feat: Add support tenant update via image available to operator (#266)

The update flow is - Operator has access to a new MinIO Docker Image. - Admin requests an update of a certain tenant using `kubectl apply`. - Operator identifies this request and fetches the minio binary and other relevant files to a local directory. - Operator makes minio admin api call with a URL of its own webhook server. - Tenant fetches the binary and other files extracted in previous step and updates itself. - Operator deletes all temporary files after successful update. Co-authored-by: Harshavardhana <harsha@minio.io>
minio · Aug 28, 2020 · dcefedf · dcefedf
1 parent 5f6e19f
commit dcefedf
Show file tree

Hide file tree

Showing 8 changed files with 930 additions and 119 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM scratch
+FROM busybox:1.32
 
 LABEL maintainer="MinIO Inc <dev@min.io>"
 

diff --git a/Dockerfile.release b/Dockerfile.release
@@ -1,4 +1,4 @@
-FROM scratch
+FROM busybox:1.32
 
 LABEL maintainer="MinIO Inc <dev@min.io>"
 

diff --git a/go.mod b/go.mod
@@ -3,19 +3,12 @@ module github.com/minio/operator
 go 1.13
 
 require (
-	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/go-ole/go-ole v1.2.4 // indirect
-	github.com/golang/protobuf v1.4.2 // indirect
-	github.com/google/go-cmp v0.4.1 // indirect
+	github.com/google/go-containerregistry v0.1.2
 	github.com/gorilla/mux v1.7.5-0.20200711200521-98cb6bf42e08
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/imdario/mergo v0.3.10 // indirect
 	github.com/minio/minio v0.0.0-20200723003940-b9be841fd222
 	github.com/minio/minio-go/v7 v7.0.2
-	github.com/secure-io/sio-go v0.3.1 // indirect
-	github.com/shirou/gopsutil v2.20.6+incompatible // indirect
-	github.com/stretchr/testify v1.4.0
+	github.com/stretchr/testify v1.5.1
 	k8s.io/api v0.18.6
 	k8s.io/apimachinery v0.18.6
 	k8s.io/client-go v0.18.6

diff --git a/go.sum b/go.sum
diff --git a/operator-kustomize/deployment.yaml b/operator-kustomize/deployment.yaml
@@ -20,8 +20,10 @@ spec:
           imagePullPolicy: IfNotPresent
           resources:
             requests:
+              cpu: 200m
               memory: 256Mi
+              ephemeral-storage: 500Mi
           securityContext:
             runAsUser: 1000
+            runAsGroup: 1000
             runAsNonRoot: true
-            readOnlyRootFilesystem: true
diff --git a/pkg/apis/minio.min.io/v1/helper.go b/pkg/apis/minio.min.io/v1/helper.go
@@ -18,15 +18,19 @@
 package v1
 
 import (
+	"archive/tar"
 	"bytes"
+	"compress/gzip"
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"path"
 	"strconv"
 	"strings"
@@ -63,6 +67,7 @@ const (
 const (
 	WebhookAPIGetenv        = WebhookAPIVersion + "/getenv"
 	WebhookAPIBucketService = WebhookAPIVersion + "/bucketsrv"
+	WebhookAPIUpdate        = WebhookAPIVersion + "/update"
 )
 
 type hostsTemplateValues struct {
@@ -169,8 +174,7 @@ const (
 	releasePrefix             = "RELEASE"
 )
 
-// ReleaseTagToReleaseTime - converts a 'RELEASE.2017-09-29T19-16-56Z.hotfix'
-// into the build time
+// ReleaseTagToReleaseTime - converts a 'RELEASE.2017-09-29T19-16-56Z.hotfix' into the build time
 func ReleaseTagToReleaseTime(releaseTag string) (releaseTime time.Time, err error) {
 	fields := strings.Split(releaseTag, ".")
 	if len(fields) < 2 || len(fields) > 3 {
@@ -182,6 +186,67 @@ func ReleaseTagToReleaseTime(releaseTag string) (releaseTime time.Time, err erro
 	return time.Parse(minioReleaseTagTimeLayout, fields[1])
 }
 
+// ExtractTar extracts all tar files from the list `filesToExtract` and puts the files in the `basePath` location
+func ExtractTar(filesToExtract []string, basePath, tarFileName string) error {
+	tarFile, err := os.Open(basePath + tarFileName)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = tarFile.Close()
+	}()
+
+	tr := tar.NewReader(tarFile)
+	if strings.HasSuffix(tarFileName, ".gz") {
+		gz, err := gzip.NewReader(tarFile)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			_ = gz.Close()
+		}()
+		tr = tar.NewReader(gz)
+	}
+
+	var success = len(filesToExtract)
+	for {
+		header, err := tr.Next()
+		if err == io.EOF {
+			// only success if we have found all files
+			if success == 0 {
+				break
+			}
+		}
+		if err != nil {
+			return fmt.Errorf("Tar file extraction failed: %w", err)
+		}
+		if header.Typeflag == tar.TypeReg {
+			if name := find(filesToExtract, header.Name); name != "" {
+				outFile, err := os.OpenFile(basePath+path.Base(name), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0777)
+				if err != nil {
+					return fmt.Errorf("Tar file extraction failed: %w", err)
+				}
+				if _, err := io.Copy(outFile, tr); err != nil {
+					_ = outFile.Close()
+					return fmt.Errorf("Tar file extraction failed: %w", err)
+				}
+				_ = outFile.Close()
+				success--
+			}
+		}
+	}
+	return nil
+}
+
+func find(slice []string, val string) string {
+	for _, item := range slice {
+		if item == val {
+			return item
+		}
+	}
+	return ""
+}
+
 // EnsureDefaults will ensure that if a user omits and fields in the
 // spec that are required, we set some sensible defaults.
 // For example a user can choose to omit the version
@@ -434,7 +499,7 @@ func (t *Tenant) UpdateURL(lrTime time.Time, overrideURL string) (string, error)
 	if err != nil {
 		return "", err
 	}
-	u.Path = path.Dir(u.Path) + "/minio." + releasePrefix + "." + lrTime.Format(minioReleaseTagTimeLayout) + ".sha256sum"
+	u.Path = u.Path + "/minio." + releasePrefix + "." + lrTime.Format(minioReleaseTagTimeLayout) + ".sha256sum"
 	return u.String(), nil
 }