pass clusterName to helm for AWS LB

2024-10-01 01:36:09 -04:00 · 2023-07-11 18:15:29 +02:00 · 2023-07-11 18:15:29 +02:00 · 84a2ddc3b3
commit 84a2ddc3b3
parent 62b0a853e4
11 changed files with 70 additions and 28 deletions
--- a/cli/internal/clusterid/id.go
+++ b/cli/internal/clusterid/id.go
@ -28,3 +28,8 @@ type File struct {
 	// It is only set if the cluster is created on Azure.
 	AttestationURL string `json:"attestationURL,omitempty"`
 }
+
+// GetClusterName returns the name of the cluster.
+func GetClusterName(cfgName string, idFile File) string {
+	return cfgName + idFile.UID
+}
--- a/cli/internal/cmd/init.go
+++ b/cli/internal/cmd/init.go
@ -174,7 +174,11 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 	if err != nil {
 		return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err)
 	}
-	helmLoader := helm.NewLoader(provider, k8sVersion)
+
+	clusterName := clusterid.GetClusterName(conf.Name, idFile)
+	i.log.Debugf("Setting cluster name to %s", clusterName)
+
+	helmLoader := helm.NewLoader(provider, k8sVersion, clusterName)
 	i.log.Debugf("Created new Helm loader")
 	helmDeployments, err := helmLoader.Load(conf, flags.conformance, flags.helmWaitMode, masterSecret.Key, masterSecret.Salt)
 	i.log.Debugf("Loaded Helm deployments")
@ -182,9 +186,6 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 		return fmt.Errorf("loading Helm charts: %w", err)
 	}

-	clusterName := conf.Name + "-" + idFile.UID
-	i.log.Debugf("Setting cluster name to %s", clusterName)
-
 	cmd.PrintErrln("Note: If you just created the cluster, it can take a few minutes to connect.")
 	i.spinner.Start("Connecting ", false)
 	req := &initproto.InitRequest{
--- a/cli/internal/cmd/upgradeapply.go
+++ b/cli/internal/cmd/upgradeapply.go
@ -117,7 +117,7 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand

 	if conf.GetProvider() == cloudprovider.Azure || conf.GetProvider() == cloudprovider.GCP || conf.GetProvider() == cloudprovider.AWS {
 		var upgradeErr *compatibility.InvalidUpgradeError
-		err = u.handleServiceUpgrade(cmd, conf, flags)
+		err = u.handleServiceUpgrade(cmd, conf, idFile, flags)
 		switch {
 		case errors.As(err, &upgradeErr):
 			cmd.PrintErrln(err)
@ -369,8 +369,8 @@ func (u *upgradeApplyCmd) upgradeAttestConfigIfDiff(cmd *cobra.Command, newConfi
 	return nil
 }

-func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, flags upgradeApplyFlags) error {
-	err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.DenyDestructive, flags.force)
+func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.Config, idFile clusterid.File, flags upgradeApplyFlags) error {
+	err := u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.DenyDestructive, flags.force)
 	if errors.Is(err, helm.ErrConfirmationMissing) {
 		if !flags.yes {
 			cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.")
@ -383,7 +383,7 @@ func (u *upgradeApplyCmd) handleServiceUpgrade(cmd *cobra.Command, conf *config.
 				return nil
 			}
 		}
-		err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, flags.upgradeTimeout, helm.AllowDestructive, flags.force)
+		err = u.upgrader.UpgradeHelmServices(cmd.Context(), conf, idFile, flags.upgradeTimeout, helm.AllowDestructive, flags.force)
 	}

 	return err
@ -438,7 +438,7 @@ type upgradeApplyFlags struct {

 type cloudUpgrader interface {
 	UpgradeNodeVersion(ctx context.Context, conf *config.Config, force bool) error
-	UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error
+	UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error
 	UpdateAttestationConfig(ctx context.Context, newConfig config.AttestationCfg) error
 	GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, *corev1.ConfigMap, error)
 	PlanTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (bool, error)
--- a/cli/internal/cmd/upgradeapply_test.go
+++ b/cli/internal/cmd/upgradeapply_test.go
@ -169,7 +169,7 @@ func (u stubUpgrader) UpgradeNodeVersion(_ context.Context, _ *config.Config, _
 	return u.nodeVersionErr
 }

-func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ time.Duration, _, _ bool) error {
+func (u stubUpgrader) UpgradeHelmServices(_ context.Context, _ *config.Config, _ clusterid.File, _ time.Duration, _, _ bool) error {
 	return u.helmErr
 }

--- a/cli/internal/helm/BUILD.bazel
+++ b/cli/internal/helm/BUILD.bazel
@ -375,10 +375,29 @@ go_library(
        "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml",
        "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml",
        "charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/Chart.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/README.md",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/extra_args",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/ci/values.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/crds.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/crds/kustomization.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/NOTES.txt",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/_helpers.tpl",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/deployment.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/ingressclass.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/pdb.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/rbac.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/service.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/serviceaccount.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/servicemonitor.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/templates/webhook.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/test.yaml",
+        "charts/edgeless/constellation-services/charts/aws-load-balancer-controller/values.yaml",
    ],
    importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm",
    visibility = ["//cli:__subpackages__"],
    deps = [
+        "//cli/internal/clusterid",
        "//cli/internal/helm/imageversion",
        "//internal/cloud/cloudprovider",
        "//internal/compatibility",
@ -414,6 +433,7 @@ go_test(
    data = glob(["testdata/**"]),
    embed = [":helm"],
    deps = [
+        "//cli/internal/clusterid",
        "//internal/attestation/idkeydigest",
        "//internal/attestation/measurements",
        "//internal/cloud/cloudprovider",
--- a/cli/internal/helm/client.go
+++ b/cli/internal/helm/client.go
@ -13,6 +13,7 @@ import (
 	"strings"
 	"time"

+	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/internal/compatibility"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
@ -102,7 +103,7 @@ func (c *Client) shouldUpgrade(releaseName, newVersion string, force bool) error
 // Upgrade runs a helm-upgrade on all deployments that are managed via Helm.
 // If the CLI receives an interrupt signal it will cancel the context.
 // Canceling the context will prompt helm to abort and roll back the ongoing upgrade.
-func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error {
+func (c *Client) Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error {
 	upgradeErrs := []error{}
 	upgradeReleases := []*chart.Chart{}

@ -155,7 +156,7 @@ func (c *Client) Upgrade(ctx context.Context, config *config.Config, timeout tim
 	}

 	for _, chart := range upgradeReleases {
-		err = c.upgradeRelease(ctx, timeout, config, chart)
+		err = c.upgradeRelease(ctx, timeout, config, idFile, chart)
 		if err != nil {
 			return fmt.Errorf("upgrading %s: %w", chart.Metadata.Name, err)
 		}
@ -251,7 +252,7 @@ func (s ServiceVersions) ConstellationServices() string {
 }

 func (c *Client) upgradeRelease(
-	ctx context.Context, timeout time.Duration, conf *config.Config, chart *chart.Chart,
+	ctx context.Context, timeout time.Duration, conf *config.Config, idFile clusterid.File, chart *chart.Chart,
 ) error {
 	// We need to load all values that can be statically loaded before merging them with the cluster
 	// values. Otherwise the templates are not rendered correctly.
@ -259,7 +260,11 @@ func (c *Client) upgradeRelease(
 	if err != nil {
 		return fmt.Errorf("validating k8s version: %s", conf.KubernetesVersion)
 	}
-	loader := NewLoader(conf.GetProvider(), k8sVersion)
+
+	c.log.Debugf("Checking cluster ID file")
+	clusterName := clusterid.GetClusterName(conf.Name, idFile)
+
+	loader := NewLoader(conf.GetProvider(), k8sVersion, clusterName)

 	var values map[string]any
 	var releaseName string
--- a/cli/internal/helm/client_test.go
+++ b/cli/internal/helm/client_test.go
@ -11,6 +11,7 @@ import (
 	"testing"
 	"time"

+	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/internal/compatibility"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
@ -77,7 +78,7 @@ func TestUpgradeRelease(t *testing.T) {

 			chart, err := loadChartsDir(helmFS, certManagerInfo.path)
 			require.NoError(err)
-			err = client.upgradeRelease(context.Background(), 0, config.Default(), chart)
+			err = client.upgradeRelease(context.Background(), 0, config.Default(), clusterid.File{UID: "test"}, chart)
 			if tc.wantError {
 				assert.Error(err)
 				return
--- a/cli/internal/helm/loader.go
+++ b/cli/internal/helm/loader.go
@ -58,18 +58,19 @@ type ChartLoader struct {
 	csp                          cloudprovider.Provider
 	joinServiceImage             string
 	keyServiceImage              string
-	ccmImage                     string
-	cnmImage                     string
+	ccmImage                     string // cloud controller manager image
+	cnmImage                     string // Azure cloud node manager image
 	autoscalerImage              string
 	verificationServiceImage     string
 	gcpGuestAgentImage           string
 	konnectivityImage            string
 	constellationOperatorImage   string
 	nodeMaintenanceOperatorImage string
+	clusterName                  string
 }

 // NewLoader creates a new ChartLoader.
-func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *ChartLoader {
+func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion, clusterName string) *ChartLoader {
 	var ccmImage, cnmImage string
 	switch csp {
 	case cloudprovider.AWS:
@ -97,6 +98,7 @@ func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion)
 		konnectivityImage:            versions.KonnectivityAgentImage,
 		constellationOperatorImage:   imageversion.ConstellationNodeOperator("", ""),
 		nodeMaintenanceOperatorImage: versions.NodeMaintenanceOperatorImage,
+		clusterName:                  clusterName,
 	}
 }

@ -405,6 +407,13 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error)
 		values["tags"] = map[string]any{
 			"AWS": true,
 		}
+		values["aws-load-balancer-controller"] = map[string]any{
+			"nodeSelector": map[string]any{
+				"node-role.kubernetes.io/control-plane": "",
+			},
+			"clusterName": i.clusterName,
+		}
+
 	case cloudprovider.Azure:
 		ccmVals, ok := values["ccm"].(map[string]any)
 		if !ok {
--- a/cli/internal/helm/update-aws-load-balancer-chart.sh
+++ b/cli/internal/helm/update-aws-load-balancer-chart.sh
@ -15,7 +15,6 @@ if ! command -v git &> /dev/null; then
  exit 1
 fi

-
 callDir=$(pwd)
 repo_tmp_dir=$(mktemp -d)

@ -26,12 +25,12 @@ chart_url="https://github.com/aws/eks-charts"
 chart_dir="stable/aws-load-balancer-controller"
 cd "${repo_tmp_dir}"
 git clone \
--filter=blob:none \
--no-checkout \
--sparse \
--depth 1 \
--branch="${branch}" \
-"${chart_url}" "${repo_tmp_dir}"
+  --filter=blob:none \
+  --no-checkout \
+  --sparse \
+  --depth 1 \
+  --branch="${branch}" \
+  "${chart_url}" "${repo_tmp_dir}"

 git sparse-checkout add "${chart_dir}"
 git checkout
--- a/cli/internal/kubernetes/BUILD.bazel
+++ b/cli/internal/kubernetes/BUILD.bazel
@ -11,6 +11,7 @@ go_library(
    importpath = "github.com/edgelesssys/constellation/v2/cli/internal/kubernetes",
    visibility = ["//cli:__subpackages__"],
    deps = [
+        "//cli/internal/clusterid",
        "//cli/internal/helm",
        "//cli/internal/terraform",
        "//cli/internal/upgrade",
--- a/cli/internal/kubernetes/upgrade.go
+++ b/cli/internal/kubernetes/upgrade.go
@ -16,6 +16,7 @@ import (
 	"strings"
 	"time"

+	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/helm"
 	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
@ -186,8 +187,8 @@ func (u *Upgrader) ApplyTerraformMigrations(ctx context.Context, fileHandler fil
 }

 // UpgradeHelmServices upgrade helm services.
-func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive bool, force bool) error {
-	return u.helmClient.Upgrade(ctx, config, timeout, allowDestructive, force, u.upgradeID)
+func (u *Upgrader) UpgradeHelmServices(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive bool, force bool) error {
+	return u.helmClient.Upgrade(ctx, config, idFile, timeout, allowDestructive, force, u.upgradeID)
 }

 // UpgradeNodeVersion upgrades the cluster's NodeVersion object and in turn triggers image & k8s version upgrades.
@ -512,7 +513,7 @@ func (u *stableClient) KubernetesVersion() (string, error) {
 }

 type helmInterface interface {
-	Upgrade(ctx context.Context, config *config.Config, timeout time.Duration, allowDestructive, force bool, upgradeID string) error
+	Upgrade(ctx context.Context, config *config.Config, idFile clusterid.File, timeout time.Duration, allowDestructive, force bool, upgradeID string) error
 }

 type debugLog interface {