bootstrapper: refactor coredns and cilium setup (#2129)

* Decouple CoreDNS installation from Cilium * Align cilium helm installation with other charts * Remove unused functions --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-06 08:15:48 -04:00 · 2023-07-25 09:57:35 +02:00 · 2023-07-25 09:57:35 +02:00 · 7152633255
commit 7152633255
parent 39cea48741
6 changed files with 57 additions and 124 deletions
--- a/bootstrapper/internal/kubernetes/kubernetes.go
+++ b/bootstrapper/internal/kubernetes/kubernetes.go
@ -14,6 +14,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os/exec"
 	"regexp"
 	"strings"
 	"time"
@ -162,6 +163,10 @@ func (k *KubeWrapper) InitCluster(
 		return nil, fmt.Errorf("waiting for Kubernetes API to be available: %w", err)
 	}

+	if err := k.client.EnforceCoreDNSSpread(ctx); err != nil {
+		return nil, fmt.Errorf("configuring CoreDNS deployment: %w", err)
+	}
+
 	// Setup the K8s components ConfigMap.
 	k8sComponentsConfigMap, err := k.setupK8sComponentsConfigMap(ctx, kubernetesComponents, versionString)
 	if err != nil {
@ -192,8 +197,12 @@ func (k *KubeWrapper) InitCluster(
 	}

 	log.Infof("Installing Cilium")
-	if err = installCilium(ctx, k.helmClient, k.client, helmReleases.Cilium, setupPodNetworkInput); err != nil {
-		return nil, fmt.Errorf("installing pod network: %w", err)
+	ciliumVals, err := k.setupCiliumVals(ctx, setupPodNetworkInput)
+	if err != nil {
+		return nil, fmt.Errorf("setting up cilium vals: %w", err)
+	}
+	if err := k.helmClient.InstallChartWithValues(ctx, helmReleases.Cilium, ciliumVals); err != nil {
+		return nil, fmt.Errorf("installing cilium pod network: %w", err)
 	}

 	log.Infof("Waiting for Cilium to become healthy")
@ -552,6 +561,31 @@ func (k *KubeWrapper) setupOperatorVals(ctx context.Context) (map[string]any, er
 	}, nil
 }

+func (k *KubeWrapper) setupCiliumVals(ctx context.Context, in k8sapi.SetupPodNetworkInput) (map[string]any, error) {
+	vals := map[string]any{
+		"k8sServiceHost": in.LoadBalancerHost,
+		"k8sServicePort": in.LoadBalancerPort,
+	}
+
+	// GCP requires extra configuration for Cilium
+	if cloudprovider.FromString(k.cloudProvider) == cloudprovider.GCP {
+		if out, err := exec.CommandContext(
+			ctx, constants.KubectlPath,
+			"--kubeconfig", constants.ControlPlaneAdminConfFilename,
+			"patch", "node", in.NodeName, "-p", "{\"spec\":{\"podCIDR\": \""+in.FirstNodePodCIDR+"\"}}",
+		).CombinedOutput(); err != nil {
+			err = errors.New(string(out))
+			return nil, fmt.Errorf("%s: %w", out, err)
+		}
+
+		vals["ipv4NativeRoutingCIDR"] = in.SubnetworkPodCIDR
+		vals["strictModeCIDR"] = in.SubnetworkPodCIDR
+
+	}
+
+	return vals, nil
+}
+
 type ccmConfigGetter interface {
 	GetCCMConfig(ctx context.Context, providerID, cloudServiceAccountURI string) ([]byte, error)
 }