Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-11-13 00:50:38 -05:00
Code Issues Projects Releases Packages Wiki Activity

AB#2636: Deploy gcp-guest-agent via Helm

Browse source
This commit is contained in:
Otto Bittner 2022-11-23 08:25:50 +01:00
parent 9b75d651fc
commit 7283eeb798
11 changed files with 214 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
View file

@ -42,6 +42,10 @@ dependencies:
- GCP
- AWS
- QEMU
- name: gcp-guest-agent
version: 2.3.0-pre
tags:
- GCP
- name: gcp-compute-persistent-disk-csi-driver
version: 1.0.1
condition: gcp.deployCSIDriver

23
cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-guest-agent/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-guest-agent/Chart.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: v2
name: gcp-guest-agent
description: A chart to deploy the GCP guest agent for Constellation
type: application
version: 2.3.0-pre

81
cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-guest-agent/templates/daemonset.yaml Normal file
View file

@ -0,0 +1,81 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: gcp-guest-agent
k8s-app: gcp-guest-agent
kubernetes.io/cluster-service: "true"
name: gcp-guest-agent
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
k8s-app: gcp-guest-agent
template:
metadata:
labels:
k8s-app: gcp-guest-agent
spec:
containers:
- image: {{ .Values.image }}
name: gcp-guest-agent
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /etc/ssl
name: etcssl
readOnly: true
- mountPath: /etc/pki
name: etcpki
readOnly: true
- mountPath: /bin
name: bin
readOnly: true
- mountPath: /usr/bin
name: usrbin
readOnly: true
- mountPath: /usr
name: usr
readOnly: true
- mountPath: /lib
name: lib
readOnly: true
- mountPath: /lib64
name: lib64
readOnly: true
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /etc/ssl
name: etcssl
- hostPath:
path: /etc/pki
name: etcpki
- hostPath:
path: /bin
name: bin
- hostPath:
path: /usr/bin
name: usrbin
- hostPath:
path: /usr
name: usr
- hostPath:
path: /lib
name: lib
- hostPath:
path: /lib64
name: lib64
updateStrategy: {}

15
cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-guest-agent/values.schema.json Normal file
View file

@ -0,0 +1,15 @@
{
"$schema": "https://json-schema.org/draft-07/schema#",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["ghcr.io/edgelesssys/gcp-guest-agent:20220927.00@sha256:3dea1ae3f162d2353e6584b325f0e325a39cda5f380f41e5a0ee43c6641d3905"]
}
},
"required": [
"image"
],
"title": "Values",
"type": "object"
}

0
cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-guest-agent/values.yaml Normal file
View file

5
cli/internal/helm/loader.go
View file

@ -45,6 +45,7 @@ type ChartLoader struct {
cnmImage string
autoscalerImage string
verificationServiceImage string
gcpGuestAgentImage string
}
// New creates a new ChartLoader.
@ -67,6 +68,7 @@ func New(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *Chart
cnmImage: cnmImage,
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
verificationServiceImage: versions.VerificationImage,
gcpGuestAgentImage: versions.GcpGuestImage,
}
}
@ -383,6 +385,9 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
"csp": csp.String(),
"image": i.verificationServiceImage,
},
"gcp-guest-agent": map[string]any{
"image": i.gcpGuestAgentImage,
},
}
switch csp {

81
cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-guest-agent/templates/daemonset.yaml vendored Normal file
View file

@ -0,0 +1,81 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: gcp-guest-agent
k8s-app: gcp-guest-agent
kubernetes.io/cluster-service: "true"
name: gcp-guest-agent
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: gcp-guest-agent
template:
metadata:
labels:
k8s-app: gcp-guest-agent
spec:
containers:
- image:
name: gcp-guest-agent
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /etc/ssl
name: etcssl
readOnly: true
- mountPath: /etc/pki
name: etcpki
readOnly: true
- mountPath: /bin
name: bin
readOnly: true
- mountPath: /usr/bin
name: usrbin
readOnly: true
- mountPath: /usr
name: usr
readOnly: true
- mountPath: /lib
name: lib
readOnly: true
- mountPath: /lib64
name: lib64
readOnly: true
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /etc/ssl
name: etcssl
- hostPath:
path: /etc/pki
name: etcpki
- hostPath:
path: /bin
name: bin
- hostPath:
path: /usr/bin
name: usrbin
- hostPath:
path: /usr
name: usr
- hostPath:
path: /lib
name: lib
- hostPath:
path: /lib64
name: lib64
updateStrategy: {}