Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change apiVersion to zalando.org/v1 #23

Merged
merged 1 commit into from
Jun 16, 2019
Merged

Change apiVersion to zalando.org/v1 #23

merged 1 commit into from
Jun 16, 2019

Conversation

mikkeloscar
Copy link
Contributor

@mikkeloscar mikkeloscar commented Jun 13, 2019
edited
Loading

This changes the apiVersion defined for the AWSIAMRole CRD from amazonaws.com/v1 to zalando.org/v1.
This is unfortunately a breaking change that we feel the need to make as we are preparing to roll this out in Zalando.

The reason to make this change is to ensure that Zalando as a company is not breaking any Trademark laws. While this project has been developed by me until now. As I'm an employee of Zalando and because of European Copyright laws, the copyright of the project falls to Zalando as this is related to my daily work. Therefore it makes sense to use zalando.org/v1 instead of coming up with another name which may be trademarked by someone else.

@seh already brought up this issue in the original PR.

Migration steps

  1. Apply new CRD:

    kubectl apply -f docs/aws_iam_role_crd.yaml

  2. Copy old resources to new version:

    #!/bin/bash

for ns in $(kubectl get ns --no-headers -o "custom-columns=:metadata.name"); do
    for res in $(kubectl --namespace "$ns" get awsiamroles.amazonaws.com --no-headers -o custom-columns=:metadata.name); do
        kubectl --namespace "$ns" get awsiamroles.amazonaws.com "$res" -o json | sed 's#amazonaws.com/v1#zalando.org/v1#' | kubectl apply -f -
    done
done

  3. Deploy new version of controller >=0.1.0 (See https://github.com/mikkeloscar/kube-aws-iam-controller#setup).

  4. Delete old resources and old CRD:

    kubectl delete crd awsiamroles.amazonaws.com

  5. If you are using RBAC, you also need to update the ClusterRole to have zalando.org instead of amazonaws.com as apiGroups.

@mikkeloscar
Change apiVersion to zalando.org/v1
ee4270c 
Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@coveralls
Copy link

Pull Request Test Coverage Report for Build 112

  • 4 of 4 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 67.454%
Totals Coverage Status
Change from base Build 109: 0.0%
Covered Lines: 514
Relevant Lines: 762
💛 - Coveralls

@mikkeloscar mikkeloscar merged commit 48b2b53 into master Jun 16, 2019
@mikkeloscar mikkeloscar deleted the change-apiversion branch June 16, 2019 08:24
@seh
Copy link

seh commented Jun 16, 2019

Given the version bump, do you have any plans to phase out the older IAM role binding technique of mounting Secrets named with a special prefix? I'd prefer to be able to deploy the controller at least with the pod cache disabled. If we can't remove it for fear of breaking existing users, perhaps we could disable it via command-line flag.

I was hoping that the next major version bump would be our chance to remove that feature.

@mikkeloscar
Copy link
Contributor Author

I created #25 to track this. I agree we should phase it out.

@Shinzu
Copy link

Shinzu commented Jun 25, 2019

@mikkeloscar if your deployment is with rbac you must also migrate the clusterrole

@mikkeloscar
Copy link
Contributor Author

@Shinzu thanks, added this as a step in the description above!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mikkeloscar @coveralls @seh @Shinzu