AB#2538: deploy CCM via Helm

Also move helmloader interface/stubs
2025-07-31 19:18:40 -04:00 · 2022-10-26 10:37:10 +02:00 · 2022-10-26 10:37:10 +02:00 · 091e3b2b2b
commit 091e3b2b2b
parent 009b2e67e3
26 changed files with 579 additions and 308 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/constants.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/constants.go
@ -14,5 +14,4 @@ const (
 	kubeletPath        = "/run/state/bin/kubelet"
 	kubeletServicePath = "/usr/lib/systemd/system/kubelet.service"
 	executablePerm     = 0o544
-	systemdUnitPerm    = 0o644
 )
--- a/bootstrapper/internal/kubernetes/k8sapi/kubectl/client/client_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubectl/client/client_test.go
@ -280,11 +280,6 @@ func TestGetObjects(t *testing.T) {
 			resourcesYAML: string(nginxDeplYAML),
 			wantErr:       false,
 		},
-		"GetObjects works on cloud-controller-manager deployment": {
-			wantResources: resources.NewDefaultCloudControllerManagerDeployment("someProvider", "someImage", "somePath", "someCIDR", nil, nil, nil, nil),
-			resourcesYAML: string(nginxDeplYAML),
-			wantErr:       false,
-		},
 		"GetObjects Marshal failure detected": {
 			wantResources: &unmarshableResource{},
 			resourcesYAML: string(nginxDeplYAML),
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go
@ -1,179 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"fmt"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	apps "k8s.io/api/apps/v1"
-	k8s "k8s.io/api/core/v1"
-	rbac "k8s.io/api/rbac/v1"
-	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type CloudControllerManagerDeployment struct {
-	ServiceAccount     k8s.ServiceAccount
-	ClusterRoleBinding rbac.ClusterRoleBinding
-	DaemonSet          apps.DaemonSet
-}
-
-// references:
-// https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/admin/cloud/ccm-example.yaml
-// https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager
-
-// NewDefaultCloudControllerManagerDeployment creates a new *cloudControllerManagerDeployment, customized for the CSP.
-func NewDefaultCloudControllerManagerDeployment(cloudProvider, image, path, podCIDR string, extraArgs []string, extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar) *CloudControllerManagerDeployment {
-	command := []string{
-		path,
-		fmt.Sprintf("--cloud-provider=%s", cloudProvider),
-		"--leader-elect=true",
-		fmt.Sprintf("--cluster-cidr=%s", podCIDR),
-		"-v=2",
-	}
-	command = append(command, extraArgs...)
-	volumes := []k8s.Volume{
-		{
-			Name: "etckubernetes",
-			VolumeSource: k8s.VolumeSource{
-				HostPath: &k8s.HostPathVolumeSource{Path: "/etc/kubernetes"},
-			},
-		},
-		{
-			Name: "etcssl",
-			VolumeSource: k8s.VolumeSource{
-				HostPath: &k8s.HostPathVolumeSource{Path: "/etc/ssl"},
-			},
-		},
-		{
-			Name: "etcpki",
-			VolumeSource: k8s.VolumeSource{
-				HostPath: &k8s.HostPathVolumeSource{Path: "/etc/pki"},
-			},
-		},
-	}
-	volumes = append(volumes, extraVolumes...)
-	volumeMounts := []k8s.VolumeMount{
-		{
-			MountPath: "/etc/kubernetes",
-			Name:      "etckubernetes",
-			ReadOnly:  true,
-		},
-		{
-			MountPath: "/etc/ssl",
-			Name:      "etcssl",
-			ReadOnly:  true,
-		},
-		{
-			MountPath: "/etc/pki",
-			Name:      "etcpki",
-			ReadOnly:  true,
-		},
-	}
-	volumeMounts = append(volumeMounts, extraVolumeMounts...)
-
-	return &CloudControllerManagerDeployment{
-		ServiceAccount: k8s.ServiceAccount{
-			TypeMeta: meta.TypeMeta{
-				APIVersion: "v1",
-				Kind:       "ServiceAccount",
-			},
-			ObjectMeta: meta.ObjectMeta{
-				Name:      "cloud-controller-manager",
-				Namespace: "kube-system",
-			},
-		},
-		ClusterRoleBinding: rbac.ClusterRoleBinding{
-			TypeMeta: meta.TypeMeta{
-				APIVersion: "rbac.authorization.k8s.io/v1",
-				Kind:       "ClusterRoleBinding",
-			},
-			ObjectMeta: meta.ObjectMeta{
-				Name: "system:cloud-controller-manager",
-			},
-			RoleRef: rbac.RoleRef{
-				APIGroup: "rbac.authorization.k8s.io",
-				Kind:     "ClusterRole",
-				Name:     "cluster-admin",
-			},
-			Subjects: []rbac.Subject{
-				{
-					Kind:      "ServiceAccount",
-					Name:      "cloud-controller-manager",
-					Namespace: "kube-system",
-				},
-			},
-		},
-		DaemonSet: apps.DaemonSet{
-			TypeMeta: meta.TypeMeta{
-				APIVersion: "apps/v1",
-				Kind:       "DaemonSet",
-			},
-			ObjectMeta: meta.ObjectMeta{
-				Labels: map[string]string{
-					"k8s-app": "cloud-controller-manager",
-				},
-				Name:      "cloud-controller-manager",
-				Namespace: "kube-system",
-			},
-			Spec: apps.DaemonSetSpec{
-				Selector: &meta.LabelSelector{
-					MatchLabels: map[string]string{
-						"k8s-app": "cloud-controller-manager",
-					},
-				},
-				Template: k8s.PodTemplateSpec{
-					ObjectMeta: meta.ObjectMeta{
-						Labels: map[string]string{
-							"k8s-app": "cloud-controller-manager",
-						},
-					},
-					Spec: k8s.PodSpec{
-						ServiceAccountName: "cloud-controller-manager",
-						Containers: []k8s.Container{
-							{
-								Name:         "cloud-controller-manager",
-								Image:        image,
-								Command:      command,
-								VolumeMounts: volumeMounts,
-								Env:          env,
-							},
-						},
-						Volumes: volumes,
-						Tolerations: []k8s.Toleration{
-							{
-								Key:    "node.cloudprovider.kubernetes.io/uninitialized",
-								Value:  "true",
-								Effect: k8s.TaintEffectNoSchedule,
-							},
-							{
-								Key:    "node-role.kubernetes.io/master",
-								Effect: k8s.TaintEffectNoSchedule,
-							},
-							{
-								Key:      "node-role.kubernetes.io/control-plane",
-								Operator: k8s.TolerationOpExists,
-								Effect:   k8s.TaintEffectNoSchedule,
-							},
-							{
-								Key:    "node.kubernetes.io/not-ready",
-								Effect: k8s.TaintEffectNoSchedule,
-							},
-						},
-						NodeSelector: map[string]string{
-							"node-role.kubernetes.io/control-plane": "",
-						},
-					},
-				},
-			},
-		},
-	}
-}
-
-func (c *CloudControllerManagerDeployment) Marshal() ([]byte, error) {
-	return kubernetes.MarshalK8SResources(c)
-}
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go
@ -1,29 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"testing"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	k8s "k8s.io/api/core/v1"
-)
-
-func TestCloudControllerMarshalUnmarshal(t *testing.T) {
-	require := require.New(t)
-	assert := assert.New(t)
-
-	cloudControllerManagerDepl := NewDefaultCloudControllerManagerDeployment("dummy-cloudprovider", "some-image:latest", "/dummy_path", "192.0.2.0/24", []string{}, []k8s.Volume{}, []k8s.VolumeMount{}, nil)
-	data, err := cloudControllerManagerDepl.Marshal()
-	require.NoError(err)
-
-	var recreated CloudControllerManagerDeployment
-	require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated))
-	assert.Equal(cloudControllerManagerDepl, &recreated)
-}