Merge pull request #1067 from rithujohn191/migrate-tprs

Documentation: add docs for TPR to CRD migration
dexidp · Sep 18, 2017 · 4c435db · 4c435db
2 parents 03de0ec + 34dcf6c
commit 4c435db
Show file tree

Hide file tree

Showing 10 changed files with 142 additions and 0 deletions.
diff --git a/Documentation/storage.md b/Documentation/storage.md
@@ -147,6 +147,39 @@ storage:
 
 Dex determines the namespace it's running in by parsing the service account token automatically mounted into its pod.
 
+## Migrating from TPRs to CRDs
+
+This section descibes how users can migrate storage data in dex when upgrading from an older version of kubernetes (lower than 1.7). This involves creating new CRDs and moving over the data from TPRs.
+The flow of the migration process is as follows:
+1. Stop running old version of Dex (lower than v2.7.0).
+2. Create new CRDs by running the following command:
+   ```
+   kubectl apply -f scripts/manifests/crds/
+   ```
+   Note that the newly created CRDs have `dex.coreos.com` as their group and will not conflict with the existing TPR resources which have `oidc.coreos.com` as the group.
+3. Migrate data from existing TPRs to CRDs by running the following commands for each of the TPRs:
+   1. Export `DEX_NAMESPACE` to be the namespace in which the TPRs exist and run the following script to store TPR definition in a temporary yaml file:
+      ```
+      export DEX_NAMESPACE="<namespace-value>"
+      ./scripts/dump-tprs > out.yaml
+      ```
+   2. Update `out.yaml` to change the apiVersion to `apiVersion: dex.coreos.com/v1` and delete the `resourceVersion` field.
+      ```
+      sed 's/oidc.coreos.com/dex.coreos.com/' out.yaml
+      ```
+      ```
+      sed 's/resourceVersion: ".*"//' out.yaml
+      ```
+   3. Create the resource object using the following command:
+      ```
+      kubectl apply -f out.yaml
+      ```
+   4. Confirm that the resource got created using the following get command:
+      ```
+      kubectl get --namespace=tectonic-system <TPR-name>.dex.coreos.com  -o yaml
+      ```
+4. Update to new version of Dex (v2.7.0 or higher) which will use CRDs instead of TPRs.
+
 ## SQL
 
 Dex supports two flavors of SQL, SQLite3 and Postgres. MySQL and CockroachDB may be added at a later time.

diff --git a/scripts/dump-tprs b/scripts/dump-tprs
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+if [ -z $DEX_NAMESPACE ];then
+        echo "Must export \$DEX_NAMESPACE"
+        exit
+fi
+
+for RESOURCE in authcodes authrequests connectors oauth2clients offlinesessionses refreshtokens passwords signingkeies; do
+        kubectl get --namespace=$DEX_NAMESPACE $RESOURCE.oidc.coreos.com  -o yaml
+done
+
diff --git a/scripts/manifests/crds/authcodes.yaml b/scripts/manifests/crds/authcodes.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: authcodes.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: AuthCode
+    listKind: AuthCodeList
+    plural: authcodes
+    singular: authcode
+  version: v1
diff --git a/scripts/manifests/crds/authrequests.yaml b/scripts/manifests/crds/authrequests.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: authrequests.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: AuthRequest
+    listKind: AuthRequestList
+    plural: authrequests
+    singular: authrequest
+  version: v1
diff --git a/scripts/manifests/crds/connectors.yaml b/scripts/manifests/crds/connectors.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: connectors.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: Connector
+    listKind: ConnectorList
+    plural: connectors
+    singular: connector
+  version: v1
diff --git a/scripts/manifests/crds/oauth2clients.yaml b/scripts/manifests/crds/oauth2clients.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: oauth2clients.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: OAuth2Client
+    listKind: OAuth2ClientList
+    plural: oauth2clients
+    singular: oauth2client
+  version: v1
diff --git a/scripts/manifests/crds/offlinesessionses.yaml b/scripts/manifests/crds/offlinesessionses.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: offlinesessionses.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: OfflineSessions
+    listKind: OfflineSessionsList
+    plural: offlinesessionses
+    singular: offlinesessions
+  version: v1
diff --git a/scripts/manifests/crds/passwords.yaml b/scripts/manifests/crds/passwords.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: passwords.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: Password
+    listKind: PasswordList
+    plural: passwords
+    singular: password
+  version: v1
diff --git a/scripts/manifests/crds/refreshtokens.yaml b/scripts/manifests/crds/refreshtokens.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: refreshtokens.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: RefreshToken
+    listKind: RefreshTokenList
+    plural: refreshtokens
+    singular: refreshtoken
+  version: v1
diff --git a/scripts/manifests/crds/signingkeies.yaml b/scripts/manifests/crds/signingkeies.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: signingkeies.dex.coreos.com
+spec:
+  group: dex.coreos.com
+  names:
+    kind: SigningKey
+    listKind: SigningKeyList
+    plural: signingkeies
+    singular: signingkey
+  version: v1