diff --git a/bootstrapper/cmd/bootstrapper/test.go b/bootstrapper/cmd/bootstrapper/test.go index 131852312..52acb949c 100644 --- a/bootstrapper/cmd/bootstrapper/test.go +++ b/bootstrapper/cmd/bootstrapper/test.go @@ -7,6 +7,7 @@ import ( "github.com/edgelesssys/constellation/bootstrapper/role" attestationtypes "github.com/edgelesssys/constellation/internal/attestation/types" "github.com/edgelesssys/constellation/internal/cloud/metadata" + "go.uber.org/zap" kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3" ) @@ -14,13 +15,13 @@ import ( type clusterFake struct{} // InitCluster fakes bootstrapping a new cluster with the current node being the master, returning the arguments required to join the cluster. -func (c *clusterFake) InitCluster(context.Context, []string, string, string, attestationtypes.ID, kubernetes.KMSConfig, map[string]string, +func (c *clusterFake) InitCluster(context.Context, []string, string, string, attestationtypes.ID, kubernetes.KMSConfig, map[string]string, *zap.Logger, ) ([]byte, error) { return []byte{}, nil } // JoinCluster will fake joining the current node to an existing cluster. -func (c *clusterFake) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, string, role.Role) error { +func (c *clusterFake) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, string, role.Role, *zap.Logger) error { return nil } diff --git a/bootstrapper/internal/initserver/initserver.go b/bootstrapper/internal/initserver/initserver.go index 11e4b8b9b..db7d26f1a 100644 --- a/bootstrapper/internal/initserver/initserver.go +++ b/bootstrapper/internal/initserver/initserver.go @@ -124,6 +124,7 @@ func (s *Server) Init(ctx context.Context, req *initproto.InitRequest) (*initpro UseExistingKEK: req.UseExistingKek, }, sshProtoKeysToMap(req.SshUserKeys), + s.logger, ) if err != nil { return nil, status.Errorf(codes.Internal, "initializing cluster: %s", err) @@ -192,6 +193,7 @@ type ClusterInitializer interface { id attestationtypes.ID, kmsConfig kubernetes.KMSConfig, sshUserKeys map[string]string, + logger *zap.Logger, ) ([]byte, error) } diff --git a/bootstrapper/internal/initserver/initserver_test.go b/bootstrapper/internal/initserver/initserver_test.go index d162a6caf..4620deff2 100644 --- a/bootstrapper/internal/initserver/initserver_test.go +++ b/bootstrapper/internal/initserver/initserver_test.go @@ -217,7 +217,7 @@ type stubClusterInitializer struct { initClusterErr error } -func (i *stubClusterInitializer) InitCluster(context.Context, []string, string, string, attestationtypes.ID, kubernetes.KMSConfig, map[string]string, +func (i *stubClusterInitializer) InitCluster(context.Context, []string, string, string, attestationtypes.ID, kubernetes.KMSConfig, map[string]string, *zap.Logger, ) ([]byte, error) { return i.initClusterKubeconfig, i.initClusterErr } diff --git a/bootstrapper/internal/joinclient/client.go b/bootstrapper/internal/joinclient/client.go index 8086b3844..cb708d086 100644 --- a/bootstrapper/internal/joinclient/client.go +++ b/bootstrapper/internal/joinclient/client.go @@ -245,7 +245,7 @@ func (c *JoinClient) startNodeAndJoin(ticket *joinproto.IssueJoinTicketResponse) Token: ticket.Token, CACertHashes: []string{ticket.DiscoveryTokenCaCertHash}, } - if err := c.joiner.JoinCluster(ctx, btd, ticket.CertificateKey, c.role); err != nil { + if err := c.joiner.JoinCluster(ctx, btd, ticket.CertificateKey, c.role, c.log); err != nil { return fmt.Errorf("joining Kubernetes cluster: %w", err) } @@ -337,6 +337,7 @@ type ClusterJoiner interface { args *kubeadm.BootstrapTokenDiscovery, certKey string, peerRole role.Role, + logger *zap.Logger, ) error } diff --git a/bootstrapper/internal/joinclient/client_test.go b/bootstrapper/internal/joinclient/client_test.go index e70ba3019..5f1d0a90c 100644 --- a/bootstrapper/internal/joinclient/client_test.go +++ b/bootstrapper/internal/joinclient/client_test.go @@ -385,7 +385,7 @@ type stubClusterJoiner struct { joinClusterErr error } -func (j *stubClusterJoiner) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, string, role.Role) error { +func (j *stubClusterJoiner) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, string, role.Role, *zap.Logger) error { j.joinClusterCalled = true return j.joinClusterErr } diff --git a/bootstrapper/internal/kubernetes/k8sapi/util.go b/bootstrapper/internal/kubernetes/k8sapi/util.go index 28ce38550..070fc9b12 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/util.go +++ b/bootstrapper/internal/kubernetes/k8sapi/util.go @@ -12,6 +12,7 @@ import ( "time" "github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi/resources" + "go.uber.org/zap" kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3" ) @@ -76,7 +77,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version string) return enableSystemdUnit(ctx, kubeletServiceEtcPath) } -func (k *KubernetesUtil) InitCluster(ctx context.Context, initConfig []byte) error { +func (k *KubernetesUtil) InitCluster(ctx context.Context, initConfig []byte, logger *zap.Logger) error { // TODO: audit policy should be user input auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal() if err != nil { @@ -97,14 +98,15 @@ func (k *KubernetesUtil) InitCluster(ctx context.Context, initConfig []byte) err } cmd := exec.CommandContext(ctx, kubeadmPath, "init", "-v=5", "--config", initConfigFile.Name()) - _, err = cmd.Output() + out, err := cmd.CombinedOutput() if err != nil { var exitErr *exec.ExitError if errors.As(err, &exitErr) { - return fmt.Errorf("kubeadm init failed (code %v) with: %s", exitErr.ExitCode(), exitErr.Stderr) + return fmt.Errorf("kubeadm init failed (code %v) with: %s", exitErr.ExitCode(), out) } return fmt.Errorf("kubeadm init: %w", err) } + logger.Info("kubeadm init succeeded", zap.String("output", string(out))) return nil } @@ -280,7 +282,7 @@ func (k *KubernetesUtil) SetupVerificationService(kubectl Client, verificationSe } // JoinCluster joins existing Kubernetes cluster using kubeadm join. -func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte) error { +func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, logger *zap.Logger) error { // TODO: audit policy should be user input auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal() if err != nil { @@ -302,13 +304,15 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte) err // run `kubeadm join` to join a worker node to an existing Kubernetes cluster cmd := exec.CommandContext(ctx, kubeadmPath, "join", "-v=5", "--config", joinConfigFile.Name()) - if _, err := cmd.Output(); err != nil { + out, err := cmd.CombinedOutput() + if err != nil { var exitErr *exec.ExitError if errors.As(err, &exitErr) { - return fmt.Errorf("kubeadm join failed (code %v) with: %s (full err: %s)", exitErr.ExitCode(), exitErr.Stderr, err) + return fmt.Errorf("kubeadm join failed (code %v) with: %s (full err: %s)", exitErr.ExitCode(), out, err) } return fmt.Errorf("kubeadm join: %w", err) } + logger.Info("kubeadm join succeeded", zap.String("output", string(out))) return nil } diff --git a/bootstrapper/internal/kubernetes/k8sutil.go b/bootstrapper/internal/kubernetes/k8sutil.go index d3096ba75..159451229 100644 --- a/bootstrapper/internal/kubernetes/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sutil.go @@ -6,13 +6,14 @@ import ( "github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi" "github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi/resources" + "go.uber.org/zap" kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3" ) type clusterUtil interface { InstallComponents(ctx context.Context, version string) error - InitCluster(ctx context.Context, initConfig []byte) error - JoinCluster(ctx context.Context, joinConfig []byte) error + InitCluster(ctx context.Context, initConfig []byte, logger *zap.Logger) error + JoinCluster(ctx context.Context, joinConfig []byte, logger *zap.Logger) error SetupPodNetwork(context.Context, k8sapi.SetupPodNetworkInput) error SetupAccessManager(kubectl k8sapi.Client, sshUsers resources.Marshaler) error SetupAutoscaling(kubectl k8sapi.Client, clusterAutoscalerConfiguration resources.Marshaler, secrets resources.Marshaler) error diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index b216faa7a..6508daa90 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -16,6 +16,7 @@ import ( attestationtypes "github.com/edgelesssys/constellation/internal/attestation/types" "github.com/edgelesssys/constellation/internal/cloud/metadata" "github.com/spf13/afero" + "go.uber.org/zap" kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3" ) @@ -75,7 +76,7 @@ type KMSConfig struct { // InitCluster initializes a new Kubernetes cluster and applies pod network provider. func (k *KubeWrapper) InitCluster( ctx context.Context, autoscalingNodeGroups []string, cloudServiceAccountURI, k8sVersion string, - id attestationtypes.ID, kmsConfig KMSConfig, sshUsers map[string]string, + id attestationtypes.ID, kmsConfig KMSConfig, sshUsers map[string]string, logger *zap.Logger, ) ([]byte, error) { // TODO: k8s version should be user input if err := k.clusterUtil.InstallComponents(ctx, k8sVersion); err != nil { @@ -141,7 +142,7 @@ func (k *KubeWrapper) InitCluster( if err != nil { return nil, fmt.Errorf("encoding kubeadm init configuration as YAML: %w", err) } - if err := k.clusterUtil.InitCluster(ctx, initConfigYAML); err != nil { + if err := k.clusterUtil.InitCluster(ctx, initConfigYAML, logger); err != nil { return nil, fmt.Errorf("kubeadm init: %w", err) } kubeConfig, err := k.GetKubeconfig() @@ -206,7 +207,7 @@ func (k *KubeWrapper) InitCluster( } // JoinCluster joins existing Kubernetes cluster. -func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, certKey string, peerRole role.Role) error { +func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, certKey string, peerRole role.Role, logger *zap.Logger) error { // TODO: k8s version should be user input if err := k.clusterUtil.InstallComponents(ctx, "1.23.6"); err != nil { return err @@ -248,7 +249,7 @@ func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTo if err != nil { return fmt.Errorf("encoding kubeadm join configuration as YAML: %w", err) } - if err := k.clusterUtil.JoinCluster(ctx, joinConfigYAML); err != nil { + if err := k.clusterUtil.JoinCluster(ctx, joinConfigYAML, logger); err != nil { return fmt.Errorf("joining cluster: %v; %w ", string(joinConfigYAML), err) } diff --git a/bootstrapper/internal/kubernetes/kubernetes_test.go b/bootstrapper/internal/kubernetes/kubernetes_test.go index 47205bb37..e78f6fdba 100644 --- a/bootstrapper/internal/kubernetes/kubernetes_test.go +++ b/bootstrapper/internal/kubernetes/kubernetes_test.go @@ -15,6 +15,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/goleak" + "go.uber.org/zap" + "go.uber.org/zap/zaptest" kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3" ) @@ -268,7 +270,7 @@ func TestInitCluster(t *testing.T) { kubeconfigReader: tc.kubeconfigReader, getIPAddr: func() (string, error) { return privateIP, nil }, } - _, err := kube.InitCluster(context.Background(), autoscalingNodeGroups, serviceAccountUri, k8sVersion, attestationtypes.ID{}, KMSConfig{MasterSecret: masterSecret}, nil) + _, err := kube.InitCluster(context.Background(), autoscalingNodeGroups, serviceAccountUri, k8sVersion, attestationtypes.ID{}, KMSConfig{MasterSecret: masterSecret}, nil, zaptest.NewLogger(t)) if tc.wantErr { assert.Error(err) @@ -425,7 +427,7 @@ func TestJoinCluster(t *testing.T) { getIPAddr: func() (string, error) { return privateIP, nil }, } - err := kube.JoinCluster(context.Background(), joinCommand, certKey, tc.role) + err := kube.JoinCluster(context.Background(), joinCommand, certKey, tc.role, zaptest.NewLogger(t)) if tc.wantErr { assert.Error(err) return @@ -499,7 +501,7 @@ func (s *stubClusterUtil) InstallComponents(ctx context.Context, version string) return s.installComponentsErr } -func (s *stubClusterUtil) InitCluster(ctx context.Context, initConfig []byte) error { +func (s *stubClusterUtil) InitCluster(ctx context.Context, initConfig []byte, logger *zap.Logger) error { s.initConfigs = append(s.initConfigs, initConfig) return s.initClusterErr } @@ -540,7 +542,7 @@ func (s *stubClusterUtil) SetupVerificationService(kubectl k8sapi.Client, verifi return s.setupVerificationServiceErr } -func (s *stubClusterUtil) JoinCluster(ctx context.Context, joinConfig []byte) error { +func (s *stubClusterUtil) JoinCluster(ctx context.Context, joinConfig []byte, logger *zap.Logger) error { s.joinConfigs = append(s.joinConfigs, joinConfig) return s.joinClusterErr } diff --git a/cli/internal/azure/client/compute.go b/cli/internal/azure/client/compute.go index 0c5e014fd..1bffdbc29 100644 --- a/cli/internal/azure/client/compute.go +++ b/cli/internal/azure/client/compute.go @@ -32,7 +32,7 @@ func (c *Client) CreateInstances(ctx context.Context, input CreateInstancesInput // Create control plane scale set createControlPlaneInput := CreateScaleSetInput{ - Name: "constellation-scale-set-controlpalens-" + c.uid, + Name: "constellation-scale-set-controlplanes-" + c.uid, NamePrefix: c.name + "-control-plane-" + c.uid + "-", Count: input.CountControlPlanes, InstanceType: input.InstanceType,