AB#2582: deploy CNM via Helm (#423)

2025-11-12 08:36:36 -05:00 · 2022-11-02 17:47:10 +01:00 · 2022-11-02 17:47:10 +01:00 · e363f03240
commit e363f03240
parent 4b257616e4
24 changed files with 297 additions and 335 deletions
--- a/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
@ -25,3 +25,7 @@ dependencies:
      - Azure
      - GCP
      - AWS
+  - name: cnm
+    version: 2.2.0-pre
+    tags:
+      - Azure
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/.helmignore
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/Chart.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v2
+name: cnm
+description: A chart to deploy cloud node manager for constellation
+type: application
+version: 2.2.0-pre
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/azure-daemonset.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/azure-daemonset.yaml
@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cloud-node-manager
+  namespace: {{ .Release.Namespace}}
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    component: cloud-node-manager
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cloud-node-manager
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/daemonset-pod: "true"
+      labels:
+        k8s-app: cloud-node-manager
+    spec:
+      containers:
+      - name: cloud-node-manager
+        image: {{ .Values.image }}
+        imagePullPolicy: IfNotPresent
+        command:
+          - cloud-node-manager
+          - --node-name=$(NODE_NAME)
+          - --wait-routes=true
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi
+      hostNetwork: true
+      nodeSelector:
+        kubernetes.io/os: linux
+      priorityClassName: system-node-critical
+      serviceAccountName: cloud-node-manager
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Equal
+          value: "true"
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+  updateStrategy: {}
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/clusterrole.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/clusterrole.yaml
@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloud-node-manager
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: cloud-node-manager
+    kubernetes.io/cluster-service: "true"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - watch
+  - list
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/clusterrolebinding.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/clusterrolebinding.yaml
@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cloud-node-manager
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: cloud-node-manager
+    kubernetes.io/cluster-service: "true"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cloud-node-manager
+subjects:
+- kind: ServiceAccount
+  name: cloud-node-manager
+  namespace: {{ .Release.Namespace}}
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/serviceaccount.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/templates/serviceaccount.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-node-manager
+  namespace: {{ .Release.Namespace}}
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: cloud-node-manager
+    kubernetes.io/cluster-service: "true"
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/values.schema.json
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/values.schema.json
@ -0,0 +1,15 @@
+{
+    "$schema": "https://json-schema.org/draft-07/schema#",
+    "properties": {
+        "image": {
+            "description": "Container image to use for the spawned pods.",
+            "type": "string",
+            "examples": ["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.23.21"]
+        }
+    },
+    "required": [
+        "image"
+    ],
+    "title": "Values",
+    "type": "object"
+}
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/values.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/cnm/values.yaml