From 3c86265f73e9fb8e4741de3b4c499a4391e97ad4 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 21 Nov 2023 17:31:32 +0100 Subject: [PATCH] WIP: allow adoption based on v2beta1 state Signed-off-by: Hidde Beydals --- api/v2beta2/helmrelease_types.go | 5 + .../helm.toolkit.fluxcd.io_helmreleases.yaml | 4 + docs/api/v2beta2/helm.md | 13 ++ internal/controller/helmrelease_controller.go | 53 ++++++ .../controller/helmrelease_controller_test.go | 170 +++++++++++++++++- internal/features/features.go | 10 ++ 6 files changed, 254 insertions(+), 1 deletion(-) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 67ed0ae3e..ac7a8524f 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -908,6 +908,11 @@ type HelmReleaseStatus struct { // +optional LastAttemptedValuesChecksum string `json:"lastAttemptedValuesChecksum,omitempty"` + // LastReleaseRevision is the revision of the last successful Helm release. + // Deprecated: Use History instead. + // +optional + LastReleaseRevision int `json:"lastReleaseRevision,omitempty"` + // LastAttemptedConfigDigest is the digest for the config (better known as // "values") of the last reconciliation attempt. // +optional diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index bad1de58f..61270e2cb 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -2049,6 +2049,10 @@ spec: reconcile request value, so a change of the annotation value can be detected. type: string + lastReleaseRevision: + description: 'LastReleaseRevision is the revision of the last successful + Helm release. Deprecated: Use History instead.' + type: integer observedGeneration: description: ObservedGeneration is the last observed generation. format: int64 diff --git a/docs/api/v2beta2/helm.md b/docs/api/v2beta2/helm.md index b92b55ac2..bd2677ab2 100644 --- a/docs/api/v2beta2/helm.md +++ b/docs/api/v2beta2/helm.md @@ -1407,6 +1407,19 @@ Deprecated: Use LastAttemptedConfigDigest instead.

+lastReleaseRevision
+ +int + + + +(Optional) +

LastReleaseRevision is the revision of the last successful Helm release. +Deprecated: Use History instead.

+ + + + lastAttemptedConfigDigest
string diff --git a/internal/controller/helmrelease_controller.go b/internal/controller/helmrelease_controller.go index 3bef30141..fd1443077 100644 --- a/internal/controller/helmrelease_controller.go +++ b/internal/controller/helmrelease_controller.go @@ -60,10 +60,12 @@ import ( "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/chartutil" "github.com/fluxcd/helm-controller/internal/digest" + "github.com/fluxcd/helm-controller/internal/features" "github.com/fluxcd/helm-controller/internal/kube" "github.com/fluxcd/helm-controller/internal/loader" intpredicates "github.com/fluxcd/helm-controller/internal/predicates" intreconcile "github.com/fluxcd/helm-controller/internal/reconcile" + "github.com/fluxcd/helm-controller/internal/release" ) // +kubebuilder:rbac:groups=helm.toolkit.fluxcd.io,resources=helmreleases,verbs=get;list;watch;create;update;patch;delete @@ -288,6 +290,16 @@ func (r *HelmReleaseReconciler) reconcileRelease(ctx context.Context, patchHelpe return ctrl.Result{}, err } + // Attempt to adopt "legacy" v2beta1 release state on a best-effort basis. + // If this fails, the controller will fall back to performing an upgrade + // to settle on the desired state. + // TODO(hidde): remove this in a future release. + if ok, _ := features.Enabled(features.AdoptLegacyReleases); ok { + if err := r.adoptLegacyRelease(ctx, getter, obj); err != nil { + log.Error(err, "failed to adopt v2beta1 release state") + } + } + // If the release target configuration has changed, we need to uninstall the // previous release target first. If we did not do this, the installation would // fail due to resources already existing. @@ -315,6 +327,7 @@ func (r *HelmReleaseReconciler) reconcileRelease(ctx context.Context, patchHelpe obj.Status.LastAttemptedRevision = loadedChart.Metadata.Version obj.Status.LastAttemptedConfigDigest = chartutil.DigestValues(digest.Canonical, values).String() obj.Status.LastAttemptedValuesChecksum = "" + obj.Status.LastReleaseRevision = 0 // Construct config factory for any further Helm actions. cfg, err := action.NewConfigFactory(getter, @@ -508,6 +521,46 @@ func (r *HelmReleaseReconciler) checkDependencies(ctx context.Context, obj *v2.H return nil } +// adoptLegacyRelease attempts to adopt a v2beta1 release into a v2beta2 +// release. +// This is done by retrieving the last successful release from the Helm storage +// and converting it to a v2beta2 release snapshot. +// If the v2beta1 release has already been adopted, this function is a no-op. +func (r *HelmReleaseReconciler) adoptLegacyRelease(ctx context.Context, getter genericclioptions.RESTClientGetter, obj *v2.HelmRelease) error { + if obj.Status.LastReleaseRevision < 1 || len(obj.Status.History) > 0 { + return nil + } + + // Construct config factory for current release. + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithStorageLog(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.TraceLevel))), + ) + + // Get the last successful release based on the observation for the v2beta1 + // object. + rls, err := cfg.NewStorage().Get(obj.GetReleaseName(), obj.Status.LastReleaseRevision) + if err != nil { + return err + } + + // Convert it to a v2beta2 release snapshot. + snap := release.ObservedToSnapshot(release.ObserveRelease(rls)) + + // If tests are enabled, include them as well. + if obj.GetTest().Enable { + snap.SetTestHooks(release.TestHooksFromRelease(rls)) + } + + // Adopt it as the current release in the history. + obj.Status.History = append(obj.Status.History, snap) + + // Erase the last release revision from the status. + obj.Status.LastReleaseRevision = 0 + + return nil +} + func (r *HelmReleaseReconciler) buildRESTClientGetter(ctx context.Context, obj *v2.HelmRelease) (genericclioptions.RESTClientGetter, error) { opts := []kube.Option{ kube.WithNamespace(obj.GetReleaseNamespace()), diff --git a/internal/controller/helmrelease_controller_test.go b/internal/controller/helmrelease_controller_test.go index 47f07848d..6331e953c 100644 --- a/internal/controller/helmrelease_controller_test.go +++ b/internal/controller/helmrelease_controller_test.go @@ -607,7 +607,7 @@ func TestHelmReleaseReconciler_reconcileRelease(t *testing.T) { Spec: v2.HelmReleaseSpec{ // Trigger a failure by setting an invalid storage namespace, // preventing the release from actually being installed. - // This allows us to just test the , without + // This allows us to just test the values being set, without // having to facilitate a full install. StorageNamespace: "not-exist", Values: &apiextensionsv1.JSON{ @@ -1404,6 +1404,174 @@ func TestHelmReleaseReconciler_checkDependencies(t *testing.T) { } } +func TestHelmReleaseReconciler_adoptLegacyRelease(t *testing.T) { + tests := []struct { + name string + releases func(namespace string) []*helmrelease.Release + spec func(spec *v2.HelmReleaseSpec) + status v2.HelmReleaseStatus + expectHistory func(releases []*helmrelease.Release) v2.Snapshots + expectLastReleaseRevision int + wantErr bool + }{ + { + name: "adopts last release revision", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "orphaned", + Namespace: namespace, + Version: 6, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }, testutil.ReleaseWithTestHook()), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.ReleaseName = "orphaned" + }, + status: v2.HelmReleaseStatus{ + LastReleaseRevision: 6, + }, + expectHistory: func(releases []*helmrelease.Release) v2.Snapshots { + return v2.Snapshots{ + release.ObservedToSnapshot(release.ObserveRelease(releases[0])), + } + }, + expectLastReleaseRevision: 0, + }, + { + name: "includes test hooks if enabled", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "orphaned-with-hooks", + Namespace: namespace, + Version: 3, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }, testutil.ReleaseWithTestHook()), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.ReleaseName = "orphaned-with-hooks" + spec.Test = &v2.Test{ + Enable: true, + } + }, + status: v2.HelmReleaseStatus{ + LastReleaseRevision: 3, + }, + expectHistory: func(releases []*helmrelease.Release) v2.Snapshots { + snap := release.ObservedToSnapshot(release.ObserveRelease(releases[0])) + snap.SetTestHooks(release.TestHooksFromRelease(releases[0])) + + return v2.Snapshots{ + snap, + } + }, + expectLastReleaseRevision: 0, + }, + { + name: "non-existing release", + spec: func(spec *v2.HelmReleaseSpec) { + spec.ReleaseName = "non-existing" + }, + status: v2.HelmReleaseStatus{ + LastReleaseRevision: 2, + }, + expectLastReleaseRevision: 2, + wantErr: true, + }, + { + name: "without last release revision", + status: v2.HelmReleaseStatus{ + LastReleaseRevision: 0, + }, + expectHistory: func(releases []*helmrelease.Release) v2.Snapshots { + return nil + }, + expectLastReleaseRevision: 0, + }, + { + name: "with existing history", + status: v2.HelmReleaseStatus{ + History: v2.Snapshots{ + { + Name: "something", + }, + }, + LastReleaseRevision: 5, + }, + expectHistory: func(releases []*helmrelease.Release) v2.Snapshots { + return v2.Snapshots{ + { + Name: "something", + }, + } + }, + expectLastReleaseRevision: 5, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + // Create a test namespace for storing the Helm release mock. + ns, err := testEnv.CreateNamespace(context.TODO(), "adopt-release") + g.Expect(err).ToNot(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), ns) + }) + + // Mock a HelmRelease object. + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ + StorageNamespace: ns.Name, + }, + Status: tt.status, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + + r := &HelmReleaseReconciler{ + Client: testEnv.Client, + GetClusterConfig: GetTestClusterConfig, + } + + // Store the Helm release mock in the test namespace. + getter, err := r.buildRESTClientGetter(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, action.WithStorage(helmdriver.SecretsDriverName, obj.GetStorageNamespace())) + g.Expect(err).ToNot(HaveOccurred()) + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(ns.Name) + } + store := helmstorage.Init(cfg.Driver) + for _, rls := range releases { + g.Expect(store.Create(rls)).To(Succeed()) + } + + // Adopt the Helm release mock. + err = r.adoptLegacyRelease(context.TODO(), getter, obj) + g.Expect(err != nil).To(Equal(tt.wantErr), "unexpected error: %s", err) + + // Verify the Helm release mock has been adopted. + var expectHistory v2.Snapshots + if tt.expectHistory != nil { + expectHistory = tt.expectHistory(releases) + } + g.Expect(obj.Status.History).To(Equal(expectHistory)) + g.Expect(obj.Status.LastReleaseRevision).To(Equal(tt.expectLastReleaseRevision)) + }) + } +} + func TestHelmReleaseReconciler_buildRESTClientGetter(t *testing.T) { const ( namespace = "some-namespace" diff --git a/internal/features/features.go b/internal/features/features.go index 43e7a4425..4d39cad0f 100644 --- a/internal/features/features.go +++ b/internal/features/features.go @@ -47,6 +47,13 @@ const ( // OOMWatch enables the OOM watcher, which will gracefully shut down the controller // when the memory usage exceeds the configured limit. This is disabled by default. OOMWatch = "OOMWatch" + + // AdoptLegacyReleases enables the adoption of the historical Helm release + // based on the status fields from a v2beta1 HelmRelease object. + // This is enabled by default to support an upgrade path from v2beta1 to v2beta2 + // without the need to upgrade the Helm release. But it can be disabled to + // avoid potential abuse of the adoption mechanism. + AdoptLegacyReleases = "AdoptLegacyReleases" ) var features = map[string]bool{ @@ -65,6 +72,9 @@ var features = map[string]bool{ // OOMWatch // opt-in from v0.31 OOMWatch: false, + // AdoptLegacyReleases + // opt-out from v0.37 + AdoptLegacyReleases: true, } // FeatureGates contains a list of all supported feature gates and