2022-09-05 09:06:08 +02:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-08-12 10:20:19 +02:00
package helm
import (
"bytes"
"embed"
2022-10-21 12:01:28 +02:00
"encoding/base64"
2022-08-12 10:20:19 +02:00
"encoding/json"
"fmt"
"io/fs"
2022-10-21 12:01:28 +02:00
"os"
2022-08-12 10:20:19 +02:00
"path/filepath"
"strings"
2023-05-02 09:35:52 +02:00
"github.com/pkg/errors"
"helm.sh/helm/pkg/ignore"
"helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader"
"helm.sh/helm/v3/pkg/chartutil"
2023-04-03 18:09:03 +02:00
"github.com/edgelesssys/constellation/v2/cli/internal/helm/imageversion"
2022-09-21 13:47:57 +02:00
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
2023-01-31 12:12:19 +01:00
"github.com/edgelesssys/constellation/v2/internal/compatibility"
2022-11-18 10:05:02 +01:00
"github.com/edgelesssys/constellation/v2/internal/config"
2022-10-18 13:15:54 +02:00
"github.com/edgelesssys/constellation/v2/internal/constants"
2022-09-21 13:47:57 +02:00
"github.com/edgelesssys/constellation/v2/internal/deploy/helm"
2022-10-18 13:15:54 +02:00
"github.com/edgelesssys/constellation/v2/internal/versions"
2022-08-12 10:20:19 +02:00
)
2022-11-21 10:35:40 +01:00
// Run `go generate` to download (and patch) upstream helm charts.
2022-08-12 10:20:19 +02:00
//go:generate ./generateCilium.sh
2022-11-18 10:05:02 +01:00
//go:generate ./update-csi-charts.sh
2022-11-21 10:35:40 +01:00
//go:generate ./generateCertManager.sh
2022-08-12 10:20:19 +02:00
2022-10-18 13:15:54 +02:00
//go:embed all:charts/*
2022-11-09 15:57:54 +01:00
var helmFS embed . FS
2022-08-12 10:20:19 +02:00
2023-03-20 14:49:04 +01:00
type chartInfo struct {
releaseName string
chartName string
path string
}
var (
ciliumInfo = chartInfo { releaseName : "cilium" , chartName : "cilium" , path : "charts/cilium" }
certManagerInfo = chartInfo { releaseName : "cert-manager" , chartName : "cert-manager" , path : "charts/cert-manager" }
constellationOperatorsInfo = chartInfo { releaseName : "constellation-operators" , chartName : "constellation-operators" , path : "charts/edgeless/operators" }
constellationServicesInfo = chartInfo { releaseName : "constellation-services" , chartName : "constellation-services" , path : "charts/edgeless/constellation-services" }
2022-12-19 16:52:15 +01:00
)
2022-11-09 15:57:54 +01:00
// ChartLoader loads embedded helm charts.
2022-10-31 19:25:02 +01:00
type ChartLoader struct {
2023-02-14 18:00:36 +01:00
csp cloudprovider . Provider
2022-11-28 09:15:39 +01:00
joinServiceImage string
2023-01-20 18:51:06 +01:00
keyServiceImage string
2022-11-28 09:15:39 +01:00
ccmImage string
cnmImage string
autoscalerImage string
verificationServiceImage string
gcpGuestAgentImage string
konnectivityImage string
constellationOperatorImage string
nodeMaintenanceOperatorImage string
2022-11-21 17:06:41 +01:00
}
2022-11-24 16:39:33 +01:00
// NewLoader creates a new ChartLoader.
func NewLoader ( csp cloudprovider . Provider , k8sVersion versions . ValidK8sVersion ) * ChartLoader {
2022-11-02 17:47:10 +01:00
var ccmImage , cnmImage string
2022-10-31 19:25:02 +01:00
switch csp {
case cloudprovider . AWS :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageAWS
case cloudprovider . Azure :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageAzure
2022-11-02 17:47:10 +01:00
cnmImage = versions . VersionConfigs [ k8sVersion ] . CloudNodeManagerImageAzure
2022-10-31 19:25:02 +01:00
case cloudprovider . GCP :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageGCP
2023-03-17 09:52:23 +01:00
case cloudprovider . OpenStack :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageOpenStack
2022-10-31 19:25:02 +01:00
}
2022-08-12 10:20:19 +02:00
2023-04-03 18:09:03 +02:00
// TODO(malt3): Allow overriding container image registry + prefix for all images
// (e.g. for air-gapped environments).
2022-10-31 19:25:02 +01:00
return & ChartLoader {
2023-02-14 18:00:36 +01:00
csp : csp ,
2023-04-03 18:09:03 +02:00
joinServiceImage : imageversion . JoinService ( "" , "" ) ,
keyServiceImage : imageversion . KeyService ( "" , "" ) ,
2022-11-28 09:15:39 +01:00
ccmImage : ccmImage ,
cnmImage : cnmImage ,
autoscalerImage : versions . VersionConfigs [ k8sVersion ] . ClusterAutoscalerImage ,
2023-04-03 18:09:03 +02:00
verificationServiceImage : imageversion . VerificationService ( "" , "" ) ,
2022-11-28 09:15:39 +01:00
gcpGuestAgentImage : versions . GcpGuestImage ,
konnectivityImage : versions . KonnectivityAgentImage ,
2023-04-03 18:09:03 +02:00
constellationOperatorImage : imageversion . ConstellationNodeOperator ( "" , "" ) ,
2022-11-28 09:15:39 +01:00
nodeMaintenanceOperatorImage : versions . NodeMaintenanceOperatorImage ,
2022-10-31 19:25:02 +01:00
}
}
2022-11-09 15:57:54 +01:00
// Load the embedded helm charts.
2023-07-07 17:09:45 +02:00
func ( i * ChartLoader ) Load ( config * config . Config , conformanceMode bool , helmWaitMode helm . WaitMode , masterSecret , salt [ ] byte ) ( [ ] byte , error ) {
ciliumRelease , err := i . loadRelease ( ciliumInfo , helmWaitMode )
2022-08-12 10:20:19 +02:00
if err != nil {
2022-10-21 17:09:43 +02:00
return nil , fmt . Errorf ( "loading cilium: %w" , err )
2022-08-12 10:20:19 +02:00
}
2023-02-14 16:41:19 +01:00
extendCiliumValues ( ciliumRelease . Values , conformanceMode )
2022-10-18 13:15:54 +02:00
2023-07-07 17:09:45 +02:00
certManagerRelease , err := i . loadRelease ( certManagerInfo , helmWaitMode )
2022-11-21 10:35:40 +01:00
if err != nil {
2023-03-20 17:05:58 +01:00
return nil , fmt . Errorf ( "loading cert-manager: %w" , err )
2022-11-21 10:35:40 +01:00
}
2023-07-07 17:09:45 +02:00
operatorRelease , err := i . loadRelease ( constellationOperatorsInfo , helmWaitMode )
2022-11-21 10:35:40 +01:00
if err != nil {
return nil , fmt . Errorf ( "loading operators: %w" , err )
}
2023-07-07 17:09:45 +02:00
conServicesRelease , err := i . loadRelease ( constellationServicesInfo , helmWaitMode )
2022-08-12 10:20:19 +02:00
if err != nil {
2022-10-21 17:09:43 +02:00
return nil , fmt . Errorf ( "loading constellation-services: %w" , err )
2022-08-12 10:20:19 +02:00
}
2023-05-03 11:11:53 +02:00
if err := extendConstellationServicesValues ( conServicesRelease . Values , config , masterSecret , salt ) ; err != nil {
2023-02-14 16:41:19 +01:00
return nil , fmt . Errorf ( "extending constellation-services values: %w" , err )
}
2022-11-21 10:35:40 +01:00
releases := helm . Releases { Cilium : ciliumRelease , CertManager : certManagerRelease , Operators : operatorRelease , ConstellationServices : conServicesRelease }
2022-10-21 12:01:28 +02:00
2022-10-18 13:15:54 +02:00
rel , err := json . Marshal ( releases )
if err != nil {
return nil , err
}
return rel , nil
2022-08-12 10:20:19 +02:00
}
2023-03-20 17:05:58 +01:00
// loadRelease loads the embedded chart and values depending on the given info argument.
2023-07-07 17:09:45 +02:00
func ( i * ChartLoader ) loadRelease ( info chartInfo , helmWaitMode helm . WaitMode ) ( helm . Release , error ) {
2023-03-20 17:05:58 +01:00
chart , err := loadChartsDir ( helmFS , info . path )
2022-12-19 16:52:15 +01:00
if err != nil {
2023-03-20 17:05:58 +01:00
return helm . Release { } , fmt . Errorf ( "loading %s chart: %w" , info . releaseName , err )
2022-12-19 16:52:15 +01:00
}
2023-03-20 17:05:58 +01:00
var values map [ string ] any
switch info . releaseName {
case ciliumInfo . releaseName :
values , err = i . loadCiliumValues ( )
case certManagerInfo . releaseName :
values = i . loadCertManagerValues ( )
case constellationOperatorsInfo . releaseName :
updateVersions ( chart , compatibility . EnsurePrefixV ( constants . VersionInfo ( ) ) )
values , err = i . loadOperatorsValues ( )
case constellationServicesInfo . releaseName :
updateVersions ( chart , compatibility . EnsurePrefixV ( constants . VersionInfo ( ) ) )
values , err = i . loadConstellationServicesValues ( )
}
2022-08-12 10:20:19 +02:00
if err != nil {
2023-03-20 17:05:58 +01:00
return helm . Release { } , fmt . Errorf ( "loading %s values: %w" , info . releaseName , err )
2022-10-21 12:01:28 +02:00
}
chartRaw , err := i . marshalChart ( chart )
if err != nil {
2023-03-20 17:05:58 +01:00
return helm . Release { } , fmt . Errorf ( "packaging %s chart: %w" , info . releaseName , err )
2022-08-12 10:20:19 +02:00
}
2022-10-21 12:01:28 +02:00
2023-07-07 17:09:45 +02:00
return helm . Release { Chart : chartRaw , Values : values , ReleaseName : info . releaseName , WaitMode : helmWaitMode } , nil
2022-11-21 10:35:40 +01:00
}
2023-02-14 16:41:19 +01:00
// loadCiliumValues is used to separate the marshalling step from the loading step.
2022-11-21 10:35:40 +01:00
// This reduces the time unit tests take to execute.
2023-02-14 18:00:36 +01:00
func ( i * ChartLoader ) loadCiliumValues ( ) ( map [ string ] any , error ) {
2022-11-21 10:35:40 +01:00
var values map [ string ] any
2023-02-14 18:00:36 +01:00
switch i . csp {
2022-10-21 14:41:31 +02:00
case cloudprovider . AWS :
2022-11-21 10:35:40 +01:00
values = awsVals
2022-08-24 09:45:02 +02:00
case cloudprovider . Azure :
2022-11-21 10:35:40 +01:00
values = azureVals
2022-10-21 14:41:31 +02:00
case cloudprovider . GCP :
2022-11-21 10:35:40 +01:00
values = gcpVals
2023-03-17 09:52:23 +01:00
case cloudprovider . OpenStack :
values = openStackVals
2022-08-24 09:45:02 +02:00
case cloudprovider . QEMU :
2022-11-21 10:35:40 +01:00
values = qemuVals
2022-08-12 10:20:19 +02:00
default :
2023-02-14 18:00:36 +01:00
return nil , fmt . Errorf ( "unknown csp: %s" , i . csp )
2022-08-12 10:20:19 +02:00
}
2023-02-14 16:41:19 +01:00
return values , nil
}
// extendCiliumValues extends the given values map by some values depending on user input.
// This extra step of separating the application of user input is necessary since service upgrades should
// reuse user input from the init step. However, we can't rely on reuse-values, because
// during upgrades we all values need to be set locally as they might have changed.
// Also, the charts are not rendered correctly without all of these values.
func extendCiliumValues ( in map [ string ] any , conformanceMode bool ) {
2022-09-20 10:07:55 +02:00
if conformanceMode {
2023-02-14 16:41:19 +01:00
in [ "kubeProxyReplacementHealthzBindAddr" ] = ""
in [ "kubeProxyReplacement" ] = "partial"
in [ "sessionAffinity" ] = true
in [ "cni" ] = map [ string ] any {
2022-09-20 10:07:55 +02:00
"chainingMode" : "portmap" ,
}
}
2022-11-21 10:35:40 +01:00
}
// loadCertManagerHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2022-12-19 16:52:15 +01:00
func ( i * ChartLoader ) loadCertManagerValues ( ) map [ string ] any {
return map [ string ] any {
2022-11-21 10:35:40 +01:00
"installCRDs" : true ,
"prometheus" : map [ string ] any {
"enabled" : false ,
} ,
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
"webhook" : map [ string ] any {
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
"cainjector" : map [ string ] any {
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
"startupapicheck" : map [ string ] any {
2022-11-23 16:40:37 +01:00
"timeout" : "5m" ,
"extraArgs" : [ ] string {
"--verbose" ,
} ,
2022-11-21 10:35:40 +01:00
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
}
}
// loadOperatorsHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2023-02-14 18:00:36 +01:00
func ( i * ChartLoader ) loadOperatorsValues ( ) ( map [ string ] any , error ) {
2022-11-21 10:35:40 +01:00
values := map [ string ] any {
"constellation-operator" : map [ string ] any {
"controllerManager" : map [ string ] any {
"manager" : map [ string ] any {
2022-11-28 09:15:39 +01:00
"image" : i . constellationOperatorImage ,
2022-11-21 10:35:40 +01:00
} ,
} ,
} ,
"node-maintenance-operator" : map [ string ] any {
"controllerManager" : map [ string ] any {
"manager" : map [ string ] any {
2022-11-28 09:15:39 +01:00
"image" : i . nodeMaintenanceOperatorImage ,
2022-11-21 10:35:40 +01:00
} ,
} ,
} ,
}
2023-02-14 18:00:36 +01:00
switch i . csp {
2023-03-17 09:52:23 +01:00
case cloudprovider . AWS :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
return nil , errors . New ( "invalid constellation-operator values" )
}
conOpVals [ "csp" ] = "AWS"
values [ "tags" ] = map [ string ] any {
"AWS" : true ,
}
2022-11-21 10:35:40 +01:00
case cloudprovider . Azure :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 10:35:40 +01:00
}
conOpVals [ "csp" ] = "Azure"
values [ "tags" ] = map [ string ] any {
"Azure" : true ,
}
case cloudprovider . GCP :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 10:35:40 +01:00
}
conOpVals [ "csp" ] = "GCP"
values [ "tags" ] = map [ string ] any {
"GCP" : true ,
}
2023-03-17 09:52:23 +01:00
case cloudprovider . OpenStack :
2022-11-21 10:35:40 +01:00
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 10:35:40 +01:00
}
2023-03-17 09:52:23 +01:00
conOpVals [ "csp" ] = "OpenStack"
2022-11-21 10:35:40 +01:00
values [ "tags" ] = map [ string ] any {
2023-03-17 09:52:23 +01:00
"OpenStack" : true ,
2022-11-21 10:35:40 +01:00
}
2023-03-17 09:52:23 +01:00
case cloudprovider . QEMU :
2022-11-21 10:35:40 +01:00
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 10:35:40 +01:00
}
2023-03-17 09:52:23 +01:00
conOpVals [ "csp" ] = "QEMU"
2022-11-21 10:35:40 +01:00
values [ "tags" ] = map [ string ] any {
2023-03-17 09:52:23 +01:00
"QEMU" : true ,
2022-11-21 10:35:40 +01:00
}
}
2022-09-20 10:07:55 +02:00
2022-12-19 16:52:15 +01:00
return values , nil
2022-10-18 13:15:54 +02:00
}
2022-11-21 10:35:40 +01:00
// loadConstellationServicesHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2023-02-14 18:00:36 +01:00
func ( i * ChartLoader ) loadConstellationServicesValues ( ) ( map [ string ] any , error ) {
2022-11-21 10:35:40 +01:00
values := map [ string ] any {
2022-10-25 15:51:23 +02:00
"global" : map [ string ] any {
2023-01-20 18:51:06 +01:00
"keyServicePort" : constants . KeyServicePort ,
"keyServiceNamespace" : "" , // empty namespace means we use the release namespace
2023-01-11 10:08:57 +01:00
"serviceBasePath" : constants . ServiceBasePath ,
"joinConfigCMName" : constants . JoinConfigMap ,
"internalCMName" : constants . InternalConfigMap ,
2022-10-24 12:23:18 +02:00
} ,
2023-01-20 18:51:06 +01:00
"key-service" : map [ string ] any {
2023-05-03 11:11:53 +02:00
"image" : i . keyServiceImage ,
"saltKeyName" : constants . ConstellationSaltKey ,
"masterSecretKeyName" : constants . ConstellationMasterSecretKey ,
"masterSecretName" : constants . ConstellationMasterSecretStoreName ,
2022-10-24 12:23:18 +02:00
} ,
2022-10-25 15:51:23 +02:00
"join-service" : map [ string ] any {
2023-02-14 18:00:36 +01:00
"csp" : i . csp . String ( ) ,
2022-11-24 10:57:58 +01:00
"image" : i . joinServiceImage ,
2022-10-21 12:01:28 +02:00
} ,
2022-11-02 17:47:10 +01:00
"ccm" : map [ string ] any {
2023-02-14 18:00:36 +01:00
"csp" : i . csp . String ( ) ,
2022-10-26 10:37:10 +02:00
} ,
2022-11-03 16:42:19 +01:00
"autoscaler" : map [ string ] any {
2023-02-14 18:00:36 +01:00
"csp" : i . csp . String ( ) ,
2022-11-03 16:42:19 +01:00
"image" : i . autoscalerImage ,
} ,
2022-11-21 17:06:41 +01:00
"verification-service" : map [ string ] any {
"image" : i . verificationServiceImage ,
} ,
2022-11-23 08:25:50 +01:00
"gcp-guest-agent" : map [ string ] any {
"image" : i . gcpGuestAgentImage ,
} ,
2022-11-23 08:26:09 +01:00
"konnectivity" : map [ string ] any {
"image" : i . konnectivityImage ,
} ,
2022-10-21 12:01:28 +02:00
}
2023-02-14 18:00:36 +01:00
switch i . csp {
2023-03-17 09:52:23 +01:00
case cloudprovider . AWS :
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
if ! ok {
return nil , errors . New ( "invalid ccm values" )
}
ccmVals [ "AWS" ] = map [ string ] any {
"image" : i . ccmImage ,
}
values [ "tags" ] = map [ string ] any {
"AWS" : true ,
}
2022-10-26 10:37:10 +02:00
case cloudprovider . Azure :
2022-11-21 10:35:40 +01:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-11-18 10:05:02 +01:00
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid ccm values" )
2022-11-18 10:05:02 +01:00
}
ccmVals [ "Azure" ] = map [ string ] any {
"image" : i . ccmImage ,
}
2022-11-21 10:35:40 +01:00
values [ "cnm" ] = map [ string ] any {
2022-11-18 10:05:02 +01:00
"image" : i . cnmImage ,
}
2022-11-21 10:35:40 +01:00
values [ "tags" ] = map [ string ] any {
2022-11-18 10:05:02 +01:00
"Azure" : true ,
2022-10-26 10:37:10 +02:00
}
2022-11-18 10:05:02 +01:00
2022-10-26 10:37:10 +02:00
case cloudprovider . GCP :
2022-11-21 10:35:40 +01:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-11-18 10:05:02 +01:00
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid ccm values" )
2022-11-18 10:05:02 +01:00
}
ccmVals [ "GCP" ] = map [ string ] any {
"image" : i . ccmImage ,
}
2022-11-21 10:35:40 +01:00
values [ "tags" ] = map [ string ] any {
2022-11-18 10:05:02 +01:00
"GCP" : true ,
}
2023-03-17 09:52:23 +01:00
case cloudprovider . OpenStack :
2022-11-21 10:35:40 +01:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-10-25 16:29:28 +02:00
if ! ok {
2022-12-19 16:52:15 +01:00
return nil , errors . New ( "invalid ccm values" )
2022-10-26 10:37:10 +02:00
}
2023-03-17 09:52:23 +01:00
ccmVals [ "OpenStack" ] = map [ string ] any {
2022-10-31 19:25:02 +01:00
"image" : i . ccmImage ,
2022-10-26 10:37:10 +02:00
}
2022-11-21 10:35:40 +01:00
values [ "tags" ] = map [ string ] any {
2023-03-17 09:52:23 +01:00
"OpenStack" : true ,
2022-10-25 16:29:28 +02:00
}
2023-03-17 09:52:23 +01:00
case cloudprovider . QEMU :
values [ "tags" ] = map [ string ] any {
"QEMU" : true ,
}
2022-10-24 12:23:18 +02:00
}
2022-12-19 16:52:15 +01:00
return values , nil
2022-10-21 12:01:28 +02:00
}
2023-02-14 16:41:19 +01:00
// extendConstellationServicesValues extends the given values map by some values depending on user input.
2023-02-03 10:05:42 +00:00
// Values set inside this function are only applied during init, not during upgrade.
2023-03-21 12:46:49 +01:00
func extendConstellationServicesValues (
2023-05-03 11:11:53 +02:00
in map [ string ] any , cfg * config . Config , masterSecret , salt [ ] byte ,
2023-03-21 12:46:49 +01:00
) error {
2023-02-14 16:41:19 +01:00
keyServiceValues , ok := in [ "key-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "missing 'key-service' key" )
}
keyServiceValues [ "masterSecret" ] = base64 . StdEncoding . EncodeToString ( masterSecret )
keyServiceValues [ "salt" ] = base64 . StdEncoding . EncodeToString ( salt )
2023-03-14 11:46:27 +01:00
joinServiceVals , ok := in [ "join-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "invalid join-service values" )
}
2023-05-03 11:11:53 +02:00
joinServiceVals [ "attestationVariant" ] = cfg . GetAttestationConfig ( ) . GetVariant ( ) . String ( )
2023-03-14 11:46:27 +01:00
2023-05-03 11:11:53 +02:00
// attestation config is updated separately during upgrade,
2023-03-29 11:16:56 +02:00
// so we only set them in Helm during init.
2023-05-03 11:11:53 +02:00
attestationConfigJSON , err := json . Marshal ( cfg . GetAttestationConfig ( ) )
2023-03-29 11:16:56 +02:00
if err != nil {
return fmt . Errorf ( "marshalling measurements: %w" , err )
}
2023-05-03 11:11:53 +02:00
joinServiceVals [ "attestationConfig" ] = string ( attestationConfigJSON )
2023-03-29 11:16:56 +02:00
2023-03-14 11:46:27 +01:00
verifyServiceVals , ok := in [ "verification-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "invalid verification-service values" )
}
2023-05-03 11:11:53 +02:00
verifyServiceVals [ "attestationVariant" ] = cfg . GetAttestationConfig ( ) . GetVariant ( ) . String ( )
2023-03-14 11:46:27 +01:00
2023-04-06 17:00:56 +02:00
csp := cfg . GetProvider ( )
2023-02-14 16:41:19 +01:00
switch csp {
2023-06-30 08:46:32 +02:00
case cloudprovider . AWS :
in [ "aws" ] = map [ string ] any {
"deployCSIDriver" : cfg . DeployCSIDriver ( ) ,
}
2023-02-14 16:41:19 +01:00
case cloudprovider . Azure :
in [ "azure" ] = map [ string ] any {
2023-04-06 17:00:56 +02:00
"deployCSIDriver" : cfg . DeployCSIDriver ( ) ,
2023-02-14 16:41:19 +01:00
}
case cloudprovider . GCP :
in [ "gcp" ] = map [ string ] any {
2023-04-06 17:00:56 +02:00
"deployCSIDriver" : cfg . DeployCSIDriver ( ) ,
2023-02-14 16:41:19 +01:00
}
2023-05-02 09:35:52 +02:00
case cloudprovider . OpenStack :
in [ "openstack" ] = map [ string ] any {
"deployYawolLoadBalancer" : cfg . DeployYawolLoadBalancer ( ) ,
2023-05-08 17:44:06 +00:00
"deployCSIDriver" : cfg . DeployCSIDriver ( ) ,
2023-05-02 09:35:52 +02:00
}
if cfg . DeployYawolLoadBalancer ( ) {
in [ "yawol-controller" ] = map [ string ] any {
"yawolOSSecretName" : "yawolkey" ,
// has to be larger than ~30s to account for slow OpenStack API calls.
"openstackTimeout" : "1m" ,
"yawolFloatingID" : cfg . Provider . OpenStack . FloatingIPPoolID ,
"yawolFlavorID" : cfg . Provider . OpenStack . YawolFlavorID ,
"yawolImageID" : cfg . Provider . OpenStack . YawolImageID ,
}
}
2023-02-14 16:41:19 +01:00
}
return nil
}
2023-02-21 11:55:49 +01:00
// updateVersions changes all versions of direct dependencies that are set to "0.0.0" to newVersion.
func updateVersions ( chart * chart . Chart , newVersion string ) {
chart . Metadata . Version = newVersion
selectedDeps := chart . Metadata . Dependencies
for i := range selectedDeps {
if selectedDeps [ i ] . Version == "0.0.0" {
selectedDeps [ i ] . Version = newVersion
}
}
deps := chart . Dependencies ( )
for i := range deps {
if deps [ i ] . Metadata . Version == "0.0.0" {
deps [ i ] . Metadata . Version = newVersion
}
}
}
2022-10-21 12:01:28 +02:00
// marshalChart takes a Chart object, packages it to a temporary file and returns the content of that file.
// We currently need to take this approach of marshaling as dependencies are not marshaled correctly with json.Marshal.
// This stems from the fact that chart.Chart does not export the dependencies property.
func ( i * ChartLoader ) marshalChart ( chart * chart . Chart ) ( [ ] byte , error ) {
2022-10-31 19:25:02 +01:00
// A separate tmpdir path is necessary since during unit testing multiple go routines are accessing the same path, possibly deleting files for other routines.
tmpDirPath , err := os . MkdirTemp ( "" , "*" )
defer os . Remove ( tmpDirPath )
if err != nil {
return nil , fmt . Errorf ( "creating tmp dir: %w" , err )
}
path , err := chartutil . Save ( chart , tmpDirPath )
2022-10-21 12:01:28 +02:00
defer os . Remove ( path )
if err != nil {
2022-10-31 19:25:02 +01:00
return nil , fmt . Errorf ( "chartutil save: %w" , err )
2022-10-21 12:01:28 +02:00
}
chartRaw , err := os . ReadFile ( path )
if err != nil {
return nil , fmt . Errorf ( "reading packaged chart: %w" , err )
}
return chartRaw , nil
2022-08-12 10:20:19 +02:00
}
// taken from loader.LoadDir from the helm go module
// loadChartsDir loads from a directory.
//
// This loads charts only from directories.
func loadChartsDir ( efs embed . FS , dir string ) ( * chart . Chart , error ) {
utf8bom := [ ] byte { 0xEF , 0xBB , 0xBF }
// Just used for errors.
c := & chart . Chart { }
rules := ignore . Empty ( )
ifile , err := efs . ReadFile ( filepath . Join ( dir , ignore . HelmIgnore ) )
if err == nil {
r , err := ignore . Parse ( bytes . NewReader ( ifile ) )
if err != nil {
return c , err
}
rules = r
}
rules . AddDefaults ( )
files := [ ] * loader . BufferedFile { }
walk := func ( path string , d fs . DirEntry , err error ) error {
n := strings . TrimPrefix ( path , dir )
if n == "" {
// No need to process top level. Avoid bug with helmignore .* matching
// empty names. See issue https://github.com/kubernetes/helm/issues/1776.
return nil
}
// Normalize to / since it will also work on Windows
n = filepath . ToSlash ( n )
// Check input err
if err != nil {
return err
}
fi , err := d . Info ( )
if err != nil {
return err
}
if d . IsDir ( ) {
// Directory-based ignore rules should involve skipping the entire
// contents of that directory.
if rules . Ignore ( n , fi ) {
return filepath . SkipDir
}
return nil
}
// If a .helmignore file matches, skip this file.
if rules . Ignore ( n , fi ) {
return nil
}
// Irregular files include devices, sockets, and other uses of files that
// are not regular files. In Go they have a file mode type bit set.
// See https://golang.org/pkg/os/#FileMode for examples.
if ! fi . Mode ( ) . IsRegular ( ) {
return fmt . Errorf ( "cannot load irregular file %s as it has file mode type bits set" , path )
}
data , err := efs . ReadFile ( path )
if err != nil {
return errors . Wrapf ( err , "error reading %s" , n )
}
data = bytes . TrimPrefix ( data , utf8bom )
n = strings . TrimPrefix ( n , "/" )
files = append ( files , & loader . BufferedFile { Name : n , Data : data } )
return nil
}
if err := fs . WalkDir ( efs , dir , walk ) ; err != nil {
return c , err
}
return loader . LoadFiles ( files )
}