cilium: AWS support

2024-10-01 01:36:09 -04:00 · 2022-10-21 14:41:31 +02:00 · 2022-10-21 14:41:31 +02:00 · 37e8f5fc28
commit 37e8f5fc28
parent ac3768bbc9
3 changed files with 50 additions and 35 deletions
--- a/bootstrapper/internal/helm/client.go
+++ b/bootstrapper/internal/helm/client.go
@ -104,18 +104,19 @@ func (h *Client) InstallCilium(ctx context.Context, kubectl k8sapi.Client, relea
 	h.Timeout = timeout

 	switch in.CloudProvider {
+	case "aws", "azure", "qemu":
+		return h.installCiliumGeneric(ctx, release, in.LoadBalancerEndpoint)
 	case "gcp":
-		return h.installlCiliumGCP(ctx, kubectl, release, in.NodeName, in.FirstNodePodCIDR, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)
-	case "azure":
-		return h.installCiliumAzure(ctx, release, in.LoadBalancerEndpoint)
-	case "qemu":
-		return h.installCiliumQEMU(ctx, release, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)
+		return h.installCiliumGCP(ctx, kubectl, release, in.NodeName, in.FirstNodePodCIDR, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)
 	default:
 		return fmt.Errorf("unsupported cloud provider %q", in.CloudProvider)
 	}
 }

-func (h *Client) installCiliumAzure(ctx context.Context, release helm.Release, kubeAPIEndpoint string) error {
+// installCiliumGeneric installs cilium with the given load balancer endpoint.
+// This is used for cloud providers that do not require special server-side configuration.
+// Currently this is AWS, Azure, and QEMU.
+func (h *Client) installCiliumGeneric(ctx context.Context, release helm.Release, kubeAPIEndpoint string) error {
 	host := kubeAPIEndpoint
 	release.Values["k8sServiceHost"] = host
 	release.Values["k8sServicePort"] = strconv.Itoa(constants.KubernetesPort)
@ -133,7 +134,7 @@ func (h *Client) installCiliumAzure(ctx context.Context, release helm.Release, k
 	return nil
 }

-func (h *Client) installlCiliumGCP(ctx context.Context, kubectl k8sapi.Client, release helm.Release, nodeName, nodePodCIDR, subnetworkPodCIDR, kubeAPIEndpoint string) error {
+func (h *Client) installCiliumGCP(ctx context.Context, kubectl k8sapi.Client, release helm.Release, nodeName, nodePodCIDR, subnetworkPodCIDR, kubeAPIEndpoint string) error {
 	out, err := exec.CommandContext(ctx, constants.KubectlPath, "--kubeconfig", constants.ControlPlaneAdminConfFilename, "patch", "node", nodeName, "-p", "{\"spec\":{\"podCIDR\": \""+nodePodCIDR+"\"}}").CombinedOutput()
 	if err != nil {
 		err = errors.New(string(out))
@ -191,29 +192,3 @@ func (h *Client) installlCiliumGCP(ctx context.Context, kubectl k8sapi.Client, r

 	return nil
 }
-
-func (h *Client) installCiliumQEMU(ctx context.Context, release helm.Release, subnetworkPodCIDR, kubeAPIEndpoint string) error {
-	// configure pod network CIDR
-	release.Values["ipam"] = map[string]any{
-		"operator": map[string]any{
-			"clusterPoolIPv4PodCIDRList": []any{
-				subnetworkPodCIDR,
-			},
-		},
-	}
-
-	release.Values["k8sServiceHost"] = kubeAPIEndpoint
-	release.Values["k8sServicePort"] = strconv.Itoa(constants.KubernetesPort)
-
-	reader := bytes.NewReader(release.Chart)
-	chart, err := loader.LoadArchive(reader)
-	if err != nil {
-		return fmt.Errorf("helm load archive: %w", err)
-	}
-
-	_, err = h.RunWithContext(ctx, chart, release.Values)
-	if err != nil {
-		return fmt.Errorf("helm install cilium: %w", err)
-	}
-	return nil
-}
--- a/cli/internal/helm/loader.go
+++ b/cli/internal/helm/loader.go
@ -93,10 +93,12 @@ func (i *ChartLoader) loadCilium(csp cloudprovider.Provider, conformanceMode boo

 	var ciliumVals map[string]any
 	switch csp {
-	case cloudprovider.GCP:
-		ciliumVals = gcpVals
+	case cloudprovider.AWS:
+		ciliumVals = awsVals
 	case cloudprovider.Azure:
 		ciliumVals = azureVals
+	case cloudprovider.GCP:
+		ciliumVals = gcpVals
 	case cloudprovider.QEMU:
 		ciliumVals = qemuVals
 	default:
--- a/cli/internal/helm/values.go
+++ b/cli/internal/helm/values.go
@ -6,6 +6,44 @@ SPDX-License-Identifier: AGPL-3.0-only

 package helm

+var awsVals = map[string]any{
+	"endpointRoutes": map[string]any{
+		"enabled": true,
+	},
+	"encryption": map[string]any{
+		"enabled": true,
+		"type":    "wireguard",
+	},
+	"l7Proxy": false,
+	"ipam": map[string]any{
+		"operator": map[string]any{
+			"clusterPoolIPv4PodCIDRList": []string{
+				"10.244.0.0/16",
+			},
+		},
+	},
+	"strictModeCIDR": "10.244.0.0/16",
+	"image": map[string]any{
+		"repository": "ghcr.io/3u13r/cilium",
+		"suffix":     "",
+		"tag":        "v1.12.1-edg",
+		"digest":     "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
+		"useDigest":  true,
+	},
+	"operator": map[string]any{
+		"image": map[string]any{
+			"repository":    "ghcr.io/3u13r/operator",
+			"tag":           "v1.12.1-edg",
+			"suffix":        "",
+			"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
+			"useDigest":     true,
+		},
+	},
+	"kubeProxyReplacement":                "strict",
+	"enableCiliumEndpointSlice":           true,
+	"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
+}
+
 var azureVals = map[string]any{
 	"endpointRoutes": map[string]any{
 		"enabled": true,