helm: remove konnectivity agents (#2790)

This commit is contained in:
3u13r 2024-01-03 14:09:32 +01:00 committed by GitHub
parent 3d8e548dcd
commit 0167a4a286
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 0 additions and 681 deletions

View File

@ -80,7 +80,6 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
kubectl -n kube-system rollout status --timeout 180s daemonset key-service
kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
echo "Miniconstellation started successfully. Shutting down..."

View File

@ -241,13 +241,6 @@ go_library(
"charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml",
"charts/edgeless/constellation-services/charts/key-service/values.schema.json",
"charts/edgeless/constellation-services/charts/key-service/values.yaml",
"charts/edgeless/constellation-services/charts/konnectivity/.helmignore",
"charts/edgeless/constellation-services/charts/konnectivity/Chart.yaml",
"charts/edgeless/constellation-services/charts/konnectivity/templates/clusterrolebinding.yaml",
"charts/edgeless/constellation-services/charts/konnectivity/templates/daemonset.yaml",
"charts/edgeless/constellation-services/charts/konnectivity/templates/serviceaccount.yaml",
"charts/edgeless/constellation-services/charts/konnectivity/values.schema.json",
"charts/edgeless/constellation-services/charts/konnectivity/values.yaml",
"charts/edgeless/constellation-services/charts/verification-service/.helmignore",
"charts/edgeless/constellation-services/charts/verification-service/Chart.yaml",
"charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml",

View File

@ -45,14 +45,6 @@ dependencies:
- GCP
- OpenStack
- QEMU
- name: konnectivity
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- OpenStack
- QEMU
- name: gcp-guest-agent
version: 0.0.0
tags:

View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -1,5 +0,0 @@
apiVersion: v2
name: konnectivity
description: A chart to deploy konnectivity for Constellation
type: application
version: 0.0.0

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host={{ .Values.loadBalancerIP }}
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port={{ .Values.healthServerPort }}
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: {{ .Values.image | quote }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.healthServerPort }}
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: {{ .Release.Namespace }}

View File

@ -1,21 +0,0 @@
{
"$schema": "https://json-schema.org/draft-07/schema#",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da"]
},
"loadBalancerIP": {
"description": "IP of the loadbalancer serving the control plane.",
"type": "string",
"examples": ["10.4.0.1"]
}
},
"required": [
"image",
"loadBalancerIP"
],
"title": "Values",
"type": "object"
}

View File

@ -33,7 +33,5 @@ go_library(
# TODO(malt3): add missing third-party images
# - logstash
# - filebeat
# - konnectivity-agent
# - konnectivity-server
# - node-maintenance-operator
# - gcp-guest-agent

View File

@ -68,7 +68,6 @@ type chartLoader struct {
autoscalerImage string
verificationServiceImage string
gcpGuestAgentImage string
konnectivityImage string
constellationOperatorImage string
nodeMaintenanceOperatorImage string
clusterName string
@ -104,7 +103,6 @@ func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
verificationServiceImage: imageversion.VerificationService("", ""),
gcpGuestAgentImage: versions.GcpGuestImage,
konnectivityImage: versions.KonnectivityAgentImage,
constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""),
nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
}
@ -307,9 +305,6 @@ func (i *chartLoader) loadConstellationServicesValues() map[string]any {
"gcp-guest-agent": map[string]any{
"image": i.gcpGuestAgentImage,
},
"konnectivity": map[string]any{
"image": i.konnectivityImage,
},
"tags": i.cspTags(),
}
}

View File

@ -171,7 +171,6 @@ func TestConstellationServices(t *testing.T) {
azureCNMImage: tc.cnmImage,
autoscalerImage: "autoscalerImage",
verificationServiceImage: "verificationImage",
konnectivityImage: "konnectivityImage",
gcpGuestAgentImage: "gcpGuestAgentImage",
clusterName: "testCluster",
}
@ -384,12 +383,6 @@ func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error
}
verificationVals["loadBalancerIP"] = "127.0.0.1"
konnectivityVals, ok := values["konnectivity"].(map[string]any)
if !ok {
return errors.New("missing 'konnectivity' key")
}
konnectivityVals["loadBalancerIP"] = "127.0.0.1"
ccmVals, ok := values["ccm"].(map[string]any)
if !ok {
return errors.New("missing 'ccm' key")

View File

@ -90,9 +90,6 @@ func extraConstellationServicesValues(
extraVals["verification-service"] = map[string]any{
"attestationVariant": attestationVariant.String(),
}
extraVals["konnectivity"] = map[string]any{
"loadBalancerIP": output.ClusterEndpoint,
}
extraVals["key-service"] = map[string]any{
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host=127.0.0.1
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port=8134
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: konnectivityImage
livenessProbe:
httpGet:
path: /healthz
port: 8134
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: testNamespace

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host=127.0.0.1
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port=8134
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: konnectivityImage
livenessProbe:
httpGet:
path: /healthz
port: 8134
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: testNamespace

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host=127.0.0.1
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port=8134
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: konnectivityImage
livenessProbe:
httpGet:
path: /healthz
port: 8134
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: testNamespace

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host=127.0.0.1
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port=8134
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: konnectivityImage
livenessProbe:
httpGet:
path: /healthz
port: 8134
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: testNamespace

View File

@ -1,15 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: system:konnectivity-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:konnectivity-server

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: konnectivity-agent
name: konnectivity-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: konnectivity-agent
template:
metadata:
labels:
k8s-app: konnectivity-agent
spec:
containers:
- args:
- --logtostderr=true
- --proxy-server-host=127.0.0.1
- --ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --proxy-server-port=8132
- --admin-server-port=8133
- --health-server-port=8134
- --service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token
- --agent-identifiers=host=$(HOST_IP)
- --sync-forever=true
- --keepalive-time=60m
- --sync-interval=5s
- --sync-interval-cap=30s
- --probe-interval=5s
- --v=3
command:
- /proxy-agent
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: konnectivityImage
livenessProbe:
httpGet:
path: /healthz
port: 8134
initialDelaySeconds: 15
timeoutSeconds: 15
name: konnectivity-agent
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: konnectivity-agent-token
readOnly: true
priorityClassName: system-cluster-critical
serviceAccountName: konnectivity-agent
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
volumes:
- name: konnectivity-agent-token
projected:
sources:
- serviceAccountToken:
audience: system:konnectivity-server
path: konnectivity-agent-token
updateStrategy: {}

View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
name: konnectivity-agent
namespace: testNamespace

View File

@ -167,10 +167,6 @@ const (
// These images are built in a way that they support all versions currently listed in VersionConfigs.
//
// KonnectivityAgentImage agent image for konnectivity service.
KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.1.2@sha256:cd3046d253d26ffb5907c625e0d0c2be05c5693c90e12116980851739fc0ead8" // renovate:container
// KonnectivityServerImage server image for konnectivity service.
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.1.2@sha256:79933c3779bc30e33bb7509dff913e70f6ba78ad441f4827f0f3e840ce5f3ddb" // renovate:container
// GcpGuestImage image for GCP guest agent.
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20231016.0.0@sha256:c51ebfc2b67f5a39daba88039e7f8f171d7084656c49c092cc53b0a2318209b2" // renovate:container