Support the restoring of issuers from backup files #70

charlieegan3 · 2022-11-21T16:33:53Z

This allows the loading of cert-manager issuers and cluster issuers from a jsctl backup.

For example, with a backup.yaml as follows, the output for the installation will be as seen below. Note that the warnings of other issuers are logged to stderr in the process. In this case, a GoogleCASIssuer.

 $ cat backup.yaml 
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  creationTimestamp: null
  name: cm-cluster-issuer-sample
spec:
  acme:
    email: dummy-email@example.com
    preferredChain: ""
    privateKeySecretRef:
      name: example
    server: https://
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  creationTimestamp: null
  name: cm-issuer-sample
  namespace: jetstack-secure
spec:
  ca:
    secretName: ca-key-pair
---
apiVersion: cas-issuer.jetstack.io/v1beta1
kind: GoogleCASIssuer
metadata:
  creationTimestamp: null
  name: googlecasissuer-sample
  namespace: jetstack-secure
spec:
  caPoolId: my-pool
  credentials:
    key: example
    name: googlesa
  location: us-east1
  project: example
---



$ go run main.go operator installations apply --stdout --experimental-issuers-backup-file=backup.yaml
The following issuers cannot be managed by the operator and must be restored manually: GoogleCASIssuer/googlecasissuer-sample
apiVersion: operator.jetstack.io/v1alpha1
kind: Installation
metadata:
  creationTimestamp: null
  name: installation
spec:
  approverPolicy: {}
  certManager:
    controller:
      replicas: 2
    webhook:
      replicas: 2
  issuers:
  - ca:
      secretName: ca-key-pair
    name: cm-issuer-sample
    namespace: jetstack-secure
  - acme:
      email: dummy-email@example.com
      preferredChain: ""
      privateKeySecretRef:
        name: example
      server: https://
    clusterScope: true
    name: cm-cluster-issuer-sample

This command will be used prior to the install of a JS by operators to backup cluster state. Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>

irbekrm

Thank you for working on this Charlie!

I think the new flag looks good already for a first iteration. I've left a couple commands, most notably about distinguishing different issuer types that might not be backed up.
Additionally it'd be good if we printed out which issuers got restored (it kind of is obvious from Installation spec for us, but maybe not for someone less familiar with that CR).

We also don't parse any List types at all, but I think this is okay for now.

internal/command/operator/apply.go

internal/command/operator/deploy.go

internal/kubernetes/restore/restore.go

internal/command/operator/apply.go

internal/kubernetes/restore/restore.go

internal/command/operator/apply.go

This reverts commit e25d298.

This reverts commit 89f9433.

irbekrm

Thanks Charlie, I've ran the new command and it looks good to me 👍🏼

/lgtm

charlieegan3 · 2022-11-25T08:41:30Z

Thanks for the feedback and for testing this out too.

charlieegan3 added 15 commits November 21, 2022 12:05

Implement cluster backup command

efac24f

This command will be used prior to the install of a JS by operators to backup cluster state. Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>

Update package imports

2ec6da4

Explain why certificate requests are included

f6b9f3b

Disable ingress cert backup

9c02f1b

Explain ingress-shim exclusion

739a5f3

Make backup experimental

d9e3c76

Handle and eject when unsupported CRDs found

51507e1

Show supported issuers in help output

8e1f50c

Update check to find v1 and check it's served

adeac22

Correct dependency injection

8fabbeb

Handle options and skip issuer kinds print

ac06b67

Update docs

0b523ea

Refactor out operator commands

7340dfc

Implement simple backup loading of issuers

5b1d8b1

Build means of setting issuers in installation

18ecfb6

jetstack-bot added the size/XXL label Nov 21, 2022

Update docs

c4c2a92

irbekrm suggested changes Nov 22, 2022

View reviewed changes

charlieegan3 added 12 commits November 22, 2022 17:19

Correct import package name

097706a

availble -> available

c16fae1

Correct Goland errors2

cd86a64

Make message show type too

2393a0c

Update backup flag help

9650c24

Add type to message

cb748cc

Print missed issuer warning to stdout

889116d

Support restoring vei issuers

e25d298

Revert "Support restoring vei issuers"

89f9433

This reverts commit e25d298.

Support loading items from a JSON backup

6344414

Update docs

7246eeb

Revert "Revert "Support restoring vei issuers""

32bdd40

This reverts commit 89f9433.

charlieegan3 added 3 commits November 24, 2022 16:08

Import vei issuers from backups

7741d1e

Update test data to differ. teams

1b11fdd

Add note about converting

ff884ae

irbekrm approved these changes Nov 25, 2022

View reviewed changes

jetstack-bot assigned irbekrm Nov 25, 2022

jetstack-bot added the lgtm label Nov 25, 2022

charlieegan3 merged commit ad2d06a into main Nov 25, 2022

irbekrm deleted the experimental-issuers-backup branch November 25, 2022 09:02

irbekrm mentioned this pull request Feb 1, 2023

Ensures that manifest generation still works if issuers backup file not provided #81

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support the restoring of issuers from backup files #70

Support the restoring of issuers from backup files #70

charlieegan3 commented Nov 21, 2022

irbekrm left a comment

irbekrm left a comment

charlieegan3 commented Nov 25, 2022

Support the restoring of issuers from backup files #70

Support the restoring of issuers from backup files #70

Conversation

charlieegan3 commented Nov 21, 2022

irbekrm left a comment

Choose a reason for hiding this comment

irbekrm left a comment

Choose a reason for hiding this comment

charlieegan3 commented Nov 25, 2022