AB#2589: Deploy operators via Helm (#575)

* Only deploy operators on GCP/Azure. * cert-manager is now deployed by default (GCP/Azure) * remove OLM
2025-07-31 19:18:40 -04:00 · 2022-11-21 10:35:40 +01:00 · 2022-11-21 10:35:40 +01:00 · bdd9dd922b
commit bdd9dd922b
parent b8d991f84c
146 changed files with 12799 additions and 8706 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@ -42,8 +42,6 @@ import (
 const (
 	// kubeletStartTimeout is the maximum time given to the kubelet service to (re)start.
 	kubeletStartTimeout = 10 * time.Minute
-	// crdTimeout is the maximum time given to the CRDs to be created.
-	crdTimeout = 30 * time.Second
 )

 // Client provides the functions to talk to the k8s API.
@ -326,19 +324,6 @@ func (k *KubernetesUtil) SetupVerificationService(kubectl Client, verificationSe
 	return kubectl.Apply(verificationServiceConfiguration, true)
 }

-// SetupOperatorLifecycleManager deploys operator lifecycle manager.
-func (k *KubernetesUtil) SetupOperatorLifecycleManager(ctx context.Context, kubectl Client, olmCRDs, olmConfiguration kubernetes.Marshaler, crdNames []string) error {
-	if err := kubectl.Apply(olmCRDs, true); err != nil {
-		return fmt.Errorf("applying OLM CRDs: %w", err)
-	}
-	crdReadyTimeout, cancel := context.WithTimeout(ctx, crdTimeout)
-	defer cancel()
-	if err := kubectl.WaitForCRDs(crdReadyTimeout, crdNames); err != nil {
-		return fmt.Errorf("waiting for OLM CRDs: %w", err)
-	}
-	return kubectl.Apply(olmConfiguration, true)
-}
-
 // SetupNodeMaintenanceOperator deploys node maintenance operator.
 func (k *KubernetesUtil) SetupNodeMaintenanceOperator(kubectl Client, nodeMaintenanceOperatorConfiguration kubernetes.Marshaler) error {
 	return kubectl.Apply(nodeMaintenanceOperatorConfiguration, true)
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go
@ -1,87 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"time"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	"github.com/edgelesssys/constellation/v2/internal/versions"
-	operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
-	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-const (
-	nodeMaintenanceOperatorNamespace        = "kube-system"
-	nodeMaintenanceOperatorCatalogNamespace = "olm"
-)
-
-// NodeMaintenanceOperatorDeployment groups all deployments for node maintenance operator.
-type NodeMaintenanceOperatorDeployment struct {
-	CatalogSource operatorsv1alpha1.CatalogSource
-	OperatorGroup operatorsv1.OperatorGroup
-	Subscription  operatorsv1alpha1.Subscription
-}
-
-// NewNodeMaintenanceOperatorDeployment creates a new node maintenance operator (NMO) deployment.
-// See https://github.com/medik8s/node-maintenance-operator for more information.
-func NewNodeMaintenanceOperatorDeployment() *NodeMaintenanceOperatorDeployment {
-	return &NodeMaintenanceOperatorDeployment{
-		CatalogSource: operatorsv1alpha1.CatalogSource{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "CatalogSource"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "node-maintenance-operator-catalog",
-				Namespace: nodeMaintenanceOperatorCatalogNamespace,
-			},
-			Spec: operatorsv1alpha1.CatalogSourceSpec{
-				SourceType:  "grpc",
-				Image:       versions.NodeMaintenanceOperatorCatalogImage,
-				DisplayName: "Node Maintenance Operator",
-				Publisher:   "Medik8s Team",
-				UpdateStrategy: &operatorsv1alpha1.UpdateStrategy{
-					RegistryPoll: &operatorsv1alpha1.RegistryPoll{
-						RawInterval: "1m0s",
-						Interval: &metav1.Duration{
-							Duration: time.Minute,
-						},
-					},
-				},
-			},
-		},
-		OperatorGroup: operatorsv1.OperatorGroup{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1", Kind: "OperatorGroup"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "constellation-og",
-				Namespace: nodeMaintenanceOperatorNamespace,
-			},
-			Spec: operatorsv1.OperatorGroupSpec{
-				UpgradeStrategy: operatorsv1.UpgradeStrategyDefault,
-			},
-		},
-		Subscription: operatorsv1alpha1.Subscription{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "Subscription"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "node-maintenance-operator-sub",
-				Namespace: nodeMaintenanceOperatorNamespace,
-			},
-			Spec: &operatorsv1alpha1.SubscriptionSpec{
-				Channel:                "stable",
-				Package:                "node-maintenance-operator",
-				CatalogSource:          "node-maintenance-operator-catalog",
-				CatalogSourceNamespace: "olm",
-				InstallPlanApproval:    operatorsv1alpha1.ApprovalAutomatic,
-				StartingCSV:            "node-maintenance-operator." + versions.NodeMaintenanceOperatorVersion,
-			},
-		},
-	}
-}
-
-// Marshal to Kubernetes YAML.
-func (c *NodeMaintenanceOperatorDeployment) Marshal() ([]byte, error) {
-	return kubernetes.MarshalK8SResources(c)
-}
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go
@ -1,28 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"testing"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestNodeMaintenanceOperatorMarshalUnmarshal(t *testing.T) {
-	require := require.New(t)
-	assert := assert.New(t)
-
-	nmoDepl := NewNodeMaintenanceOperatorDeployment()
-	data, err := nmoDepl.Marshal()
-	require.NoError(err)
-
-	var recreated NodeMaintenanceOperatorDeployment
-	require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated))
-	assert.Equal(nmoDepl, &recreated)
-}
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go
@ -1,92 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"time"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	"github.com/edgelesssys/constellation/v2/internal/versions"
-	operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
-	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-const (
-	nodeOperatorNamespace        = "kube-system"
-	nodeOperatorCatalogNamespace = "olm"
-)
-
-// NodeOperatorDeployment groups all deployments for node operator.
-type NodeOperatorDeployment struct {
-	CatalogSource operatorsv1alpha1.CatalogSource
-	OperatorGroup operatorsv1.OperatorGroup
-	Subscription  operatorsv1alpha1.Subscription
-}
-
-// NewNodeOperatorDeployment creates a new constellation node operator deployment.
-// See /operators/constellation-node-operator for more information.
-func NewNodeOperatorDeployment(cloudProvider string, uid string) *NodeOperatorDeployment {
-	return &NodeOperatorDeployment{
-		CatalogSource: operatorsv1alpha1.CatalogSource{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "CatalogSource"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "constellation-node-operator-catalog",
-				Namespace: nodeOperatorCatalogNamespace,
-			},
-			Spec: operatorsv1alpha1.CatalogSourceSpec{
-				SourceType:  "grpc",
-				Image:       versions.NodeOperatorCatalogImage,
-				DisplayName: "Constellation Node Operator",
-				Publisher:   "Edgeless Systems",
-				UpdateStrategy: &operatorsv1alpha1.UpdateStrategy{
-					RegistryPoll: &operatorsv1alpha1.RegistryPoll{
-						RawInterval: "1m0s",
-						Interval:    &metav1.Duration{Duration: 1 * time.Minute},
-					},
-				},
-			},
-		},
-		OperatorGroup: operatorsv1.OperatorGroup{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1", Kind: "OperatorGroup"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "constellation-og",
-				Namespace: nodeOperatorNamespace,
-			},
-			Spec: operatorsv1.OperatorGroupSpec{
-				UpgradeStrategy: operatorsv1.UpgradeStrategyDefault,
-			},
-		},
-		Subscription: operatorsv1alpha1.Subscription{
-			TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "Subscription"},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "constellation-node-operator-sub",
-				Namespace: nodeOperatorNamespace,
-			},
-			Spec: &operatorsv1alpha1.SubscriptionSpec{
-				Channel:                "alpha",
-				Package:                "node-operator",
-				CatalogSource:          "constellation-node-operator-catalog",
-				CatalogSourceNamespace: "olm",
-				InstallPlanApproval:    operatorsv1alpha1.ApprovalAutomatic,
-				StartingCSV:            "node-operator." + versions.NodeOperatorVersion,
-				Config: &operatorsv1alpha1.SubscriptionConfig{
-					Env: []corev1.EnvVar{
-						{Name: "CONSTEL_CSP", Value: cloudProvider},
-						{Name: "constellation-uid", Value: uid},
-					},
-				},
-			},
-		},
-	}
-}
-
-// Marshal to Kubernetes YAML.
-func (c *NodeOperatorDeployment) Marshal() ([]byte, error) {
-	return kubernetes.MarshalK8SResources(c)
-}
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go
@ -1,28 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import (
-	"testing"
-
-	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestNodeOperatorMarshalUnmarshal(t *testing.T) {
-	require := require.New(t)
-	assert := assert.New(t)
-
-	nmoDepl := NewNodeOperatorDeployment("csp", "uid")
-	data, err := nmoDepl.Marshal()
-	require.NoError(err)
-
-	var recreated NodeOperatorDeployment
-	require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated))
-	assert.Equal(nmoDepl, &recreated)
-}
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/operator_lifecycle_manager.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/operator_lifecycle_manager.go
@ -1,37 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package resources
-
-import "github.com/edgelesssys/constellation/v2/internal/crds"
-
-// OLMCRDNames are the names of the custom resource definitions that are used by the olm operator.
-var OLMCRDNames = []string{
-	"catalogsources.operators.coreos.com",
-	"clusterserviceversions.operators.coreos.com",
-	"installplans.operators.coreos.com",
-	"olmconfigs.operators.coreos.com",
-	"operatorconditions.operators.coreos.com",
-	"operatorgroups.operators.coreos.com",
-	"operators.operators.coreos.com",
-	"subscriptions.operators.coreos.com",
-}
-
-// OperatorLifecycleManagerCRDs contains custom resource definitions used by the olm operator.
-type OperatorLifecycleManagerCRDs struct{}
-
-// Marshal returns the already marshalled CRDs.
-func (m *OperatorLifecycleManagerCRDs) Marshal() ([]byte, error) {
-	return crds.OLMCRDs, nil
-}
-
-// OperatorLifecycleManager is the deployment of the olm operator.
-type OperatorLifecycleManager struct{}
-
-// Marshal returns the already marshalled deployment yaml.
-func (m *OperatorLifecycleManager) Marshal() ([]byte, error) {
-	return crds.OLM, nil
-}