(feat) upgrade SveltosApplier

gianlucam76 · gianlucam76 · commit cc8e28254130 · 2025-08-14T16:59:47.000+02:00
Initial manual deployment of SveltosApplier is required in the managed cluster.
Following this, the classifier ensures automatic upgrades as needed. The upgrade
process is handled by passing SveltosApplier resources through ConfigurationGroups
to the managed cluster, which then applies these resources to self-upgrade.
diff --git a/Makefile b/Makefile
@@ -448,6 +448,8 @@ sveltos-applier:
 	@echo "Downloading sveltos applier yaml"
 	$(eval digest :=$(call get-digest-sveltos-applier))
 	@echo "image digest is $(get-digest-sveltos-applier)"
+	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/sveltos-applier/main/manifest/manifest.yaml -o ./pkg/agent/sveltos-applier.yaml
+	cd pkg/agent; go generate
 	curl -L -H "Authorization: token $$GITHUB_PAT" https://raw.githubusercontent.com/projectsveltos/sveltos-applier/main/manifest/manifest.yaml -o ./test/pullmode-sveltosapplier.yaml
 	sed -i '' -e "s#image: docker.io/projectsveltos/sveltos-applier:${TAG}#image: docker.io/projectsveltos/sveltos-applier@${digest}#g" ./test/pullmode-sveltosapplier.yaml
 	sed -i '' -e "s#cluster-namespace=#cluster-namespace=default#g" ./test/pullmode-sveltosapplier.yaml
diff --git a/controllers/classifier_deployer.go b/controllers/classifier_deployer.go
@@ -66,6 +66,8 @@ type feature struct {
 }
 
 const (
+	sveltosApplier = "sveltos-applier"
+
 	sveltosAgent                      = "sveltos-agent"
 	sveltosAgentFeatureLabelKey       = "feature"
 	sveltosAgentClusterNamespaceLabel = "cluster-namespace"
@@ -540,6 +542,16 @@ func deployClassifierInCluster(ctx context.Context, c client.Client,
 		if err != nil {
 			return err
 		}
+
+		// Initially, a user needs to manually deploy SveltosApplier in a managed cluster. After this initial
+		// deployment, the classifier will automatically handle any necessary upgrades. The SveltosApplier
+		// resources are passed to the SveltosApplier running in the managed cluster via ConfigurationGroups.
+		// The SveltosApplier then applies these resources, effectively upgrading itself.
+		err = upgradeSveltosApplierInManagedCluster(ctx, clusterNamespace, clusterName, applicant,
+			clusterType, logger)
+		if err != nil {
+			return err
+		}
 	}
 
 	err = deployCRDs(ctx, clusterNamespace, clusterName, applicant, clusterType, isPullMode, logger)
@@ -1396,6 +1408,22 @@ func prepareSveltosAgentYAML(agentYAML, clusterNamespace, clusterName, mode stri
 	return agentYAML
 }
 
+func prepareSveltosApplierYAML(agentYAML, clusterNamespace, clusterName string,
+	clusterType libsveltosv1beta1.ClusterType) string {
+
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-namespace=", fmt.Sprintf("cluster-namespace=%s", clusterNamespace))
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-name=", fmt.Sprintf("cluster-name=%s", clusterName))
+	agentYAML = strings.ReplaceAll(agentYAML, "cluster-type=", fmt.Sprintf("cluster-type=%s", clusterType))
+	agentYAML = strings.ReplaceAll(agentYAML, "v=5", "v=0")
+
+	registry := GetSveltosAgentRegistry()
+	if registry != "" {
+		agentYAML = replaceRegistry(agentYAML, registry)
+	}
+
+	return agentYAML
+}
+
 // createSveltosAgentNamespaceInManagedCluster creates the namespace where sveltos-agent will
 // store all its reports
 func createSveltosAgentNamespaceInManagedCluster(ctx context.Context, c client.Client,
@@ -1488,6 +1516,18 @@ func deploySveltosAgentInManagedCluster(ctx context.Context, remoteRestConfig *r
 		remoteRestConfig, agentYAML, nil, patches, isPullMode, logger)
 }
 
+func upgradeSveltosApplierInManagedCluster(ctx context.Context, clusterNamespace, clusterName, classifierName string,
+	clusterType libsveltosv1beta1.ClusterType, logger logr.Logger) error {
+
+	logger.V(logs.LogDebug).Info("upgrade sveltos-applier in the managed cluster")
+
+	agentYAML := string(agent.GetSveltosApplierAML())
+	agentYAML = prepareSveltosApplierYAML(agentYAML, clusterNamespace, clusterName, clusterType)
+
+	return deploySveltosApplierResources(ctx, clusterNamespace, clusterName, classifierName,
+		agentYAML, logger)
+}
+
 func deploySveltosAgentInManagementCluster(ctx context.Context, restConfig *rest.Config, c client.Client,
 	clusterNamespace, clusterName, classifierName, mode string, clusterType libsveltosv1beta1.ClusterType,
 	patches []libsveltosv1beta1.Patch, logger logr.Logger) error {
@@ -1527,7 +1567,7 @@ func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterN
 	for i := range elements {
 		policy, err := k8s_utils.GetUnstructured([]byte(elements[i]))
 		if err != nil {
-			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse classifier agent yaml: %v", err))
+			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse sveltos agent yaml: %v", err))
 			return err
 		}
 
@@ -1588,6 +1628,34 @@ func deploySveltosAgentResources(ctx context.Context, clusterNamespace, clusterN
 	return nil
 }
 
+func deploySveltosApplierResources(ctx context.Context, clusterNamespace, clusterName, cliassifierName string,
+	agentYAML string, logger logr.Logger) error {
+
+	resources := make(map[string][]unstructured.Unstructured)
+	index := sveltosApplier
+	resources[index] = []unstructured.Unstructured{}
+
+	elements, err := deployer.CustomSplit(agentYAML)
+	if err != nil {
+		return err
+	}
+	for i := range elements {
+		policy, err := k8s_utils.GetUnstructured([]byte(elements[i]))
+		if err != nil {
+			logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to parse sveltos applier yaml: %v", err))
+			return err
+		}
+
+		var referencedUnstructured []*unstructured.Unstructured
+		referencedUnstructured = append(referencedUnstructured, policy)
+
+		resources[index] = append(resources[index], convertPointerSliceToValueSlice(referencedUnstructured)...)
+	}
+
+	return pullmode.StageResourcesForDeployment(ctx, getManagementClusterClient(), clusterNamespace, clusterName,
+		libsveltosv1beta1.ClassifierKind, cliassifierName, libsveltosv1beta1.FeatureClassifier, resources, true, logger)
+}
+
 func deploySveltosAgentPatchedResources(ctx context.Context, restConfig *rest.Config,
 	referencedUnstructured []*unstructured.Unstructured, logger logr.Logger) error {
 
diff --git a/generator.go b/generator.go
@@ -91,7 +91,9 @@ func main() {
 	sveltosAgentFile := "../../pkg/agent/sveltos-agent.yaml"
 	generate(sveltosAgentFile, "sveltos-agent", "sveltosAgent")
 
-	driftDetectionManagerInMgmtClusterFile := "../../pkg/agent/sveltos-agent-in-mgmt-cluster.yaml"
-	generate(driftDetectionManagerInMgmtClusterFile, "sveltos-agent-in-mgmt-cluster", "sveltosAgentInMgmtCluster")
+	sveltosAgentInMgmtClusterFile := "../../pkg/agent/sveltos-agent-in-mgmt-cluster.yaml"
+	generate(sveltosAgentInMgmtClusterFile, "sveltos-agent-in-mgmt-cluster", "sveltosAgentInMgmtCluster")
 
+	sveltosApplierFile := "../../pkg/agent/sveltos-applier.yaml"
+	generate(sveltosApplierFile, "sveltos-applier", "sveltosApplier")
 }
diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go
@@ -25,3 +25,7 @@ func GetSveltosAgentYAML() []byte {
 func GetSveltosAgentInMgmtClusterYAML() []byte {
 	return sveltosAgentInMgmtClusterYAML
 }
+
+func GetSveltosApplierAML() []byte {
+	return sveltosApplierYAML
+}
diff --git a/pkg/agent/sveltos-applier.go b/pkg/agent/sveltos-applier.go
@@ -0,0 +1,167 @@
+// Generated by *go generate* - DO NOT EDIT
+/*
+Copyright 2022-23. projectsveltos.io. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package agent
+
+var sveltosApplierYAML = []byte(`apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/name: sveltos-applier
+  name: projectsveltos
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: sveltos-applier
+  name: sveltos-applier-manager
+  namespace: projectsveltos
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: sveltos-applier-manager-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: sveltos-applier
+  name: sveltos-applier-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sveltos-applier-manager-role
+subjects:
+- kind: ServiceAccount
+  name: sveltos-applier-manager
+  namespace: projectsveltos
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: sveltos-applier
+  name: sveltos-applier-metrics-service
+  namespace: projectsveltos
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    app.kubernetes.io/name: sveltos-applier
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: sveltos-applier
+  name: sveltos-applier-manager
+  namespace: projectsveltos
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: sveltos-applier
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: controller
+      labels:
+        app.kubernetes.io/name: sveltos-applier
+    spec:
+      containers:
+      - args:
+        - --diagnostics-address=:8443
+        - --cluster-namespace=
+        - --cluster-name=
+        - --cluster-type=
+        - --secret-with-kubeconfig=
+        - --v=5
+        - --version=main
+        command:
+        - /manager
+        env:
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.cpu
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: docker.io/projectsveltos/sveltos-applier:main
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: healthz
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: controller
+        ports:
+        - containerPort: 8443
+          name: metrics
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /readyz
+            port: healthz
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 200m
+            memory: 512Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts: []
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: sveltos-applier-manager
+      terminationGracePeriodSeconds: 10
+      volumes: []
+`)
diff --git a/pkg/agent/sveltos-applier.yaml b/pkg/agent/sveltos-applier.yaml
diff --git a/test/pullmode-sveltosapplier.yaml b/test/pullmode-sveltosapplier.yaml

Original file line number	Diff line number	Diff line change
`@@ -25,3 +25,7 @@ func GetSveltosAgentYAML() []byte {`
`25`	`25`	`func GetSveltosAgentInMgmtClusterYAML() []byte {`
`26`	`26`	`return sveltosAgentInMgmtClusterYAML`
`27`	`27`	`}`
	`28`	`+`
	`29`	`+func GetSveltosApplierAML() []byte {`
	`30`	`+ return sveltosApplierYAML`
	`31`	`+}`