Refactor Helm deployments (#341)

* Wrap KMS deployment in one main chart that
deploys all other services. Other services will follow.
* Use .tgz via helm-package as serialization format
* Change Release type to carry chart as byte slice
* Remove KMSConfig
* Use json-schema to validate values
* Extend release.md to mention updating helm charts

bootstrapper/internal/kubernetes/k8sutil.go

@@ -10,7 +10,6 @@ import (
 	"context"
 	"net"
 
-	helmClient "github.com/edgelesssys/constellation/v2/bootstrapper/internal/helm"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi"
 	"github.com/edgelesssys/constellation/v2/internal/deploy/helm"
 	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
@@ -38,10 +37,10 @@ type clusterUtil interface {
 	StartKubelet() error
 }
 
-// HelmUtil bundles functions related to microservice deployment. Only microservices that can be deployed purely via Helm are deployed with this interface.
+// helmClient bundles functions related to microservice deployment. Only microservices that can be deployed purely via Helm are deployed with this interface.
 // Currently only a subset of microservices is deployed via Helm.
 // Naming is inspired by Helm.
-type HelmUtil interface {
+type helmClient interface {
 	InstallCilium(context.Context, k8sapi.Client, helm.Release, k8sapi.SetupPodNetworkInput) error
-	InstallKMS(context.Context, helm.Release, helmClient.KMSConfig) error
+	InstallConstellationServices(ctx context.Context, release helm.Release) error
 }

bootstrapper/internal/kubernetes/kubernetes.go

@@ -15,7 +15,6 @@ import (
 	"strconv"
 	"strings"
 
-	helmClient "github.com/edgelesssys/constellation/v2/bootstrapper/internal/helm"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi/resources"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
@@ -46,7 +45,7 @@ type configurationProvider interface {
 type KubeWrapper struct {
 	cloudProvider           string
 	clusterUtil             clusterUtil
-	helmUtil                HelmUtil
+	helmClient              helmClient
 	configProvider          configurationProvider
 	client                  k8sapi.Client
 	kubeconfigReader        configReader
@@ -60,12 +59,12 @@ type KubeWrapper struct {
 
 // New creates a new KubeWrapper with real values.
 func New(cloudProvider string, clusterUtil clusterUtil, configProvider configurationProvider, client k8sapi.Client, cloudControllerManager CloudControllerManager,
-	cloudNodeManager CloudNodeManager, clusterAutoscaler ClusterAutoscaler, providerMetadata ProviderMetadata, initialMeasurementsJSON []byte, helmUtil HelmUtil,
+	cloudNodeManager CloudNodeManager, clusterAutoscaler ClusterAutoscaler, providerMetadata ProviderMetadata, initialMeasurementsJSON []byte, helmClient helmClient,
 ) *KubeWrapper {
 	return &KubeWrapper{
 		cloudProvider:           cloudProvider,
 		clusterUtil:             clusterUtil,
-		helmUtil:                helmUtil,
+		helmClient:              helmClient,
 		configProvider:          configProvider,
 		client:                  client,
 		kubeconfigReader:        &KubeconfigReader{fs: afero.Afero{Fs: afero.NewOsFs()}},
@@ -81,7 +80,7 @@ func New(cloudProvider string, clusterUtil clusterUtil, configProvider configura
 // InitCluster initializes a new Kubernetes cluster and applies pod network provider.
 func (k *KubeWrapper) InitCluster(
 	ctx context.Context, cloudServiceAccountURI, versionString string, measurementSalt []byte, enforcedPCRs []uint32,
-	enforceIDKeyDigest bool, idKeyDigest []byte, azureCVM bool, kmsConfig helmClient.KMSConfig, sshUsers map[string]string,
+	enforceIDKeyDigest bool, idKeyDigest []byte, azureCVM bool, sshUsers map[string]string,
 	helmReleasesRaw []byte, conformanceMode bool, log *logger.Logger,
 ) ([]byte, error) {
 	k8sVersion, err := versions.NewValidK8sVersion(versionString)
@@ -184,7 +183,7 @@ func (k *KubeWrapper) InitCluster(
 		return nil, fmt.Errorf("unmarshalling helm releases: %w", err)
 	}
 
-	if err = k.helmUtil.InstallCilium(ctx, k.client, helmReleases.Cilium, setupPodNetworkInput); err != nil {
+	if err = k.helmClient.InstallCilium(ctx, k.client, helmReleases.Cilium, setupPodNetworkInput); err != nil {
 		return nil, fmt.Errorf("installing pod network: %w", err)
 	}
 
@@ -201,7 +200,7 @@ func (k *KubeWrapper) InitCluster(
 		return nil, fmt.Errorf("setting up konnectivity: %w", err)
 	}
 
-	if err = k.helmUtil.InstallKMS(ctx, helmReleases.KMS, kmsConfig); err != nil {
+	if err = k.helmClient.InstallConstellationServices(ctx, helmReleases.ConstellationServices); err != nil {
 		return nil, fmt.Errorf("installing kms: %w", err)
 	}
 

bootstrapper/internal/kubernetes/kubernetes_test.go

@@ -14,7 +14,6 @@ import (
 	"strconv"
 	"testing"
 
-	helmClient "github.com/edgelesssys/constellation/v2/bootstrapper/internal/helm"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
@@ -37,7 +36,6 @@ func TestMain(m *testing.M) {
 func TestInitCluster(t *testing.T) {
 	someErr := errors.New("failed")
 	serviceAccountURI := "some-service-account-uri"
-	masterSecret := []byte("some-master-secret")
 
 	nodeName := "node-name"
 	providerID := "provider-id"
@@ -48,7 +46,7 @@ func TestInitCluster(t *testing.T) {
 
 	testCases := map[string]struct {
 		clusterUtil            stubClusterUtil
-		helmUtil               stubHelmClient
+		helmClient             stubHelmClient
 		kubectl                stubKubectl
 		providerMetadata       ProviderMetadata
 		CloudControllerManager CloudControllerManager
@@ -182,7 +180,7 @@ func TestInitCluster(t *testing.T) {
 		},
 		"kubeadm init fails when deploying cilium": {
 			clusterUtil: stubClusterUtil{},
-			helmUtil:    stubHelmClient{ciliumError: someErr},
+			helmClient:  stubHelmClient{ciliumError: someErr},
 			kubeconfigReader: &stubKubeconfigReader{
 				Kubeconfig: []byte("someKubeconfig"),
 			},
@@ -255,7 +253,7 @@ func TestInitCluster(t *testing.T) {
 		},
 		"kubeadm init fails when setting up the kms": {
 			clusterUtil: stubClusterUtil{},
-			helmUtil:    stubHelmClient{kmsError: someErr},
+			helmClient:  stubHelmClient{servicesError: someErr},
 			kubeconfigReader: &stubKubeconfigReader{
 				Kubeconfig: []byte("someKubeconfig"),
 			},
@@ -311,7 +309,7 @@ func TestInitCluster(t *testing.T) {
 
 			kube := KubeWrapper{
 				clusterUtil:            &tc.clusterUtil,
-				helmUtil:               &tc.helmUtil,
+				helmClient:             &tc.helmClient,
 				providerMetadata:       tc.providerMetadata,
 				cloudControllerManager: tc.CloudControllerManager,
 				cloudNodeManager:       tc.CloudNodeManager,
@@ -324,7 +322,7 @@ func TestInitCluster(t *testing.T) {
 
 			_, err := kube.InitCluster(
 				context.Background(), serviceAccountURI, string(tc.k8sVersion),
-				nil, nil, false, nil, true, helmClient.KMSConfig{MasterSecret: masterSecret}, nil, []byte("{}"), false, logger.NewTest(t),
+				nil, nil, false, nil, true, nil, []byte("{}"), false, logger.NewTest(t),
 			)
 
 			if tc.wantErr {
@@ -682,14 +680,14 @@ func (s *stubKubeconfigReader) ReadKubeconfig() ([]byte, error) {
 }
 
 type stubHelmClient struct {
-	ciliumError error
-	kmsError    error
+	ciliumError   error
+	servicesError error
 }
 
 func (s *stubHelmClient) InstallCilium(ctx context.Context, kubectl k8sapi.Client, release helm.Release, in k8sapi.SetupPodNetworkInput) error {
 	return s.ciliumError
 }
 
-func (s *stubHelmClient) InstallKMS(ctx context.Context, release helm.Release, kmsConfig helmClient.KMSConfig) error {
-	return s.kmsError
+func (s *stubHelmClient) InstallConstellationServices(ctx context.Context, release helm.Release) error {
+	return s.servicesError
 }