Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CLI Upgrade command #898

Closed
wants to merge 77 commits into from
Closed

Add CLI Upgrade command #898

wants to merge 77 commits into from

Conversation

t-eckert
Copy link
Contributor

@t-eckert t-eckert commented Dec 3, 2021
edited

This is a wrap-up of Saad's excellent work on the Upgrade command. There will need to be some refactors following this, but functionality is solid.

Changes proposed in this PR:

  • Made an initial try at the consul-k8s upgrade command. Running into issues with the connect-injector webhook not starting on an install?
  • Upgrade commit
  • First pass at upgrade was successful.
  • notes from sync with Saad on what's left
  • Made an initial try at the consul-k8s upgrade command. Running into issues with the connect-injector webhook not starting on an install?
  • Upgrade commit
  • First pass at upgrade was successful.
  • notes from sync with Saad on what's left
  • Some basic cleanup
  • Remove TestDebugger
  • Remove validateLabels (unused)
  • Add the namespace and install flags
  • Add flag test and remove install option

How I've tested this PR:

Checkout an older version of the CLI and compile it.

cd cli
git checkout tags/v0.37.0
go build -o consul-k8s-0-37-0

Checkout this version and compile it

git checkout cli-upgrade
go build -o consul-k8s-latest

Install Consul with the older version, optionally include a preset.

./consul-k8s-0-37-0 install [-preset demo]

Apply a static server/client pair to the cluster.

K8s Config 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: static-client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: static-client
  template:
    metadata:
      name: static-client
      labels:
        app: static-client
      annotations:
        "consul.hashicorp.com/connect-inject": "true"
        "consul.hashicorp.com/connect-service-upstreams": "static-server:1234"
    spec:
      containers:
        - name: static-client
          image: docker.mirror.hashicorp.services/curlimages/curl:latest
          command: [ "/bin/sh", "-c", "--" ]
          args: [ "while true; do sleep 30; done;" ]
          env:
          - name: HOST_IP
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
      serviceAccountName: static-client
      terminationGracePeriodSeconds: 0 # so deletion is quick
---
apiVersion: v1
kind: Service
metadata:
  name: static-client
spec:
  selector:
    app: static-client
  ports:
    - port: 80
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: static-client
---
apiVersion: v1
kind: Service
metadata:
  name: static-server
spec:
  selector:
    app: static-server
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: static-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: static-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: static-server
  template:
    metadata:
      name: static-server
      labels:
        app: static-server
      annotations:
        'consul.hashicorp.com/connect-inject': 'true'
    spec:
      containers:
        - name: static-server
          image: hashicorp/http-echo:latest
          args:
            - -text="hello world"
            - -listen=:8080
          ports:
            - containerPort: 8080
              name: http
      serviceAccountName: static-server
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
  name: static-server
spec:
  destination:
    name: static-server
  sources:
    - name: static-client
      action: allow

Exec into the client pod

kubectl exec <client-pod-name> -it /sh

In the client pod, cURL the server pod:

curl http://localhost:1234

You should receive "hello, world" back. Exit the pod.

Now perform the upgrade with the latest version of the CLI, optionally modifying the preset.

./consul-k8s-latest upgrade [-preset secure]

Exec into the client pod again, cURL the server pod, and ensure that you still receive "hello, world".

How I expect reviewers to test this PR:

You can do what I did above. I believe in you.

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

kschoche and others added 18 commits October 20, 2021 21:16
@kschoche
test
92a5a4f
@kschoche
test
8171ec5
@kschoche
change something
3ba20ec
@kschoche
clean this up
3a0f5a3
@kschoche
remove interface and make bootstrap part of Create
08daf43
@kschoche
clean up the framework a bit
a7ad878
@kschoche @ishustava
Apply suggestions from code review
d0de8e6 
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
@kschoche
review comments
da47c6e
@kschoche
fix lint
400fda6
@kschoche
Merge branch 'vault-acceptance-base' into consul-vault-base
3808657
@kschoche
Merge branch 'main' into consul-vault-base
01e9974
@kschoche @ishustava
Bootstrap gossip encryption with Vault (#811)
80102a5 
* Add base bootstrapping logic and acceptance tests for gossip encryption in Vault

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
@ishustava
Add configuration for the vault Connect CA provider (#872)
9c515aa
@ishustava
Support Vault server running with TLS (#874)
84f1a8e 
* Change vault cluster in acceptance tests to only run with TLS. All tests will run against vault with TLS because that is the use case we think will be the most valuable for users to test
* Support adding Vault CA as a secret to pods that will be using vault agent. We need to add two annotations to pods:
      * vault.hashicorp.com/agent-extra-secret with the value of the vault CA secret name. The secret will be mounted to vault agent at /vault/custom path. See docs here
      * vault.hashicorp.com/ca-cert - with the path of the ca file inside the vault agent container. This should be /vault/custom/<secret key>
* Most pods will only need those annotations. The server pods also need the Vault CA secret to be mounted as a volume because it needs the CA to be on the file system for the vault connect CA provider.
@sadjamz
Made an initial try at the consul-k8s upgrade command. Running into i…
13282c4 
…ssues with the connect-injector webhook not starting on an install?
@sadjamz
Upgrade commit
a9260b3
@sadjamz
First pass at upgrade was successful.
412117d
@ndhanushkodi
notes from sync with Saad on what's left
855a94f
@t-eckert t-eckert marked this pull request as ready for review December 3, 2021 18:02
@t-eckert t-eckert requested review from a team, ndhanushkodi and thisisnotashwin and removed request for a team December 3, 2021 18:55
ndhanushkodi
ndhanushkodi reviewed Dec 13, 2021
View reviewed changes
Copy link
Contributor

@ndhanushkodi ndhanushkodi left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great! Thanks for wrapping this up Thomas! Mostly had some small comments, and +1 to David's comment to re-enable the presets. I have a little bit of manual testing left to try but wanted to leave this review now so you can start! Finished doing some testing, haven't run into anything weird yet!

cli/cmd/upgrade/upgrade.go Outdated Show resolved Hide resolved
cli/cmd/upgrade/upgrade.go Outdated Show resolved Hide resolved
cli/cmd/upgrade/upgrade.go Outdated Show resolved Hide resolved
cli/cmd/upgrade/upgrade.go Show resolved Hide resolved
cli/cmd/upgrade/upgrade.go Show resolved Hide resolved
cli/cmd/upgrade/upgrade_test.go Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
@ndhanushkodi
Copy link
Contributor

I think the acceptance tests are failing because we need to rebase this on main

sadjamz and others added 18 commits December 13, 2021 12:40
@sadjamz
Made an initial try at the consul-k8s upgrade command. Running into i…
e355006 
…ssues with the connect-injector webhook not starting on an install?
@sadjamz
Upgrade commit
d575746
@sadjamz
First pass at upgrade was successful.
8215641
@ndhanushkodi
notes from sync with Saad on what's left
8ce3d2c
@sadjamz
Made an initial try at the consul-k8s upgrade command. Running into i…
ca14653 
…ssues with the connect-injector webhook not starting on an install?
@sadjamz
Upgrade commit
3da54cd
@sadjamz
First pass at upgrade was successful.
2920d3e
@ndhanushkodi
notes from sync with Saad on what's left
355be3c
Some basic cleanup
56db257
Remove TestDebugger
f5ccd78
Remove validateLabels (unused)
61cf678
Add the namespace and install flags
7a409af
Add flag test and remove install option
1c660a6
Move presets into a config package
a0e2426
Add Changelog
ca1c6c0
Merge branch 'cli-upgrade' of https://github.com/hashicorp/consul-k8s
b770d3c 
…into cli-upgrade
Mark CHANGELOG update as BETA
c05744f
Remove namespace from upgrade
e09f2e2
@t-eckert
Copy link
Contributor Author

Closing because of weird git stuff...

@t-eckert t-eckert closed this Dec 13, 2021
@hashicorp hashicorp deleted a comment from ndhanushkodi Dec 13, 2021
@hashicorp hashicorp deleted a comment from ndhanushkodi Dec 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yu david-yu david-yu left review comments

@ndhanushkodi ndhanushkodi ndhanushkodi left review comments

@thisisnotashwin thisisnotashwin Awaiting requested review from thisisnotashwin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@t-eckert @ndhanushkodi @david-yu @kschoche @ishustava @sadjamz @thisisnotashwin @lkysow @NiklasWagner @hc-github-team-consul-ecosystem