Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add In-Place upgrade for APK upgrading #2206

Merged
merged 3 commits into from
Apr 1, 2024
Merged

Add In-Place upgrade for APK upgrading #2206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
906e95a
Add version upgrade related helm changes
pubudu538 Mar 25, 2024
8e8879d
Add in-place upgrade for APK upgrading
pubudu538 Mar 30, 2024
cc9d84b
Fix null pointer exception when getting jwt validator based on the is…
pubudu538 Mar 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions ...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
import org.wso2.apk.enforcer.security.jwt.validator.JWTValidator;
import org.wso2.apk.enforcer.security.jwt.validator.RevokedJWTDataHolder;
import org.wso2.apk.enforcer.subscription.SubscriptionDataHolder;
import org.wso2.apk.enforcer.subscription.SubscriptionDataStore;
import org.wso2.apk.enforcer.server.RevokedTokenRedisClient;
import org.wso2.apk.enforcer.tracing.TracingConstants;
import org.wso2.apk.enforcer.tracing.TracingSpan;
Expand Down Expand Up @@ -472,8 +473,21 @@ private JWTValidationInfo getJwtValidationInfo(String jwtToken, String organizat
try {
// Get issuer
String issuer = jwtClaimsSet.getIssuer();
JWTValidator jwtValidator = SubscriptionDataHolder.getInstance().getSubscriptionDataStore(organization)
.getJWTValidatorByIssuer(issuer, environment);
SubscriptionDataStore subscriptionDataStore = SubscriptionDataHolder.getInstance()
.getSubscriptionDataStore(organization);
if (subscriptionDataStore == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
JWTValidator jwtValidator = subscriptionDataStore.getJWTValidatorByIssuer(issuer, environment);
// If no validator found for the issuer, we are not caching the token.
if (jwtValidator == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}

// If no validator found for the issuer, we are not caching the token.
if (jwtValidator == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
Expand Down
654 changes: 347 additions & 307 deletions helm-charts/README.md
View file
Open in desktop

Large diffs are not rendered by default.

27 changes: 27 additions & 0 deletions helm-charts/Version-Upgrade.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Updating APK Version

This guide outlines the process of upgrading from APK v1.0.0 installation to APK v1.1.0 installation.

## In-Place Upgrade

The in-place upgrade process transitions your existing APK v1.0.0 installation to APK v1.1.0. Prior to implementing these steps in a production environment, it is advised to apply and validate them in lower environments.

- Ensure APK v1.0.0 is currently installed in the cluster.

**Note:** The steps provided below assume that APK v1.0.0 is installed in the `default` namespace under the release name `apk`. Replace the dot (.) with the appropriate APK v1.1.0 Helm chart name and version, which is `wso2apk/apk-helm --version 1.1.0`.

- Install/Update CRDs for APK v1.1.0.

```bash
(helm template apk . -f crds-upgrade-values.yaml -n default && helm show crds .) > apk-v1.1.0-crds.yaml

kubectl apply -f apk-v1.1.0-crds.yaml
```

- Upgrade the existing APK v1.0.0 installation to APK v1.1.0.

```bash
helm upgrade --reuse-values apk . -f ./in-place-upgrade-values.yaml --set skipCrds=true
```

These steps will seamlessly transition your APK installation to the latest version, ensuring continued functionality and compatibility.
49 changes: 49 additions & 0 deletions helm-charts/crds-upgrade-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

wso2:
apk:
cp:
enabled: false
webhooks:
validatingwebhookconfigurations: false
mutatingwebhookconfigurations: false
auth:
enabled: false
enableServiceAccountCreation: false
enableClusterRoleCreation: false
dp:
enabled: false

idp:
enabled: false

gatewaySystem:
enabled: false
enableServiceAccountCreation: false
enableClusterRoleCreation: false
applyGatewayWehbhookJobs: false

certmanager:
enabled: false
enableClusterIssuer: false
enableRootCa: false

postgresql:
enabled: false

redis:
enabled: false
Loading
Loading