Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

helm: add OpenStack charts

Browse Source
This commit is contained in:
Malte Poll 2023-03-17 09:52:23 +01:00 committed by Malte Poll
parent 67f5625f99
commit e5124d1a97
10 changed files with 231 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bootstrapper/internal/helm/helm.go
View File

@ -99,7 +99,7 @@ func (h *Client) InstallCilium(ctx context.Context, kubectl k8sapi.Client, relea
h.Wait = release.Wait
switch in.CloudProvider {
case "aws", "azure", "qemu":
case "aws", "azure", "openstack", "qemu":
return h.installCiliumGeneric(ctx, release, in.LoadBalancerEndpoint)
case "gcp":
return h.installCiliumGCP(ctx, kubectl, release, in.NodeName, in.FirstNodePodCIDR, in.SubnetworkPodCIDR, in.LoadBalancerEndpoint)

2
cli/internal/helm/BUILD.bazel
View File

@ -313,6 +313,8 @@ go_library(
"charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json",
"charts/edgeless/operators/charts/node-maintenance-operator/values.yaml",
"charts/edgeless/operators/values.yaml",
"charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml",
"charts/edgeless/constellation-services/charts/ccm/templates/openstack-secret.yaml",
],
importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm",
visibility = ["//cli:__subpackages__"],

15
cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
View File

@ -7,23 +7,26 @@ dependencies:
- name: key-service
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- AWS
- OpenStack
- QEMU
- name: join-service
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- AWS
- OpenStack
- QEMU
- name: ccm
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- AWS
- OpenStack
- name: cnm
version: 0.0.0
tags:
@ -37,16 +40,18 @@ dependencies:
- name: verification-service
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- AWS
- OpenStack
- QEMU
- name: konnectivity
version: 0.0.0
tags:
- AWS
- Azure
- GCP
- AWS
- OpenStack
- QEMU
- name: gcp-guest-agent
version: 0.0.0

70
cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- if eq .Values.csp "OpenStack" -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cloud-controller-manager
namespace: {{ .Release.Namespace }}
labels:
k8s-app: cloud-controller-manager
spec:
selector:
matchLabels:
k8s-app: cloud-controller-manager
template:
metadata:
labels:
k8s-app: cloud-controller-manager
spec:
containers:
- name: cloud-controller-manager
image: {{ .Values.OpenStack.image | quote }}
args:
- /bin/openstack-cloud-controller-manager
- --cloud-provider=openstack
- --cloud-config=/etc/config/cloud.conf
- --leader-elect=true
- --allocate-node-cidrs=false
- -v=2
volumeMounts:
- name: etckubernetes
mountPath: /etc/kubernetes
readOnly: true
- name: etcssl
mountPath: /etc/ssl
readOnly: true
- name: etcpki
mountPath: /etc/pki
readOnly: true
- name: etcconfig
mountPath: /etc/config
readOnly: true
resources: {}
nodeSelector:
node-role.kubernetes.io/control-plane: ""
serviceAccountName: cloud-controller-manager
tolerations:
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/not-ready
volumes:
- name: etckubernetes
hostPath:
path: /etc/kubernetes
- name: etcssl
hostPath:
path: /etc/ssl
- name: etcpki
hostPath:
path: /etc/pki
- name: etcconfig
secret:
secretName: openstackkey
updateStrategy: {}
{{- end -}}

9
cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-secret.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- if eq .Values.csp "OpenStack" -}}
apiVersion: v1
kind: Secret
metadata:
name: openstackkey
namespace: {{ .Release.Namespace }}
data:
cloud.conf: {{ .Values.OpenStack.secretData | b64enc }}
{{- end -}}

75
cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json
View File

@ -3,7 +3,39 @@
"properties": {
"csp": {
"description": "CSP to which the chart is deployed.",
"enum": ["Azure", "GCP", "AWS", "QEMU"]
"enum": ["AWS", "Azure", "GCP", "OpenStack", "QEMU"]
},
"AWS": {
"description": "Config values required for deployment on AWS",
"type": "object",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string"
}
},
"required": [
"image"
]
},
"Azure": {
"description": "Config values required for deployment on Azure",
"type": "object",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:latest"]
},
"azureConfig": {
"description": "Base64 encoded json string that hold required config parameters for Azure CCM.",
"type": "string"
}
},
"required": [
"image",
"azureConfig"
]
},
"GCP": {
"description": "Config values required for deployment on GCP",
@ -41,36 +73,22 @@
"subnetworkPodCIDR"
]
},
"Azure": {
"description": "Config values required for deployment on Azure",
"OpenStack": {
"description": "Config values required for deployment on OpenStack",
"type": "object",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string",
"examples": ["mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:latest"]
"type": "string"
},
"azureConfig": {
"description": "Base64 encoded json string that hold required config parameters for Azure CCM.",
"secretData": {
"description": "OpenStack service account key as a json-string",
"type": "string"
}
},
"required": [
"image",
"azureConfig"
]
},
"AWS": {
"description": "Config values required for deployment on AWS",
"type": "object",
"properties": {
"image": {
"description": "Container image to use for the spawned pods.",
"type": "string"
}
},
"required": [
"image"
"secretData"
]
}
},
@ -80,10 +98,10 @@
"allOf": [
{
"if": {
"properties": { "csp": { "const": "GCP" } },
"properties": { "csp": { "const": "AWS" } },
"required": ["csp"]
},
"then": { "required": ["GCP"] }
"then": { "required": ["AWS"] }
},
{
"if": {
@ -94,10 +112,17 @@
},
{
"if": {
"properties": { "csp": { "const": "AWS" } },
"properties": { "csp": { "const": "GCP" } },
"required": ["csp"]
},
"then": { "required": ["AWS"] }
"then": { "required": ["GCP"] }
},
{
"if": {
"properties": { "csp": { "const": "OpenStack" } },
"required": ["csp"]
},
"then": { "required": ["OpenStack"] }
}
],
"title": "Values",

2
cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json
View File

@ -3,7 +3,7 @@
"properties": {
"csp": {
"description": "CSP to which the chart is deployed.",
"enum": ["Azure", "GCP", "AWS", "QEMU"]
"enum": ["AWS", "Azure", "GCP", "OpenStack", "QEMU"]
},
"measurements": {
"description": "JSON-string to describe the expected measurements.",

3
cli/internal/helm/charts/edgeless/constellation-services/values.yaml
View File

@ -18,7 +18,8 @@ azure:
# Set one of the tags to true to indicate which CSP you are deploying to.
tags:
AWS: false
Azure: false
GCP: false
AWS: false
OpenStack: false
QEMU: false

69
cli/internal/helm/loader.go
View File

@ -77,6 +77,8 @@ func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion)
cnmImage = versions.VersionConfigs[k8sVersion].CloudNodeManagerImageAzure
case cloudprovider.GCP:
ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageGCP
case cloudprovider.OpenStack:
ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageOpenStack
}
return &ChartLoader{
@ -186,6 +188,8 @@ func (i *ChartLoader) loadCiliumValues() (map[string]any, error) {
values = azureVals
case cloudprovider.GCP:
values = gcpVals
case cloudprovider.OpenStack:
values = openStackVals
case cloudprovider.QEMU:
values = qemuVals
default:
@ -300,6 +304,16 @@ func (i *ChartLoader) loadOperatorsValues() (map[string]any, error) {
},
}
switch i.csp {
case cloudprovider.AWS:
conOpVals, ok := values["constellation-operator"].(map[string]any)
if !ok {
return nil, errors.New("invalid constellation-operator values")
}
conOpVals["csp"] = "AWS"
values["tags"] = map[string]any{
"AWS": true,
}
case cloudprovider.Azure:
conOpVals, ok := values["constellation-operator"].(map[string]any)
if !ok {
@ -320,6 +334,16 @@ func (i *ChartLoader) loadOperatorsValues() (map[string]any, error) {
values["tags"] = map[string]any{
"GCP": true,
}
case cloudprovider.OpenStack:
conOpVals, ok := values["constellation-operator"].(map[string]any)
if !ok {
return nil, errors.New("invalid constellation-operator values")
}
conOpVals["csp"] = "OpenStack"
values["tags"] = map[string]any{
"OpenStack": true,
}
case cloudprovider.QEMU:
conOpVals, ok := values["constellation-operator"].(map[string]any)
if !ok {
@ -330,16 +354,6 @@ func (i *ChartLoader) loadOperatorsValues() (map[string]any, error) {
values["tags"] = map[string]any{
"QEMU": true,
}
case cloudprovider.AWS:
conOpVals, ok := values["constellation-operator"].(map[string]any)
if !ok {
return nil, errors.New("invalid constellation-operator values")
}
conOpVals["csp"] = "AWS"
values["tags"] = map[string]any{
"AWS": true,
}
}
return values, nil
@ -386,6 +400,18 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error)
}
switch i.csp {
case cloudprovider.AWS:
ccmVals, ok := values["ccm"].(map[string]any)
if !ok {
return nil, errors.New("invalid ccm values")
}
ccmVals["AWS"] = map[string]any{
"image": i.ccmImage,
}
values["tags"] = map[string]any{
"AWS": true,
}
case cloudprovider.Azure:
ccmVals, ok := values["ccm"].(map[string]any)
if !ok {
@ -415,24 +441,23 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error)
values["tags"] = map[string]any{
"GCP": true,
}
case cloudprovider.OpenStack:
ccmVals, ok := values["ccm"].(map[string]any)
if !ok {
return nil, errors.New("invalid ccm values")
}
ccmVals["OpenStack"] = map[string]any{
"image": i.ccmImage,
}
values["tags"] = map[string]any{
"OpenStack": true,
}
case cloudprovider.QEMU:
values["tags"] = map[string]any{
"QEMU": true,
}
case cloudprovider.AWS:
ccmVals, ok := values["ccm"].(map[string]any)
if !ok {
return nil, errors.New("invalid ccm values")
}
ccmVals["AWS"] = map[string]any{
"image": i.ccmImage,
}
values["tags"] = map[string]any{
"AWS": true,
}
}
return values, nil
}

39
cli/internal/helm/values.go
View File

@ -121,6 +121,45 @@ var gcpVals = map[string]any{
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
}
// Values for the Cilium Helm releases for OpenStack.
var openStackVals = map[string]any{
"endpointRoutes": map[string]any{
"enabled": true,
},
"encryption": map[string]any{
"enabled": true,
"type": "wireguard",
},
"l7Proxy": false,
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
},
},
"strictModeCIDR": "10.244.0.0/16",
"image": map[string]any{
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
"tag": "v1.12.1-edg",
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
"useDigest": true,
},
"operator": map[string]any{
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
"tag": "v1.12.1-edg",
"suffix": "",
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
"useDigest": true,
},
},
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
}
var qemuVals = map[string]any{
"endpointRoutes": map[string]any{
"enabled": true,