Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

image: add upgrade-agent (#827)

Browse Source
This commit is contained in:
3u13r 2022-12-29 17:50:11 +01:00 committed by GitHub
parent 0297aed1ea
commit 473e16feb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 97 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/actions/build_upgrade_agent/action.yml vendored Normal file
View File

@ -0,0 +1,22 @@
name: Build upgrade-agent
description: Build the Constellation upgrade-agent binary
inputs:
outputPath:
description: "Output path of the binary"
default: "./upgrade-agent"
required: true
# Linux runner only (Docker required)
runs:
using: "composite"
steps:
- name: Build the upgrade-agent
shell: bash
run: |
echo "::group::Build the upgrade-agent"
mkdir -p build && cd build
cmake ..
make upgrade-agent
mv -n upgrade-agent "${{ inputs.outputPath }}"
echo "::endgroup::"

13
.github/workflows/build-os-image.yml vendored
View File

@ -31,6 +31,7 @@ jobs:
outputs: outputs:
bootstrapper-sha256: ${{ steps.collect-hashes.outputs.bootstrapper-sha256 }} bootstrapper-sha256: ${{ steps.collect-hashes.outputs.bootstrapper-sha256 }}
disk-mapper-sha256: ${{ steps.collect-hashes.outputs.disk-mapper-sha256 }} disk-mapper-sha256: ${{ steps.collect-hashes.outputs.disk-mapper-sha256 }}
upgrade-agent-sha256: ${{ steps.collect-hashes.outputs.upgrade-agent-sha256 }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
@ -54,6 +55,11 @@ jobs:
with: with:
outputPath: ${{ github.workspace }}/build/disk-mapper outputPath: ${{ github.workspace }}/build/disk-mapper
- name: Build upgrade-agent
uses: ./.github/actions/build_upgrade_agent
with:
outputPath: ${{ github.workspace }}/build/upgrade-agent
- name: Upload dependencies - name: Upload dependencies
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
with: with:
@ -61,6 +67,7 @@ jobs:
path: | path: |
${{ github.workspace }}/build/bootstrapper ${{ github.workspace }}/build/bootstrapper
${{ github.workspace }}/build/disk-mapper ${{ github.workspace }}/build/disk-mapper
${{ github.workspace }}/build/upgrade-agent
- name: Collect hashes - name: Collect hashes
id: collect-hashes id: collect-hashes
@ -68,6 +75,7 @@ jobs:
{ {
echo "bootstrapper-sha256=$(sha256sum bootstrapper | head -c 64)" echo "bootstrapper-sha256=$(sha256sum bootstrapper | head -c 64)"
echo "disk-mapper-sha256=$(sha256sum disk-mapper | head -c 64)" echo "disk-mapper-sha256=$(sha256sum disk-mapper | head -c 64)"
echo "upgrade-agent-sha256=$(sha256sum upgrade-agent | head -c 64)"
} >> "$GITHUB_OUTPUT" } >> "$GITHUB_OUTPUT"
working-directory: ${{ github.workspace }}/build working-directory: ${{ github.workspace }}/build
@ -209,10 +217,11 @@ jobs:
name: dependencies name: dependencies
path: ${{ github.workspace }}/build path: ${{ github.workspace }}/build
- name: Mark bootstrapper and disk-mapper as executable - name: Mark bootstrapper, disk-mapper, and upgrade-agent as executable
run: | run: |
chmod +x ${{ github.workspace }}/build/bootstrapper chmod +x ${{ github.workspace }}/build/bootstrapper
chmod +x ${{ github.workspace }}/build/disk-mapper chmod +x ${{ github.workspace }}/build/disk-mapper
chmod +x ${{ github.workspace }}/build/upgrade-agent
- name: Setup mkosi - name: Setup mkosi
uses: ./.github/actions/setup_mkosi uses: ./.github/actions/setup_mkosi
@ -240,6 +249,7 @@ jobs:
env: env:
BOOTSTRAPPER_BINARY: ${{ github.workspace }}/build/bootstrapper BOOTSTRAPPER_BINARY: ${{ github.workspace }}/build/bootstrapper
DISK_MAPPER_BINARY: ${{ github.workspace }}/build/disk-mapper DISK_MAPPER_BINARY: ${{ github.workspace }}/build/disk-mapper
UPGRADE_AGENT_BINARY: ${{ github.workspace }}/build/upgrade-agent
IMAGE_VERSION: ${{ needs.build-settings.outputs.imageVersion }} IMAGE_VERSION: ${{ needs.build-settings.outputs.imageVersion }}
CSP: ${{ matrix.csp }} CSP: ${{ matrix.csp }}
@ -613,6 +623,7 @@ jobs:
cat > SHA256SUMS <<EOF cat > SHA256SUMS <<EOF
${{ needs.build-dependencies.outputs.bootstrapper-sha256 }} bootstrapper ${{ needs.build-dependencies.outputs.bootstrapper-sha256 }} bootstrapper
${{ needs.build-dependencies.outputs.disk-mapper-sha256 }} disk-mapper ${{ needs.build-dependencies.outputs.disk-mapper-sha256 }} disk-mapper
${{ needs.build-dependencies.outputs.upgrade-agent-sha256 }} upgrade-agent
${{ needs.make-os-image.outputs.image-raw-aws-sha256 }} aws/image.raw ${{ needs.make-os-image.outputs.image-raw-aws-sha256 }} aws/image.raw
${{ needs.make-os-image.outputs.image-raw-changelog-aws-sha256 }} aws/image.raw.changelog ${{ needs.make-os-image.outputs.image-raw-changelog-aws-sha256 }} aws/image.raw.changelog
${{ needs.make-os-image.outputs.image-raw-manifest-aws-sha256 }} aws/image.raw.manifest ${{ needs.make-os-image.outputs.image-raw-manifest-aws-sha256 }} aws/image.raw.manifest

7
cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml
View File

@ -43,6 +43,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
- mountPath: /var/secrets/google - mountPath: /var/secrets/google
name: gcekey name: gcekey
readOnly: true readOnly: true
@ -77,6 +80,10 @@ spec:
- name: gceconf - name: gceconf
configMap: configMap:
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket
- name: gcekey - name: gcekey
secret: secret:
secretName: gcekey secretName: gcekey

7
cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/templates/deployment.yaml
View File

@ -89,6 +89,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
securityContext: securityContext:
@ -123,3 +126,7 @@ spec:
name: gceconf name: gceconf
optional: true optional: true
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket

7
cli/internal/helm/testdata/Azure/constellation-operators/charts/constellation-operator/templates/deployment.yaml vendored
View File

@ -107,6 +107,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
securityContext: securityContext:
@ -141,3 +144,7 @@ spec:
name: gceconf name: gceconf
optional: true optional: true
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket

7
cli/internal/helm/testdata/GCP/constellation-operators/charts/constellation-operator/templates/deployment.yaml vendored
View File

@ -107,6 +107,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
securityContext: securityContext:
@ -141,3 +144,7 @@ spec:
name: gceconf name: gceconf
optional: true optional: true
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket

7
cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-daemonset.yaml vendored
View File

@ -42,6 +42,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
- mountPath: /var/secrets/google - mountPath: /var/secrets/google
name: gcekey name: gcekey
readOnly: true readOnly: true
@ -76,6 +79,10 @@ spec:
- name: gceconf - name: gceconf
configMap: configMap:
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket
- name: gcekey - name: gcekey
secret: secret:
secretName: gcekey secretName: gcekey

7
cli/internal/helm/testdata/QEMU/constellation-operators/charts/constellation-operator/templates/deployment.yaml vendored
View File

@ -107,6 +107,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
securityContext: securityContext:
@ -141,3 +144,7 @@ spec:
name: gceconf name: gceconf
optional: true optional: true
name: gceconf name: gceconf
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket

2
image/Makefile
View File

@ -3,6 +3,7 @@ SRC_PATH = $(CURDIR)
BASE_PATH ?= $(SRC_PATH) BASE_PATH ?= $(SRC_PATH)
BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper
DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper
UPGRADE_AGENT_BINARY ?= $(BASE_PATH)/../build/upgrade-agent
PKI ?= $(BASE_PATH)/pki PKI ?= $(BASE_PATH)/pki
MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra
IMAGE_VERSION ?= v0.0.0 IMAGE_VERSION ?= v0.0.0
@ -36,6 +37,7 @@ inject-bins: $(PREBUILT_RPMS)
mkdir -p $(MKOSI_EXTRA)/usr/bin mkdir -p $(MKOSI_EXTRA)/usr/bin
mkdir -p $(MKOSI_EXTRA)/usr/sbin mkdir -p $(MKOSI_EXTRA)/usr/sbin
cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper
cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper
inject-certs: $(certs) inject-certs: $(certs)

1
image/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
View File

@ -1,4 +1,5 @@
enable configure-constel-csp.service enable configure-constel-csp.service
enable constellation-upgrade-agent.service
enable constellation-bootstrapper.service enable constellation-bootstrapper.service
enable containerd.service enable containerd.service
enable kubelet.service enable kubelet.service

11
image/mkosi.skeleton/usr/lib/systemd/system/constellation-upgrade-agent.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Constellation Upgrade Agent
[Service]
Type=simple
RemainAfterExit=yes
Restart=on-failure
ExecStart=/usr/bin/upgrade-agent
[Install]
WantedBy=multi-user.target

7
operators/constellation-node-operator/config/manager/manager.yaml
View File

@ -60,6 +60,9 @@ spec:
- mountPath: /etc/gce - mountPath: /etc/gce
name: gceconf name: gceconf
readOnly: true readOnly: true
- mountPath: /etc/constellation-upgrade-agent.sock
name: upgrade-agent-socket
readOnly: true
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
@ -88,6 +91,10 @@ spec:
configMap: configMap:
name: gceconf name: gceconf
optional: true optional: true
- name: upgrade-agent-socket
hostPath:
path: /run/constellation-upgrade-agent.sock
type: Socket
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
tolerations: tolerations: