AB#2504: Deploy join-service via helm (#358)

2025-05-03 23:04:53 -04:00 · 2022-10-24 12:23:18 +02:00 · 2022-10-24 12:23:18 +02:00 · c2814aeddb
commit c2814aeddb
parent d46408d00b
30 changed files with 434 additions and 378 deletions
--- a/bootstrapper/internal/kubernetes/kubernetes.go
+++ b/bootstrapper/internal/kubernetes/kubernetes.go
@ -8,6 +8,7 @@ package kubernetes

 import (
 	"context"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@ -200,18 +201,16 @@ func (k *KubeWrapper) InitCluster(
 		return nil, fmt.Errorf("setting up konnectivity: %w", err)
 	}

-	if err = k.helmClient.InstallConstellationServices(ctx, helmReleases.ConstellationServices); err != nil {
-		return nil, fmt.Errorf("installing kms: %w", err)
+	extraVals := setupExtraVals(k.initialMeasurementsJSON, idKeyDigest, measurementSalt)
+
+	if err = k.helmClient.InstallConstellationServices(ctx, helmReleases.ConstellationServices, extraVals); err != nil {
+		return nil, fmt.Errorf("installing constellation-services: %w", err)
 	}

 	if err := k.setupInternalConfigMap(ctx, strconv.FormatBool(azureCVM)); err != nil {
 		return nil, fmt.Errorf("failed to setup internal ConfigMap: %w", err)
 	}

-	if err := k.setupJoinService(k.cloudProvider, k.initialMeasurementsJSON, measurementSalt, enforcedPCRs, idKeyDigest, enforceIDKeyDigest); err != nil {
-		return nil, fmt.Errorf("setting up join service failed: %w", err)
-	}
-
 	if err := k.setupCCM(ctx, subnetworkPodCIDR, cloudServiceAccountURI, instance, k8sVersion); err != nil {
 		return nil, fmt.Errorf("setting up cloud controller manager: %w", err)
 	}
@ -329,21 +328,6 @@ func (k *KubeWrapper) GetKubeconfig() ([]byte, error) {
 	return k.kubeconfigReader.ReadKubeconfig()
 }

-func (k *KubeWrapper) setupJoinService(
-	csp string, measurementsJSON, measurementSalt []byte, enforcedPCRs []uint32, initialIDKeyDigest []byte, enforceIDKeyDigest bool,
-) error {
-	enforcedPCRsJSON, err := json.Marshal(enforcedPCRs)
-	if err != nil {
-		return fmt.Errorf("marshaling enforcedPCRs: %w", err)
-	}
-
-	joinConfiguration := resources.NewJoinServiceDaemonset(
-		csp, string(measurementsJSON), string(enforcedPCRsJSON), hex.EncodeToString(initialIDKeyDigest), strconv.FormatBool(enforceIDKeyDigest), measurementSalt,
-	)
-
-	return k.clusterUtil.SetupJoinService(k.client, joinConfiguration)
-}
-
 func (k *KubeWrapper) setupCCM(ctx context.Context, subnetworkPodCIDR, cloudServiceAccountURI string, instance metadata.InstanceMetadata, k8sVersion versions.ValidK8sVersion) error {
 	if !k.cloudControllerManager.Supported() {
 		return nil
@ -511,3 +495,15 @@ func getIPAddr() (string, error) {

 	return localAddr.IP.String(), nil
 }
+
+// setupExtraVals create a helm values map for consumption by helm-install.
+// Will move to a more dedicated place once that place becomes apparent.
+func setupExtraVals(initialMeasurementsJSON []byte, idkeydigest []byte, measurementSalt []byte) map[string]interface{} {
+	return map[string]interface{}{
+		"join-service": map[string]interface{}{
+			"measurements":    string(initialMeasurementsJSON),
+			"idkeydigest":     hex.EncodeToString(idkeydigest),
+			"measurementSalt": base64.StdEncoding.EncodeToString(measurementSalt),
+		},
+	}
+}