support upgrade crd

Dockerfile.multiarch

@@ -1,11 +1,27 @@
 FROM alpine:3.18.2
 
 ARG TARGETPLATFORM
+ARG TARGETARCH
 
 RUN addgroup -S -g 65532 ng-user && \
  adduser -S -D -H -u 65532 \
  -s /sbin/nologin -G ng-user -g ng-user ng-user
 
+RUN apk update \
+ && apk upgrade \
+ && apk add --no-cache \
+ curl \
+ && rm -rf /var/cache/apk/*
+
+RUN mkdir -p /tmp/nebula-operator
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin
+
+ADD charts/nebula-operator/crds/nebulaautoscalers.yaml /tmp/nebula-operator/nebulaautoscalers.yaml
+ADD charts/nebula-operator/crds/nebulaclusters.yaml /tmp/nebula-operator/nebulaclusters.yaml
+ADD charts/nebula-operator/crds/nebularestores.yaml /tmp/nebula-operator/nebularestores.yaml
+
 ADD bin/${TARGETPLATFORM}/controller-manager /usr/local/bin/controller-manager
 ADD bin/${TARGETPLATFORM}/autoscaler /usr/local/bin/autoscaler
 ADD bin/${TARGETPLATFORM}/scheduler /usr/local/bin/scheduler

charts/nebula-operator/templates/controller-manager-rbac.yaml

@@ -294,6 +294,17 @@ rules:
  - get
  - list
  - watch
+ - apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

charts/nebula-operator/templates/upgrade_crd.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.upgradeCRD }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nebula-operator-upgrade-crd
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+ labels:
+ {{- include "nebula-operator.labels" . | nindent 4 }}
+ app.kubernetes.io/component: "nebula-operator"
+spec:
+ template:
+ metadata:
+ name: nebula-operator-upgrade-crd
+ labels:
+ {{- include "nebula-operator.labels" . | nindent 8 }}
+ app.kubernetes.io/component: "nebula-operator"
+ spec:
+ serviceAccountName: {{ template "controller-manager.name" . }}-sa
+ {{- include "nebula-operator.imagePullSecrets" . | indent 6 }}
+ containers:
+ - name: upgrade-crd
+ image: {{ .Values.image.nebulaOperator.image }}
+ imagePullPolicy: {{ .Values.image.nebulaOperator.imagePullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - >
+ kubectl apply -f /tmp/nebula-operator/nebulaautoscalers.yaml;
+ kubectl apply -f /tmp/nebula-operator/nebulaclusters.yaml;
+ kubectl apply -f /tmp/nebula-operator/nebularestores.yaml;
+ restartPolicy: OnFailure
+{{- end }}

charts/nebula-operator/values.yaml

@@ -40,6 +40,9 @@ scheduler:
  enabled: ["NodeZone"]
  disabled: [] # only in-tree plugins need to be defined here
 
+# upgrade CRD on chart upgrade
+upgradeCRD: true
+
 # Enable openkruise scheme for controller manager. (default false)
 enableKruiseScheme: false