replace flannel with cilium

2025-07-30 10:38:46 -04:00 · 2022-05-24 10:04:42 +02:00 · 2022-05-24 10:04:42 +02:00 · 791d5564ba
commit 791d5564ba
parent 7e1c898870
98 changed files with 3626 additions and 2156 deletions
--- a/coordinator/core/cluster.go
+++ b/coordinator/core/cluster.go
@ -2,11 +2,8 @@ package core

 import (
 	"context"
-	"strings"
 	"time"

-	"github.com/edgelesssys/constellation/coordinator/kubernetes"
-	"github.com/edgelesssys/constellation/coordinator/kubernetes/k8sapi/resources"
 	"github.com/edgelesssys/constellation/coordinator/role"
 	"github.com/edgelesssys/constellation/internal/constants"
 	"go.uber.org/zap"
@ -14,93 +11,24 @@ import (
 )

 // GetK8sJoinArgs returns the args needed by a Node to join the cluster.
-func (c *Core) GetK8sJoinArgs() (*kubeadm.BootstrapTokenDiscovery, error) {
-	return c.kube.GetJoinToken(constants.KubernetesJoinTokenTTL)
+func (c *Core) GetK8sJoinArgs(ctx context.Context) (*kubeadm.BootstrapTokenDiscovery, error) {
+	return c.kube.GetJoinToken(ctx, constants.KubernetesJoinTokenTTL)
 }

 // GetK8SCertificateKey returns the key needed by a Coordinator to join the cluster.
-func (c *Core) GetK8SCertificateKey() (string, error) {
-	return c.kube.GetKubeadmCertificateKey()
+func (c *Core) GetK8SCertificateKey(ctx context.Context) (string, error) {
+	return c.kube.GetKubeadmCertificateKey(ctx)
 }

 // InitCluster initializes the cluster, stores the join args, and returns the kubeconfig.
-func (c *Core) InitCluster(autoscalingNodeGroups []string, cloudServiceAccountURI string, masterSecret []byte) ([]byte, error) {
-	var nodeName string
-	var providerID string
-	var instance Instance
-	var ccmConfigMaps resources.ConfigMaps
-	var ccmSecrets resources.Secrets
-	var caSecrets resources.Secrets
-	var err error
-	nodeIP := coordinatorVPNIP.String()
-	if c.metadata.Supported() {
-		instance, err = c.metadata.Self(context.TODO())
-		if err != nil {
-			c.zaplogger.Error("Retrieving own instance metadata failed", zap.Error(err))
-			return nil, err
-		}
-		nodeName = instance.Name
-		providerID = instance.ProviderID
-		if len(instance.IPs) > 0 {
-			nodeIP = instance.IPs[0]
-		}
-	} else {
-		nodeName = coordinatorVPNIP.String()
-	}
-	if c.cloudControllerManager.Supported() && c.metadata.Supported() {
-		c.zaplogger.Info("Preparing node for cloud-controller-manager")
-		if err := PrepareInstanceForCCM(context.TODO(), c.metadata, c.cloudControllerManager, coordinatorVPNIP.String()); err != nil {
-			c.zaplogger.Error("Preparing node for CCM failed", zap.Error(err))
-			return nil, err
-		}
-		ccmConfigMaps, err = c.cloudControllerManager.ConfigMaps(instance)
-		if err != nil {
-			c.zaplogger.Error("Defining ConfigMaps for CCM failed", zap.Error(err))
-			return nil, err
-		}
-		ccmSecrets, err = c.cloudControllerManager.Secrets(instance, cloudServiceAccountURI)
-		if err != nil {
-			c.zaplogger.Error("Defining Secrets for CCM failed", zap.Error(err))
-			return nil, err
-		}
-	}
-	if c.clusterAutoscaler.Supported() {
-		caSecrets, err = c.clusterAutoscaler.Secrets(instance, cloudServiceAccountURI)
-		if err != nil {
-			c.zaplogger.Error("Defining Secrets for cluster-autoscaler failed", zap.Error(err))
-			return nil, err
-		}
-	}
-
+func (c *Core) InitCluster(ctx context.Context, autoscalingNodeGroups []string, cloudServiceAccountURI string, masterSecret []byte) ([]byte, error) {
 	c.zaplogger.Info("Initializing cluster")
-	if err := c.kube.InitCluster(kubernetes.InitClusterInput{
-		APIServerAdvertiseIP:               coordinatorVPNIP.String(),
-		NodeIP:                             nodeIP,
-		NodeName:                           k8sCompliantHostname(nodeName),
-		ProviderID:                         providerID,
-		SupportClusterAutoscaler:           c.clusterAutoscaler.Supported(),
-		AutoscalingCloudprovider:           c.clusterAutoscaler.Name(),
-		AutoscalingSecrets:                 caSecrets,
-		AutoscalingVolumes:                 c.clusterAutoscaler.Volumes(),
-		AutoscalingVolumeMounts:            c.clusterAutoscaler.VolumeMounts(),
-		AutoscalingEnv:                     c.clusterAutoscaler.Env(),
-		AutoscalingNodeGroups:              autoscalingNodeGroups,
-		SupportsCloudControllerManager:     c.cloudControllerManager.Supported(),
-		CloudControllerManagerName:         c.cloudControllerManager.Name(),
-		CloudControllerManagerImage:        c.cloudControllerManager.Image(),
-		CloudControllerManagerPath:         c.cloudControllerManager.Path(),
-		CloudControllerManagerExtraArgs:    c.cloudControllerManager.ExtraArgs(),
-		CloudControllerManagerConfigMaps:   ccmConfigMaps,
-		CloudControllerManagerSecrets:      ccmSecrets,
-		CloudControllerManagerVolumes:      c.cloudControllerManager.Volumes(),
-		CloudControllerManagerVolumeMounts: c.cloudControllerManager.VolumeMounts(),
-		CloudControllerManagerEnv:          c.cloudControllerManager.Env(),
-		SupportsCloudNodeManager:           c.cloudNodeManager.Supported(),
-		CloudNodeManagerImage:              c.cloudNodeManager.Image(),
-		CloudNodeManagerPath:               c.cloudNodeManager.Path(),
-		CloudNodeManagerExtraArgs:          c.cloudNodeManager.ExtraArgs(),
-		MasterSecret:                       masterSecret,
-	}); err != nil {
+	vpnIP, err := c.GetVPNIP()
+	if err != nil {
+		c.zaplogger.Error("Retrieving vpn ip failed", zap.Error(err))
+		return nil, err
+	}
+	if err := c.kube.InitCluster(ctx, autoscalingNodeGroups, cloudServiceAccountURI, vpnIP, masterSecret); err != nil {
 		c.zaplogger.Error("Initializing cluster failed", zap.Error(err))
 		return nil, err
 	}
@ -125,41 +53,16 @@ func (c *Core) InitCluster(autoscalingNodeGroups []string, cloudServiceAccountUR
 }

 // JoinCluster lets a Node join the cluster.
-func (c *Core) JoinCluster(args *kubeadm.BootstrapTokenDiscovery, certKey string, peerRole role.Role) error {
+func (c *Core) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, certKey string, peerRole role.Role) error {
 	c.zaplogger.Info("Joining Kubernetes cluster")
 	nodeVPNIP, err := c.vpn.GetInterfaceIP()
 	if err != nil {
 		c.zaplogger.Error("Retrieving vpn ip failed", zap.Error(err))
 		return err
 	}
-	var nodeName string
-	var providerID string
-	nodeIP := nodeVPNIP
-	if c.metadata.Supported() {
-		instance, err := c.metadata.Self(context.TODO())
-		if err != nil {
-			c.zaplogger.Error("Retrieving own instance metadata failed", zap.Error(err))
-			return err
-		}
-		providerID = instance.ProviderID
-		nodeName = instance.Name
-		if len(instance.IPs) > 0 {
-			nodeIP = instance.IPs[0]
-		}
-	} else {
-		nodeName = nodeVPNIP
-	}
-	if c.cloudControllerManager.Supported() && c.metadata.Supported() {
-		c.zaplogger.Info("Preparing node for cloud-controller-manager")
-		if err := PrepareInstanceForCCM(context.TODO(), c.metadata, c.cloudControllerManager, nodeVPNIP); err != nil {
-			c.zaplogger.Error("Preparing node for CCM failed", zap.Error(err))
-			return err
-		}
-	}

-	c.zaplogger.Info("k8s Join data", zap.String("nodename", nodeName), zap.String("nodeIP", nodeIP), zap.String("nodeVPNIP", nodeVPNIP), zap.String("provid", providerID))
 	// we need to pass the VPNIP for another control-plane, otherwise etcd will bind itself to the wrong IP address and fails
-	if err := c.kube.JoinCluster(args, k8sCompliantHostname(nodeName), nodeIP, nodeVPNIP, providerID, certKey, c.cloudControllerManager.Supported(), peerRole); err != nil {
+	if err := c.kube.JoinCluster(ctx, args, nodeVPNIP, certKey, peerRole); err != nil {
 		c.zaplogger.Error("Joining Kubernetes cluster failed", zap.Error(err))
 		return err
 	}
@ -177,15 +80,15 @@ func (c *Core) JoinCluster(args *kubeadm.BootstrapTokenDiscovery, certKey string
 // Cluster manages the overall cluster lifecycle (init, join).
 type Cluster interface {
 	// InitCluster bootstraps a new cluster with the current node being the master, returning the arguments required to join the cluster.
-	InitCluster(kubernetes.InitClusterInput) error
+	InitCluster(ctx context.Context, autoscalingNodeGroups []string, cloudServiceAccountURI, vpnIP string, masterSecret []byte) error
 	// JoinCluster will join the current node to an existing cluster.
-	JoinCluster(args *kubeadm.BootstrapTokenDiscovery, nodeName, nodeIP, nodeVPNIP, providerID, certKey string, ccmSupported bool, peerRole role.Role) error
+	JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, nodeVPNIP, certKey string, peerRole role.Role) error
 	// GetKubeconfig reads the kubeconfig from the filesystem. Only succeeds after cluster is initialized.
 	GetKubeconfig() ([]byte, error)
 	// GetKubeadmCertificateKey returns the 64-byte hex string key needed to join the cluster as control-plane. This function must be executed on a control-plane.
-	GetKubeadmCertificateKey() (string, error)
+	GetKubeadmCertificateKey(ctx context.Context) (string, error)
 	// GetJoinToken returns a bootstrap (join) token.
-	GetJoinToken(ttl time.Duration) (*kubeadm.BootstrapTokenDiscovery, error)
+	GetJoinToken(ctx context.Context, ttl time.Duration) (*kubeadm.BootstrapTokenDiscovery, error)
 	// StartKubelet starts the kubelet service.
 	StartKubelet() error
 }
@ -194,12 +97,12 @@ type Cluster interface {
 type ClusterFake struct{}

 // InitCluster fakes bootstrapping a new cluster with the current node being the master, returning the arguments required to join the cluster.
-func (c *ClusterFake) InitCluster(kubernetes.InitClusterInput) error {
+func (c *ClusterFake) InitCluster(ctx context.Context, autoscalingNodeGroups []string, cloudServiceAccountURI, vpnIP string, masterSecret []byte) error {
 	return nil
 }

 // JoinCluster will fake joining the current node to an existing cluster.
-func (c *ClusterFake) JoinCluster(args *kubeadm.BootstrapTokenDiscovery, nodeName, nodeIP, nodeVPNIP, providerID, certKey string, _ bool, _ role.Role) error {
+func (c *ClusterFake) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, nodeVPNIP, certKey string, peerRole role.Role) error {
 	return nil
 }

@ -209,12 +112,12 @@ func (c *ClusterFake) GetKubeconfig() ([]byte, error) {
 }

 // GetKubeadmCertificateKey fakes generating a certificateKey.
-func (c *ClusterFake) GetKubeadmCertificateKey() (string, error) {
+func (c *ClusterFake) GetKubeadmCertificateKey(context.Context) (string, error) {
 	return "controlPlaneCertficateKey", nil
 }

 // GetJoinToken returns a bootstrap (join) token.
-func (c *ClusterFake) GetJoinToken(_ time.Duration) (*kubeadm.BootstrapTokenDiscovery, error) {
+func (c *ClusterFake) GetJoinToken(ctx context.Context, _ time.Duration) (*kubeadm.BootstrapTokenDiscovery, error) {
 	return &kubeadm.BootstrapTokenDiscovery{
 		APIServerEndpoint: "0.0.0.0",
 		Token:             "kube-fake-token",
@ -226,12 +129,3 @@ func (c *ClusterFake) GetJoinToken(_ time.Duration) (*kubeadm.BootstrapTokenDisc
 func (c *ClusterFake) StartKubelet() error {
 	return nil
 }
-
-// k8sCompliantHostname transforms a hostname to an RFC 1123 compliant, lowercase subdomain as required by Kubernetes node names.
-// The following regex is used by k8s for validation: /^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$/ .
-// Only a simple heuristic is used for now (to lowercase, replace underscores).
-func k8sCompliantHostname(in string) string {
-	hostname := strings.ToLower(in)
-	hostname = strings.ReplaceAll(hostname, "_", "-")
-	return hostname
-}