prevent flux install from overriding bootrapped cluster

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>

Author: somtochiama

cmd/flux/cluster_info.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+)
+
+// bootstrapLabels are labels put on a resource by kustomize-controller. These labels on the CRD indicates
+// that flux has been bootstrapped.
+var bootstrapLabels = []string{
+	fmt.Sprintf("%s/name", kustomizev1.GroupVersion.Group),
+	fmt.Sprintf("%s/namespace", kustomizev1.GroupVersion.Group),
+}
+
+// fluxClusterInfo contains information about an existing flux installation on a cluster.
+type fluxClusterInfo struct {
+	// bootstrapped indicates that Flux was installed using the `flux bootstrap` command.
+	bootstrapped bool
+	// managedBy is the name of the tool being used to manage the installation of Flux.
+	managedBy string
+	// version is the Flux version number in semver format.
+	version string
+}
+
+// getFluxClusterInfo returns information on the Flux installation running on the cluster.
+// If the information cannot be retrieved, the boolean return value will be false.
+// If an error occurred, the returned error will be non-nil.
+//
+// This function retrieves the GitRepository CRD from the cluster and checks it
+// for a set of labels used to determine the Flux version and how Flux was installed.
+func getFluxClusterInfo(ctx context.Context, c client.Client) (fluxClusterInfo, bool, error) {
+	var info fluxClusterInfo
+	crdMetadata := &metav1.PartialObjectMetadata{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: apiextensionsv1.SchemeGroupVersion.String(),
+			Kind:       "CustomResourceDefinition",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: fmt.Sprintf("gitrepositories.%s", sourcev1.GroupVersion.Group),
+		},
+	}
+	if err := c.Get(ctx, client.ObjectKeyFromObject(crdMetadata), crdMetadata); err != nil {
+		if errors.IsNotFound(err) {
+			return info, false, nil
+		}
+		return info, false, err
+	}
+
+	info.version = crdMetadata.Labels["app.kubernetes.io/version"]
+
+	var present bool
+	for _, l := range bootstrapLabels {
+		_, present = crdMetadata.Labels[l]
+	}
+	if present {
+		info.bootstrapped = true
+	}
+
+	if manager, ok := crdMetadata.Labels["app.kubernetes.io/managed-by"]; ok {
+		info.managedBy = manager
+	}
+	return info, true, nil
+}

cmd/flux/cluster_info_test.go

@@ -0,0 +1,132 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"testing"
+
+	. "github.com/onsi/gomega"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
+	"github.com/fluxcd/pkg/ssa"
+)
+
+func Test_getFluxClusterInfo(t *testing.T) {
+	g := NewWithT(t)
+	f, err := os.Open("./testdata/cluster_info/gitrepositories.yaml")
+	g.Expect(err).To(BeNil())
+
+	objs, err := ssa.ReadObjects(f)
+	g.Expect(err).To(Not(HaveOccurred()))
+	gitrepo := objs[0]
+
+	tests := []struct {
+		name     string
+		labels   map[string]string
+		wantErr  bool
+		wantBool bool
+		wantInfo fluxClusterInfo
+	}{
+		{
+			name:     "no git repository CRD present",
+			wantBool: false,
+		},
+		{
+			name: "CRD with kustomize-controller labels",
+			labels: map[string]string{
+				fmt.Sprintf("%s/name", kustomizev1.GroupVersion.Group):      "flux-system",
+				fmt.Sprintf("%s/namespace", kustomizev1.GroupVersion.Group): "flux-system",
+				"app.kubernetes.io/version":                                 "v2.1.0",
+			},
+			wantBool: true,
+			wantInfo: fluxClusterInfo{
+				version:      "v2.1.0",
+				bootstrapped: true,
+			},
+		},
+		{
+			name: "CRD with kustomize-controller labels and managed-by label",
+			labels: map[string]string{
+				fmt.Sprintf("%s/name", kustomizev1.GroupVersion.Group):      "flux-system",
+				fmt.Sprintf("%s/namespace", kustomizev1.GroupVersion.Group): "flux-system",
+				"app.kubernetes.io/version":                                 "v2.1.0",
+				"app.kubernetes.io/managed-by":                              "flux",
+			},
+			wantBool: true,
+			wantInfo: fluxClusterInfo{
+				version:      "v2.1.0",
+				bootstrapped: true,
+				managedBy:    "flux",
+			},
+		},
+		{
+			name: "CRD with only managed-by label",
+			labels: map[string]string{
+				"app.kubernetes.io/version":    "v2.1.0",
+				"app.kubernetes.io/managed-by": "helm",
+			},
+			wantBool: true,
+			wantInfo: fluxClusterInfo{
+				version:   "v2.1.0",
+				managedBy: "helm",
+			},
+		},
+		{
+			name:     "CRD with no labels",
+			labels:   map[string]string{},
+			wantBool: true,
+		},
+		{
+			name: "CRD with only version label",
+			labels: map[string]string{
+				"app.kubernetes.io/version": "v2.1.0",
+			},
+			wantBool: true,
+			wantInfo: fluxClusterInfo{
+				version: "v2.1.0",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			newscheme := runtime.NewScheme()
+			apiextensionsv1.AddToScheme(newscheme)
+			builder := fake.NewClientBuilder().WithScheme(newscheme)
+			if tt.labels != nil {
+				gitrepo.SetLabels(tt.labels)
+				builder = builder.WithRuntimeObjects(gitrepo)
+			}
+
+			client := builder.Build()
+			info, present, err := getFluxClusterInfo(context.Background(), client)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+			}
+
+			g.Expect(present).To(Equal(tt.wantBool))
+			g.Expect(info).To(BeEquivalentTo(tt.wantInfo))
+		})
+	}
+}

cmd/flux/install.go

@@ -183,6 +183,20 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("manifests build completed")
 	logger.Actionf("installing components in %s namespace", *kubeconfigArgs.Namespace)
 
+	kubeClient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
+	if err != nil {
+		return err
+	}
+
+	info, installed, err := getFluxClusterInfo(ctx, kubeClient)
+	if err != nil {
+		return fmt.Errorf("cluster info unavailable: %w", err)
+	}
+
+	if installed && info.bootstrapped {
+		return fmt.Errorf("this cluster has already been bootstrapped with Flux %s! Please use 'flux bootstrap' to upgrade", info.version)
+	}
+
 	applyOutput, err := utils.Apply(ctx, kubeconfigArgs, kubeclientOptions, tmpDir, filepath.Join(tmpDir, manifest.Path))
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)