AB#2636: Deploy gcp-guest-agent via Helm

This commit is contained in:
Otto Bittner 2022-11-23 08:25:50 +01:00
parent 9b75d651fc
commit 7283eeb798
11 changed files with 214 additions and 10 deletions

View File

@ -24,7 +24,6 @@ type clusterUtil interface {
InitCluster(ctx context.Context, initConfig []byte, nodeName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger) error
JoinCluster(ctx context.Context, joinConfig []byte, peerRole role.Role, controlPlaneEndpoint string, log *logger.Logger) error
SetupKonnectivity(kubectl k8sapi.Client, konnectivityAgentsDaemonSet kubernetes.Marshaler) error
SetupGCPGuestAgent(kubectl k8sapi.Client, gcpGuestAgentConfiguration kubernetes.Marshaler) error
FixCilium(log *logger.Logger)
StartKubelet() error
}

View File

@ -230,12 +230,6 @@ func (k *KubeWrapper) InitCluster(
return nil, fmt.Errorf("installing operators: %w", err)
}
if k.cloudProvider == "gcp" {
if err := k.clusterUtil.SetupGCPGuestAgent(k.client, resources.NewGCPGuestAgentDaemonset()); err != nil {
return nil, fmt.Errorf("failed to setup gcp guest agent: %w", err)
}
}
// Store the received k8sVersion in a ConfigMap, overwriting existing values (there shouldn't be any).
// Joining nodes determine the kubernetes version they will install based on this ConfigMap.
if err := k.setupK8sVersionConfigMap(ctx, k8sVersion); err != nil {

View File

@ -443,9 +443,6 @@ func (s *stubClusterUtil) InstallComponentsFromCLI(ctx context.Context, kubernet
return s.installComponentsFromCLIErr
}
// TODO: Upon changing this function, please refactor it to reduce the number of arguments to <= 5.
//
//revive:disable-next-line
func (s *stubClusterUtil) InitCluster(ctx context.Context, initConfig []byte, nodeName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger) error {
s.initConfigs = append(s.initConfigs, initConfig)
return s.initClusterErr

View File

@ -42,6 +42,10 @@ dependencies:
- GCP
- AWS
- QEMU
- name: gcp-guest-agent
version: 2.3.0-pre
tags:
- GCP
- name: gcp-compute-persistent-disk-csi-driver
version: 1.0.1
condition: gcp.deployCSIDriver

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,5 @@
apiVersion: v2
name: gcp-guest-agent
description: A chart to deploy the GCP guest agent for Constellation
type: application
version: 2.3.0-pre

View File

@ -0,0 +1,81 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: gcp-guest-agent
k8s-app: gcp-guest-agent
kubernetes.io/cluster-service: "true"
name: gcp-guest-agent
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
k8s-app: gcp-guest-agent
template:
metadata:
labels:
k8s-app: gcp-guest-agent
spec:
containers:
- image: {{ .Values.image }}
name: gcp-guest-agent
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /etc/ssl
name: etcssl
readOnly: true
- mountPath: /etc/pki
name: etcpki
readOnly: true
- mountPath: /bin
name: bin
readOnly: true
- mountPath: /usr/bin
name: usrbin
readOnly: true
- mountPath: /usr
name: usr
readOnly: true
- mountPath: /lib
name: lib
readOnly: true
- mountPath: /lib64
name: lib64
readOnly: true
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /etc/ssl
name: etcssl
- hostPath:
path: /etc/pki
name: etcpki
- hostPath:
path: /bin
name: bin
- hostPath:
path: /usr/bin
name: usrbin
- hostPath:
path: /usr
name: usr
- hostPath:
path: /lib
name: lib
- hostPath:
path: /lib64
name: lib64
updateStrategy: {}

View File

@ -0,0 +1,15 @@
{
"$schema": "https://json-schema.org/draft-07/schema#",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["ghcr.io/edgelesssys/gcp-guest-agent:20220927.00@sha256:3dea1ae3f162d2353e6584b325f0e325a39cda5f380f41e5a0ee43c6641d3905"]
}
},
"required": [
"image"
],
"title": "Values",
"type": "object"
}

View File

@ -45,6 +45,7 @@ type ChartLoader struct {
cnmImage string
autoscalerImage string
verificationServiceImage string
gcpGuestAgentImage string
}
// New creates a new ChartLoader.
@ -67,6 +68,7 @@ func New(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *Chart
cnmImage: cnmImage,
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
verificationServiceImage: versions.VerificationImage,
gcpGuestAgentImage: versions.GcpGuestImage,
}
}
@ -383,6 +385,9 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
"csp": csp.String(),
"image": i.verificationServiceImage,
},
"gcp-guest-agent": map[string]any{
"image": i.gcpGuestAgentImage,
},
}
switch csp {

View File

@ -0,0 +1,81 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: gcp-guest-agent
k8s-app: gcp-guest-agent
kubernetes.io/cluster-service: "true"
name: gcp-guest-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: gcp-guest-agent
template:
metadata:
labels:
k8s-app: gcp-guest-agent
spec:
containers:
- image:
name: gcp-guest-agent
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /etc/ssl
name: etcssl
readOnly: true
- mountPath: /etc/pki
name: etcpki
readOnly: true
- mountPath: /bin
name: bin
readOnly: true
- mountPath: /usr/bin
name: usrbin
readOnly: true
- mountPath: /usr
name: usr
readOnly: true
- mountPath: /lib
name: lib
readOnly: true
- mountPath: /lib64
name: lib64
readOnly: true
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /etc/ssl
name: etcssl
- hostPath:
path: /etc/pki
name: etcpki
- hostPath:
path: /bin
name: bin
- hostPath:
path: /usr/bin
name: usrbin
- hostPath:
path: /usr
name: usr
- hostPath:
path: /lib
name: lib
- hostPath:
path: /lib64
name: lib64
updateStrategy: {}