Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-23 00:10:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

cilium: AWS support

Browse Source
This commit is contained in:
Leonard Cohnen 2022-10-21 14:41:31 +02:00 committed by 3u13r
parent ac3768bbc9
commit 37e8f5fc28
3 changed files with 50 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
bootstrapper/internal/helm/client.go
View File

@ -104,18 +104,19 @@ func (h *Client) InstallCilium(ctx context.Context, kubectl k8sapi.Client, relea
h.Timeout = timeout h.Timeout = timeout
switch in.CloudProvider { switch in.CloudProvider {
case "aws", "azure", "qemu":
return h.installCiliumGeneric(ctx, release, in.LoadBalancerEndpoint)
case "gcp": case "gcp":
return h.installlCiliumGCP(ctx, kubectl, release, in.NodeName, in.FirstNodePodCIDR, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint) return h.installCiliumGCP(ctx, kubectl, release, in.NodeName, in.FirstNodePodCIDR, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)
case "azure":
return h.installCiliumAzure(ctx, release, in.LoadBalancerEndpoint)
case "qemu":
return h.installCiliumQEMU(ctx, release, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)
default: default:
return fmt.Errorf("unsupported cloud provider %q", in.CloudProvider) return fmt.Errorf("unsupported cloud provider %q", in.CloudProvider)
} }
} }
func (h *Client) installCiliumAzure(ctx context.Context, release helm.Release, kubeAPIEndpoint string) error { // installCiliumGeneric installs cilium with the given load balancer endpoint.
// This is used for cloud providers that do not require special server-side configuration.
// Currently this is AWS, Azure, and QEMU.
func (h *Client) installCiliumGeneric(ctx context.Context, release helm.Release, kubeAPIEndpoint string) error {
host := kubeAPIEndpoint host := kubeAPIEndpoint
release.Values["k8sServiceHost"] = host release.Values["k8sServiceHost"] = host
release.Values["k8sServicePort"] = strconv.Itoa(constants.KubernetesPort) release.Values["k8sServicePort"] = strconv.Itoa(constants.KubernetesPort)
@ -133,7 +134,7 @@ func (h *Client) installCiliumAzure(ctx context.Context, release helm.Release, k
return nil return nil
} }
func (h *Client) installlCiliumGCP(ctx context.Context, kubectl k8sapi.Client, release helm.Release, nodeName, nodePodCIDR, subnetworkPodCIDR, kubeAPIEndpoint string) error { func (h *Client) installCiliumGCP(ctx context.Context, kubectl k8sapi.Client, release helm.Release, nodeName, nodePodCIDR, subnetworkPodCIDR, kubeAPIEndpoint string) error {
out, err := exec.CommandContext(ctx, constants.KubectlPath, "--kubeconfig", constants.ControlPlaneAdminConfFilename, "patch", "node", nodeName, "-p", "{\"spec\":{\"podCIDR\": \""+nodePodCIDR+"\"}}").CombinedOutput() out, err := exec.CommandContext(ctx, constants.KubectlPath, "--kubeconfig", constants.ControlPlaneAdminConfFilename, "patch", "node", nodeName, "-p", "{\"spec\":{\"podCIDR\": \""+nodePodCIDR+"\"}}").CombinedOutput()
if err != nil { if err != nil {
err = errors.New(string(out)) err = errors.New(string(out))
@ -191,29 +192,3 @@ func (h *Client) installlCiliumGCP(ctx context.Context, kubectl k8sapi.Client, r
return nil return nil
} }
func (h *Client) installCiliumQEMU(ctx context.Context, release helm.Release, subnetworkPodCIDR, kubeAPIEndpoint string) error {
// configure pod network CIDR
release.Values["ipam"] = map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []any{
subnetworkPodCIDR,
},
},
}
release.Values["k8sServiceHost"] = kubeAPIEndpoint
release.Values["k8sServicePort"] = strconv.Itoa(constants.KubernetesPort)
reader := bytes.NewReader(release.Chart)
chart, err := loader.LoadArchive(reader)
if err != nil {
return fmt.Errorf("helm load archive: %w", err)
}
_, err = h.RunWithContext(ctx, chart, release.Values)
if err != nil {
return fmt.Errorf("helm install cilium: %w", err)
}
return nil
}

6
cli/internal/helm/loader.go
View File

@ -93,10 +93,12 @@ func (i *ChartLoader) loadCilium(csp cloudprovider.Provider, conformanceMode boo
var ciliumVals map[string]any var ciliumVals map[string]any
switch csp { switch csp {
case cloudprovider.GCP: case cloudprovider.AWS:
ciliumVals = gcpVals ciliumVals = awsVals
case cloudprovider.Azure: case cloudprovider.Azure:
ciliumVals = azureVals ciliumVals = azureVals
case cloudprovider.GCP:
ciliumVals = gcpVals
case cloudprovider.QEMU: case cloudprovider.QEMU:
ciliumVals = qemuVals ciliumVals = qemuVals
default: default:

38
cli/internal/helm/values.go
View File

@ -6,6 +6,44 @@ SPDX-License-Identifier: AGPL-3.0-only
package helm package helm
var awsVals = map[string]any{
"endpointRoutes": map[string]any{
"enabled": true,
},
"encryption": map[string]any{
"enabled": true,
"type": "wireguard",
},
"l7Proxy": false,
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
},
},
"strictModeCIDR": "10.244.0.0/16",
"image": map[string]any{
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
"tag": "v1.12.1-edg",
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
"useDigest": true,
},
"operator": map[string]any{
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
"tag": "v1.12.1-edg",
"suffix": "",
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
"useDigest": true,
},
},
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
}
var azureVals = map[string]any{ var azureVals = map[string]any{
"endpointRoutes": map[string]any{ "endpointRoutes": map[string]any{
"enabled": true, "enabled": true,