Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storage/kubernetes: add CRD support #1062

Merged
merged 2 commits into from Sep 14, 2017
Merged

storage/kubernetes: add CRD support #1062

merged 2 commits into from Sep 14, 2017

Conversation

rithujohn191
Copy link
Contributor

This PR makes the following changes:

  1. Add CRD support for kubernetes storage. In order to enable CRDs a Boolean flag has been introduced in the kubernetes storage config (useCRD).
  2. The apiVersion i.e the API Group and version can be configured via the ConfigMap.

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
storage/kubernetes/storage.go Outdated
// they'll immediately be available, but ensures that the client will actually try
// once.
logger.Errorf("failed creating custom resource definitions: %v", err)
go func() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This go statement needs to be inside the if block above.

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
storage/kubernetes/storage.go Outdated
if err != nil {
return nil, fmt.Errorf("create client: %v", err)
}

ctx, cancel := context.WithCancel(context.Background())

if c.UseCRD {
if !cli.createCustomResourceDefinitions() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of reproducing this logic, I'd recommend just replacing the createThirdPartyResources call bellow with something that conditionally creates either CRDs or TPRs. E.g.

// Create either TPRs or CRDs.
cli.registerCustomResoruces(c.UseCRD)

And not having this block be reproduced.

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
storage/kubernetes/types.go Outdated
Group: apiGroup,
Version: "v1",
Names: k8sapi.CustomResourceDefinitionNames{
Plural: "signingkeies",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment why we chose not to change this? E.g.

// An artifact from the old TPR pluralization. Since users don't directly interact with this value, it'd be more of
// a pain to correct this than to leave as is.

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
storage/kubernetes/storage.go Outdated
@@ -38,6 +38,8 @@ const (
type Config struct {
InCluster bool `json:"inCluster"`
KubeConfigFile string `json:"kubeConfigFile"`
APIVersion string `json:"apiVersion"` // API Group and version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather not expose this. It's always implied by "useCRD"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but how else would users configure the APIVersion?

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
storage/kubernetes/storage.go Outdated
@@ -38,6 +38,8 @@ const (
type Config struct {
InCluster bool `json:"inCluster"`
KubeConfigFile string `json:"kubeConfigFile"`
APIVersion string `json:"apiVersion"` // API Group and version
UseCRD bool `json:"useCRD"` // Flag option to use CRDs instead of TPRs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At some point we need to leave a comment that this will default to true.

ericchiang
ericchiang reviewed Sep 13, 2017
View reviewed changes
Copy link
Contributor

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few nits, but overall looks good. thanks!

@ericchiang
Copy link
Contributor

Also some lint checks are failing

/home/travis/gopath/src/github.com/coreos/dex/storage/kubernetes/k8sapi/crd_extensions.go:50:2: exported const ClusterScoped should have comment (or a comment on this block) or be unexported
/home/travis/gopath/src/github.com/coreos/dex/storage/kubernetes/k8sapi/crd_extensions.go:54:6: exported type ConditionStatus should have comment or be unexported

@rithujohn191 rithujohn191 force-pushed the crd-migration branch 3 times, most recently from 336929f to 3ff69a6 Compare September 13, 2017 22:58
@rithujohn191
Copy link
Contributor Author

@ericchiang addressed all feedback

@rithujohn191
Copy link
Contributor Author

Testing:
Manually tested with a kubernetes cluster. All CRDs got created.

kubectl get customresourcedefinition
NAME                                    KIND
authcodes.dex.coreos.com                CustomResourceDefinition.v1beta1.apiextensions.k8s.io
authrequests.dex.coreos.com             CustomResourceDefinition.v1beta1.apiextensions.k8s.io
connectors.dex.coreos.com               CustomResourceDefinition.v1beta1.apiextensions.k8s.io
oauth2clients.dex.coreos.com            CustomResourceDefinition.v1beta1.apiextensions.k8s.io
offlinesessionses.dex.coreos.com        CustomResourceDefinition.v1beta1.apiextensions.k8s.io
passwords.dex.coreos.com                CustomResourceDefinition.v1beta1.apiextensions.k8s.io
refreshtokens.dex.coreos.com            CustomResourceDefinition.v1beta1.apiextensions.k8s.io
signingkeies.dex.coreos.com             CustomResourceDefinition.v1beta1.apiextensions.k8s.io

TODO: still need to add docs regarding migration

@rithujohn191
Copy link
Contributor Author

Sample CRD that gets created:

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  creationTimestamp: 2017-09-13T19:56:28Z
  name: authcodes.dex.coreos.com
  resourceVersion: "288893"
  selfLink: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/authcodes.dex.coreos.com
  uid: a1cb72dc-98bd-11e7-8f6a-02d13336a01e
spec:
  group: dex.coreos.com
  names:
    kind: AuthCode
    listKind: AuthCodeList
    plural: authcodes
    singular: authcode
  scope: Namespaced
  version: v1
status:
  acceptedNames:
    kind: AuthCode
    listKind: AuthCodeList
    plural: authcodes
    singular: authcode
  conditions:
  - lastTransitionTime: null
    message: no conflicts found
    reason: NoConflicts
    status: "True"
    type: NamesAccepted
  - lastTransitionTime: 2017-09-13T19:56:28Z
    message: the initial names have been accepted
    reason: InitialNamesAccepted
    status: "True"
    type: Established

@rithujohn191 rithujohn191 changed the title [WIP]: add CRD support storage/kubernetes: add CRD support Sep 13, 2017
@ericchiang
Copy link
Contributor

code lgtm.

Can you add a doc and switch the conformance tests to use CRDs?

diegs
diegs reviewed Sep 13, 2017
View reviewed changes
Copy link
Contributor

@diegs diegs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clean, just one kind of annoying overall comment.

storage/kubernetes/storage.go Outdated
type Config struct {
InCluster bool `json:"inCluster"`
KubeConfigFile string `json:"kubeConfigFile"`
UseCRD bool `json:"useCRD"` // Flag option to use CRDs instead of TPRs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this sounds kind of silly, but I would make the flag UseTPR instead of UseCRD. You can bump to a new major version for this, so clients have to explicitly set UseTPR if they want to. Then removing the flag later will be much cleaner and require no changes from conforming clients.

(Note that this applies to all the boolean vars you plumb through everywhere).

@rithujohn191 rithujohn191 force-pushed the crd-migration branch 3 times, most recently from b0f721b to 6dccfa9 Compare September 14, 2017 18:30
@rithujohn191
Copy link
Contributor Author

Addressed all feedback. Added basic CRD documentation for now. Will handle CRD migration docs and script in a separate PR

diegs
diegs approved these changes Sep 14, 2017
View reviewed changes
Copy link
Contributor

@diegs diegs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ericchiang
ericchiang reviewed Sep 14, 2017
View reviewed changes
Documentation/storage.md Outdated
type: kubernetes
config:
kubeConfigFile: kubeconfig
useCRD: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this is "useTPR"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for catching that

@ericchiang ericchiang mentioned this pull request Sep 14, 2017
Closed
@rithujohn191 rithujohn191 merged commit 03de0ec into dexidp:master Sep 14, 2017
@rithujohn191 rithujohn191 deleted the crd-migration branch September 14, 2017 20:22
mmrath pushed a commit to mmrath/dex that referenced this pull request Sep 2, 2019
@rithujohn191
Merge pull request dexidp#1062 from rithujohn191/crd-migration
bb54077 
storage/kubernetes: add CRD support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diegs diegs diegs approved these changes

@ericchiang ericchiang ericchiang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rithujohn191 @ericchiang @diegs