forked from mystiq/dex
Documentation: add docs for TPR to CRD migration
This commit is contained in:
parent
03de0ecbeb
commit
34dcf6c9a0
10 changed files with 142 additions and 0 deletions
|
@ -147,6 +147,39 @@ storage:
|
||||||
|
|
||||||
Dex determines the namespace it's running in by parsing the service account token automatically mounted into its pod.
|
Dex determines the namespace it's running in by parsing the service account token automatically mounted into its pod.
|
||||||
|
|
||||||
|
## Migrating from TPRs to CRDs
|
||||||
|
|
||||||
|
This section descibes how users can migrate storage data in dex when upgrading from an older version of kubernetes (lower than 1.7). This involves creating new CRDs and moving over the data from TPRs.
|
||||||
|
The flow of the migration process is as follows:
|
||||||
|
1. Stop running old version of Dex (lower than v2.7.0).
|
||||||
|
2. Create new CRDs by running the following command:
|
||||||
|
```
|
||||||
|
kubectl apply -f scripts/manifests/crds/
|
||||||
|
```
|
||||||
|
Note that the newly created CRDs have `dex.coreos.com` as their group and will not conflict with the existing TPR resources which have `oidc.coreos.com` as the group.
|
||||||
|
3. Migrate data from existing TPRs to CRDs by running the following commands for each of the TPRs:
|
||||||
|
1. Export `DEX_NAMESPACE` to be the namespace in which the TPRs exist and run the following script to store TPR definition in a temporary yaml file:
|
||||||
|
```
|
||||||
|
export DEX_NAMESPACE="<namespace-value>"
|
||||||
|
./scripts/dump-tprs > out.yaml
|
||||||
|
```
|
||||||
|
2. Update `out.yaml` to change the apiVersion to `apiVersion: dex.coreos.com/v1` and delete the `resourceVersion` field.
|
||||||
|
```
|
||||||
|
sed 's/oidc.coreos.com/dex.coreos.com/' out.yaml
|
||||||
|
```
|
||||||
|
```
|
||||||
|
sed 's/resourceVersion: ".*"//' out.yaml
|
||||||
|
```
|
||||||
|
3. Create the resource object using the following command:
|
||||||
|
```
|
||||||
|
kubectl apply -f out.yaml
|
||||||
|
```
|
||||||
|
4. Confirm that the resource got created using the following get command:
|
||||||
|
```
|
||||||
|
kubectl get --namespace=tectonic-system <TPR-name>.dex.coreos.com -o yaml
|
||||||
|
```
|
||||||
|
4. Update to new version of Dex (v2.7.0 or higher) which will use CRDs instead of TPRs.
|
||||||
|
|
||||||
## SQL
|
## SQL
|
||||||
|
|
||||||
Dex supports two flavors of SQL, SQLite3 and Postgres. MySQL and CockroachDB may be added at a later time.
|
Dex supports two flavors of SQL, SQLite3 and Postgres. MySQL and CockroachDB may be added at a later time.
|
||||||
|
|
13
scripts/dump-tprs
Normal file
13
scripts/dump-tprs
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z $DEX_NAMESPACE ];then
|
||||||
|
echo "Must export \$DEX_NAMESPACE"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
for RESOURCE in authcodes authrequests connectors oauth2clients offlinesessionses refreshtokens passwords signingkeies; do
|
||||||
|
kubectl get --namespace=$DEX_NAMESPACE $RESOURCE.oidc.coreos.com -o yaml
|
||||||
|
done
|
||||||
|
|
12
scripts/manifests/crds/authcodes.yaml
Normal file
12
scripts/manifests/crds/authcodes.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: authcodes.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: AuthCode
|
||||||
|
listKind: AuthCodeList
|
||||||
|
plural: authcodes
|
||||||
|
singular: authcode
|
||||||
|
version: v1
|
12
scripts/manifests/crds/authrequests.yaml
Normal file
12
scripts/manifests/crds/authrequests.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: authrequests.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: AuthRequest
|
||||||
|
listKind: AuthRequestList
|
||||||
|
plural: authrequests
|
||||||
|
singular: authrequest
|
||||||
|
version: v1
|
12
scripts/manifests/crds/connectors.yaml
Normal file
12
scripts/manifests/crds/connectors.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: connectors.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: Connector
|
||||||
|
listKind: ConnectorList
|
||||||
|
plural: connectors
|
||||||
|
singular: connector
|
||||||
|
version: v1
|
12
scripts/manifests/crds/oauth2clients.yaml
Normal file
12
scripts/manifests/crds/oauth2clients.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: oauth2clients.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: OAuth2Client
|
||||||
|
listKind: OAuth2ClientList
|
||||||
|
plural: oauth2clients
|
||||||
|
singular: oauth2client
|
||||||
|
version: v1
|
12
scripts/manifests/crds/offlinesessionses.yaml
Normal file
12
scripts/manifests/crds/offlinesessionses.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: offlinesessionses.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: OfflineSessions
|
||||||
|
listKind: OfflineSessionsList
|
||||||
|
plural: offlinesessionses
|
||||||
|
singular: offlinesessions
|
||||||
|
version: v1
|
12
scripts/manifests/crds/passwords.yaml
Normal file
12
scripts/manifests/crds/passwords.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: passwords.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: Password
|
||||||
|
listKind: PasswordList
|
||||||
|
plural: passwords
|
||||||
|
singular: password
|
||||||
|
version: v1
|
12
scripts/manifests/crds/refreshtokens.yaml
Normal file
12
scripts/manifests/crds/refreshtokens.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: refreshtokens.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: RefreshToken
|
||||||
|
listKind: RefreshTokenList
|
||||||
|
plural: refreshtokens
|
||||||
|
singular: refreshtoken
|
||||||
|
version: v1
|
12
scripts/manifests/crds/signingkeies.yaml
Normal file
12
scripts/manifests/crds/signingkeies.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: signingkeies.dex.coreos.com
|
||||||
|
spec:
|
||||||
|
group: dex.coreos.com
|
||||||
|
names:
|
||||||
|
kind: SigningKey
|
||||||
|
listKind: SigningKeyList
|
||||||
|
plural: signingkeies
|
||||||
|
singular: signingkey
|
||||||
|
version: v1
|
Loading…
Reference in a new issue