cockroachdb
diff --git a/‎cmd/main.go‎
Lines changed: 3 additions & 1 deletion b/‎cmd/main.go‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎migrate/main.go‎
Lines changed: 235 additions & 0 deletions b/‎migrate/main.go‎
Lines changed: 235 additions & 0 deletions
diff --git a/‎scripts/migration/public/README.md‎
Lines changed: 97 additions & 0 deletions b/‎scripts/migration/public/README.md‎
Lines changed: 97 additions & 0 deletions
@@ -16,7 +16,9 @@ limitations under the License.
 
 package main
 
-import cmd "github.com/cockroachdb/helm-charts/cmd/self-signer"
+import (
+	cmd "github.com/cockroachdb/helm-charts/cmd/self-signer"
+)
 
 func main() {
 	cmd.Execute()
 
@@ -6,6 +6,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cockroachdb/cockroach-operator v0.0.0-20230531051823-2cb3e2e676f4
+	github.com/cockroachdb/errors v1.8.0
 	github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible
 	github.com/gruntwork-io/terratest v0.41.26
 	github.com/mitchellh/hashstructure/v2 v2.0.2
@@ -37,7 +38,6 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
-	github.com/cockroachdb/errors v1.8.0 // indirect
 	github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f // indirect
 	github.com/cockroachdb/redact v1.0.6 // indirect
 	github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 // indirect
 
@@ -0,0 +1,235 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/cockroachdb/errors"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/homedir"
+	"sigs.k8s.io/yaml"
+
+	publicv1 "github.com/cockroachdb/cockroach-operator/apis/v1alpha1"
+	"github.com/cockroachdb/helm-charts/pkg/upstream/cockroach-operator/api/v1alpha1"
+)
+
+func main() {
+	var (
+		cloudProvider string
+		cloudRegion   string
+		crdbCluster   string
+		namespace     string
+		kubeconfig    string
+		outputDir     string
+	)
+
+	cmd := &cobra.Command{
+		Use: "build-manifests",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := context.TODO()
+
+			config, err := clientcmd.BuildConfigFromFlags("", kubeconfig)
+			if err != nil {
+				return errors.Wrap(err, "building k8s config")
+			}
+			clientset, err := kubernetes.NewForConfig(config)
+			if err != nil {
+				return errors.Wrap(err, "building k8s clientset")
+			}
+			dynamicClient, err := dynamic.NewForConfig(config)
+			if err != nil {
+				return errors.Wrap(err, "building k8s dynamic client")
+			}
+
+			gvr := schema.GroupVersionResource{
+				Group:    "crdb.cockroachlabs.com",
+				Version:  "v1alpha1",
+				Resource: "crdbclusters",
+			}
+			cr, err := dynamicClient.Resource(gvr).Namespace(namespace).Get(ctx, crdbCluster, metav1.GetOptions{})
+			if err != nil {
+				return errors.Wrap(err, "fetching public crdbcluster object")
+			}
+
+			publicCluster := publicv1.CrdbCluster{}
+			if err := runtime.DefaultUnstructuredConverter.FromUnstructured(cr.Object, &publicCluster); err != nil {
+				return errors.Wrap(err, "unmarshalling public crdbcluster object")
+			}
+
+			sts, err := clientset.AppsV1().StatefulSets(namespace).Get(ctx, crdbCluster, metav1.GetOptions{})
+			if err != nil {
+				return errors.Wrap(err, "fetching statefulset")
+			}
+
+			grpcPort := publicCluster.Spec.GRPCPort
+			joinAddrs := []string{}
+			for nodeIdx := range *sts.Spec.Replicas {
+				joinAddrs = append(joinAddrs, fmt.Sprintf("%s-%d.%s.%s:%d", crdbCluster, nodeIdx, crdbCluster, namespace, grpcPort))
+			}
+			joinString := strings.Join(joinAddrs, ",")
+
+			buildNodeSpec := func() v1alpha1.CrdbNodeSpec {
+				return v1alpha1.CrdbNodeSpec{
+					PodLabels: sts.Spec.Template.Labels,
+					DataStore: v1alpha1.DataStore{
+						VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
+							ObjectMeta: metav1.ObjectMeta{
+								Name: "datadir",
+							},
+							Spec: corev1.PersistentVolumeClaimSpec{
+								AccessModes: []corev1.PersistentVolumeAccessMode{
+									corev1.ReadWriteOnce,
+								},
+								Resources:        sts.Spec.VolumeClaimTemplates[0].Spec.Resources,
+								StorageClassName: sts.Spec.VolumeClaimTemplates[0].Spec.StorageClassName,
+							},
+						},
+					},
+					Domain: "",
+					Env: []corev1.EnvVar{
+						{
+							Name: "HostIP",
+							ValueFrom: &corev1.EnvVarSource{
+								FieldRef: &corev1.ObjectFieldSelector{
+									APIVersion: "v1",
+									FieldPath:  "status.hostIP",
+								},
+							},
+						},
+					},
+					ResourceRequirements: sts.Spec.Template.Spec.Containers[0].Resources,
+					Image:                sts.Spec.Template.Spec.Containers[0].Image,
+					ServiceAccountName:   "cockroachdb",
+					Join:                 joinString,
+					Certificates: v1alpha1.Certificates{
+						ExternalCertificates: &v1alpha1.ExternalCertificates{
+							CAConfigMapName:         crdbCluster + "-ca",
+							NodeSecretName:          crdbCluster + "-node-certs",
+							RootSQLClientSecretName: crdbCluster + "-client-certs",
+						},
+					},
+				}
+			}
+
+			for nodeIdx := range *sts.Spec.Replicas {
+				podName := fmt.Sprintf("%s-%d", crdbCluster, nodeIdx)
+				pod, err := clientset.CoreV1().Pods(namespace).Get(ctx, podName, metav1.GetOptions{})
+				if err != nil {
+					return errors.Newf("couldn't find crdb pod %s", podName)
+				}
+
+				if pod.Spec.NodeName == "" {
+					return errors.Newf("pod %s isn't scheduled to a node", podName)
+				}
+
+				nodeSpec := buildNodeSpec()
+				nodeSpec.NodeName = pod.Spec.NodeName
+
+				crdbNode := v1alpha1.CrdbNode{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "CrdbNode",
+						APIVersion: "crdb.cockroachlabs.com/v1alpha1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:         fmt.Sprintf("%s-%d", crdbCluster, nodeIdx),
+						Namespace:    namespace,
+						GenerateName: "",
+						Labels: map[string]string{
+							"app":                            "cockroachdb",
+							"svc":                            "cockroachdb",
+							"crdb.cockroachlabs.com/cluster": crdbCluster,
+						},
+						Annotations: map[string]string{
+							"crdb.cockroachlabs.com/cloudProvider": cloudProvider,
+						},
+						Finalizers: []string{"crdbnode.crdb.cockroachlabs.com/finalizer"},
+					},
+					Spec: nodeSpec,
+				}
+				yamlToDisk(filepath.Join(outputDir, fmt.Sprintf("crdbnode-%d.yaml", nodeIdx)), crdbNode)
+			}
+
+			helmValues := buildHelmValues(publicCluster, cloudProvider, cloudRegion, namespace)
+
+			yamlToDisk(filepath.Join(outputDir, "values.yaml"), helmValues)
+
+			return nil
+		},
+	}
+
+	cmd.PersistentFlags().StringVar(&cloudProvider, "cloud-provider", "", "name of cloud provider")
+	cmd.PersistentFlags().StringVar(&cloudRegion, "cloud-region", "", "name of cloud provider region")
+	cmd.PersistentFlags().StringVar(&crdbCluster, "crdb-cluster", "", "name of crdbcluster resource")
+	cmd.PersistentFlags().StringVar(&namespace, "namespace", "default", "namespace of crdbcluster resource")
+	cmd.PersistentFlags().StringVar(&kubeconfig, "kubeconfig", filepath.Join(homedir.HomeDir(), ".kube", "config"), "path to kubeconfig file")
+	cmd.PersistentFlags().StringVar(&outputDir, "output-dir", "./manifests", "manifest output directory")
+	cmd.MarkPersistentFlagRequired("cloud-provider")
+	cmd.MarkPersistentFlagRequired("cloud-region")
+	cmd.MarkPersistentFlagRequired("crdb-cluster")
+
+	if err := cmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+func To[T any](v T) *T {
+	return &v
+}
+
+func yamlToDisk(path string, data any) error {
+	file, err := os.Create(path)
+	if err != nil {
+		return errors.Wrap(err, "creating file")
+	}
+	bytes, err := yaml.Marshal(data)
+	if err != nil {
+		return errors.Wrap(err, "marshalling yaml")
+	}
+	if _, err := file.Write(bytes); err != nil {
+		return errors.Wrap(err, "writing yaml")
+	}
+	return nil
+}
+
+func buildHelmValues(cluster publicv1.CrdbCluster, cloudProvider string, cloudRegion string, namespace string) map[string]interface{} {
+	return map[string]interface{}{
+		"operator": map[string]interface{}{
+			"enabled":    true,
+			"tlsEnabled": cluster.Spec.TLSEnabled,
+			"regions": []map[string]interface{}{
+				{
+					"namespace":     namespace,
+					"cloudProvider": cloudProvider,
+					"code":          cloudRegion,
+					"nodes":         cluster.Spec.Nodes,
+					"domain":        "",
+				},
+			},
+			"dataStore": map[string]interface{}{
+				"volumeClaimTemplate": map[string]interface{}{
+					"metadata": map[string]interface{}{
+						"name": "datadir",
+					},
+				},
+			},
+			"resources":      cluster.Spec.Resources,
+			"podAnnotations": cluster.Spec.AdditionalAnnotations,
+			"ports": map[string]interface{}{
+				"grpcPort": cluster.Spec.GRPCPort,
+				"httpPort": cluster.Spec.HTTPPort,
+				"sqlPort":  cluster.Spec.SQLPort,
+			},
+		},
+	}
+}
@@ -0,0 +1,97 @@
+## Migrate from public operator to cloud operator
+
+This guide will walk you through migrating a crdb cluster managed via the public operator to the crdb cloud operator. We assume you've created a cluster using the public operator. The goals of this process are to migrate without affecting cluster availability, and to preserve existing disks so that we don't have to replica data into empty volumes. Note that this process scales down the statefulset by one node before adding each operator-managed pod, so cluster capacity will be reduced by one node at times.
+
+Pre-requisite: Install the public operator and create an operator-managed cluster:
+
+```
+kubectl apply -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.17.0/install/crds.yaml
+kubectl apply -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.17.0/install/operator.yaml
+
+kubectl apply -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.17.0/examples/example.yaml
+```
+
+Set environment variables:
+
+```
+export CRDBCLUSTER=cockroachdb
+export NAMESPACE=default
+export CLOUD_PROVIDER=gcp
+export REGION=us-central1
+```
+
+Back up crdbcluster resource in case we need to revert:
+
+```
+mkdir -p backup
+kubectl get crdbcluster -o yaml $CRDBCLUSTER > backup/crdbcluster-$CRDBCLUSTER.yaml
+```
+
+Next, we need to re-map and generate tls certs. The crdb cloud operator uses slightly different certs than the public operator and mounts them in configmaps and secrets with different names. Run the `generate-certs.sh` script to generate and upload certs to your cluster.
+
+```
+./generate-certs.sh
+```
+
+Next, generate manifests for each crdbnode and the crdbcluster based on the state of the statefulset. We generate a manifest for each crdbnode because we want the crdb pods and their associated pvcs to use the same names as the original statefulset-managed pods and pvcs. This means that the new operator-managed pods will use the original pvcs, and won't have to replicate data into empty nodes.
+
+```
+./generate-manifests.sh
+
+The public operator and cloud operator use custom resource definitions with the same names, so we have to remove the public operator before installing the cloud operator. Uninstall the public operator, without deleting its managed pods, pvc, etc.:
+
+```
+
+# Ensure that operator can't accidentally delete managed k8s objects.
+kubectl delete clusterrolebinding cockroach-operator-rolebinding
+
+# Delete public operator cr.
+kubectl delete crdbcluster $CRDBCLUSTER --cascade=orphan
+
+# Delete public operator resources and crd.
+kubectl delete -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.17.0/install/crds.yaml
+kubectl delete -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.17.0/install/operator.yaml
+```
+
+Install the cloud operator and wait for it to become ready:
+
+```
+helm upgrade --install crdb-operator ./operator
+kubectl rollout status deployment/cockroach-operator --timeout=60s
+```
+
+To migrate seamlessly from the statefulset to the cloud operator, we'll scale down statefulset-managed pods and replace them with crdbnode objects, one by one. Then we'll create the crdbcluster that manages the crdbnodes. Because of this order of operations, we need to create some objects that the crdbcluster will eventually own:
+
+```
+kubectl create priorityclass crdb-critical --value 500000000
+yq '(.. | select(tag == "!!str")) |= envsubst' rbac-template.yaml > manifests/rbac.yaml
+kubectl apply -f manifests/rbac.yaml
+```
+
+For each crdb pod, scale the statefulset down by one replica. For example, for a three-node cluster, first scale the statefulset down to two replicas:
+
+```
+kubectl scale statefulset/$CRDBCLUSTER --replicas=2
+```
+
+Then create the crdbnode corresponding to the statefulset pod you just scaled down:
+
+```
+kubectl apply -f manifests/crdbnode-$CRDBCLUSTER-2.yaml
+```
+
+Wait for the new pod to become ready. If it doesn't, check the cloud operator logs for errors.
+
+Repeat this process for each crdb node until the statefulset has zero replicas.
+
+The public operator creates a pod disruption budget that conflicts with a pod disruption budget managed by the cloud operator. Before applying the crdbcluster manifest, delete the existing pod disruption budget:
+
+```
+kubectl delete poddisruptionbudget $CRDBCLUSTER
+```
+
+Finally, apply the crdbcluster manifest:
+
+```
+kubectl apply -f manifests/crdbcluster-$CRDBCLUSTER.yaml
+```