Add API docs

Also clean up some of the api spec for better documentation, and fix
tests.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Author: brandond

Dockerfile.dapper

@@ -19,7 +19,8 @@ RUN if [ "${ARCH:-$(go env GOARCH)}" = "amd64" ]; then \
 RUN mkdir -p /usr/local/lib/docker/cli-plugins; \
     curl -o /usr/local/lib/docker/cli-plugins/docker-buildx -fsSL "https://github.com/docker/buildx/releases/download/v0.17.1/buildx-v0.17.1.linux-amd64"; \
     chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
-RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.17.3
+RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.17.3 && \
+    go install github.com/elastic/crd-ref-docs@v0.1.0
 ENV DAPPER_ENV REPO TAG DRONE_TAG
 ENV DAPPER_SOURCE /go/src/github.com/rancher/system-upgrade-controller/
 ENV DAPPER_OUTPUT ./bin ./dist

README.md

@@ -52,6 +52,10 @@ But in the time-honored tradition of `curl ${script} | sudo sh -` here is a nice
 kubectl apply -k github.com/rancher/system-upgrade-controller
 ```
 
+## API Documentation
+
+Autogenerated API docs for `upgrade.cattle.io/v1 Plan` are available at [doc/plan.md](doc/plan.md#Plan)
+
 ### Example Plans
 
 - [examples/k3s-upgrade.yaml](examples/k3s-upgrade.yaml)

crd-ref-docs.yaml

@@ -0,0 +1,5 @@
+processor:
+  ignoreFields:
+    - "TypeMeta$"
+render:
+  kubernetesVersion: 1.32

doc/plan.md

@@ -0,0 +1,201 @@
+# API Reference
+
+## Packages
+- [upgrade.cattle.io/v1](#upgradecattleiov1)
+
+
+## upgrade.cattle.io/v1
+
+
+
+
+
+
+#### ContainerSpec
+
+
+
+ContainerSpec is a simplified container template spec, used to configure the prepare and upgrade
+containers of the Job Pod.
+
+
+
+_Appears in:_
+- [PlanSpec](#planspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `image` _string_ | Image name. If the tag is omitted, the value from .status.latestVersion will be used. |  | Required: \{\} <br /> |
+| `command` _string array_ |  |  |  |
+| `args` _string array_ |  |  |  |
+| `envs` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#envvar-v1-core) array_ |  |  |  |
+| `envFrom` _[EnvFromSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#envfromsource-v1-core) array_ |  |  |  |
+| `volumes` _[VolumeSpec](#volumespec) array_ |  |  |  |
+| `securityContext` _[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#securitycontext-v1-core)_ |  |  |  |
+
+
+#### Day
+
+_Underlying type:_ _string_
+
+
+
+_Validation:_
+- Enum: [0 su sun sunday 1 mo mon monday 2 tu tue tuesday 3 we wed wednesday 4 th thu thursday 5 fr fri friday 6 sa sat saturday]
+
+_Appears in:_
+- [TimeWindowSpec](#timewindowspec)
+
+
+
+#### DrainSpec
+
+
+
+DrainSpec encapsulates kubectl drain parameters minus node/pod selectors. See:
+- https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/
+- https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#drain
+
+
+
+_Appears in:_
+- [PlanSpec](#planspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `timeout` _[Duration](#duration)_ |  |  |  |
+| `gracePeriod` _integer_ |  |  |  |
+| `deleteLocalData` _boolean_ |  |  |  |
+| `deleteEmptydirData` _boolean_ |  |  |  |
+| `ignoreDaemonSets` _boolean_ |  |  |  |
+| `force` _boolean_ |  |  |  |
+| `disableEviction` _boolean_ |  |  |  |
+| `skipWaitForDeleteTimeout` _integer_ |  |  |  |
+| `podSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#labelselector-v1-meta)_ |  |  |  |
+
+
+#### Plan
+
+
+
+Plan represents a set of Jobs to apply an upgrade (or other operation) to set of Nodes.
+
+
+
+_Appears in:_
+- [PlanList](#planlist)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[PlanSpec](#planspec)_ |  |  |  |
+| `status` _[PlanStatus](#planstatus)_ |  |  |  |
+
+
+
+
+#### PlanSpec
+
+
+
+PlanSpec represents the user-configurable details of a Plan.
+
+
+
+_Appears in:_
+- [Plan](#plan)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `concurrency` _integer_ | The maximum number of concurrent nodes to apply this update on. |  |  |
+| `jobActiveDeadlineSecs` _integer_ | Sets ActiveDeadlineSeconds on Jobs generated to apply this Plan.<br />If the Job does not complete within this time, the Plan will stop processing until it is updated to trigger a redeploy.<br />If set to 0, Jobs have no deadline. If not set, the controller default value is used. |  |  |
+| `nodeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#labelselector-v1-meta)_ | Select which nodes this plan can be applied to. |  |  |
+| `serviceAccountName` _string_ | The service account for the pod to use. As with normal pods, if not specified the default service account from the namespace will be assigned. |  |  |
+| `channel` _string_ | A URL that returns HTTP 302 with the last path element of the value returned in the Location header assumed to be an image tag (after munging "+" to "-"). |  |  |
+| `version` _string_ | Providing a value for version will prevent polling/resolution of the channel if specified. |  |  |
+| `secrets` _[SecretSpec](#secretspec) array_ | Secrets to be mounted into the Job Pod. |  |  |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | Specify which node taints should be tolerated by pods applying the upgrade.<br />Anything specified here is appended to the default of:<br />- `\{key: node.kubernetes.io/unschedulable, effect: NoSchedule, operator: Exists\}` |  |  |
+| `exclusive` _boolean_ | Jobs for exclusive plans cannot be run alongside any other exclusive plan. |  |  |
+| `window` _[TimeWindowSpec](#timewindowspec)_ | A time window in which to execute Jobs for this Plan.<br />Jobs will not be generated outside this time window, but may continue executing into the window once started. |  |  |
+| `prepare` _[ContainerSpec](#containerspec)_ | The prepare init container, if specified, is run before cordon/drain which is run before the upgrade container. |  |  |
+| `upgrade` _[ContainerSpec](#containerspec)_ | The upgrade container; must be specified. |  |  |
+| `cordon` _boolean_ | If Cordon is true, the node is cordoned before the upgrade container is run.<br />If drain is specified, the value for cordon is ignored, and the node is cordoned.<br />If neither drain nor cordon are specified and the node is marked as schedulable=false it will not be marked as schedulable=true when the Job completes. |  |  |
+| `drain` _[DrainSpec](#drainspec)_ | Configuration for draining nodes prior to upgrade. If left unspecified, no drain will be performed. |  |  |
+| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core) array_ | Image Pull Secrets, used to pull images for the Job. |  |  |
+| `postCompleteDelay` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Time after a Job for one Node is complete before a new Job will be created for the next Node. |  |  |
+
+
+#### PlanStatus
+
+
+
+PlanStatus represents the resulting state from processing Plan events.
+
+
+
+_Appears in:_
+- [Plan](#plan)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `conditions` _GenericCondition array_ |  |  |  |
+| `latestVersion` _string_ | The latest version, as resolved from .spec.version, or the channel server. |  |  |
+| `latestHash` _string_ | The hash of the most recently applied plan .spec. |  |  |
+| `applying` _string array_ | List of Node names that the Plan is currently being applied on. |  |  |
+
+
+#### SecretSpec
+
+
+
+SecretSpec describes a Secret to be mounted for prepare/upgrade containers.
+
+
+
+_Appears in:_
+- [PlanSpec](#planspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `name` _string_ | Secret name |  | Required: \{\} <br /> |
+| `path` _string_ | Path to mount the Secret volume within the Pod. |  | Required: \{\} <br /> |
+| `ignoreUpdates` _boolean_ | If set to true, the Secret contents will not be hashed, and changes to the Secret will not trigger new application of the Plan. |  |  |
+
+
+#### TimeWindowSpec
+
+
+
+TimeWindowSpec describes a time window in which a Plan should be processed.
+
+
+
+_Appears in:_
+- [PlanSpec](#planspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `days` _[Day](#day) array_ | Days that this time window is valid for |  | Enum: [0 su sun sunday 1 mo mon monday 2 tu tue tuesday 3 we wed wednesday 4 th thu thursday 5 fr fri friday 6 sa sat saturday] <br />MinItems: 1 <br /> |
+| `startTime` _string_ | Start of the time window. |  |  |
+| `endTime` _string_ | End of the time window. |  |  |
+| `timeZone` _string_ | Time zone for the time window; if not specified UTC will be used. |  |  |
+
+
+#### VolumeSpec
+
+
+
+HostPath volume to mount into the pod
+
+
+
+_Appears in:_
+- [ContainerSpec](#containerspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `name` _string_ | Name of the Volume as it will appear within the Pod spec. |  | Required: \{\} <br /> |
+| `source` _string_ | Path on the host to mount. |  | Required: \{\} <br /> |
+| `destination` _string_ | Path to mount the Volume at within the Pod. |  | Required: \{\} <br /> |
+
+

e2e/suite/job_generate_test.go

@@ -185,16 +185,11 @@ var _ = Describe("Job Generation", func() {
 					Operator: metav1.LabelSelectorOpDoesNotExist,
 				}},
 			}
-			plan, err = e2e.CreatePlan(plan)
-			Expect(err).ToNot(HaveOccurred())
-
-			plan, err = e2e.WaitForPlanCondition(plan.Name, upgradeapiv1.PlanSpecValidated, 30*time.Second)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(upgradeapiv1.PlanSpecValidated.IsTrue(plan)).To(BeFalse())
-			Expect(upgradeapiv1.PlanSpecValidated.GetMessage(plan)).To(ContainSubstring("spec.window is invalid"))
+			_, err = e2e.CreatePlan(plan)
+			Expect(err).To(MatchError(ContainSubstring("invalid: spec.window.days")))
 
 			plan.Spec.Window.Days = []upgradeapiv1.Day{"su", "mo", "tu", "we", "th", "fr", "sa"}
-			plan, err = e2e.UpdatePlan(plan)
+			plan, err = e2e.CreatePlan(plan)
 			Expect(err).ToNot(HaveOccurred())
 
 			plan, err = e2e.WaitForPlanCondition(plan.Name, upgradeapiv1.PlanSpecValidated, 30*time.Second)
@@ -205,7 +200,7 @@ var _ = Describe("Job Generation", func() {
 			Expect(err).ToNot(HaveOccurred())
 			Expect(jobs).To(HaveLen(1))
 		})
-		It("should apply successfully after edit", func() {
+		It("should apply successfully when valid", func() {
 			Expect(jobs).To(HaveLen(1))
 			Expect(jobs[0].Status.Succeeded).To(BeNumerically("==", 1))
 			Expect(jobs[0].Status.Active).To(BeNumerically("==", 0))

e2e/suite/plan_create_test.go

@@ -20,7 +20,7 @@ var _ = Describe("Plan Creation", func() {
 			plan, err = e2e.CreatePlan(plan)
 		})
 		It("should return an error if upgrade in nil", func() {
-			Expect(err).Should(HaveOccurred())
+			Expect(err).To(HaveOccurred())
 		})
 	})
 })

main.go

@@ -2,6 +2,7 @@
 //go:generate rm -rf pkg/generated pkg/crds/yaml/generated
 //go:generate go run pkg/codegen/codegen.go
 //go:generate controller-gen crd:generateEmbeddedObjectMeta=true paths=./pkg/apis/... output:crd:dir=./pkg/crds/yaml/generated
+//go:generate crd-ref-docs --config=crd-ref-docs.yaml --renderer=markdown --output-path=doc/plan.md
 
 package main
 

pkg/apis/upgrade.cattle.io/v1/types.go

@@ -50,35 +50,31 @@ type PlanSpec struct {
 	NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"`
 	// The service account for the pod to use. As with normal pods, if not specified the default service account from the namespace will be assigned.
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
-	// A URL that returns HTTP 302 with the last path element of the value  returned in the Location header assumed to be an image tag (after munging "+" to "-").
+	// A URL that returns HTTP 302 with the last path element of the value returned in the Location header assumed to be an image tag (after munging "+" to "-").
 	Channel string `json:"channel,omitempty"`
 	// Providing a value for version will prevent polling/resolution of the channel if specified.
 	Version string `json:"version,omitempty"`
 	// Secrets to be mounted into the Job Pod.
 	Secrets []SecretSpec `json:"secrets,omitempty"`
 	// Specify which node taints should be tolerated by pods applying the upgrade.
 	// Anything specified here is appended to the default of:
-	// - {key: node.kubernetes.io/unschedulable, effect: NoSchedule, operator: Exists}
+	// - `{key: node.kubernetes.io/unschedulable, effect: NoSchedule, operator: Exists}`
 	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
 	// Jobs for exclusive plans cannot be run alongside any other exclusive plan.
 	Exclusive bool `json:"exclusive,omitempty"`
 	// A time window in which to execute Jobs for this Plan.
 	// Jobs will not be generated outside this time window, but may continue executing into the window once started.
 	Window *TimeWindowSpec `json:"window,omitempty"`
 	// The prepare init container, if specified, is run before cordon/drain which is run before the upgrade container.
-	// Shares the same format as the upgrade container.
-	// If no tag is included in the image name, the tag portion of the image will be the value from .status.latestVersion a.k.a. the resolved version for this plan.
 	Prepare *ContainerSpec `json:"prepare,omitempty"`
-	// If drain is specified, the value for cordon is ignored.
+	// The upgrade container; must be specified.
+	Upgrade *ContainerSpec `json:"upgrade"`
+	// If Cordon is true, the node is cordoned before the upgrade container is run.
+	// If drain is specified, the value for cordon is ignored, and the node is cordoned.
 	// If neither drain nor cordon are specified and the node is marked as schedulable=false it will not be marked as schedulable=true when the Job completes.
 	Cordon bool `json:"cordon,omitempty"`
-	// If left unspecified, no drain will be performed. See:
-	// - https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/
-	// - https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#drain
+	// Configuration for draining nodes prior to upgrade. If left unspecified, no drain will be performed.
 	Drain *DrainSpec `json:"drain,omitempty"`
-	// The upgrade container.
-	// If no tag is included in the image name, the tag portion of the image will be the value from .status.latestVersion a.k.a. the resolved version for this plan.
-	Upgrade *ContainerSpec `json:"upgrade,omitempty"`
 	// Image Pull Secrets, used to pull images for the Job.
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
 	// Time after a Job for one Node is complete before a new Job will be created for the next Node.
@@ -102,10 +98,12 @@ type PlanStatus struct {
 	Applying []string `json:"applying,omitempty"`
 }
 
-// ContainerSpec is a simplified container template.
+// ContainerSpec is a simplified container template spec, used to configure the prepare and upgrade
+// containers of the Job Pod.
 type ContainerSpec struct {
 	// Image name. If the tag is omitted, the value from .status.latestVersion will be used.
-	Image           string                  `json:"image,omitempty"`
+	// +kubebuilder:validation:Required
+	Image           string                  `json:"image"`
 	Command         []string                `json:"command,omitempty"`
 	Args            []string                `json:"args,omitempty"`
 	Env             []corev1.EnvVar         `json:"envs,omitempty"`
@@ -117,14 +115,19 @@ type ContainerSpec struct {
 // HostPath volume to mount into the pod
 type VolumeSpec struct {
 	// Name of the Volume as it will appear within the Pod spec.
-	Name string `json:"name,omitempty"`
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
 	// Path on the host to mount.
-	Source string `json:"source,omitempty"`
+	// +kubebuilder:validation:Required
+	Source string `json:"source"`
 	// Path to mount the Volume at within the Pod.
-	Destination string `json:"destination,omitempty"`
+	// +kubebuilder:validation:Required
+	Destination string `json:"destination"`
 }
 
-// DrainSpec encapsulates kubectl drain parameters minus node/pod selectors.
+// DrainSpec encapsulates kubectl drain parameters minus node/pod selectors. See:
+// - https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/
+// - https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#drain
 type DrainSpec struct {
 	Timeout                  *time.Duration        `json:"timeout,omitempty"`
 	GracePeriod              *int32                `json:"gracePeriod,omitempty"`
@@ -137,19 +140,25 @@ type DrainSpec struct {
 	PodSelector              *metav1.LabelSelector `json:"podSelector,omitempty"`
 }
 
-// SecretSpec describes a secret to be mounted for prepare/upgrade containers.
+// SecretSpec describes a Secret to be mounted for prepare/upgrade containers.
 type SecretSpec struct {
 	// Secret name
-	Name string `json:"name,omitempty"`
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
 	// Path to mount the Secret volume within the Pod.
-	Path string `json:"path,omitempty"`
+	// +kubebuilder:validation:Required
+	Path string `json:"path"`
 	// If set to true, the Secret contents will not be hashed, and changes to the Secret will not trigger new application of the Plan.
 	IgnoreUpdates bool `json:"ignoreUpdates,omitempty"`
 }
 
+// +kubebuilder:validation:Enum={"0","su","sun","sunday","1","mo","mon","monday","2","tu","tue","tuesday","3","we","wed","wednesday","4","th","thu","thursday","5","fr","fri","friday","6","sa","sat","saturday"}
+type Day string
+
 // TimeWindowSpec describes a time window in which a Plan should be processed.
 type TimeWindowSpec struct {
 	// Days that this time window is valid for
+	// +kubebuilder:validation:MinItems=1
 	Days []Day `json:"days,omitempty"`
 	// Start of the time window.
 	StartTime string `json:"startTime,omitempty"`
@@ -159,9 +168,6 @@ type TimeWindowSpec struct {
 	TimeZone string `json:"timeZone,omitempty"`
 }
 
-// +kubebuilder:validation:Enum={"0","su","sun","sunday","1","mo","mon","monday","2","tu","tue","tuesday","3","we","wed","wednesday","4","th","thu","thursday","5","fr","fri","friday","6","sa","sat","saturday"}
-type Day string
-
 func (tws *TimeWindowSpec) Contains(t time.Time) bool {
 	days := make([]string, len(tws.Days))
 	for i, day := range tws.Days {