feat(main): add migration tool

Signed-off-by: Andrey Kolkov <androndo@gmail.com>

Author: androndo

Makefile

@@ -79,6 +79,10 @@ build: manifests generate fmt vet ## Build manager binary.
 kubectl-etcd: fmt vet ## Build the kubectl-etcd plugin binary.
 	go build -o bin/kubectl-etcd ./cmd/kubectl-etcd
 
+.PHONY: etcd-migrate
+etcd-migrate: fmt vet ## Build the etcd-migrate (legacy v1alpha1 -> v1alpha2) CLI binary.
+	go build -o bin/etcd-migrate ./cmd/etcd-migrate
+
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go

api/v1alpha2/cel_validation_test.go

@@ -655,6 +655,66 @@ func TestSchema_OptionsValidation(t *testing.T) {
 	}
 }
 
+// TestCEL_HeadlessServiceNameImmutable covers the adoption field's
+// lifecycle rules: valid on create, rejected on add, change and removal —
+// the name is baked into member identity (peer URLs persisted in etcd,
+// pod subdomains), so any post-create edit would desync DNS from etcd.
+func TestCEL_HeadlessServiceNameImmutable(t *testing.T) {
+	skipIfNoEnvtest(t)
+	ctx := context.Background()
+
+	// Valid on create (the in-place migration path).
+	c := validCluster("hsn-create")
+	c.Spec.HeadlessServiceName = "legacy-headless"
+	if err := k8s.Create(ctx, c); err != nil {
+		t.Fatalf("create with headlessServiceName: %v", err)
+	}
+	t.Cleanup(func() { _ = k8s.Delete(ctx, c) })
+
+	// Change rejected.
+	got := &lll.EtcdCluster{}
+	if err := k8s.Get(ctx, ctrlclient.ObjectKeyFromObject(c), got); err != nil {
+		t.Fatalf("Get: %v", err)
+	}
+	got.Spec.HeadlessServiceName = "other"
+	if err := k8s.Update(ctx, got); err == nil {
+		t.Fatalf("apiserver accepted headlessServiceName change; expected rejection")
+	} else if !strings.Contains(err.Error(), "immutable") {
+		t.Fatalf("error did not mention immutability: %v", err)
+	}
+
+	// Removal rejected.
+	if err := k8s.Get(ctx, ctrlclient.ObjectKeyFromObject(c), got); err != nil {
+		t.Fatalf("Get: %v", err)
+	}
+	got.Spec.HeadlessServiceName = ""
+	if err := k8s.Update(ctx, got); err == nil {
+		t.Fatalf("apiserver accepted headlessServiceName removal; expected rejection")
+	}
+
+	// Add-on-existing rejected.
+	plain := validCluster("hsn-add")
+	if err := k8s.Create(ctx, plain); err != nil {
+		t.Fatalf("create plain cluster: %v", err)
+	}
+	t.Cleanup(func() { _ = k8s.Delete(ctx, plain) })
+	if err := k8s.Get(ctx, ctrlclient.ObjectKeyFromObject(plain), got); err != nil {
+		t.Fatalf("Get: %v", err)
+	}
+	got.Spec.HeadlessServiceName = "late-override"
+	if err := k8s.Update(ctx, got); err == nil {
+		t.Fatalf("apiserver accepted adding headlessServiceName post-create; expected rejection")
+	}
+
+	// DNS-label pattern enforced.
+	bad := validCluster("hsn-bad")
+	bad.Spec.HeadlessServiceName = "Not_A_DNS_Label"
+	if err := k8s.Create(ctx, bad); err == nil {
+		_ = k8s.Delete(ctx, bad)
+		t.Fatalf("apiserver accepted invalid headlessServiceName; expected rejection")
+	}
+}
+
 // spec.auth.enabled requires spec.tls.client — auth credentials must
 // not cross a plaintext wire. This rule does not reference oldSelf, so it is
 // enforced on CREATE.

api/v1alpha2/etcdcluster_types.go

@@ -435,6 +435,8 @@ type StorageSpec struct {
 // +kubebuilder:validation:XValidation:rule="!has(self.auth) || !has(oldSelf.auth) || self.auth == oldSelf.auth",message="spec.auth is immutable post-create; delete and recreate the cluster to change auth configuration"
 // +kubebuilder:validation:XValidation:rule="!(has(self.auth) && self.auth.enabled) || (has(self.tls) && has(self.tls.client))",message="spec.auth.enabled requires spec.tls.client (auth credentials must not cross a plaintext connection)"
 // +kubebuilder:validation:XValidation:rule="!(has(self.auth) && self.auth.enabled) || has(self.auth.rootCredentialsSecretRef)",message="spec.auth.enabled requires spec.auth.rootCredentialsSecretRef"
+// +kubebuilder:validation:XValidation:rule="has(self.headlessServiceName) == has(oldSelf.headlessServiceName)",message="spec.headlessServiceName cannot be added to or removed from an existing cluster; it is baked into member identity (peer URLs, pod subdomains)"
+// +kubebuilder:validation:XValidation:rule="!has(self.headlessServiceName) || !has(oldSelf.headlessServiceName) || self.headlessServiceName == oldSelf.headlessServiceName",message="spec.headlessServiceName is immutable post-create; it is baked into member identity (peer URLs, pod subdomains)"
 // +kubebuilder:validation:XValidation:rule="has(self.bootstrap) == has(oldSelf.bootstrap)",message="spec.bootstrap cannot be added to or removed from an existing cluster; it is consulted only at first bootstrap"
 // +kubebuilder:validation:XValidation:rule="!has(self.bootstrap) || !has(oldSelf.bootstrap) || self.bootstrap == oldSelf.bootstrap",message="spec.bootstrap is immutable post-create; it is consulted only at first bootstrap"
 // +kubebuilder:validation:XValidation:rule="!(has(self.bootstrap) && has(self.bootstrap.restore)) || !(has(self.storage) && has(self.storage.medium) && self.storage.medium == 'Memory')",message="spec.bootstrap.restore is unsupported with spec.storage.medium=Memory: the restored data dir is tmpfs, so any seed Pod restart re-restores the snapshot — reverting writes (single member) or breaking the cluster with a fresh ID it can't rejoin (multi-member). Use persistent storage to restore."
@@ -558,6 +560,27 @@ type EtcdClusterSpec struct {
 	// tuning change in place.
 	// +optional
 	Options *EtcdOptions `json:"options,omitempty"`
+
+	// HeadlessServiceName overrides the name of the headless Service the
+	// operator maintains for per-member DNS. Empty (the default) means
+	// the Service is named after the cluster. The name is baked into
+	// every member's identity — peer URLs persisted inside etcd, the
+	// Pods' spec.subdomain, and every endpoint the operator dials — so
+	// the field is immutable post-create (spec-level CEL, like
+	// storageClassName).
+	//
+	// The main consumer is in-place migration from the legacy
+	// etcd.aenix.io operator: its StatefulSet pods carry an immutable
+	// spec.subdomain of "<cluster>-headless" and their peer URLs are
+	// persisted in etcd under that DNS domain. Setting
+	// headlessServiceName to the legacy Service name makes the operator's
+	// constructed URLs match the adopted pods' actual DNS exactly, so
+	// discovery, scale-up and replacement work without any
+	// adopted-member special cases.
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-z]([-a-z0-9]*[a-z0-9])?$`
+	// +optional
+	HeadlessServiceName string `json:"headlessServiceName,omitempty"`
 }
 
 // AdditionalMetadata is a set of labels and annotations the operator merges

api/v1alpha2/etcdmember_types.go

@@ -105,6 +105,32 @@ type EtcdMemberSpec struct {
 	// +optional
 	Options *EtcdOptions `json:"options,omitempty"`
 
+	// HeadlessServiceName mirrors EtcdCluster.spec.headlessServiceName.
+	// Empty means the headless Service is named after the cluster. The
+	// member controller uses it for the Pod's spec.subdomain and for
+	// every constructed peer/client URL, so the member's DNS identity
+	// matches the cluster's headless Service.
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-z]([-a-z0-9]*[a-z0-9])?$`
+	// +optional
+	HeadlessServiceName string `json:"headlessServiceName,omitempty"`
+
+	// DataDirSubPath relocates etcd's --data-dir to a subdirectory of the
+	// member's data volume: empty (the default) means the volume root
+	// (/var/lib/etcd), a value V means /var/lib/etcd/V. A single path
+	// component — no slashes — so it cannot escape the mount.
+	//
+	// Set by the in-place migration from the legacy etcd.aenix.io
+	// operator, whose StatefulSet pods kept their data under the
+	// "default.etcd" subdirectory of the PVC. With the subPath recorded
+	// here, a replacement Pod built by this operator finds the existing
+	// data dir and resumes with the member's persisted identity instead
+	// of starting empty and crashlooping against the cluster.
+	// +kubebuilder:validation:MaxLength=128
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][a-zA-Z0-9._-]*$`
+	// +optional
+	DataDirSubPath string `json:"dataDirSubPath,omitempty"`
+
 	// Bootstrap indicates this member is part of the initial cluster formation.
 	// When true the member starts with --initial-cluster-state=new.
 	// +optional