Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-08 14:42:53 -04:00
Code Issues Projects Releases Packages Wiki Activity

pass clusterName to helm for AWS LB

Browse source
This commit is contained in:
Adrian Stobbe 2023-07-11 18:15:29 +02:00
parent fc444b259c
commit 64e0af863f
11 changed files with 70 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cli/internal/clusterid/id.go
View file

@ -28,3 +28,8 @@ type File struct {
// It is only set if the cluster is created on Azure. // It is only set if the cluster is created on Azure.
AttestationURL string `json:"attestationURL,omitempty"` AttestationURL string `json:"attestationURL,omitempty"`
} }
// GetClusterName returns the name of the cluster.
func GetClusterName(cfgName string, idFile File) string {
return cfgName + idFile.UID
}

9
cli/internal/cmd/init.go
View file

@ -174,7 +174,11 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
if err != nil { if err != nil {
return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err) return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err)
} }
helmLoader := helm.NewLoader(provider, k8sVersion)
clusterName := clusterid.GetClusterName(conf.Name, idFile)
i.log.Debugf("Setting cluster name to %s", clusterName)
helmLoader := helm.NewLoader(provider, k8sVersion, clusterName)
i.log.Debugf("Created new Helm loader") i.log.Debugf("Created new Helm loader")
helmDeployments, err := helmLoader.Load(conf, flags.conformance, flags.helmWaitMode, masterSecret.Key, masterSecret.Salt) helmDeployments, err := helmLoader.Load(conf, flags.conformance, flags.helmWaitMode, masterSecret.Key, masterSecret.Salt)
i.log.Debugf("Loaded Helm deployments") i.log.Debugf("Loaded Helm deployments")
@ -182,9 +186,6 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
return fmt.Errorf("loading Helm charts: %w", err) return fmt.Errorf("loading Helm charts: %w", err)
} }
clusterName := conf.Name + "-" + idFile.UID
i.log.Debugf("Setting cluster name to %s", clusterName)
cmd.PrintErrln("Note: If you just created the cluster, it can take a few minutes to connect.") cmd.PrintErrln("Note: If you just created the cluster, it can take a few minutes to connect.")
i.spinner.Start("Connecting ", false) i.spinner.Start("Connecting ", false)
req := &initproto.InitRequest{ req := &initproto.InitRequest{

10
cli/internal/cmd/upgradeapply.go
View file

@ -117,7 +117,7 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand
if conf.GetProvider() == cloudprovider.Azure || conf.GetProvider() == cloudprovider.GCP || conf.GetProvider() == cloudprovider.AWS { if conf.GetProvider() == cloudprovider.Azure || conf.GetProvider() == cloudprovider.GCP || conf.GetProvider() == cloudprovider.AWS {
var upgradeErr *compatibility.InvalidUpgradeError var upgradeErr *compatibility.InvalidUpgradeError
err = u.handleServiceUpgrade(cmd, conf, flags) err = u.handleServiceUpgrade(cmd, conf, idFile, flags)
switch { switch {
case errors.As(err, &upgradeErr): case errors.As(err, &upgradeErr):
cmd.PrintErrln(err) cmd.PrintErrln(err)
@ -365,8 +365,8 @@ func (u *upgradeApplyCmd) upgradeAttestConfigIfDiff(cmd *cobra.Command, newConfi
return nil return nil
} }
func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, flags upgradeApplyFlags) error { func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, idFile clusterid.File, flags upgradeApplyFlags) error {
err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.DenyDestructive, flags.force) err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.DenyDestructive, flags.force)
if errors.Is(err, helm.ErrConfirmationMissing) { if errors.Is(err, helm.ErrConfirmationMissing) {
if !flags.yes { if !flags.yes {
cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.") cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.")
@ -379,7 +379,7 @@ func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.
return nil return nil
} }
} }
err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.AllowDestructive, flags.force) err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.AllowDestructive, flags.force)
} }
return err return err
@ -434,7 +434,7 @@ type upgradeApplyFlags struct {
type cloudUpgrader interface { type cloudUpgrader interface {
UpgradeNodeVersion(ctx context.Context, conf *config.Config, force bool) error UpgradeNodeVersion(ctx context.Context, conf *config.Config, force bool) error
UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error
UpdateAttestationConfig(ctx context.Context, newConfig config.AttestationCfg) error UpdateAttestationConfig(ctx context.Context, newConfig config.AttestationCfg) error
GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, *corev1.ConfigMap, error) GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, *corev1.ConfigMap, error)
PlanTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (bool, error) PlanTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (bool, error)

2
cli/internal/cmd/upgradeapply_test.go
View file

@ -169,7 +169,7 @@ func (u stubUpgrader) UpgradeNodeVersion(_ context.Context, _ *config.Config, _
return u.nodeVersionErr return u.nodeVersionErr
} }
func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ time.Duration, _, _ bool) error { func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ clusterid.File, _ time.Duration, _, _ bool) error {
return u.helmErr return u.helmErr
} }

20
cli/internal/helm/BUILD.bazel
View file

@ -375,10 +375,29 @@ go_library(
"charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml", "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml",
"charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml",
"charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml", "charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/Chart.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/README.md",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/extra_args",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/values.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/crds.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/kustomization.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/NOTES.txt",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/_helpers.tpl",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/deployment.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/ingressclass.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/pdb.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/rbac.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/service.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/serviceaccount.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/servicemonitor.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/webhook.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/test.yaml",
"charts/edgeless/constellation-services/charts/aws-load-balancer-controller/values.yaml",
], ],
importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm", importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm",
visibility = ["//cli:__subpackages__"], visibility = ["//cli:__subpackages__"],
deps = [ deps = [
"//cli/internal/clusterid",
"//cli/internal/helm/imageversion", "//cli/internal/helm/imageversion",
"//internal/cloud/cloudprovider", "//internal/cloud/cloudprovider",
"//internal/compatibility", "//internal/compatibility",
@ -414,6 +433,7 @@ go_test(
data = glob(["testdata/**"]), data = glob(["testdata/**"]),
embed = [":helm"], embed = [":helm"],
deps = [ deps = [
"//cli/internal/clusterid",
"//internal/attestation/idkeydigest", "//internal/attestation/idkeydigest",
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/cloud/cloudprovider", "//internal/cloud/cloudprovider",

13
cli/internal/helm/client.go
View file

@ -13,6 +13,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
"github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/compatibility"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
@ -102,7 +103,7 @@ func (c *Client) shouldUpgrade(releaseName, newVersion string, force bool) error
// Upgrade runs a helm-upgrade on all deployments that are managed via Helm. // Upgrade runs a helm-upgrade on all deployments that are managed via Helm.
// If the CLI receives an interrupt signal it will cancel the context. // If the CLI receives an interrupt signal it will cancel the context.
// Canceling the context will prompt helm to abort and roll back the ongoing upgrade. // Canceling the context will prompt helm to abort and roll back the ongoing upgrade.
func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error { func (c *Client) Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error {
upgradeErrs := []error{} upgradeErrs := []error{}
upgradeReleases := []*chart.Chart{} upgradeReleases := []*chart.Chart{}
@ -155,7 +156,7 @@ func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout tim
} }
for _, chart := range upgradeReleases { for _, chart := range upgradeReleases {
err = c.upgradeRelease(ctx, timeout, config, chart) err = c.upgradeRelease(ctx, timeout, config, idFile, chart)
if err != nil { if err != nil {
return fmt.Errorf("upgrading %s: %w", chart.Metadata.Name, err) return fmt.Errorf("upgrading %s: %w", chart.Metadata.Name, err)
} }
@ -251,7 +252,7 @@ func (s ServiceVersions) ConstellationServices() string {
} }
func (c *Client) upgradeRelease( func (c *Client) upgradeRelease(
ctx context.Context, timeout time.Duration, conf *config.Config, chart *chart.Chart, ctx context.Context, timeout time.Duration, conf *config.Config, idFile clusterid.File, chart *chart.Chart,
) error { ) error {
// We need to load all values that can be statically loaded before merging them with the cluster // We need to load all values that can be statically loaded before merging them with the cluster
// values. Otherwise the templates are not rendered correctly. // values. Otherwise the templates are not rendered correctly.
@ -259,7 +260,11 @@ func (c *Client) upgradeRelease(
if err != nil { if err != nil {
return fmt.Errorf("validating k8s version: %s", conf.KubernetesVersion) return fmt.Errorf("validating k8s version: %s", conf.KubernetesVersion)
} }
loader := NewLoader(conf.GetProvider(), k8sVersion)
c.log.Debugf("Checking cluster ID file")
clusterName := clusterid.GetClusterName(conf.Name, idFile)
loader := NewLoader(conf.GetProvider(), k8sVersion, clusterName)
var values map[string]any var values map[string]any
var releaseName string var releaseName string

3
cli/internal/helm/client_test.go
View file

@ -11,6 +11,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
"github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/compatibility"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
@ -77,7 +78,7 @@ func TestUpgradeRelease(t *testing.T) {
chart, err := loadChartsDir(helmFS, certManagerInfo.path) chart, err := loadChartsDir(helmFS, certManagerInfo.path)
require.NoError(err) require.NoError(err)
err = client.upgradeRelease(context.Background(), 0, config.Default(), chart) err = client.upgradeRelease(context.Background(), 0, config.Default(), clusterid.File{UID: "test"}, chart)
if tc.wantError { if tc.wantError {
assert.Error(err) assert.Error(err)
return return

15
cli/internal/helm/loader.go
View file

@ -58,18 +58,19 @@ type ChartLoader struct {
csp cloudprovider.Provider csp cloudprovider.Provider
joinServiceImage string joinServiceImage string
keyServiceImage string keyServiceImage string
ccmImage string ccmImage string // cloud controller manager image
cnmImage string cnmImage string // Azure cloud node manager image
autoscalerImage string autoscalerImage string
verificationServiceImage string verificationServiceImage string
gcpGuestAgentImage string gcpGuestAgentImage string
konnectivityImage string konnectivityImage string
constellationOperatorImage string constellationOperatorImage string
nodeMaintenanceOperatorImage string nodeMaintenanceOperatorImage string
clusterName string
} }
// NewLoader creates a new ChartLoader. // NewLoader creates a new ChartLoader.
func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *ChartLoader { func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion, clusterName string) *ChartLoader {
var ccmImage, cnmImage string var ccmImage, cnmImage string
switch csp { switch csp {
case cloudprovider.AWS: case cloudprovider.AWS:
@ -97,6 +98,7 @@ func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion)
konnectivityImage: versions.KonnectivityAgentImage, konnectivityImage: versions.KonnectivityAgentImage,
constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""), constellationOperatorImage: imageversion.ConstellationNodeOperator("", ""),
nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage, nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
clusterName: clusterName,
} }
} }
@ -405,6 +407,13 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error)
values["tags"] = map[string]any{ values["tags"] = map[string]any{
"AWS": true, "AWS": true,
} }
values["aws-load-balancer-controller"] = map[string]any{
"nodeSelector": map[string]any{
"node-role.kubernetes.io/control-plane": "",
},
"clusterName": i.clusterName,
}
case cloudprovider.Azure: case cloudprovider.Azure:
ccmVals, ok := values["ccm"].(map[string]any) ccmVals, ok := values["ccm"].(map[string]any)
if !ok { if !ok {

13
cli/internal/helm/update-aws-load-balancer-chart.sh
View file

@ -15,7 +15,6 @@ if ! command -v git &> /dev/null; then
exit 1 exit 1
fi fi
callDir=$(pwd) callDir=$(pwd)
repo_tmp_dir=$(mktemp -d) repo_tmp_dir=$(mktemp -d)
@ -26,12 +25,12 @@ chart_url="https://github.com/aws/eks-charts"
chart_dir="stable/aws-load-balancer-controller" chart_dir="stable/aws-load-balancer-controller"
cd "${repo_tmp_dir}" cd "${repo_tmp_dir}"
git clone \ git clone \
--filter=blob:none \ --filter=blob:none \
--no-checkout \ --no-checkout \
--sparse \ --sparse \
--depth 1 \ --depth 1 \
--branch="${branch}" \ --branch="${branch}" \
"${chart_url}" "${repo_tmp_dir}" "${chart_url}" "${repo_tmp_dir}"
git sparse-checkout add "${chart_dir}" git sparse-checkout add "${chart_dir}"
git checkout git checkout

1
cli/internal/kubernetes/BUILD.bazel
View file

@ -11,6 +11,7 @@ go_library(
importpath = "github.com/edgelesssys/constellation/v2/cli/internal/kubernetes", importpath = "github.com/edgelesssys/constellation/v2/cli/internal/kubernetes",
visibility = ["//cli:__subpackages__"], visibility = ["//cli:__subpackages__"],
deps = [ deps = [
"//cli/internal/clusterid",
"//cli/internal/helm", "//cli/internal/helm",
"//cli/internal/terraform", "//cli/internal/terraform",
"//cli/internal/upgrade", "//cli/internal/upgrade",

7
cli/internal/kubernetes/upgrade.go
View file

@ -16,6 +16,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
"github.com/edgelesssys/constellation/v2/cli/internal/helm" "github.com/edgelesssys/constellation/v2/cli/internal/helm"
"github.com/edgelesssys/constellation/v2/cli/internal/terraform" "github.com/edgelesssys/constellation/v2/cli/internal/terraform"
"github.com/edgelesssys/constellation/v2/cli/internal/upgrade" "github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
@ -186,8 +187,8 @@ func (u *Upgrader) ApplyTerraformMigrations(ctx context.Context, fileHandler fil
} }
// UpgradeHelmServices upgrade helm services. // UpgradeHelmServices upgrade helm services.
func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error { func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error {
return u.helmClient.Upgrade(ctx, config, timeout, allowDestructive, force, u.upgradeID) return u.helmClient.Upgrade(ctx, config, idFile, timeout, allowDestructive, force, u.upgradeID)
} }
// UpgradeNodeVersion upgrades the cluster's NodeVersion object and in turn triggers image & k8s version upgrades. // UpgradeNodeVersion upgrades the cluster's NodeVersion object and in turn triggers image & k8s version upgrades.
@ -512,7 +513,7 @@ func (u *stableClient) KubernetesVersion() (string, error) {
} }
type helmInterface interface { type helmInterface interface {
Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error
} }
type debugLog interface { type debugLog interface {