Merge pull request #400 from gianlucam76/sveltos-applier-upgrade

(feat) upgrade SveltosApplier

Author: gianlucam76

Makefile

@@ -429,7 +429,7 @@ $(shell skopeo inspect --format '{{.Digest}}' "docker://projectsveltos/sveltos-a
 endef
 
 define get-digest-sveltos-applier
-$(shell skopeo inspect --format '{{.Digest}}' "docker://projectsveltos/sveltos-applier:${TAG}" --override-os="linux" --override-arch="amd64" --override-variant="v8" 2>/dev/null)
+$(shell skopeo inspect --format '{{.Digest}}' "docker://projectsveltos/sveltos-applier:main" --override-os="linux" --override-arch="amd64" --override-variant="v8" 2>/dev/null)
 endef
 
 sveltos-agent:
@@ -448,8 +448,11 @@ sveltos-applier:
 	@echo "Downloading sveltos applier yaml"
 	$(eval digest :=$(call get-digest-sveltos-applier))
 	@echo "image digest is $(get-digest-sveltos-applier)"
+	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/sveltos-applier/main/manifest/manifest.yaml -o ./pkg/agent/sveltos-applier.yaml
+	sed -i '' -e "s#image: docker.io/projectsveltos/sveltos-applier:main#image: docker.io/projectsveltos/sveltos-applier@${digest}#g" ./pkg/agent/sveltos-applier.yaml
+	cd pkg/agent; go generate
 	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/sveltos-applier/main/manifest/manifest.yaml -o ./test/pullmode-sveltosapplier.yaml
-	sed -i '' -e "s#image: docker.io/projectsveltos/sveltos-applier:${TAG}#image: docker.io/projectsveltos/sveltos-applier@${digest}#g" ./test/pullmode-sveltosapplier.yaml
+	sed -i '' -e "s#image: docker.io/projectsveltos/sveltos-applier:main#image: docker.io/projectsveltos/sveltos-applier@${digest}#g" ./test/pullmode-sveltosapplier.yaml
 	sed -i '' -e "s#cluster-namespace=#cluster-namespace=default#g" ./test/pullmode-sveltosapplier.yaml
 	sed -i '' -e "s#cluster-name=#cluster-name=clusterapi-workload#g" ./test/pullmode-sveltosapplier.yaml
 	sed -i '' -e "s#cluster-type=#cluster-type=sveltos#g" ./test/pullmode-sveltosapplier.yaml

controllers/classifier_deployer.go

@@ -66,6 +66,8 @@ type feature struct {
 }
 
 const (
+	sveltosApplier = "sveltos-applier"
+
 	sveltosAgent                      = "sveltos-agent"
 	sveltosAgentFeatureLabelKey       = "feature"
 	sveltosAgentClusterNamespaceLabel = "cluster-namespace"
@@ -540,6 +542,16 @@ func deployClassifierInCluster(ctx context.Context, c client.Client,
 		if err != nil {
 			return err
 		}
+
+		// Initially, a user needs to manually deploy SveltosApplier in a managed cluster. After this initial
+		// deployment, the classifier will automatically handle any necessary upgrades. The SveltosApplier
+		// resources are passed to the SveltosApplier running in the managed cluster via ConfigurationGroups.
+		// The SveltosApplier then applies these resources, effectively upgrading itself.
+		err = upgradeSveltosApplierInManagedCluster(ctx, clusterNamespace, clusterName, applicant,
+			clusterType, logger)
+		if err != nil {
+			return err
+		}
 	}
 
 	err = deployCRDs(ctx, clusterNamespace, clusterName, applicant, clusterType, isPullMode, logger)
@@ -851,7 +863,21 @@ func (r *ClassifierReconciler) getCurrentHash(ctx context.Context, classifierSco
 	// If sveltos-agent configuration is in a ConfigMap. fetch ConfigMap and use its Data
 	// section in the hash evaluation.
 	if sveltosAgentConfigMap := getSveltosAgentConfigMap(); sveltosAgentConfigMap != "" {
-		configMap, err := collectSveltosAgentConfigMap(ctx, sveltosAgentConfigMap)
+		configMap, err := collectAgentConfigMap(ctx, sveltosAgentConfigMap)
+		if err != nil {
+			return nil, err
+		}
+		h := sha256.New()
+		config := string(currentHash)
+		config += render.AsCode(configMap.Data)
+		h.Write([]byte(config))
+		currentHash = h.Sum(nil)
+	}
+
+	// If sveltos-applier configuration is in a ConfigMap. fetch ConfigMap and use its Data
+	// section in the hash evaluation.
+	if sveltosApplierConfigMap := getSveltosApplierConfigMap(); sveltosApplierConfigMap != "" {
+		configMap, err := collectAgentConfigMap(ctx, sveltosApplierConfigMap)
 		if err != nil {
 			return nil, err
 		}
@@ -1396,6 +1422,22 @@ func prepareSveltosAgentYAML(agentYAML, clusterNamespace, clusterName, mode stri
 	return agentYAML
 }
 
+func prepareSveltosApplierYAML(agentYAML, clusterNamespace, clusterName string,
+	clusterType libsveltosv1beta1.ClusterType) string {
+
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-namespace=", fmt.Sprintf("cluster-namespace=%s", clusterNamespace))
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-name=", fmt.Sprintf("cluster-name=%s", clusterName))
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-type=", fmt.Sprintf("cluster-type=%s", clusterType))
+	agentYAML = strings.ReplaceAll(agentYAML, "secret-with-kubeconfig=", fmt.Sprintf("secret-with-kubeconfig=%s-sveltos-kubeconfig", clusterName))
+
+	registry := GetSveltosAgentRegistry()
+	if registry != "" {
+		agentYAML = replaceRegistry(agentYAML, registry)
+	}
+
+	return agentYAML
+}
+
 // createSveltosAgentNamespaceInManagedCluster creates the namespace where sveltos-agent will
 // store all its reports
 func createSveltosAgentNamespaceInManagedCluster(ctx context.Context, c client.Client,
@@ -1488,6 +1530,23 @@ func deploySveltosAgentInManagedCluster(ctx context.Context, remoteRestConfig *r
 		remoteRestConfig, agentYAML, nil, patches, isPullMode, logger)
 }
 
+func upgradeSveltosApplierInManagedCluster(ctx context.Context, clusterNamespace, clusterName, classifierName string,
+	clusterType libsveltosv1beta1.ClusterType, logger logr.Logger) error {
+
+	logger.V(logs.LogDebug).Info("upgrade sveltos-applier in the managed cluster")
+
+	patches, err := getSveltosApplierPatches(ctx, getManagementClusterClient(), logger)
+	if err != nil {
+		return err
+	}
+
+	agentYAML := string(agent.GetSveltosApplierAML())
+	agentYAML = prepareSveltosApplierYAML(agentYAML, clusterNamespace, clusterName, clusterType)
+
+	return deploySveltosApplierResources(ctx, clusterNamespace, clusterName, classifierName,
+		agentYAML, patches, logger)
+}
+
 func deploySveltosAgentInManagementCluster(ctx context.Context, restConfig *rest.Config, c client.Client,
 	clusterNamespace, clusterName, classifierName, mode string, clusterType libsveltosv1beta1.ClusterType,
 	patches []libsveltosv1beta1.Patch, logger logr.Logger) error {
@@ -1512,7 +1571,7 @@ func deploySveltosAgentInManagementCluster(ctx context.Context, restConfig *rest
 		restConfig, agentYAML, lbls, patches, false, logger)
 }
 
-func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterName, cliassifierName string,
+func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterName, classifierName string,
 	restConfig *rest.Config, agentYAML string, lbls map[string]string, patches []libsveltosv1beta1.Patch,
 	isPullMode bool, logger logr.Logger) error {
 
@@ -1527,7 +1586,7 @@ func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterN
 	for i := range elements {
 		policy, err := k8s_utils.GetUnstructured([]byte(elements[i]))
 		if err != nil {
-			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse classifier agent yaml: %v", err))
+			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse sveltos agent yaml: %v", err))
 			return err
 		}
 
@@ -1579,7 +1638,7 @@ func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterN
 	// This means SveltosCluster is in pull mode
 	if isPullMode {
 		err = pullmode.StageResourcesForDeployment(ctx, getManagementClusterClient(), clusterNamespace, clusterName,
-			libsveltosv1beta1.ClassifierKind, cliassifierName, libsveltosv1beta1.FeatureClassifier, resources, true, logger)
+			libsveltosv1beta1.ClassifierKind, classifierName, libsveltosv1beta1.FeatureClassifier, resources, true, logger)
 		if err != nil {
 			return err
 		}
@@ -1588,6 +1647,46 @@ func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterN
 	return nil
 }
 
+func deploySveltosApplierResources(ctx context.Context, clusterNamespace, clusterName, classifierName string,
+	agentYAML string, patches []libsveltosv1beta1.Patch, logger logr.Logger) error {
+
+	resources := make(map[string][]unstructured.Unstructured)
+	index := sveltosApplier
+	resources[index] = []unstructured.Unstructured{}
+
+	elements, err := deployer.CustomSplit(agentYAML)
+	if err != nil {
+		return err
+	}
+	for i := range elements {
+		policy, err := k8s_utils.GetUnstructured([]byte(elements[i]))
+		if err != nil {
+			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse sveltos applier yaml: %v", err))
+			return err
+		}
+
+		var referencedUnstructured []*unstructured.Unstructured
+		if len(patches) > 0 {
+			logger.V(logs.LogInfo).Info("Patch sveltos-applier resources")
+			p := &patcher.CustomPatchPostRenderer{Patches: patches}
+			referencedUnstructured, err = p.RunUnstructured(
+				[]*unstructured.Unstructured{policy},
+			)
+			if err != nil {
+				logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to patch sveltos-applier: %v", err))
+				return err
+			}
+		} else {
+			referencedUnstructured = append(referencedUnstructured, policy)
+		}
+
+		resources[index] = append(resources[index], convertPointerSliceToValueSlice(referencedUnstructured)...)
+	}
+
+	return pullmode.StageResourcesForDeployment(ctx, getManagementClusterClient(), clusterNamespace, clusterName,
+		libsveltosv1beta1.ClassifierKind, classifierName, libsveltosv1beta1.FeatureClassifier, resources, true, logger)
+}
+
 func deploySveltosAgentPatchedResources(ctx context.Context, restConfig *rest.Config,
 	referencedUnstructured []*unstructured.Unstructured, logger logr.Logger) error {
 
@@ -1785,6 +1884,38 @@ func getSveltosAgentPatches(ctx context.Context, c client.Client,
 	return patches, nil
 }
 
+func getSveltosApplierPatches(ctx context.Context, c client.Client,
+	logger logr.Logger) ([]libsveltosv1beta1.Patch, error) {
+
+	patches := make([]libsveltosv1beta1.Patch, 0)
+	configMapName := getSveltosApplierConfigMap()
+	configMap := &corev1.ConfigMap{}
+	if configMapName != "" {
+		err := c.Get(ctx,
+			types.NamespacedName{Namespace: projectsveltos, Name: configMapName},
+			configMap)
+		if err != nil {
+			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to get ConfigMap %s: %v",
+				configMapName, err))
+			return nil, err
+		}
+	}
+
+	for k := range configMap.Data {
+		// Only Deployment can be patched
+		patch := libsveltosv1beta1.Patch{
+			Patch: configMap.Data[k],
+			Target: &libsveltosv1beta1.PatchSelector{
+				Kind:  "Deployment",
+				Group: "apps",
+			},
+		}
+		patches = append(patches, patch)
+	}
+
+	return patches, nil
+}
+
 func addTemplateSpecLabels(u *unstructured.Unstructured, lbls map[string]string) (*unstructured.Unstructured, error) {
 	var deployment appsv1.Deployment
 	err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.UnstructuredContent(), &deployment)

controllers/management_cluster.go

@@ -30,6 +30,7 @@ var (
 	managementClusterConfig *rest.Config
 	managementClusterClient client.Client
 	sveltosAgentConfigMap   string
+	sveltosApplierConfigMap string
 	registry                string
 	agentInMgmtCluster      bool
 )
@@ -43,6 +44,10 @@ func SetSveltosAgentConfigMap(name string) {
 	sveltosAgentConfigMap = name
 }
 
+func SetSveltosApplierConfigMap(name string) {
+	sveltosApplierConfigMap = name
+}
+
 func SetSveltosAgentRegistry(reg string) {
 	registry = reg
 }
@@ -67,6 +72,10 @@ func getSveltosAgentConfigMap() string {
 	return sveltosAgentConfigMap
 }
 
+func getSveltosApplierConfigMap() string {
+	return sveltosApplierConfigMap
+}
+
 func GetSveltosAgentRegistry() string {
 	return registry
 }
@@ -75,7 +84,7 @@ func getAgentInMgmtCluster() bool {
 	return agentInMgmtCluster
 }
 
-func collectSveltosAgentConfigMap(ctx context.Context, name string) (*corev1.ConfigMap, error) {
+func collectAgentConfigMap(ctx context.Context, name string) (*corev1.ConfigMap, error) {
 	c := getManagementClusterClient()
 	configMap := &corev1.ConfigMap{}
 

generator.go

@@ -28,7 +28,7 @@ import (
 const (
 	agentTemplate = `// Generated by *go generate* - DO NOT EDIT
 /*
-Copyright 2022-23. projectsveltos.io. All rights reserved.
+Copyright 2022-25. projectsveltos.io. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -91,7 +91,9 @@ func main() {
 	sveltosAgentFile := "../../pkg/agent/sveltos-agent.yaml"
 	generate(sveltosAgentFile, "sveltos-agent", "sveltosAgent")
 
-	driftDetectionManagerInMgmtClusterFile := "../../pkg/agent/sveltos-agent-in-mgmt-cluster.yaml"
-	generate(driftDetectionManagerInMgmtClusterFile, "sveltos-agent-in-mgmt-cluster", "sveltosAgentInMgmtCluster")
+	sveltosAgentInMgmtClusterFile := "../../pkg/agent/sveltos-agent-in-mgmt-cluster.yaml"
+	generate(sveltosAgentInMgmtClusterFile, "sveltos-agent-in-mgmt-cluster", "sveltosAgentInMgmtCluster")
 
+	sveltosApplierFile := "../../pkg/agent/sveltos-applier.yaml"
+	generate(sveltosApplierFile, "sveltos-applier", "sveltosApplier")
 }

main.go

@@ -78,6 +78,7 @@ var (
 	version                               string
 	healthAddr                            string
 	sveltosAgentConfigMap                 string
+	sveltosApplierConfigMap               string
 	capiOnboardAnnotation                 string
 	registry                              string
 )
@@ -135,6 +136,7 @@ func main() {
 
 	controllers.SetManagementClusterAccess(mgr.GetConfig(), mgr.GetClient())
 	controllers.SetSveltosAgentConfigMap(sveltosAgentConfigMap)
+	controllers.SetSveltosApplierConfigMap(sveltosApplierConfigMap)
 	controllers.SetSveltosAgentRegistry(registry)
 	controllers.SetAgentInMgmtCluster(agentInMgmtCluster)
 
@@ -227,6 +229,9 @@ func initFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&sveltosAgentConfigMap, "sveltos-agent-config", "",
 		"The name of the ConfigMap in the projectsveltos namespace containing the sveltos-agent configuration")
 
+	fs.StringVar(&sveltosApplierConfigMap, "sveltos-applier-config", "",
+		"The name of the ConfigMap in the projectsveltos namespace containing the sveltos-applier configuration")
+
 	fs.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 

pkg/agent/agent.go

@@ -25,3 +25,7 @@ func GetSveltosAgentYAML() []byte {
 func GetSveltosAgentInMgmtClusterYAML() []byte {
 	return sveltosAgentInMgmtClusterYAML
 }
+
+func GetSveltosApplierAML() []byte {
+	return sveltosApplierYAML
+}

pkg/agent/sveltos-agent-in-mgmt-cluster.go

@@ -1,6 +1,6 @@
 // Generated by *go generate* - DO NOT EDIT
 /*
-Copyright 2022-23. projectsveltos.io. All rights reserved.
+Copyright 2022-25. projectsveltos.io. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/agent/sveltos-agent.go

@@ -1,6 +1,6 @@
 // Generated by *go generate* - DO NOT EDIT
 /*
-Copyright 2022-23. projectsveltos.io. All rights reserved.
+Copyright 2022-25. projectsveltos.io. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.