From 34dcf6c9a0f312914b5eac558bb0fc998d559749 Mon Sep 17 00:00:00 2001 From: rithu john Date: Fri, 15 Sep 2017 15:53:13 -0700 Subject: [PATCH] Documentation: add docs for TPR to CRD migration --- Documentation/storage.md | 33 +++++++++++++++++++ scripts/dump-tprs | 13 ++++++++ scripts/manifests/crds/authcodes.yaml | 12 +++++++ scripts/manifests/crds/authrequests.yaml | 12 +++++++ scripts/manifests/crds/connectors.yaml | 12 +++++++ scripts/manifests/crds/oauth2clients.yaml | 12 +++++++ scripts/manifests/crds/offlinesessionses.yaml | 12 +++++++ scripts/manifests/crds/passwords.yaml | 12 +++++++ scripts/manifests/crds/refreshtokens.yaml | 12 +++++++ scripts/manifests/crds/signingkeies.yaml | 12 +++++++ 10 files changed, 142 insertions(+) create mode 100644 scripts/dump-tprs create mode 100644 scripts/manifests/crds/authcodes.yaml create mode 100644 scripts/manifests/crds/authrequests.yaml create mode 100644 scripts/manifests/crds/connectors.yaml create mode 100644 scripts/manifests/crds/oauth2clients.yaml create mode 100644 scripts/manifests/crds/offlinesessionses.yaml create mode 100644 scripts/manifests/crds/passwords.yaml create mode 100644 scripts/manifests/crds/refreshtokens.yaml create mode 100644 scripts/manifests/crds/signingkeies.yaml diff --git a/Documentation/storage.md b/Documentation/storage.md index ba9e1a9c..3ebb72b9 100644 --- a/Documentation/storage.md +++ b/Documentation/storage.md @@ -147,6 +147,39 @@ storage: Dex determines the namespace it's running in by parsing the service account token automatically mounted into its pod. +## Migrating from TPRs to CRDs + +This section descibes how users can migrate storage data in dex when upgrading from an older version of kubernetes (lower than 1.7). This involves creating new CRDs and moving over the data from TPRs. +The flow of the migration process is as follows: +1. Stop running old version of Dex (lower than v2.7.0). +2. Create new CRDs by running the following command: + ``` + kubectl apply -f scripts/manifests/crds/ + ``` + Note that the newly created CRDs have `dex.coreos.com` as their group and will not conflict with the existing TPR resources which have `oidc.coreos.com` as the group. +3. Migrate data from existing TPRs to CRDs by running the following commands for each of the TPRs: + 1. Export `DEX_NAMESPACE` to be the namespace in which the TPRs exist and run the following script to store TPR definition in a temporary yaml file: + ``` + export DEX_NAMESPACE="" + ./scripts/dump-tprs > out.yaml + ``` + 2. Update `out.yaml` to change the apiVersion to `apiVersion: dex.coreos.com/v1` and delete the `resourceVersion` field. + ``` + sed 's/oidc.coreos.com/dex.coreos.com/' out.yaml + ``` + ``` + sed 's/resourceVersion: ".*"//' out.yaml + ``` + 3. Create the resource object using the following command: + ``` + kubectl apply -f out.yaml + ``` + 4. Confirm that the resource got created using the following get command: + ``` + kubectl get --namespace=tectonic-system .dex.coreos.com -o yaml + ``` +4. Update to new version of Dex (v2.7.0 or higher) which will use CRDs instead of TPRs. + ## SQL Dex supports two flavors of SQL, SQLite3 and Postgres. MySQL and CockroachDB may be added at a later time. diff --git a/scripts/dump-tprs b/scripts/dump-tprs new file mode 100644 index 00000000..b2198644 --- /dev/null +++ b/scripts/dump-tprs @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +if [ -z $DEX_NAMESPACE ];then + echo "Must export \$DEX_NAMESPACE" + exit +fi + +for RESOURCE in authcodes authrequests connectors oauth2clients offlinesessionses refreshtokens passwords signingkeies; do + kubectl get --namespace=$DEX_NAMESPACE $RESOURCE.oidc.coreos.com -o yaml +done + diff --git a/scripts/manifests/crds/authcodes.yaml b/scripts/manifests/crds/authcodes.yaml new file mode 100644 index 00000000..54009253 --- /dev/null +++ b/scripts/manifests/crds/authcodes.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: authcodes.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: AuthCode + listKind: AuthCodeList + plural: authcodes + singular: authcode + version: v1 diff --git a/scripts/manifests/crds/authrequests.yaml b/scripts/manifests/crds/authrequests.yaml new file mode 100644 index 00000000..6c557957 --- /dev/null +++ b/scripts/manifests/crds/authrequests.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: authrequests.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: AuthRequest + listKind: AuthRequestList + plural: authrequests + singular: authrequest + version: v1 diff --git a/scripts/manifests/crds/connectors.yaml b/scripts/manifests/crds/connectors.yaml new file mode 100644 index 00000000..94e1a276 --- /dev/null +++ b/scripts/manifests/crds/connectors.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: connectors.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: Connector + listKind: ConnectorList + plural: connectors + singular: connector + version: v1 diff --git a/scripts/manifests/crds/oauth2clients.yaml b/scripts/manifests/crds/oauth2clients.yaml new file mode 100644 index 00000000..8b2d7ae3 --- /dev/null +++ b/scripts/manifests/crds/oauth2clients.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: oauth2clients.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: OAuth2Client + listKind: OAuth2ClientList + plural: oauth2clients + singular: oauth2client + version: v1 diff --git a/scripts/manifests/crds/offlinesessionses.yaml b/scripts/manifests/crds/offlinesessionses.yaml new file mode 100644 index 00000000..c51af37d --- /dev/null +++ b/scripts/manifests/crds/offlinesessionses.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: offlinesessionses.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: OfflineSessions + listKind: OfflineSessionsList + plural: offlinesessionses + singular: offlinesessions + version: v1 diff --git a/scripts/manifests/crds/passwords.yaml b/scripts/manifests/crds/passwords.yaml new file mode 100644 index 00000000..65d79cca --- /dev/null +++ b/scripts/manifests/crds/passwords.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: passwords.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: Password + listKind: PasswordList + plural: passwords + singular: password + version: v1 diff --git a/scripts/manifests/crds/refreshtokens.yaml b/scripts/manifests/crds/refreshtokens.yaml new file mode 100644 index 00000000..8b20a6bd --- /dev/null +++ b/scripts/manifests/crds/refreshtokens.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: refreshtokens.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: RefreshToken + listKind: RefreshTokenList + plural: refreshtokens + singular: refreshtoken + version: v1 diff --git a/scripts/manifests/crds/signingkeies.yaml b/scripts/manifests/crds/signingkeies.yaml new file mode 100644 index 00000000..3f8a3838 --- /dev/null +++ b/scripts/manifests/crds/signingkeies.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: signingkeies.dex.coreos.com +spec: + group: dex.coreos.com + names: + kind: SigningKey + listKind: SigningKeyList + plural: signingkeies + singular: signingkey + version: v1