diff --git a/cli/internal/clusterid/id.go b/cli/internal/clusterid/id.go index 807844105..6159fe382 100644 --- a/cli/internal/clusterid/id.go +++ b/cli/internal/clusterid/id.go @@ -28,3 +28,8 @@ type File struct { // It is only set if the cluster is created on Azure. AttestationURL string `json:"attestationURL,omitempty"` } + +// GetClusterName returns the name of the cluster. +func GetClusterName(cfgName string, idFile File) string { + return cfgName + idFile.UID +} diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go index c67695c7c..eb7f700fc 100644 --- a/cli/internal/cmd/init.go +++ b/cli/internal/cmd/init.go @@ -174,7 +174,11 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V if err != nil { return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err) } - helmLoader := helm.NewLoader(provider, k8sVersion) + + clusterName := clusterid.GetClusterName(conf.Name, idFile) + i.log.Debugf("Setting cluster name to %s", clusterName) + + helmLoader := helm.NewLoader(provider, k8sVersion, clusterName) i.log.Debugf("Created new Helm loader") helmDeployments, err := helmLoader.Load(conf, flags.conformance, flags.helmWaitMode, masterSecret.Key, masterSecret.Salt) i.log.Debugf("Loaded Helm deployments") @@ -182,9 +186,6 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V return fmt.Errorf("loading Helm charts: %w", err) } - clusterName := conf.Name + "-" + idFile.UID - i.log.Debugf("Setting cluster name to %s", clusterName) - cmd.PrintErrln("Note: If you just created the cluster, it can take a few minutes to connect.") i.spinner.Start("Connecting ", false) req := &initproto.InitRequest{ diff --git a/cli/internal/cmd/upgradeapply.go b/cli/internal/cmd/upgradeapply.go index 415a4e2d9..370f674f3 100644 --- a/cli/internal/cmd/upgradeapply.go +++ b/cli/internal/cmd/upgradeapply.go @@ -117,7 +117,7 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand if conf.GetProvider() == cloudprovider.Azure || conf.GetProvider() == cloudprovider.GCP || conf.GetProvider() == cloudprovider.AWS { var upgradeErr *compatibility.InvalidUpgradeError - err = u.handleServiceUpgrade(cmd, conf, flags) + err = u.handleServiceUpgrade(cmd, conf, idFile, flags) switch { case errors.As(err, &upgradeErr): cmd.PrintErrln(err) @@ -365,8 +365,8 @@ func (u *upgradeApplyCmd) upgradeAttestConfigIfDiff(cmd *cobra.Command, newConfi return nil } -func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, flags upgradeApplyFlags) error { - err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.DenyDestructive, flags.force) +func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, idFile clusterid.File, flags upgradeApplyFlags) error { + err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.DenyDestructive, flags.force) if errors.Is(err, helm.ErrConfirmationMissing) { if !flags.yes { cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.") @@ -379,7 +379,7 @@ func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config. return nil } } - err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.AllowDestructive, flags.force) + err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.AllowDestructive, flags.force) } return err @@ -434,7 +434,7 @@ type upgradeApplyFlags struct { type cloudUpgrader interface { UpgradeNodeVersion(ctx context.Context, conf *config.Config, force bool) error - UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error + UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error UpdateAttestationConfig(ctx context.Context, newConfig config.AttestationCfg) error GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, *corev1.ConfigMap, error) PlanTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (bool, error) diff --git a/cli/internal/cmd/upgradeapply_test.go b/cli/internal/cmd/upgradeapply_test.go index 5cb30f1d3..1a23d2b80 100644 --- a/cli/internal/cmd/upgradeapply_test.go +++ b/cli/internal/cmd/upgradeapply_test.go @@ -169,7 +169,7 @@ func (u stubUpgrader) UpgradeNodeVersion(_ context.Context, _ *config.Config, _ return u.nodeVersionErr } -func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ time.Duration, _, _ bool) error { +func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ clusterid.File, _ time.Duration, _, _ bool) error { return u.helmErr } diff --git a/cli/internal/helm/BUILD.bazel b/cli/internal/helm/BUILD.bazel index 075096749..87cf36783 100644 --- a/cli/internal/helm/BUILD.bazel +++ b/cli/internal/helm/BUILD.bazel @@ -375,10 +375,29 @@ go_library( "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml", "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", "charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/Chart.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/README.md", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/extra_args", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/values.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/crds.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/kustomization.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/NOTES.txt", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/_helpers.tpl", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/deployment.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/ingressclass.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/pdb.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/rbac.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/service.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/serviceaccount.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/servicemonitor.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/webhook.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/test.yaml", + "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/values.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm", visibility = ["//cli:__subpackages__"], deps = [ + "//cli/internal/clusterid", "//cli/internal/helm/imageversion", "//internal/cloud/cloudprovider", "//internal/compatibility", @@ -414,6 +433,7 @@ go_test( data = glob(["testdata/**"]), embed = [":helm"], deps = [ + "//cli/internal/clusterid", "//internal/attestation/idkeydigest", "//internal/attestation/measurements", "//internal/cloud/cloudprovider", diff --git a/cli/internal/helm/client.go b/cli/internal/helm/client.go index f736ebee4..c12178cc5 100644 --- a/cli/internal/helm/client.go +++ b/cli/internal/helm/client.go @@ -13,6 +13,7 @@ import ( "strings" "time" + "github.com/edgelesssys/constellation/v2/cli/internal/clusterid" "github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/constants" @@ -102,7 +103,7 @@ func (c *Client) shouldUpgrade(releaseName, newVersion string, force bool) error // Upgrade runs a helm-upgrade on all deployments that are managed via Helm. // If the CLI receives an interrupt signal it will cancel the context. // Canceling the context will prompt helm to abort and roll back the ongoing upgrade. -func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error { +func (c *Client) Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error { upgradeErrs := []error{} upgradeReleases := []*chart.Chart{} @@ -155,7 +156,7 @@ func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout tim } for _, chart := range upgradeReleases { - err = c.upgradeRelease(ctx, timeout, config, chart) + err = c.upgradeRelease(ctx, timeout, config, idFile, chart) if err != nil { return fmt.Errorf("upgrading %s: %w", chart.Metadata.Name, err) } @@ -251,7 +252,7 @@ func (s ServiceVersions) ConstellationServices() string { } func (c *Client) upgradeRelease( - ctx context.Context, timeout time.Duration, conf *config.Config, chart *chart.Chart, + ctx context.Context, timeout time.Duration, conf *config.Config, idFile clusterid.File, chart *chart.Chart, ) error { // We need to load all values that can be statically loaded before merging them with the cluster // values. Otherwise the templates are not rendered correctly. @@ -259,7 +260,11 @@ func (c *Client) upgradeRelease( if err != nil { return fmt.Errorf("validating k8s version: %s", conf.KubernetesVersion) } - loader := NewLoader(conf.GetProvider(), k8sVersion) + + c.log.Debugf("Checking cluster ID file") + clusterName := clusterid.GetClusterName(conf.Name, idFile) + + loader := NewLoader(conf.GetProvider(), k8sVersion, clusterName) var values map[string]any var releaseName string diff --git a/cli/internal/helm/client_test.go b/cli/internal/helm/client_test.go index efd16f226..15b5e3331 100644 --- a/cli/internal/helm/client_test.go +++ b/cli/internal/helm/client_test.go @@ -11,6 +11,7 @@ import ( "testing" "time" + "github.com/edgelesssys/constellation/v2/cli/internal/clusterid" "github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/logger" @@ -77,7 +78,7 @@ func TestUpgradeRelease(t *testing.T) { chart, err := loadChartsDir(helmFS, certManagerInfo.path) require.NoError(err) - err = client.upgradeRelease(context.Background(), 0, config.Default(), chart) + err = client.upgradeRelease(context.Background(), 0, config.Default(), clusterid.File{UID: "test"}, chart) if tc.wantError { assert.Error(err) return diff --git a/cli/internal/helm/loader.go b/cli/internal/helm/loader.go index 3b7cdf258..9bc4de171 100644 --- a/cli/internal/helm/loader.go +++ b/cli/internal/helm/loader.go @@ -58,18 +58,19 @@ type ChartLoader struct { csp cloudprovider.Provider joinServiceImage string keyServiceImage string - ccmImage string - cnmImage string + ccmImage string // cloud controller manager image + cnmImage string // Azure cloud node manager image autoscalerImage string verificationServiceImage string gcpGuestAgentImage string konnectivityImage string constellationOperatorImage string nodeMaintenanceOperatorImage string + clusterName string } // NewLoader creates a new ChartLoader. -func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *ChartLoader { +func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion, clusterName string) *ChartLoader { var ccmImage, cnmImage string switch csp { case cloudprovider.AWS: @@ -97,6 +98,7 @@ func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) konnectivityImage: versions.KonnectivityAgentImage, constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""), nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage, + clusterName: clusterName, } } @@ -405,6 +407,13 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error) values["tags"] = map[string]any{ "AWS": true, } + values["aws-load-balancer-controller"] = map[string]any{ + "nodeSelector": map[string]any{ + "node-role.kubernetes.io/control-plane": "", + }, + "clusterName": i.clusterName, + } + case cloudprovider.Azure: ccmVals, ok := values["ccm"].(map[string]any) if !ok { diff --git a/cli/internal/helm/update-aws-load-balancer-chart.sh b/cli/internal/helm/update-aws-load-balancer-chart.sh index feb8727c3..482b2d464 100755 --- a/cli/internal/helm/update-aws-load-balancer-chart.sh +++ b/cli/internal/helm/update-aws-load-balancer-chart.sh @@ -15,7 +15,6 @@ if ! command -v git &> /dev/null; then exit 1 fi - callDir=$(pwd) repo_tmp_dir=$(mktemp -d) @@ -26,12 +25,12 @@ chart_url="https://github.com/aws/eks-charts" chart_dir="stable/aws-load-balancer-controller" cd "${repo_tmp_dir}" git clone \ ---filter=blob:none \ ---no-checkout \ ---sparse \ ---depth 1 \ ---branch="${branch}" \ -"${chart_url}" "${repo_tmp_dir}" + --filter=blob:none \ + --no-checkout \ + --sparse \ + --depth 1 \ + --branch="${branch}" \ + "${chart_url}" "${repo_tmp_dir}" git sparse-checkout add "${chart_dir}" git checkout diff --git a/cli/internal/kubernetes/BUILD.bazel b/cli/internal/kubernetes/BUILD.bazel index 3d7eef35b..42518f95e 100644 --- a/cli/internal/kubernetes/BUILD.bazel +++ b/cli/internal/kubernetes/BUILD.bazel @@ -11,6 +11,7 @@ go_library( importpath = "github.com/edgelesssys/constellation/v2/cli/internal/kubernetes", visibility = ["//cli:__subpackages__"], deps = [ + "//cli/internal/clusterid", "//cli/internal/helm", "//cli/internal/terraform", "//cli/internal/upgrade", diff --git a/cli/internal/kubernetes/upgrade.go b/cli/internal/kubernetes/upgrade.go index e3f339692..5ccb3b7e2 100644 --- a/cli/internal/kubernetes/upgrade.go +++ b/cli/internal/kubernetes/upgrade.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "github.com/edgelesssys/constellation/v2/cli/internal/clusterid" "github.com/edgelesssys/constellation/v2/cli/internal/helm" "github.com/edgelesssys/constellation/v2/cli/internal/terraform" "github.com/edgelesssys/constellation/v2/cli/internal/upgrade" @@ -186,8 +187,8 @@ func (u *Upgrader) ApplyTerraformMigrations(ctx context.Context, fileHandler fil } // UpgradeHelmServices upgrade helm services. -func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error { - return u.helmClient.Upgrade(ctx, config, timeout, allowDestructive, force, u.upgradeID) +func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error { + return u.helmClient.Upgrade(ctx, config, idFile, timeout, allowDestructive, force, u.upgradeID) } // UpgradeNodeVersion upgrades the cluster's NodeVersion object and in turn triggers image & k8s version upgrades. @@ -512,7 +513,7 @@ func (u *stableClient) KubernetesVersion() (string, error) { } type helmInterface interface { - Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error + Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error } type debugLog interface {