mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-23 14:39:40 -05:00
AB#2636: Deploy gcp-guest-agent via Helm
This commit is contained in:
parent
9b75d651fc
commit
7283eeb798
@ -24,7 +24,6 @@ type clusterUtil interface {
|
||||
InitCluster(ctx context.Context, initConfig []byte, nodeName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger) error
|
||||
JoinCluster(ctx context.Context, joinConfig []byte, peerRole role.Role, controlPlaneEndpoint string, log *logger.Logger) error
|
||||
SetupKonnectivity(kubectl k8sapi.Client, konnectivityAgentsDaemonSet kubernetes.Marshaler) error
|
||||
SetupGCPGuestAgent(kubectl k8sapi.Client, gcpGuestAgentConfiguration kubernetes.Marshaler) error
|
||||
FixCilium(log *logger.Logger)
|
||||
StartKubelet() error
|
||||
}
|
||||
|
@ -230,12 +230,6 @@ func (k *KubeWrapper) InitCluster(
|
||||
return nil, fmt.Errorf("installing operators: %w", err)
|
||||
}
|
||||
|
||||
if k.cloudProvider == "gcp" {
|
||||
if err := k.clusterUtil.SetupGCPGuestAgent(k.client, resources.NewGCPGuestAgentDaemonset()); err != nil {
|
||||
return nil, fmt.Errorf("failed to setup gcp guest agent: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Store the received k8sVersion in a ConfigMap, overwriting existing values (there shouldn't be any).
|
||||
// Joining nodes determine the kubernetes version they will install based on this ConfigMap.
|
||||
if err := k.setupK8sVersionConfigMap(ctx, k8sVersion); err != nil {
|
||||
|
@ -443,9 +443,6 @@ func (s *stubClusterUtil) InstallComponentsFromCLI(ctx context.Context, kubernet
|
||||
return s.installComponentsFromCLIErr
|
||||
}
|
||||
|
||||
// TODO: Upon changing this function, please refactor it to reduce the number of arguments to <= 5.
|
||||
//
|
||||
//revive:disable-next-line
|
||||
func (s *stubClusterUtil) InitCluster(ctx context.Context, initConfig []byte, nodeName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger) error {
|
||||
s.initConfigs = append(s.initConfigs, initConfig)
|
||||
return s.initClusterErr
|
||||
|
@ -42,6 +42,10 @@ dependencies:
|
||||
- GCP
|
||||
- AWS
|
||||
- QEMU
|
||||
- name: gcp-guest-agent
|
||||
version: 2.3.0-pre
|
||||
tags:
|
||||
- GCP
|
||||
- name: gcp-compute-persistent-disk-csi-driver
|
||||
version: 1.0.1
|
||||
condition: gcp.deployCSIDriver
|
||||
|
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
@ -0,0 +1,5 @@
|
||||
apiVersion: v2
|
||||
name: gcp-guest-agent
|
||||
description: A chart to deploy the GCP guest agent for Constellation
|
||||
type: application
|
||||
version: 2.3.0-pre
|
@ -0,0 +1,81 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
component: gcp-guest-agent
|
||||
k8s-app: gcp-guest-agent
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: gcp-guest-agent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: gcp-guest-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: gcp-guest-agent
|
||||
spec:
|
||||
containers:
|
||||
- image: {{ .Values.image }}
|
||||
name: gcp-guest-agent
|
||||
resources: {}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl
|
||||
name: etcssl
|
||||
readOnly: true
|
||||
- mountPath: /etc/pki
|
||||
name: etcpki
|
||||
readOnly: true
|
||||
- mountPath: /bin
|
||||
name: bin
|
||||
readOnly: true
|
||||
- mountPath: /usr/bin
|
||||
name: usrbin
|
||||
readOnly: true
|
||||
- mountPath: /usr
|
||||
name: usr
|
||||
readOnly: true
|
||||
- mountPath: /lib
|
||||
name: lib
|
||||
readOnly: true
|
||||
- mountPath: /lib64
|
||||
name: lib64
|
||||
readOnly: true
|
||||
hostNetwork: true
|
||||
priorityClassName: system-cluster-critical
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/ssl
|
||||
name: etcssl
|
||||
- hostPath:
|
||||
path: /etc/pki
|
||||
name: etcpki
|
||||
- hostPath:
|
||||
path: /bin
|
||||
name: bin
|
||||
- hostPath:
|
||||
path: /usr/bin
|
||||
name: usrbin
|
||||
- hostPath:
|
||||
path: /usr
|
||||
name: usr
|
||||
- hostPath:
|
||||
path: /lib
|
||||
name: lib
|
||||
- hostPath:
|
||||
path: /lib64
|
||||
name: lib64
|
||||
updateStrategy: {}
|
@ -0,0 +1,15 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft-07/schema#",
|
||||
"properties": {
|
||||
"image": {
|
||||
"description": "Container image to use for the spawned pods.",
|
||||
"type": "string",
|
||||
"examples": ["ghcr.io/edgelesssys/gcp-guest-agent:20220927.00@sha256:3dea1ae3f162d2353e6584b325f0e325a39cda5f380f41e5a0ee43c6641d3905"]
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
"image"
|
||||
],
|
||||
"title": "Values",
|
||||
"type": "object"
|
||||
}
|
@ -45,6 +45,7 @@ type ChartLoader struct {
|
||||
cnmImage string
|
||||
autoscalerImage string
|
||||
verificationServiceImage string
|
||||
gcpGuestAgentImage string
|
||||
}
|
||||
|
||||
// New creates a new ChartLoader.
|
||||
@ -67,6 +68,7 @@ func New(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *Chart
|
||||
cnmImage: cnmImage,
|
||||
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
||||
verificationServiceImage: versions.VerificationImage,
|
||||
gcpGuestAgentImage: versions.GcpGuestImage,
|
||||
}
|
||||
}
|
||||
|
||||
@ -383,6 +385,9 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
|
||||
"csp": csp.String(),
|
||||
"image": i.verificationServiceImage,
|
||||
},
|
||||
"gcp-guest-agent": map[string]any{
|
||||
"image": i.gcpGuestAgentImage,
|
||||
},
|
||||
}
|
||||
|
||||
switch csp {
|
||||
|
@ -0,0 +1,81 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
component: gcp-guest-agent
|
||||
k8s-app: gcp-guest-agent
|
||||
kubernetes.io/cluster-service: "true"
|
||||
name: gcp-guest-agent
|
||||
namespace: testNamespace
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: gcp-guest-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: gcp-guest-agent
|
||||
spec:
|
||||
containers:
|
||||
- image:
|
||||
name: gcp-guest-agent
|
||||
resources: {}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl
|
||||
name: etcssl
|
||||
readOnly: true
|
||||
- mountPath: /etc/pki
|
||||
name: etcpki
|
||||
readOnly: true
|
||||
- mountPath: /bin
|
||||
name: bin
|
||||
readOnly: true
|
||||
- mountPath: /usr/bin
|
||||
name: usrbin
|
||||
readOnly: true
|
||||
- mountPath: /usr
|
||||
name: usr
|
||||
readOnly: true
|
||||
- mountPath: /lib
|
||||
name: lib
|
||||
readOnly: true
|
||||
- mountPath: /lib64
|
||||
name: lib64
|
||||
readOnly: true
|
||||
hostNetwork: true
|
||||
priorityClassName: system-cluster-critical
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/ssl
|
||||
name: etcssl
|
||||
- hostPath:
|
||||
path: /etc/pki
|
||||
name: etcpki
|
||||
- hostPath:
|
||||
path: /bin
|
||||
name: bin
|
||||
- hostPath:
|
||||
path: /usr/bin
|
||||
name: usrbin
|
||||
- hostPath:
|
||||
path: /usr
|
||||
name: usr
|
||||
- hostPath:
|
||||
path: /lib
|
||||
name: lib
|
||||
- hostPath:
|
||||
path: /lib64
|
||||
name: lib64
|
||||
updateStrategy: {}
|
Loading…
Reference in New Issue
Block a user