diff --git a/config/post-install/v0.15.0/clusterrole.yaml b/config/post-install/v0.15.0/clusterrole.yaml new file mode 100644 index 00000000000..c61d3c23f5f --- /dev/null +++ b/config/post-install/v0.15.0/clusterrole.yaml @@ -0,0 +1,63 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-post-install-job-role + labels: + eventing.knative.dev/release: devel +rules: + # Storage version upgrader needs to be able to patch CRDs. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + - "customresourcedefinitions/status" + verbs: + - "get" + - "list" + - "update" + - "patch" + - "watch" + # Our own resources we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "triggers" + - "eventtypes" + - "eventtypes/status" + verbs: &everything + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "channels" + - "subscriptions" + - "inmemorychannels" + verbs: *everything + + # Flow resources and statuses we care about. + - apiGroups: + - "flows.knative.dev" + resources: + - "sequences" + - "parallels" + verbs: *everything diff --git a/config/post-install/v0.15.0/dummy.go b/config/post-install/v0.15.0/dummy.go new file mode 100644 index 00000000000..889305f700f --- /dev/null +++ b/config/post-install/v0.15.0/dummy.go @@ -0,0 +1,19 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package postinstall is a placeholder that allows us to pull in config files +// via go mod vendor. +package postinstall diff --git a/config/post-install/v0.15.0/serviceaccount.yaml b/config/post-install/v0.15.0/serviceaccount.yaml new file mode 100644 index 00000000000..f5ee4a5bc2c --- /dev/null +++ b/config/post-install/v0.15.0/serviceaccount.yaml @@ -0,0 +1,39 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-eventing-post-install-job + namespace: knative-eventing + labels: + eventing.knative.dev/release: devel + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-eventing-post-install-job-role-binding + labels: + eventing.knative.dev/release: devel +subjects: + - kind: ServiceAccount + name: knative-eventing-post-install-job + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-post-install-job-role + apiGroup: rbac.authorization.k8s.io + diff --git a/config/post-install/v0.15.0/storage-version-migration.yaml b/config/post-install/v0.15.0/storage-version-migration.yaml new file mode 100644 index 00000000000..3fafa22a6d4 --- /dev/null +++ b/config/post-install/v0.15.0/storage-version-migration.yaml @@ -0,0 +1,45 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: storage-version-migration + namespace: knative-eventing + labels: + app: "storage-version-migration" + serving.knative.dev/release: devel +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: "storage-version-migration" + spec: + serviceAccountName: knative-eventing-post-install-job + restartPolicy: OnFailure + containers: + - name: migrate + # This is the Go import path for the binary that is containerized + # and substituted here. + image: ko://knative.dev/eventing/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate + args: + - "parallels.flows.knative.dev" + - "sequences.flows.knative.dev" + - "eventtypes.eventing.knative.dev" + - "triggers.eventing.knative.dev" + - "channels.messaging.knative.dev" + - "inmemorychannels.messaging.knative.dev" + - "subscriptions.messaging.knative.dev" diff --git a/hack/release.sh b/hack/release.sh index ce91acb3aab..5ea5504e374 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -26,6 +26,7 @@ readonly MT_CHANNEL_BROKER_YAML="mt-channel-broker.yaml" readonly IN_MEMORY_CHANNEL="in-memory-channel.yaml" readonly UPGRADE_JOB="upgrade-to-v0.14.0.yaml" readonly UPGRADE_JOB_V_0_15="upgrade-to-v0.15.0.yaml" +readonly EVENTING_STORAGE_VERSION_MIGRATE_YAML="storage-version-migration-v0.15.0.yaml" declare -A RELEASES RELEASES=( @@ -66,7 +67,11 @@ function build_release() { # Create v0.15.0 upgrade job yaml ko resolve ${KO_FLAGS} -f config/upgrade/v0.15.0/ | "${LABEL_YAML_CMD[@]}" > "${UPGRADE_JOB_V_0_15}" - local all_yamls=(${EVENTING_CORE_YAML} ${EVENTING_CRDS_YAML} ${CHANNEL_BROKER_YAML} ${MT_CHANNEL_BROKER_YAML} ${IN_MEMORY_CHANNEL} ${UPGRADE_JOB} ${UPGRADE_JOB_V_0_15}) + # Create storage migration job yaml + ko resolve ${KO_FLAGS} -f config/post-install/v0.15.0/ | "${LABEL_YAML_CMD[@]}" > "${EVENTING_STORAGE_VERSION_MIGRATE_YAML}" + + local all_yamls=(${EVENTING_CORE_YAML} ${EVENTING_CRDS_YAML} ${CHANNEL_BROKER_YAML} ${MT_CHANNEL_BROKER_YAML} ${IN_MEMORY_CHANNEL} ${UPGRADE_JOB} ${UPGRADE_JOB_V_0_15} ${EVENTING_STORAGE_VERSION_MIGRATE_YAML}) + # Assemble the release for yaml in "${!RELEASES[@]}"; do echo "Assembling Knative Eventing - ${yaml}" diff --git a/hack/tools.go b/hack/tools.go index 2a5b77c8625..1de127dd9c4 100644 --- a/hack/tools.go +++ b/hack/tools.go @@ -22,4 +22,7 @@ import ( _ "knative.dev/pkg/hack" _ "knative.dev/pkg/testutils/clustermanager/perf-tests" _ "knative.dev/test-infra/scripts" + + // Needed for the storage version too. + _ "knative.dev/pkg/apiextensions/storageversion/cmd/migrate" ) diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 68fa04e2603..12772e17a8f 100755 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -45,6 +45,9 @@ readonly CHANNEL_BASED_BROKER_CONTROLLER="config/brokers/channel-broker" # Channel Based Broker config. readonly CHANNEL_BASED_BROKER_DEFAULT_CONFIG="test/config/st-channel-broker.yaml" +# PostInstall script for v0.15, storage migration +readonly POST_INSTALL_V015="config/post-install/v0.15.0" + # Should deploy a Knative Monitoring as well readonly DEPLOY_KNATIVE_MONITORING="${DEPLOY_KNATIVE_MONITORING:-1}" @@ -114,6 +117,11 @@ function install_broker() { wait_until_pods_running knative-eventing || fail_test "Knative Eventing with Broker did not come up" } +function run_postinstall() { + ko apply --strict -f ${POST_INSTALL_V015} || return 1 + wait_until_batch_job_complete knative-eventing || return 1 +} + function install_mt_broker() { ko apply --strict -f ${MT_CHANNEL_BASED_BROKER_DEFAULT_CONFIG} || return 1 ko apply --strict -f ${MT_CHANNEL_BASED_BROKER_CONFIG_DIR} || return 1 diff --git a/test/e2e-upgrade-tests.sh b/test/e2e-upgrade-tests.sh index fdc55c205df..50865996c1a 100755 --- a/test/e2e-upgrade-tests.sh +++ b/test/e2e-upgrade-tests.sh @@ -59,6 +59,8 @@ install_head || fail_test 'Installing HEAD version of eventing failed' install_channel_crds || fail_test 'Installing HEAD channel CRDs failed' install_broker || fail_test 'Installing HEAD Broker failed' +run_postinstall || fail_test 'Running postinstall failed' + header "Running postupgrade tests" go_test_e2e -tags=postupgrade -timeout="${TIMEOUT}" ./test/upgrade || fail_test diff --git a/test/upgrade/README.md b/test/upgrade/README.md index c7a0c391124..10c477e1534 100644 --- a/test/upgrade/README.md +++ b/test/upgrade/README.md @@ -23,6 +23,7 @@ At a high level, we want to do this: 1. Install the latest knative release. 1. Create some resources. 1. Install knative at HEAD. +1. Run any post-install jobs that apply for the release to be. 1. Test those resources, verify that we didn’t break anything. To achieve that, we just have three separate build tags: @@ -30,6 +31,7 @@ To achieve that, we just have three separate build tags: 1. Install the latest release from GitHub. 1. Run the `preupgrade` tests in this directory. 1. Install at HEAD (`ko apply -f config/`). +1. Run the post-install job. For v0.15 we need to migrate storage versions. 1. Run the `postupgrade` tests in this directory. 1. Install the latest release from GitHub. 1. Run the `postdowngrade` tests in this directory. diff --git a/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/config.go b/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/config.go new file mode 100644 index 00000000000..2507e737dd6 --- /dev/null +++ b/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/config.go @@ -0,0 +1,76 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "flag" + "fmt" + "os" + "os/user" + "path/filepath" + + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" +) + +// TODO - make a package that's reusable here and by sharedmain + +func configOrDie() *rest.Config { + var ( + masterURL = flag.String("master", "", + "The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.") + kubeconfig = flag.String("kubeconfig", "", + "Path to a kubeconfig. Only required if out-of-cluster.") + ) + + flag.Parse() + + cfg, err := getConfig(*masterURL, *kubeconfig) + if err != nil { + panic(fmt.Sprintf("Error building kubeconfig: %v", err)) + } + + return cfg +} + +// getConfig returns a rest.Config to be used for kubernetes client creation. +// It does so in the following order: +// 1. Use the passed kubeconfig/masterURL. +// 2. Fallback to the KUBECONFIG environment variable. +// 3. Fallback to in-cluster config. +// 4. Fallback to the ~/.kube/config. +func getConfig(masterURL, kubeconfig string) (*rest.Config, error) { + if kubeconfig == "" { + kubeconfig = os.Getenv("KUBECONFIG") + } + // If we have an explicit indication of where the kubernetes config lives, read that. + if kubeconfig != "" { + return clientcmd.BuildConfigFromFlags(masterURL, kubeconfig) + } + // If not, try the in-cluster config. + if c, err := rest.InClusterConfig(); err == nil { + return c, nil + } + // If no in-cluster config, try the default location in the user's home directory. + if usr, err := user.Current(); err == nil { + if c, err := clientcmd.BuildConfigFromFlags("", filepath.Join(usr.HomeDir, ".kube", "config")); err == nil { + return c, nil + } + } + + return nil, fmt.Errorf("could not create a valid kubeconfig") +} diff --git a/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/main.go b/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/main.go new file mode 100644 index 00000000000..e17d0e50c1e --- /dev/null +++ b/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate/main.go @@ -0,0 +1,84 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "flag" + "fmt" + "log" + + "go.uber.org/zap" + apixclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" + "knative.dev/pkg/apiextensions/storageversion" + "knative.dev/pkg/logging" + "knative.dev/pkg/signals" +) + +func main() { + logger := setupLogger() + defer logger.Sync() + + config := configOrDie() + grs, err := parseResources(flag.Args()) + if err != nil { + logger.Fatal(err) + } + + migrator := storageversion.NewMigrator( + dynamic.NewForConfigOrDie(config), + apixclient.NewForConfigOrDie(config), + ) + + ctx := signals.NewContext() + + logger.Infof("Migrating %d group resources", len(grs)) + + for _, gr := range grs { + logger.Infof("Migrating group resource %s", gr) + if err := migrator.Migrate(ctx, gr); err != nil { + logger.Fatalf("Failed to migrate: %s", err) + } + } + + logger.Info("Migration complete") +} + +func parseResources(args []string) ([]schema.GroupResource, error) { + grs := make([]schema.GroupResource, 0, len(args)) + for _, arg := range args { + gr := schema.ParseGroupResource(arg) + if gr.Empty() { + return nil, fmt.Errorf("unable to parse group version: %s", arg) + } + grs = append(grs, gr) + } + return grs, nil +} + +func setupLogger() *zap.SugaredLogger { + const component = "storage-migrator" + + config, err := logging.NewConfigFromMap(nil) + if err != nil { + log.Fatalf("Failed to create logging config: %s", err) + } + + logger, _ := logging.NewLoggerFromConfig(config, component) + return logger +} diff --git a/vendor/knative.dev/pkg/apiextensions/storageversion/migrator.go b/vendor/knative.dev/pkg/apiextensions/storageversion/migrator.go new file mode 100644 index 00000000000..45a06ab921b --- /dev/null +++ b/vendor/knative.dev/pkg/apiextensions/storageversion/migrator.go @@ -0,0 +1,120 @@ +/* +Copyright 2020 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package storageversion + +import ( + "context" + "fmt" + + apix "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + apixclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/tools/pager" +) + +// Migrator will read custom resource definitions and upgrade +// the associated resources to the latest storage version +type Migrator struct { + dynamicClient dynamic.Interface + apixClient apixclient.Interface +} + +// NewMigrator will return a new Migrator +func NewMigrator(d dynamic.Interface, a apixclient.Interface) *Migrator { + return &Migrator{ + dynamicClient: d, + apixClient: a, + } +} + +// Migrate takes a group resource (ie. resource.some.group.dev) and +// updates instances of the resource to the latest storage version +// +// This is done by listing all the resources and performing an empty patch +// which triggers a migration on the K8s API server +// +// Finally the migrator will update the CRD's status and drop older storage +// versions +func (m *Migrator) Migrate(ctx context.Context, gr schema.GroupResource) error { + crdClient := m.apixClient.ApiextensionsV1beta1().CustomResourceDefinitions() + + crd, err := crdClient.Get(gr.String(), metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("unable to fetch crd %s - %w", gr, err) + } + + version := storageVersion(crd) + + if err := m.migrateResources(ctx, gr.WithVersion(version)); err != nil { + return err + } + + patch := `{"status":{"storedVersions":["` + version + `"]}}` + _, err = crdClient.Patch(crd.Name, types.StrategicMergePatchType, []byte(patch), "status") + if err != nil { + return fmt.Errorf("unable to drop storage version definition %s - %w", gr, err) + } + + return nil +} + +func (m *Migrator) migrateResources(ctx context.Context, gvr schema.GroupVersionResource) error { + client := m.dynamicClient.Resource(gvr) + + listFunc := func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) { + return client.Namespace(metav1.NamespaceAll).List(opts) + } + + onEach := func(obj runtime.Object) error { + item := obj.(metav1.Object) + + _, err := client.Namespace(item.GetNamespace()). + Patch(item.GetName(), types.MergePatchType, []byte("{}"), metav1.PatchOptions{}) + + if err != nil { + return fmt.Errorf("unable to patch resource %s/%s (gvr: %s) - %w", + item.GetNamespace(), item.GetName(), + gvr, err) + } + + return nil + } + + pager := pager.New(listFunc) + return pager.EachListItem(ctx, metav1.ListOptions{}, onEach) +} + +func storageVersion(crd *apix.CustomResourceDefinition) string { + var version string + + for _, v := range crd.Spec.Versions { + if v.Storage { + version = v.Name + break + } + } + + if version == "" { + version = crd.Spec.Version + } + + return version +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 5da24dc0da8..3896fda8f62 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -911,6 +911,8 @@ k8s.io/utils/integer k8s.io/utils/pointer k8s.io/utils/trace # knative.dev/pkg v0.0.0-20200519155757-14eb3ae3a5a7 +knative.dev/pkg/apiextensions/storageversion +knative.dev/pkg/apiextensions/storageversion/cmd/migrate knative.dev/pkg/apis knative.dev/pkg/apis/duck knative.dev/pkg/apis/duck/v1