Refactor Helm deployments (#341)

* Wrap KMS deployment in one main chart that
deploys all other services. Other services will follow.
* Use .tgz via helm-package as serialization format
* Change Release type to carry chart as byte slice
* Remove KMSConfig
* Use json-schema to validate values
* Extend release.md to mention updating helm charts

cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: constellation-services
+description: A chart to deploy all microservices that are part of a valid constellation cluster
+type: application
+version: 2.2.0-pre
+
+dependencies:
+  - name: kms
+    version: 2.2.0-pre

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/Chart.yaml

@@ -2,5 +2,4 @@ apiVersion: v2
 name: kms
 description: A Helm chart to deploy the Constellation Key Management Service
 type: application
-version: 0.1.0
-appVersion: "2.1.0"
+version: 2.2.0-pre

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/templates/daemonset.yaml

@@ -18,8 +18,8 @@ spec:
     spec:
       containers:
       - args:
-        - --port={{ .Values.kmsPort }}
-        image: {{ .Values.kmsImage }}
+        - --port={{ .Values.port }}
+        image: {{ .Values.image }}
         name: kms
         resources: {}
         volumeMounts:

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/templates/service.yaml

@@ -6,9 +6,9 @@ metadata:
 spec:
   ports:
   - name: grpc
-    port: {{ .Values.kmsPort }}
+    port: {{ .Values.port }}
     protocol: TCP
-    targetPort: {{ .Values.kmsPort }}
+    targetPort: {{ .Values.port }}
   selector:
     k8s-app: kms
   type: ClusterIP

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.schema.json

@@ -0,0 +1,30 @@
+{
+    "$schema": "https://json-schema.org/draft-07/schema#",
+    "properties": {
+        "image": {
+            "description": "Container image to use for the spawned pods.",
+            "type": "string",
+            "examples": ["ghcr.io/edgelesssys/constellation/kms:latest"],
+            "pattern": "ghcr.io/edgelesssys/constellation/kms:*"
+        },
+        "masterSecret": {
+            "description": "Secret used to derive key material within the cluster",
+            "type": "string",
+            "examples": ["h1ydxM+1LKhL6kfj3XJnCYvTPnQGUgU0stk91ebEVqM="],
+            "minLength": 44
+        },
+        "salt": {
+            "description": "Salt for key derivation within the cluster",
+            "type": "string",
+            "examples": ["loC4hhWwFH5rHAKq5/EshSWk1jwkrf22VuHc2SGsWdc="],
+            "minLength": 44
+        }
+    },
+    "required": [
+        "image",
+        "salt",
+        "masterSecret"
+    ],
+    "title": "Values",
+    "type": "object"
+}

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.yaml

@@ -1,19 +1,13 @@
 # Namespace to which KMS will be deployed.
 namespace: "kube-system"
 # Port on which the service will listen.
-kmsPort: 9000
+port: 9000
 # Name of the ConfigMap that holds measurements and other info.
 joinConfigCMName: join-config
 # Path to which secrets/CMs are mounted.
 serviceBasePath: /var/config
-# Container image.
-kmsImage: setFullImagePathHere
-# Salt for key derivation.
-salt: ""
 # Name of the key within the respective secret that holds the salt.
 saltKeyName: salt
-# MasterSecret for the cluster.
-masterSecret: ""
 # Name of the secret that contains the master secret.
 masterSecretName: constellation-mastersecret
 # Name of the key within the respective secret that holds the master secret.