *Secrets) Update(ctx context.Context, secret *corev1.Secret) (*cor return secrets.kubeClient.CoreV1().Secrets(secret.Namespace).Update(ctx, secret, metav1.UpdateOptions{}) } +// ListUnfiltered fetches all releases and returns the list releases such +// that filter(release) == true. An error is returned if the +// secret fails to retrieve the releases. +func (secrets *Secrets) ListUnfiltered(ctx context.Context, labels kblabels.Selector, namespace string) ([]*Release, error) { + req, err := kblabels.NewRequirement("owner", selection.Equals, []string{"helm"}) + if err != nil { + return nil, err + } + if labels == nil { + labels = kblabels.Everything() + } + labels = labels.Add(*req) + list, err := secrets.kubeClient.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{ + LabelSelector: labels.String(), + }) + if err != nil { + return nil, err + } + + // iterate over the secrets object list + // and decode each release + var releases []*Release + for _, item := range list.Items { + cpy := item + release, err := decodeRelease(&cpy, string(item.Data["release"])) + if err != nil { + klog.FromContext(ctx).Error(err, "list: failed to decode release") + continue + } else if release.Chart == nil || release.Chart.Metadata == nil || release.Info == nil { + klog.FromContext(ctx).Info("list: metadata info is empty for release", "name", release.Name) + continue + } + + releases = append(releases, release) + } + + sort.Slice(releases, func(i, j int) bool { + return releases[i].Version < releases[j].Version + }) + return releases, nil +} + // List fetches all releases and returns the list releases such // that filter(release) == true. An error is returned if the // secret fails to retrieve the releases. diff --git a/pkg/setup/config.go b/pkg/setup/config.go index d60f783e71..a20e46b7ee 100644 --- a/pkg/setup/config.go +++ b/pkg/setup/config.go @@ -1,17 +1,30 @@ package setup import ( + "bytes" + "context" "fmt" "os" vclusterconfig "github.com/loft-sh/vcluster/config" "github.com/loft-sh/vcluster/pkg/config" + "github.com/loft-sh/vcluster/pkg/config/legacyconfig" + "github.com/loft-sh/vcluster/pkg/helm" "github.com/loft-sh/vcluster/pkg/k3s" "github.com/loft-sh/vcluster/pkg/util/translate" + "gopkg.in/yaml.v2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kblabels "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/util/retry" ) -func InitConfig(vConfig *config.VirtualClusterConfig) error { +const ( + AnnotationDistro = "vcluster.loft.sh/distro" + AnnotationStore = "vcluster.loft.sh/store" +) + +func InitAndValidateConfig(ctx context.Context, vConfig *config.VirtualClusterConfig) error { var err error // set global vCluster name @@ -48,19 +61,249 @@ func InitConfig(vConfig *config.VirtualClusterConfig) error { translate.Default = translate.NewSingleNamespaceTranslator(vConfig.WorkloadTargetNamespace) } + if err := EnsureBackingStoreChanges( + ctx, + vConfig.ControlPlaneClient, + vConfig.Name, + vConfig.ControlPlaneNamespace, + vConfig.Distro(), + vConfig.BackingStoreType(), + ); err != nil { + return err + } + + return nil +} + +// EnsureBackingStoreChanges ensures that only a certain set of allowed changes to the backing store and distro occur. +func EnsureBackingStoreChanges(ctx context.Context, client kubernetes.Interface, name, namespace, distro string, backingStoreType vclusterconfig.StoreType) error { + if ok, err := CheckUsingHelm(ctx, client, name, namespace, distro, backingStoreType); err != nil { + return err + } else if ok { + return nil + } + + if ok, err := CheckUsingSecretAnnotation(ctx, client, name, namespace, distro, backingStoreType); err != nil { + return fmt.Errorf("using secret annotations: %w", err) + } else if ok { + if err := updateSecretAnnotations(ctx, client, name, namespace, distro, backingStoreType); err != nil { + return fmt.Errorf("update secret annotations: %w", err) + } + + return nil + } + + if ok, err := CheckUsingHeuristic(distro); err != nil { + return fmt.Errorf("using heuristic: %w", err) + } else if ok { + if err := updateSecretAnnotations(ctx, client, name, namespace, distro, backingStoreType); err != nil { + return fmt.Errorf("update secret annotations: %w", err) + } + + return nil + } + + return nil +} + +// CheckUsingHelm fetches the previous release revision and its computed values, and then reconstructs the distro and storage settings. +func CheckUsingHelm(ctx context.Context, client kubernetes.Interface, name, namespace, distro string, backingStoreType vclusterconfig.StoreType) (bool, error) { + ls := kblabels.Set{} + ls["name"] = name + releases, err := helm.NewSecrets(client).ListUnfiltered(ctx, ls.AsSelector(), namespace) + if err != nil || len(releases) == 0 { + return false, nil + } + + // (ThomasK33): if there is only one revision, we're dealing with an initial installation + // at which point we can just exit + if len(releases) == 1 { + return true, nil + } + + // We need to check if we can deserialize the existing values into multiple kind of config structs (legacy and current ones) + previousRelease := releases[len(releases)-2] + if previousRelease.Config == nil { + return false, nil + } + + // marshal previous release config + previousConfigRaw, err := yaml.Marshal(previousRelease.Config) + if err != nil { + return false, nil + } + + // Try parsing as 0.20 values + if success, err := func() (bool, error) { + previousConfig := vclusterconfig.Config{} + if err := previousConfig.DecodeYAML(bytes.NewReader(previousConfigRaw)); err != nil { + return false, nil + } + + if err := validateChanges( + backingStoreType, + previousConfig.BackingStoreType(), + distro, + previousConfig.Distro(), + ); err != nil { + return false, err + } + + return true, nil + }(); err != nil { + return false, err + } else if success { + return true, nil + } + + // Try parsing as < 0.20 values + var previousStoreType vclusterconfig.StoreType + previousDistro := "" + + switch previousRelease.Chart.Metadata.Name { + case "vcluster-k8s": + previousDistro = vclusterconfig.K8SDistro + case "vcluster-eks": + previousDistro = vclusterconfig.EKSDistro + case "vcluster-k0s": + previousDistro = vclusterconfig.K0SDistro + case "vcluster": + previousDistro = vclusterconfig.K3SDistro + default: + // unknown chart, we should exit here + return true, nil + } + + switch previousDistro { + // handles k8s and eks values + case vclusterconfig.K8SDistro, vclusterconfig.EKSDistro: + previousConfig := legacyconfig.LegacyK8s{} + if err := yaml.Unmarshal(previousConfigRaw, &previousConfig); err != nil { + return false, err + } + + if previousConfig.EmbeddedEtcd.Enabled { + previousStoreType = vclusterconfig.StoreTypeEmbeddedEtcd + } else { + previousStoreType = vclusterconfig.StoreTypeExternalEtcd + } + + // handles k0s and k3s values + default: + previousConfig := legacyconfig.LegacyK0sAndK3s{} + if err := yaml.Unmarshal(previousConfigRaw, &previousConfig); err != nil { + return false, err + } + + if previousConfig.EmbeddedEtcd.Enabled { + previousStoreType = vclusterconfig.StoreTypeEmbeddedEtcd + } else { + previousStoreType = vclusterconfig.StoreTypeEmbeddedDatabase + } + } + + if err := validateChanges(backingStoreType, previousStoreType, distro, previousDistro); err != nil { + return false, err + } + + return true, nil +} + +// CheckUsingHeuristic checks for known file path indicating the existence of a previous distro. +// +// It checks for the existence of the default K3s token path or the K0s data directory. +func CheckUsingHeuristic(distro string) (bool, error) { // check if previously we were using k3s as a default and now have switched to a different distro - if vConfig.Distro() != vclusterconfig.K3SDistro { + if distro != vclusterconfig.K3SDistro { _, err := os.Stat(k3s.TokenPath) if err == nil { - return fmt.Errorf("seems like you were using k3s as a distro before and now have switched to %s, please make sure to not switch between vCluster distros", vConfig.Distro()) + return false, fmt.Errorf("seems like you were using k3s as a distro before and now have switched to %s, please make sure to not switch between vCluster distros", distro) } } // check if previously we were using k0s as distro - if vConfig.Distro() != vclusterconfig.K0SDistro { - _, err = os.Stat("/data/k0s") + if distro != vclusterconfig.K0SDistro { + _, err := os.Stat("/data/k0s") if err == nil { - return fmt.Errorf("seems like you were using k0s as a distro before and now have switched to %s, please make sure to not switch between vCluster distros", vConfig.Distro()) + return false, fmt.Errorf("seems like you were using k0s as a distro before and now have switched to %s, please make sure to not switch between vCluster distros", distro) + } + } + + return true, nil +} + +// CheckUsingSecretAnnotation checks for backend store and distro changes using annotations on the vCluster's secret annotations. +// Returns true, if both annotations are set and the check was successful, otherwise false. +func CheckUsingSecretAnnotation(ctx context.Context, client kubernetes.Interface, name, namespace, distro string, backingStoreType vclusterconfig.StoreType) (bool, error) { + secret, err := client.CoreV1().Secrets(namespace).Get(ctx, "vc-config-"+name, metav1.GetOptions{}) + if err != nil { + return false, fmt.Errorf("get secret: %w", err) + } + + if secret.Annotations == nil { + secret.Annotations = map[string]string{} + } + + // (ThomasK33): If we already have an annotation set, we're dealing with an upgrade. + // Thus we can check if the distro has changed. + okCounter := 0 + if annotatedDistro, ok := secret.Annotations[AnnotationDistro]; ok { + if err := validateChanges("", "", distro, annotatedDistro); err != nil { + return false, err + } + + okCounter++ + } + + if annotatedStore, ok := secret.Annotations[AnnotationStore]; ok { + if err := validateChanges(backingStoreType, vclusterconfig.StoreType(annotatedStore), "", ""); err != nil { + return false, err + } + + okCounter++ + } + + return okCounter == 2, nil +} + +// updateSecretAnnotations udates the vCluster's config secret with the currently used distro and backing store type. +func updateSecretAnnotations(ctx context.Context, client kubernetes.Interface, name, namespace, distro string, backingStoreType vclusterconfig.StoreType) error { + return retry.RetryOnConflict(retry.DefaultBackoff, func() error { + secret, err := client.CoreV1().Secrets(namespace).Get(ctx, "vc-config-"+name, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("get secret: %w", err) + } + + if secret.Annotations == nil { + secret.Annotations = map[string]string{} + } + if secret.Annotations[AnnotationDistro] == distro && secret.Annotations[AnnotationStore] == string(backingStoreType) { + return nil + } + + secret.Annotations[AnnotationDistro] = distro + secret.Annotations[AnnotationStore] = string(backingStoreType) + + if _, err := client.CoreV1().Secrets(namespace).Update(ctx, secret, metav1.UpdateOptions{}); err != nil { + return fmt.Errorf("update secret: %w", err) + } + + return nil + }) +} + +// validateChanges checks whether migrating from one store to the other is allowed. +func validateChanges(currentStoreType, previousStoreType vclusterconfig.StoreType, currentDistro, previousDistro string) error { + if currentDistro != previousDistro { + return fmt.Errorf("seems like you were using %s as a distro before and now have switched to %s, please make sure to not switch between vCluster distros", previousDistro, currentDistro) + } + + if currentStoreType != previousStoreType { + if currentStoreType != vclusterconfig.StoreTypeEmbeddedEtcd { + return fmt.Errorf("seems like you were using %s as a store before and now have switched to %s, please make sure to not switch between vCluster stores", previousStoreType, currentStoreType) + } + if previousStoreType != vclusterconfig.StoreTypeExternalEtcd && previousStoreType != vclusterconfig.StoreTypeEmbeddedDatabase { + return fmt.Errorf("seems like you were using %s as a store before and now have switched to %s, please make sure to not switch between vCluster stores", previousStoreType, currentStoreType) } } diff --git a/pkg/setup/controller_context.go b/pkg/setup/controller_context.go index 49f8320c22..69dd47cfed 100644 --- a/pkg/setup/controller_context.go +++ b/pkg/setup/controller_context.go @@ -228,10 +228,10 @@ func CreateVClusterKubeConfig(config *clientcmdapi.Config, options *config.Virtu config.Clusters[i].CertificateAuthorityData = o } - if options.Config.ExportKubeConfig.Server != "" { - config.Clusters[i].Server = options.Config.ExportKubeConfig.Server + if options.ExportKubeConfig.Server != "" { + config.Clusters[i].Server = options.ExportKubeConfig.Server } else { - config.Clusters[i].Server = fmt.Sprintf("https://localhost:%d", options.Config.ControlPlane.Proxy.Port) + config.Clusters[i].Server = fmt.Sprintf("https://localhost:%d", options.ControlPlane.Proxy.Port) } } diff --git a/pkg/setup/controllers.go b/pkg/setup/controllers.go index 86129bb2c1..61110df208 100644 --- a/pkg/setup/controllers.go +++ b/pkg/setup/controllers.go @@ -284,8 +284,8 @@ func WriteKubeConfigToSecret(ctx context.Context, currentNamespace string, curre return err } - if options.Config.ExportKubeConfig.Context != "" { - syncerConfig.CurrentContext = options.Config.ExportKubeConfig.Context + if options.ExportKubeConfig.Context != "" { + syncerConfig.CurrentContext = options.ExportKubeConfig.Context // update authInfo for k := range syncerConfig.AuthInfos { syncerConfig.AuthInfos[syncerConfig.CurrentContext] = syncerConfig.AuthInfos[k] @@ -318,20 +318,20 @@ func WriteKubeConfigToSecret(ctx context.Context, currentNamespace string, curre } // check if we need to write the kubeconfig secrete to the default location as well - if options.Config.ExportKubeConfig.Secret.Name != "" { + if options.ExportKubeConfig.Secret.Name != "" { // which namespace should we create the additional secret in? - secretNamespace := options.Config.ExportKubeConfig.Secret.Namespace + secretNamespace := options.ExportKubeConfig.Secret.Namespace if secretNamespace == "" { secretNamespace = currentNamespace } // write the extra secret - err = kubeconfig.WriteKubeConfig(ctx, currentNamespaceClient, options.Config.ExportKubeConfig.Secret.Name, secretNamespace, syncerConfig, options.Config.Experimental.IsolatedControlPlane.KubeConfig != "") + err = kubeconfig.WriteKubeConfig(ctx, currentNamespaceClient, options.ExportKubeConfig.Secret.Name, secretNamespace, syncerConfig, options.Experimental.IsolatedControlPlane.KubeConfig != "") if err != nil { - return fmt.Errorf("creating %s secret in the %s ns failed: %w", options.Config.ExportKubeConfig.Secret.Name, secretNamespace, err) + return fmt.Errorf("creating %s secret in the %s ns failed: %w", options.ExportKubeConfig.Secret.Name, secretNamespace, err) } } // write the default Secret - return kubeconfig.WriteKubeConfig(ctx, currentNamespaceClient, kubeconfig.GetDefaultSecretName(translate.VClusterName), currentNamespace, syncerConfig, options.Config.Experimental.IsolatedControlPlane.KubeConfig != "") + return kubeconfig.WriteKubeConfig(ctx, currentNamespaceClient, kubeconfig.GetDefaultSecretName(translate.VClusterName), currentNamespace, syncerConfig, options.Experimental.IsolatedControlPlane.KubeConfig != "") } diff --git a/pkg/setup/initialize.go b/pkg/setup/initialize.go index f9099a3a49..9f328cd68f 100644 --- a/pkg/setup/initialize.go +++ b/pkg/setup/initialize.go @@ -254,9 +254,9 @@ func GenerateCerts(ctx context.Context, currentNamespaceClient kubernetes.Interf ) } - //expect up to 20 etcd members, number could be lower since more - //than 5 is generally a bad idea - for i := 0; i < 20; i++ { + // expect up to 20 etcd members, number could be lower since more + // than 5 is generally a bad idea + for i := range 20 { // this is for embedded etcd hostname := vClusterName + "-" + strconv.Itoa(i) etcdSans = append(etcdSans, hostname, hostname+"."+vClusterName+"-headless", hostname+"."+vClusterName+"-headless"+"."+currentNamespace)