From ea5c83587c8c4e2e3093b83ad8a3af312626cfac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Mon, 26 Jun 2023 10:13:28 +0200 Subject: [PATCH] Move CSI charts to separate chart and cleanup loader code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- bootstrapper/internal/helm/helm.go | 29 +- bootstrapper/internal/kubernetes/k8sutil.go | 9 +- .../internal/kubernetes/kubernetes.go | 67 ++-- .../internal/kubernetes/kubernetes_test.go | 38 +- cli/internal/helm/BUILD.bazel | 164 +++++---- cli/internal/helm/README.md | 4 + .../charts/csi-snapshotter/crds/Chart.yaml | 6 - .../constellation-services/Chart.yaml | 25 -- .../charts/ccm/templates/aws-daemonset.yaml | 2 +- .../charts/ccm/templates/azure-daemonset.yaml | 2 +- .../charts/ccm/templates/gcp-daemonset.yaml | 2 +- .../ccm/templates/openstack-daemonset.yaml | 2 +- .../charts/ccm/values.schema.json | 105 +++--- .../constellation-services/values.yaml | 13 - .../helm/charts/edgeless/csi/Chart.yaml | 30 ++ .../charts/aws-csi-driver/CHANGELOG.md | 0 .../charts/aws-csi-driver/Chart.yaml | 0 .../charts/aws-csi-driver/templates/NOTES.txt | 0 .../aws-csi-driver/templates/_helpers.tpl | 0 .../templates/clusterrole-attacher.yaml | 0 .../templates/clusterrole-csi-node.yaml | 0 .../templates/clusterrole-provisioner.yaml | 0 .../templates/clusterrole-resizer.yaml | 0 .../templates/clusterrole-snapshotter.yaml | 0 .../clusterrolebinding-attacher.yaml | 0 .../clusterrolebinding-csi-node.yaml | 0 .../clusterrolebinding-provisioner.yaml | 0 .../templates/clusterrolebinding-resizer.yaml | 0 .../clusterrolebinding-snapshotter.yaml | 0 .../aws-csi-driver/templates/controller.yaml | 0 .../aws-csi-driver/templates/csidriver.yaml | 0 .../aws-csi-driver/templates/metrics.yaml | 0 .../templates/node-windows.yaml | 0 .../charts/aws-csi-driver/templates/node.yaml | 0 .../poddisruptionbudget-controller.yaml | 0 .../serviceaccount-csi-controller.yaml | 0 .../templates/serviceaccount-csi-node.yaml | 0 .../templates/storageclass.yaml | 0 .../templates/storageclass_default.yaml | 0 .../templates/storageclass_integrity.yaml | 0 .../templates/volumesnapshotclass.yaml | 0 .../charts/aws-csi-driver/values.yaml | 0 .../charts/azuredisk-csi-driver/Chart.yaml | 0 .../templates/_helpers.tpl | 0 .../templates/crd-csi-snapshot.yaml | 0 .../templates/csi-azuredisk-controller.yaml | 0 .../templates/csi-azuredisk-driver.yaml | 0 .../templates/csi-azuredisk-node.yaml | 0 .../templates/csi-snapshot-controller.yaml | 0 .../rbac-csi-azuredisk-controller.yaml | 0 .../templates/rbac-csi-azuredisk-node.yaml | 0 .../rbac-csi-snapshot-controller.yaml | 0 ...rviceaccount-csi-azuredisk-controller.yaml | 0 .../serviceaccount-csi-azuredisk-node.yaml | 0 ...erviceaccount-csi-snapshot-controller.yaml | 0 .../templates/storageclass_default.yaml | 0 .../templates/storageclass_integrity.yaml | 0 .../charts/azuredisk-csi-driver/values.yaml | 0 .../charts/cinder-config/.helmignore | 0 .../charts/cinder-config/Chart.yaml | 0 .../cinder-config/templates/secret.yaml | 0 .../charts/cinder-config/values.schema.json | 0 .../csi/charts/cinder-config}/values.yaml | 0 .../Chart.yaml | 0 .../templates/cluster_setup.yaml | 0 .../templates/controller.yaml | 0 .../templates/node.yaml | 0 .../templates/storageclass_default.yaml | 0 .../templates/storageclass_integrity.yaml | 0 .../templates/v1_csidriver.yaml | 0 .../values.yaml | 0 .../charts/openstack-cinder-csi}/Chart.yaml | 2 +- .../csi/charts/openstack-cinder-csi/README.md | 21 ++ .../openstack-cinder-csi/templates/NOTES.txt | 1 + .../templates/_helpers.tpl | 0 .../templates/cinder-csi-driver.yaml | 0 .../controllerplugin-deployment.yaml | 0 .../templates/controllerplugin-rbac.yaml | 0 .../templates/custom_storageclass.yaml | 3 + .../templates/nodeplugin-daemonset.yaml | 0 .../templates/nodeplugin-rbac.yaml | 0 .../templates/secret.yaml | 10 + .../templates/storageclass.yaml | 0 .../charts/openstack-cinder-csi}/values.yaml | 0 .../charts}/snapshot-controller/Chart.yaml | 0 .../templates/admission-configuration.yaml | 0 .../templates/rbac-snapshot-controller.yaml | 0 .../templates/rbac-snapshot-webhook.yaml | 0 .../templates/selfsigned-issuer.yaml | 0 .../templates/serving-cert.yaml | 0 .../templates/snapshot-controller.yaml | 0 .../templates/snapshot-webhook.yaml | 0 .../charts}/snapshot-controller/values.yaml | 0 .../csi/charts/snapshot-crds/Chart.yaml | 6 + .../templates/volumesnapshotclasses.yaml | 0 .../templates/volumesnapshotcontents.yaml | 0 .../templates/volumesnapshots.yaml | 0 .../charts/snapshot-crds}/values.yaml | 0 .../helm/charts/edgeless/csi/values.yaml | 11 + cli/internal/helm/client.go | 15 +- cli/internal/helm/loader.go | 261 +++----------- cli/internal/helm/loader_test.go | 284 +++------------ .../templates/crd-csi-snapshot.yaml | 0 .../templates/csi-azuredisk-controller.yaml | 223 ------------ .../templates/csi-azuredisk-driver.yaml | 11 - .../templates/csi-azuredisk-node.yaml | 202 ----------- .../templates/csi-snapshot-controller.yaml | 0 .../rbac-csi-azuredisk-controller.yaml | 237 ------------ .../templates/rbac-csi-azuredisk-node.yaml | 25 -- ...rviceaccount-csi-azuredisk-controller.yaml | 11 - .../serviceaccount-csi-azuredisk-node.yaml | 11 - ...erviceaccount-csi-snapshot-controller.yaml | 0 .../templates/storageclass_default.yaml | 12 - .../templates/storageclass_integrity.yaml | 12 - .../templates/cluster_setup.yaml | 308 ---------------- .../templates/controller.yaml | 171 --------- .../templates/node.yaml | 112 ------ .../templates/storageclass_default.yaml | 12 - .../templates/storageclass_integrity.yaml | 12 - .../templates/v1_csidriver.yaml | 7 - cli/internal/helm/update-csi-charts.sh | 17 +- cli/internal/helm/values.go | 337 +++++++++--------- .../attestation/measurements/measurements.go | 2 +- internal/deploy/helm/helm.go | 3 +- 124 files changed, 547 insertions(+), 2290 deletions(-) delete mode 100644 cli/internal/helm/charts/csi-snapshotter/crds/Chart.yaml create mode 100644 cli/internal/helm/charts/edgeless/csi/Chart.yaml rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/CHANGELOG.md (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/Chart.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/NOTES.txt (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/_helpers.tpl (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrole-attacher.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrole-resizer.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/csidriver.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/metrics.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/node-windows.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/storageclass.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/storageclass_default.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/storageclass_integrity.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/templates/volumesnapshotclass.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/aws-csi-driver/values.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/Chart.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/_helpers.tpl (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/storageclass_default.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/azuredisk-csi-driver/values.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/cinder-config/.helmignore (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/cinder-config/Chart.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/cinder-config/templates/secret.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/cinder-config/values.schema.json (100%) rename cli/internal/helm/charts/{csi-snapshotter/crds => edgeless/csi/charts/cinder-config}/values.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services => csi}/charts/gcp-compute-persistent-disk-csi-driver/values.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/Chart.yaml (82%) create mode 100644 cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/README.md create mode 100644 cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/_helpers.tpl (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/cinder-csi-driver.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/controllerplugin-deployment.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/controllerplugin-rbac.yaml (100%) create mode 100644 cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/nodeplugin-daemonset.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/nodeplugin-rbac.yaml (100%) create mode 100644 cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/templates/storageclass.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-csi-plugin => csi/charts/openstack-cinder-csi}/values.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/Chart.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/admission-configuration.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/rbac-snapshot-controller.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/rbac-snapshot-webhook.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/selfsigned-issuer.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/serving-cert.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/snapshot-controller.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/templates/snapshot-webhook.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter => edgeless/csi/charts}/snapshot-controller/values.yaml (100%) create mode 100644 cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml rename cli/internal/helm/charts/{csi-snapshotter/crds => edgeless/csi/charts/snapshot-crds}/templates/volumesnapshotclasses.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter/crds => edgeless/csi/charts/snapshot-crds}/templates/volumesnapshotcontents.yaml (100%) rename cli/internal/helm/charts/{csi-snapshotter/crds => edgeless/csi/charts/snapshot-crds}/templates/volumesnapshots.yaml (100%) rename cli/internal/helm/charts/edgeless/{constellation-services/charts/cinder-config => csi/charts/snapshot-crds}/values.yaml (100%) create mode 100644 cli/internal/helm/charts/edgeless/csi/values.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml delete mode 100644 cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml delete mode 100644 cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml diff --git a/bootstrapper/internal/helm/helm.go b/bootstrapper/internal/helm/helm.go index 2f1163288..4949f84ad 100644 --- a/bootstrapper/internal/helm/helm.go +++ b/bootstrapper/internal/helm/helm.go @@ -34,7 +34,7 @@ import ( const ( // timeout is the maximum time given to the helm client. - timeout = 5 * time.Minute + timeout = 10 * time.Minute // maximumRetryAttempts is the maximum number of attempts to retry a helm install. maximumRetryAttempts = 3 ) @@ -66,31 +66,8 @@ func New(log *logger.Logger) (*Client, error) { }, nil } -// InstallConstellationServices installs the constellation-services chart. In the future this chart should bundle all microservices. -func (h *Client) InstallConstellationServices(ctx context.Context, release helm.Release, extraVals map[string]any) error { - h.ReleaseName = release.ReleaseName - if err := h.setWaitMode(release.WaitMode); err != nil { - return err - } - - mergedVals := helm.MergeMaps(release.Values, extraVals) - - return h.install(ctx, release.Chart, mergedVals) -} - -// InstallChart installs a helm chart without extra setup. -func (h *Client) InstallChart(ctx context.Context, release helm.Release) error { - h.ReleaseName = release.ReleaseName - h.Timeout = 10 * time.Minute - if err := h.setWaitMode(release.WaitMode); err != nil { - return err - } - - return h.install(ctx, release.Chart, release.Values) -} - -// InstallOperators installs the Constellation Operators. -func (h *Client) InstallOperators(ctx context.Context, release helm.Release, extraVals map[string]any) error { +// InstallChart installs a helm chart, optionally merging extraVals into the values of the chart. +func (h *Client) InstallChart(ctx context.Context, release helm.Release, extraVals map[string]any) error { h.ReleaseName = release.ReleaseName if err := h.setWaitMode(release.WaitMode); err != nil { return err diff --git a/bootstrapper/internal/kubernetes/k8sutil.go b/bootstrapper/internal/kubernetes/k8sutil.go index a99a82855..9240953eb 100644 --- a/bootstrapper/internal/kubernetes/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sutil.go @@ -26,12 +26,9 @@ type clusterUtil interface { StartKubelet() error } -// helmClient bundles functions related to microservice deployment. Only microservices that can be deployed purely via Helm are deployed with this interface. -// Currently only a subset of microservices is deployed via Helm. -// Naming is inspired by Helm. +// helmClient bundles functions related to microservice deployment. +// Only microservices that can be deployed purely via Helm are deployed with this interface. type helmClient interface { InstallCilium(context.Context, k8sapi.Client, helm.Release, k8sapi.SetupPodNetworkInput) error - InstallChart(ctx context.Context, release helm.Release) error - InstallOperators(ctx context.Context, release helm.Release, extraVals map[string]any) error - InstallConstellationServices(ctx context.Context, release helm.Release, extraVals map[string]any) error + InstallChart(ctx context.Context, release helm.Release, extraVals map[string]any) error } diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index f522152ea..0b78e5842 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -232,29 +232,36 @@ func (k *KubeWrapper) InitCluster( } log.Infof("Installing Constellation microservices") - if err = k.helmClient.InstallConstellationServices(ctx, helmReleases.ConstellationServices, extraVals); err != nil { + if err = k.helmClient.InstallChart(ctx, helmReleases.ConstellationServices, extraVals); err != nil { return nil, fmt.Errorf("installing constellation-services: %w", err) } // cert-manager provides CRDs used by other deployments, - // so it should be installed as early as possible, but after our microservices. + // so it should be installed as early as possible, but after the services cert-manager depends on. log.Infof("Installing cert-manager") - if err = k.helmClient.InstallChart(ctx, helmReleases.CertManager); err != nil { + if err = k.helmClient.InstallChart(ctx, helmReleases.CertManager, nil); err != nil { return nil, fmt.Errorf("installing cert-manager: %w", err) } - // CSI snapshot-controller requires CRDs from cert-manager. It must be installed after it. - // CSI snapshot support should also only be deployed on clouds where we can deploy CSI drivers, - // and the deployment was not disabled by the user. - if helmReleases.SnapshotCRDs != nil && helmReleases.SnapshotController != nil { - log.Infof("Installing CSI snapshot CRDs") - if err = k.helmClient.InstallChart(ctx, *helmReleases.SnapshotCRDs); err != nil { - return nil, fmt.Errorf("installing CSI snapshot CRDs: %w", err) + // Install CSI drivers if enabled by the user. + if helmReleases.CSI != nil { + var csiVals map[string]any + if cloudprovider.FromString(k.cloudProvider) == cloudprovider.OpenStack { + creds, err := openstack.AccountKeyFromURI(serviceConfig.cloudServiceAccountURI) + if err != nil { + return nil, err + } + cinderIni := creds.CloudINI().CinderCSIConfiguration() + csiVals = map[string]any{ + "cinder-config": map[string]any{ + "secretData": cinderIni, + }, + } } - log.Infof("Installing CSI snapshot-controller") - if err = k.helmClient.InstallChart(ctx, *helmReleases.SnapshotController); err != nil { - return nil, fmt.Errorf("installing CSI snapshot-controller: %w", err) + log.Infof("Installing CSI deployments") + if err := k.helmClient.InstallChart(ctx, *helmReleases.CSI, csiVals); err != nil { + return nil, fmt.Errorf("installing CSI snapshot CRDs: %w", err) } } @@ -266,7 +273,7 @@ func (k *KubeWrapper) InitCluster( // Constellation operators require CRDs from cert-manager. // They must be installed after it. log.Infof("Installing operators") - if err = k.helmClient.InstallOperators(ctx, helmReleases.Operators, operatorVals); err != nil { + if err = k.helmClient.InstallChart(ctx, helmReleases.Operators, operatorVals); err != nil { return nil, fmt.Errorf("installing operators: %w", err) } @@ -430,7 +437,6 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell "join-service": map[string]any{ "measurementSalt": base64.StdEncoding.EncodeToString(serviceConfig.measurementSalt), }, - "ccm": map[string]any{}, "verification-service": map[string]any{ "loadBalancerIP": serviceConfig.loadBalancerIP, }, @@ -465,15 +471,13 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell return nil, fmt.Errorf("marshaling service account key: %w", err) } - ccmVals, ok := extraVals["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["GCP"] = map[string]any{ - "projectID": projectID, - "uid": uid, - "secretData": string(rawKey), - "subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR, + extraVals["ccm"] = map[string]any{ + "GCP": map[string]any{ + "projectID": projectID, + "uid": uid, + "secretData": string(rawKey), + "subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR, + }, } case cloudprovider.Azure: @@ -487,13 +491,10 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell return nil, fmt.Errorf("creating ccm secret: %w", err) } - ccmVals, ok := extraVals["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["Azure"] = map[string]any{ - "azureConfig": string(ccmConfig), - "subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR, + extraVals["ccm"] = map[string]any{ + "Azure": map[string]any{ + "azureConfig": string(ccmConfig), + }, } case cloudprovider.OpenStack: @@ -526,10 +527,6 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell "yawolNetworkID": networkIDs[0], "yawolAPIHost": fmt.Sprintf("https://%s:%d", serviceConfig.loadBalancerIP, constants.KubernetesPort), } - cinderIni := creds.CloudINI().CinderCSIConfiguration() - extraVals["cinder-config"] = map[string]any{ - "secretData": cinderIni, - } } return extraVals, nil } diff --git a/bootstrapper/internal/kubernetes/kubernetes_test.go b/bootstrapper/internal/kubernetes/kubernetes_test.go index 08e12ad18..9e8cf3f91 100644 --- a/bootstrapper/internal/kubernetes/kubernetes_test.go +++ b/bootstrapper/internal/kubernetes/kubernetes_test.go @@ -138,23 +138,7 @@ func TestInitCluster(t *testing.T) { }, "kubeadm init fails when setting up constellation-services chart": { clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - helmClient: stubHelmClient{servicesError: assert.AnError}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, - }, - "kubeadm init fails when setting the cloud node manager": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - helmClient: stubHelmClient{servicesError: assert.AnError}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, - }, - "kubeadm init fails when setting the cluster autoscaler": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - helmClient: stubHelmClient{servicesError: assert.AnError}, + helmClient: stubHelmClient{installChartError: assert.AnError}, kubeAPIWaiter: stubKubeAPIWaiter{}, providerMetadata: &stubProviderMetadata{}, wantErr: true, @@ -167,14 +151,6 @@ func TestInitCluster(t *testing.T) { wantErr: true, k8sVersion: versions.Default, }, - "kubeadm init fails when setting up konnectivity": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - helmClient: stubHelmClient{servicesError: assert.AnError}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, - }, "kubeadm init fails when setting up verification service": { clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, kubeAPIWaiter: stubKubeAPIWaiter{}, @@ -582,26 +558,16 @@ func (s *stubKubectl) EnforceCoreDNSSpread(_ context.Context) error { type stubHelmClient struct { ciliumError error installChartError error - operatorsError error - servicesError error } func (s *stubHelmClient) InstallCilium(_ context.Context, _ k8sapi.Client, _ helm.Release, _ k8sapi.SetupPodNetworkInput) error { return s.ciliumError } -func (s *stubHelmClient) InstallChart(_ context.Context, _ helm.Release) error { +func (s *stubHelmClient) InstallChart(_ context.Context, _ helm.Release, _ map[string]any) error { return s.installChartError } -func (s *stubHelmClient) InstallOperators(_ context.Context, _ helm.Release, _ map[string]any) error { - return s.operatorsError -} - -func (s *stubHelmClient) InstallConstellationServices(_ context.Context, _ helm.Release, _ map[string]any) error { - return s.servicesError -} - type stubKubeAPIWaiter struct { waitErr error } diff --git a/cli/internal/helm/BUILD.bazel b/cli/internal/helm/BUILD.bazel index f2eaebd46..0d86988c1 100644 --- a/cli/internal/helm/BUILD.bazel +++ b/cli/internal/helm/BUILD.bazel @@ -191,22 +191,6 @@ go_library( "charts/edgeless/constellation-services/charts/autoscaler/templates/serviceaccount.yaml", "charts/edgeless/constellation-services/charts/autoscaler/values.schema.json", "charts/edgeless/constellation-services/charts/autoscaler/values.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/Chart.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/_helpers.tpl", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/constellation-services/charts/azuredisk-csi-driver/values.yaml", "charts/edgeless/constellation-services/charts/ccm/.helmignore", "charts/edgeless/constellation-services/charts/ccm/Chart.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml", @@ -227,14 +211,6 @@ go_library( "charts/edgeless/constellation-services/charts/cnm/templates/serviceaccount.yaml", "charts/edgeless/constellation-services/charts/cnm/values.schema.json", "charts/edgeless/constellation-services/charts/cnm/values.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml", - "charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/values.yaml", "charts/edgeless/constellation-services/charts/gcp-guest-agent/.helmignore", "charts/edgeless/constellation-services/charts/gcp-guest-agent/Chart.yaml", "charts/edgeless/constellation-services/charts/gcp-guest-agent/templates/daemonset.yaml", @@ -334,61 +310,91 @@ go_library( "charts/edgeless/constellation-services/charts/yawol-config/templates/secret.yaml", "charts/edgeless/constellation-services/charts/yawol-config/values.schema.json", "charts/edgeless/constellation-services/charts/yawol-config/values.yaml", - "charts/edgeless/constellation-services/charts/cinder-config/.helmignore", - "charts/edgeless/constellation-services/charts/cinder-config/Chart.yaml", - "charts/edgeless/constellation-services/charts/cinder-config/templates/secret.yaml", - "charts/edgeless/constellation-services/charts/cinder-config/values.schema.json", - "charts/edgeless/constellation-services/charts/cinder-config/values.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/Chart.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/_helpers.tpl", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/cinder-csi-driver.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-rbac.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/storageclass.yaml", - "charts/edgeless/constellation-services/charts/cinder-csi-plugin/values.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/CHANGELOG.md", - "charts/edgeless/constellation-services/charts/aws-csi-driver/Chart.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/NOTES.txt", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/_helpers.tpl", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-attacher.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-resizer.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/controller.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/csidriver.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/metrics.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node-windows.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", - "charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml", - "charts/csi-snapshotter/crds/Chart.yaml", - "charts/csi-snapshotter/crds/templates/volumesnapshotclasses.yaml", - "charts/csi-snapshotter/crds/templates/volumesnapshotcontents.yaml", - "charts/csi-snapshotter/crds/templates/volumesnapshots.yaml", - "charts/csi-snapshotter/crds/values.yaml", - "charts/csi-snapshotter/snapshot-controller/Chart.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-controller.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-webhook.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/selfsigned-issuer.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/serving-cert.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/snapshot-controller.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/snapshot-webhook.yaml", - "charts/csi-snapshotter/snapshot-controller/values.yaml", - "charts/csi-snapshotter/snapshot-controller/templates/admission-configuration.yaml", + "charts/edgeless/csi/Chart.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml", + "charts/edgeless/csi/charts/cinder-config/.helmignore", + "charts/edgeless/csi/charts/cinder-config/Chart.yaml", + "charts/edgeless/csi/charts/cinder-config/templates/secret.yaml", + "charts/edgeless/csi/charts/cinder-config/values.schema.json", + "charts/edgeless/csi/charts/cinder-config/values.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/README.md", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/_helpers.tpl", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/cinder-csi-driver.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-rbac.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-rbac.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/storageclass.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml", + "charts/edgeless/csi/charts/snapshot-controller/Chart.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-controller.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-webhook.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/selfsigned-issuer.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml", + "charts/edgeless/csi/charts/snapshot-controller/values.yaml", + "charts/edgeless/csi/charts/snapshot-crds/Chart.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml", + "charts/edgeless/csi/charts/snapshot-crds/values.yaml", + "charts/edgeless/csi/values.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md", + "charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt", + "charts/edgeless/csi/charts/aws-csi-driver/templates/_helpers.tpl", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/csidriver.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/values.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/cli/internal/helm", visibility = ["//cli:__subpackages__"], diff --git a/cli/internal/helm/README.md b/cli/internal/helm/README.md index b34d13d04..798db1452 100644 --- a/cli/internal/helm/README.md +++ b/cli/internal/helm/README.md @@ -10,14 +10,18 @@ Because upgrades should be a CLI-only operation and we want to avoid the behavio Here is how we manage CRD upgrades for each chart. ## Cilium + - CRDs are updated by cilium-operator. ## cert-manager + - installCRDs flag is set during upgrade. This flag is managed by cert-manager. cert-manager is in charge of correctly upgrading the CRDs. - WARNING: upgrading cert-manager might break other installations of cert-manager in the cluster, if those other installation are not on the same version as the Constellation-manager installation. This is due to the cluster-wide CRDs. ## Operators + - Manually update CRDs before upgrading the chart. Update by running applying the CRDs found in the `operators/crds/` folder. ## Constellation-services + - There currently are no CRDs in this chart. diff --git a/cli/internal/helm/charts/csi-snapshotter/crds/Chart.yaml b/cli/internal/helm/charts/csi-snapshotter/crds/Chart.yaml deleted file mode 100644 index 051fef6e0..000000000 --- a/cli/internal/helm/charts/csi-snapshotter/crds/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: crds -description: A chart to deploy csi snapshot CRDs -type: application -version: 6.2.2 -appVersion: "6.2.2" diff --git a/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml b/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml index 640c485e0..87a6d0c4e 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml @@ -57,21 +57,6 @@ dependencies: version: 0.0.0 tags: - GCP - - name: gcp-compute-persistent-disk-csi-driver - version: 1.0.1 - condition: gcp.deployCSIDriver - tags: - - GCP - - name: azuredisk-csi-driver - version: 1.0.1 - condition: azure.deployCSIDriver - tags: - - Azure - - name: aws-csi-driver - version: 1.0.0 - condition: aws.deployCSIDriver - tags: - - AWS - name: yawol-config version: 0.0.0 condition: openstack.deployYawolLoadBalancer @@ -82,13 +67,3 @@ dependencies: condition: openstack.deployYawolLoadBalancer tags: - OpenStack - - name: cinder-config - version: 1.0.0 - condition: openstack.deployCSIDriver - tags: - - OpenStack - - name: cinder-csi-plugin - version: 1.0.0 - condition: openstack.deployCSIDriver - tags: - - OpenStack diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml index 9d8694164..fa72c605a 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: cloud-controller-manager - image: {{ .Values.AWS.image | quote }} + image: {{ .Values.image | quote }} args: - --cloud-provider=aws - --leader-elect=true diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml index 5572bf3d9..b7f9020fd 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: cloud-controller-manager - image: {{ .Values.Azure.image | quote }} + image: {{ .Values.image | quote }} command: - cloud-controller-manager - --cloud-provider=azure diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml index 77db84c52..7fbd7aa3b 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: cloud-controller-manager - image: {{ .Values.GCP.image | quote }} + image: {{ .Values.image | quote }} command: - /cloud-controller-manager - --cloud-provider=gce diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml index 740d91f8a..4c949b60f 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: cloud-controller-manager - image: {{ .Values.OpenStack.image | quote }} + image: {{ .Values.image | quote }} args: - /bin/openstack-cloud-controller-manager - --cloud-provider=openstack diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json index 5b537d6b2..59e2beb4d 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json @@ -3,37 +3,28 @@ "properties": { "csp": { "description": "CSP to which the chart is deployed.", - "enum": ["AWS", "Azure", "GCP", "OpenStack", "QEMU"] - }, - "AWS": { - "description": "Config values required for deployment on AWS", - "type": "object", - "properties": { - "image": { - "description": "Container image to use for the spawned pods.", - "type": "string" - } - }, - "required": [ - "image" + "enum": [ + "AWS", + "Azure", + "GCP", + "OpenStack", + "QEMU" ] }, + "image": { + "description": "Container image to use for the Cloud Controller Manager.", + "type": "string" + }, "Azure": { "description": "Config values required for deployment on Azure", "type": "object", "properties": { - "image": { - "description": "Container image to use for the spawned pods.", - "type": "string", - "examples": ["mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:latest"] - }, "azureConfig": { "description": "Base64 encoded json string that hold required config parameters for Azure CCM.", "type": "string" } }, "required": [ - "image", "azureConfig" ] }, @@ -41,14 +32,12 @@ "description": "Config values required for deployment on GCP", "type": "object", "properties": { - "image": { - "description": "Container image to use for the spawned pods.", - "type": "string" - }, "projectID": { "description": "ID of the GCP project into which the cluster is deployed", "type": "string", - "examples": ["demoproject-581925"] + "examples": [ + "demoproject-581925" + ] }, "uid": { "description": "Unique identifier for the cluster", @@ -61,12 +50,13 @@ "subnetworkPodCIDR": { "description": "CIDR Range for Pods in cluster", "type": "string", - "examples": ["192.0.2.0/24"], + "examples": [ + "192.0.2.0/24" + ], "pattern": "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}" } }, "required": [ - "image", "projectID", "uid", "secretData", @@ -77,52 +67,71 @@ "description": "Config values required for deployment on OpenStack", "type": "object", "properties": { - "image": { - "description": "Container image to use for the spawned pods.", - "type": "string" - }, "secretData": { "description": "OpenStack service account key as a json-string", "type": "string" } }, "required": [ - "image", "secretData" ] } }, "required": [ - "csp" + "csp", + "image" ], "allOf": [ { "if": { - "properties": { "csp": { "const": "AWS" } }, - "required": ["csp"] + "properties": { + "csp": { + "const": "Azure" + } + }, + "required": [ + "csp" + ] }, - "then": { "required": ["AWS"] } + "then": { + "required": [ + "Azure" + ] + } }, { "if": { - "properties": { "csp": { "const": "Azure" } }, - "required": ["csp"] + "properties": { + "csp": { + "const": "GCP" + } + }, + "required": [ + "csp" + ] }, - "then": { "required": ["Azure"] } + "then": { + "required": [ + "GCP" + ] + } }, { "if": { - "properties": { "csp": { "const": "GCP" } }, - "required": ["csp"] + "properties": { + "csp": { + "const": "OpenStack" + } + }, + "required": [ + "csp" + ] }, - "then": { "required": ["GCP"] } - }, - { - "if": { - "properties": { "csp": { "const": "OpenStack" } }, - "required": ["csp"] - }, - "then": { "required": ["OpenStack"] } + "then": { + "required": [ + "OpenStack" + ] + } } ], "title": "Values", diff --git a/cli/internal/helm/charts/edgeless/constellation-services/values.yaml b/cli/internal/helm/charts/edgeless/constellation-services/values.yaml index 0cc989822..05fd7c910 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/values.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/values.yaml @@ -8,22 +8,9 @@ global: # Name of the ConfigMap that holds configs that should not be modified by the user. internalCMName: internal-config -# AWS specific configuration -aws: - deployCSIDriver: false - -# Azure specific configuration -azure: - deployCSIDriver: false - -# GCP specific configuration -gcp: - deployCSIDriver: false - # OpenStack specific configuration openstack: deployYawolLoadBalancer: false - deployCSIDriver: false # Set one of the tags to true to indicate which CSP you are deploying to. tags: diff --git a/cli/internal/helm/charts/edgeless/csi/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/Chart.yaml new file mode 100644 index 000000000..bc6ee9cbc --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: constellation-csi +description: A chart to deploy CSI services for Constellation +type: application +version: 0.0.0 +dependencies: + - name: snapshot-controller + version: 6.2.2 + - name: snapshot-crds + version: 6.2.2 + - name: aws-csi-driver + version: 1.1.0 + tags: + - AWS + - name: azuredisk-csi-driver + version: v1.2.0 + tags: + - Azure + - name: cinder-config + version: 1.0.0 + tags: + - OpenStack + - name: gcp-compute-persistent-disk-csi-driver + version: 1.2.0 + tags: + - GCP + - name: openstack-cinder-csi + version: 1.0.0 + tags: + - OpenStack diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/CHANGELOG.md b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/CHANGELOG.md rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/NOTES.txt b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/NOTES.txt rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/_helpers.tpl b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_helpers.tpl similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/_helpers.tpl rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_helpers.tpl diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-attacher.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-attacher.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-resizer.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-resizer.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/csidriver.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/csidriver.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/csidriver.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/csidriver.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/metrics.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/metrics.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node-windows.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node-windows.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_default.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_default.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_default.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_default.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_integrity.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/storageclass_integrity.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_integrity.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/templates/volumesnapshotclass.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/aws-csi-driver/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/_helpers.tpl b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/_helpers.tpl rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/.helmignore b/cli/internal/helm/charts/edgeless/csi/charts/cinder-config/.helmignore similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/.helmignore rename to cli/internal/helm/charts/edgeless/csi/charts/cinder-config/.helmignore diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/cinder-config/Chart.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/cinder-config/Chart.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/templates/secret.yaml b/cli/internal/helm/charts/edgeless/csi/charts/cinder-config/templates/secret.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/templates/secret.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/cinder-config/templates/secret.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/values.schema.json b/cli/internal/helm/charts/edgeless/csi/charts/cinder-config/values.schema.json similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/values.schema.json rename to cli/internal/helm/charts/edgeless/csi/charts/cinder-config/values.schema.json diff --git a/cli/internal/helm/charts/csi-snapshotter/crds/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/cinder-config/values.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/crds/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/cinder-config/values.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml similarity index 82% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml index bce9fb3f0..d263e85d6 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/Chart.yaml +++ b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: v1.0.0 description: Cinder CSI Chart for OpenStack with on-node encryption support -name: cinder-csi-plugin +name: openstack-cinder-csi version: 1.0.0 diff --git a/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/README.md b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/README.md new file mode 100644 index 000000000..c90dfcf1c --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/README.md @@ -0,0 +1,21 @@ +# Cinder CSI volume provisioner + +Deploys a Cinder csi provisioner to your cluster, with the appropriate storageClass. + +## How To install +- Enable deployment of storageclasses using `storageClass.enabled` +- Tag the retain or delete class as default class using `storageClass.delete.isDefault` in your value yaml +- Set `storageClass..allowVolumeExpansion` to `true` or `false` + +First add the repo: + + helm repo add cpo https://kubernetes.github.io/cloud-provider-openstack + helm repo update + +If you are using Helm v3: + + helm install cinder-csi cpo/openstack-cinder-csi + +If you are using Helm v2: + + helm install --name cinder-csi cpo/openstack-cinder-csi diff --git a/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt new file mode 100644 index 000000000..02559af45 --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt @@ -0,0 +1 @@ +Use the following storageClass encrypted-rwo and integrity-encrypted-rwo only for RWO volumes. diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/_helpers.tpl b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/_helpers.tpl similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/_helpers.tpl rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/_helpers.tpl diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/cinder-csi-driver.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/cinder-csi-driver.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/cinder-csi-driver.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/cinder-csi-driver.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-rbac.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-rbac.yaml diff --git a/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml new file mode 100644 index 000000000..267c731a2 --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml @@ -0,0 +1,3 @@ +{{- if .Values.storageClass.custom -}} +{{ .Values.storageClass.custom }} +{{- end }} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-rbac.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-rbac.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/nodeplugin-rbac.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-rbac.yaml diff --git a/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml new file mode 100644 index 000000000..b11ef8567 --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml @@ -0,0 +1,10 @@ +{{- if .Values.secret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secret.name }} + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + {{ .Values.secret.data | toYaml | trimSuffix "\n" | nindent 2 }} +{{- end }} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/storageclass.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/storageclass.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/templates/storageclass.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/storageclass.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-csi-plugin/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/Chart.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/admission-configuration.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/admission-configuration.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-controller.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-controller.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-webhook.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-webhook.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/rbac-snapshot-webhook.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-webhook.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/selfsigned-issuer.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/selfsigned-issuer.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/selfsigned-issuer.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/selfsigned-issuer.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/serving-cert.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/serving-cert.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/snapshot-controller.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/snapshot-controller.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/snapshot-webhook.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/templates/snapshot-webhook.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/snapshot-controller/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/snapshot-controller/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml diff --git a/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml new file mode 100644 index 000000000..fd0fc7ae2 --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: snapshot-crds +description: A chart to deploy CSI snapshot CRDs +type: application +version: 6.2.2 +appVersion: "6.2.2" diff --git a/cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshotclasses.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshotclasses.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshotcontents.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshotcontents.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml diff --git a/cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshots.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml similarity index 100% rename from cli/internal/helm/charts/csi-snapshotter/crds/templates/volumesnapshots.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/values.yaml b/cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/values.yaml similarity index 100% rename from cli/internal/helm/charts/edgeless/constellation-services/charts/cinder-config/values.yaml rename to cli/internal/helm/charts/edgeless/csi/charts/snapshot-crds/values.yaml diff --git a/cli/internal/helm/charts/edgeless/csi/values.yaml b/cli/internal/helm/charts/edgeless/csi/values.yaml new file mode 100644 index 000000000..e804bfcdd --- /dev/null +++ b/cli/internal/helm/charts/edgeless/csi/values.yaml @@ -0,0 +1,11 @@ +global: + # Port on which the KeyService will listen. + keyServicePort: 9000 + +# Set one of the tags to true to indicate which CSP you are deploying to. +tags: + AWS: false + Azure: false + GCP: false + OpenStack: false + QEMU: false diff --git a/cli/internal/helm/client.go b/cli/internal/helm/client.go index 67b6e244f..0961b8b24 100644 --- a/cli/internal/helm/client.go +++ b/cli/internal/helm/client.go @@ -267,29 +267,20 @@ func (c *Client) upgradeRelease( switch chart.Metadata.Name { case ciliumInfo.chartName: releaseName = ciliumInfo.releaseName - values, err = loader.loadCiliumValues() - if err != nil { - return fmt.Errorf("loading values: %w", err) - } + values = ciliumVals[conf.GetProvider().String()] case certManagerInfo.chartName: releaseName = certManagerInfo.releaseName values = loader.loadCertManagerValues() case constellationOperatorsInfo.chartName: releaseName = constellationOperatorsInfo.releaseName - values, err = loader.loadOperatorsValues() - if err != nil { - return fmt.Errorf("loading values: %w", err) - } + values = loader.loadOperatorsValues() if err := c.updateCRDs(ctx, chart); err != nil { return fmt.Errorf("updating CRDs: %w", err) } case constellationServicesInfo.chartName: releaseName = constellationServicesInfo.releaseName - values, err = loader.loadConstellationServicesValues() - if err != nil { - return fmt.Errorf("loading values: %w", err) - } + values = loader.loadConstellationServicesValues() if err := c.applyMigrations(ctx, releaseName, values, conf); err != nil { return fmt.Errorf("applying migrations: %w", err) diff --git a/cli/internal/helm/loader.go b/cli/internal/helm/loader.go index 02b2e426e..33551d038 100644 --- a/cli/internal/helm/loader.go +++ b/cli/internal/helm/loader.go @@ -51,8 +51,7 @@ var ( certManagerInfo = chartInfo{releaseName: "cert-manager", chartName: "cert-manager", path: "charts/cert-manager"} constellationOperatorsInfo = chartInfo{releaseName: "constellation-operators", chartName: "constellation-operators", path: "charts/edgeless/operators"} constellationServicesInfo = chartInfo{releaseName: "constellation-services", chartName: "constellation-services", path: "charts/edgeless/constellation-services"} - snapshotCRDsInfo = chartInfo{releaseName: "snapshot-crd", chartName: "crds", path: "charts/csi-snapshotter/crds"} - snapshotControllerInfo = chartInfo{releaseName: "snapshot-controller", chartName: "snapshot-controller", path: "charts/csi-snapshotter/snapshot-controller"} + csiInfo = chartInfo{releaseName: "constellation-csi", chartName: "constellation-csi", path: "charts/edgeless/csi"} ) // ChartLoader loads embedded helm charts. @@ -131,16 +130,11 @@ func (i *ChartLoader) Load(config *config.Config, conformanceMode bool, helmWait releases := helm.Releases{Cilium: ciliumRelease, CertManager: certManagerRelease, Operators: operatorRelease, ConstellationServices: conServicesRelease} if config.DeployCSIDriver() { - snapshotCRDs, err := i.loadRelease(snapshotCRDsInfo) + csi, err := i.loadRelease(csiInfo, helmWaitMode) if err != nil { return nil, fmt.Errorf("loading snapshot CRDs: %w", err) } - snapshotController, err := i.loadRelease(snapshotControllerInfo) - if err != nil { - return nil, fmt.Errorf("loading snapshot controller: %w", err) - } - releases.SnapshotCRDs = &snapshotCRDs - releases.SnapshotController = &snapshotController + releases.CSI = &csi } rel, err := json.Marshal(releases) @@ -157,25 +151,25 @@ func (i *ChartLoader) loadRelease(info chartInfo, helmWaitMode helm.WaitMode) (h return helm.Release{}, fmt.Errorf("loading %s chart: %w", info.releaseName, err) } - var values map[string]any + values := map[string]any{} switch info.releaseName { case ciliumInfo.releaseName: - values, err = i.loadCiliumValues() + values = ciliumVals[i.csp.String()] case certManagerInfo.releaseName: values = i.loadCertManagerValues() case constellationOperatorsInfo.releaseName: updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo())) - - values, err = i.loadOperatorsValues() + values = i.loadOperatorsValues() case constellationServicesInfo.releaseName: updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo())) - - values, err = i.loadConstellationServicesValues() + values = i.loadConstellationServicesValues() + case csiInfo.releaseName: + updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo())) } - if err != nil { - return helm.Release{}, fmt.Errorf("loading %s values: %w", info.releaseName, err) + values["tags"] = map[string]any{ + i.csp.String(): true, } chartRaw, err := i.marshalChart(chart) @@ -186,28 +180,6 @@ func (i *ChartLoader) loadRelease(info chartInfo, helmWaitMode helm.WaitMode) (h return helm.Release{Chart: chartRaw, Values: values, ReleaseName: info.releaseName, WaitMode: helmWaitMode}, nil } -// loadCiliumValues is used to separate the marshalling step from the loading step. -// This reduces the time unit tests take to execute. -func (i *ChartLoader) loadCiliumValues() (map[string]any, error) { - var values map[string]any - switch i.csp { - case cloudprovider.AWS: - values = awsVals - case cloudprovider.Azure: - values = azureVals - case cloudprovider.GCP: - values = gcpVals - case cloudprovider.OpenStack: - values = openStackVals - case cloudprovider.QEMU: - values = qemuVals - default: - return nil, fmt.Errorf("unknown csp: %s", i.csp) - } - - return values, nil -} - // extendCiliumValues extends the given values map by some values depending on user input. // This extra step of separating the application of user input is necessary since service upgrades should // reuse user input from the init step. However, we can't rely on reuse-values, because @@ -232,77 +204,34 @@ func (i *ChartLoader) loadCertManagerValues() map[string]any { "prometheus": map[string]any{ "enabled": false, }, - "tolerations": []map[string]any{ - { - "key": "node-role.kubernetes.io/control-plane", - "effect": "NoSchedule", - "operator": "Exists", - }, - { - "key": "node-role.kubernetes.io/master", - "effect": "NoSchedule", - "operator": "Exists", - }, - }, + "tolerations": controlPlaneTolerations(), "webhook": map[string]any{ - "tolerations": []map[string]any{ - { - "key": "node-role.kubernetes.io/control-plane", - "effect": "NoSchedule", - "operator": "Exists", - }, - { - "key": "node-role.kubernetes.io/master", - "effect": "NoSchedule", - "operator": "Exists", - }, - }, + "tolerations": controlPlaneTolerations(), }, "cainjector": map[string]any{ - "tolerations": []map[string]any{ - { - "key": "node-role.kubernetes.io/control-plane", - "effect": "NoSchedule", - "operator": "Exists", - }, - { - "key": "node-role.kubernetes.io/master", - "effect": "NoSchedule", - "operator": "Exists", - }, - }, + "tolerations": controlPlaneTolerations(), }, "startupapicheck": map[string]any{ "timeout": "5m", "extraArgs": []string{ "--verbose", }, - "tolerations": []map[string]any{ - { - "key": "node-role.kubernetes.io/control-plane", - "effect": "NoSchedule", - "operator": "Exists", - }, - { - "key": "node-role.kubernetes.io/master", - "effect": "NoSchedule", - "operator": "Exists", - }, - }, + "tolerations": controlPlaneTolerations(), }, } } // loadOperatorsHelper is used to separate the marshalling step from the loading step. // This reduces the time unit tests take to execute. -func (i *ChartLoader) loadOperatorsValues() (map[string]any, error) { - values := map[string]any{ +func (i *ChartLoader) loadOperatorsValues() map[string]any { + return map[string]any{ "constellation-operator": map[string]any{ "controllerManager": map[string]any{ "manager": map[string]any{ "image": i.constellationOperatorImage, }, }, + "csp": i.csp.String(), }, "node-maintenance-operator": map[string]any{ "controllerManager": map[string]any{ @@ -312,66 +241,12 @@ func (i *ChartLoader) loadOperatorsValues() (map[string]any, error) { }, }, } - switch i.csp { - case cloudprovider.AWS: - conOpVals, ok := values["constellation-operator"].(map[string]any) - if !ok { - return nil, errors.New("invalid constellation-operator values") - } - conOpVals["csp"] = "AWS" - - values["tags"] = map[string]any{ - "AWS": true, - } - case cloudprovider.Azure: - conOpVals, ok := values["constellation-operator"].(map[string]any) - if !ok { - return nil, errors.New("invalid constellation-operator values") - } - conOpVals["csp"] = "Azure" - - values["tags"] = map[string]any{ - "Azure": true, - } - case cloudprovider.GCP: - conOpVals, ok := values["constellation-operator"].(map[string]any) - if !ok { - return nil, errors.New("invalid constellation-operator values") - } - conOpVals["csp"] = "GCP" - - values["tags"] = map[string]any{ - "GCP": true, - } - case cloudprovider.OpenStack: - conOpVals, ok := values["constellation-operator"].(map[string]any) - if !ok { - return nil, errors.New("invalid constellation-operator values") - } - conOpVals["csp"] = "OpenStack" - - values["tags"] = map[string]any{ - "OpenStack": true, - } - case cloudprovider.QEMU: - conOpVals, ok := values["constellation-operator"].(map[string]any) - if !ok { - return nil, errors.New("invalid constellation-operator values") - } - conOpVals["csp"] = "QEMU" - - values["tags"] = map[string]any{ - "QEMU": true, - } - } - - return values, nil } // loadConstellationServicesHelper is used to separate the marshalling step from the loading step. // This reduces the time unit tests take to execute. -func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error) { - values := map[string]any{ +func (i *ChartLoader) loadConstellationServicesValues() map[string]any { + return map[string]any{ "global": map[string]any{ "keyServicePort": constants.KeyServicePort, "keyServiceNamespace": "", // empty namespace means we use the release namespace @@ -390,7 +265,11 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error) "image": i.joinServiceImage, }, "ccm": map[string]any{ - "csp": i.csp.String(), + "csp": i.csp.String(), + "image": i.ccmImage, + }, + "cnm": map[string]any{ + "image": i.cnmImage, }, "autoscaler": map[string]any{ "csp": i.csp.String(), @@ -406,68 +285,6 @@ func (i *ChartLoader) loadConstellationServicesValues() (map[string]any, error) "image": i.konnectivityImage, }, } - - switch i.csp { - case cloudprovider.AWS: - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["AWS"] = map[string]any{ - "image": i.ccmImage, - } - - values["tags"] = map[string]any{ - "AWS": true, - } - case cloudprovider.Azure: - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["Azure"] = map[string]any{ - "image": i.ccmImage, - } - - values["cnm"] = map[string]any{ - "image": i.cnmImage, - } - - values["tags"] = map[string]any{ - "Azure": true, - } - - case cloudprovider.GCP: - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["GCP"] = map[string]any{ - "image": i.ccmImage, - } - - values["tags"] = map[string]any{ - "GCP": true, - } - case cloudprovider.OpenStack: - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return nil, errors.New("invalid ccm values") - } - ccmVals["OpenStack"] = map[string]any{ - "image": i.ccmImage, - } - - values["tags"] = map[string]any{ - "OpenStack": true, - } - case cloudprovider.QEMU: - values["tags"] = map[string]any{ - "QEMU": true, - } - - } - return values, nil } // extendConstellationServicesValues extends the given values map by some values depending on user input. @@ -504,22 +321,9 @@ func extendConstellationServicesValues( csp := cfg.GetProvider() switch csp { - case cloudprovider.AWS: - in["aws"] = map[string]any{ - "deployCSIDriver": cfg.DeployCSIDriver(), - } - case cloudprovider.Azure: - in["azure"] = map[string]any{ - "deployCSIDriver": cfg.DeployCSIDriver(), - } - case cloudprovider.GCP: - in["gcp"] = map[string]any{ - "deployCSIDriver": cfg.DeployCSIDriver(), - } case cloudprovider.OpenStack: in["openstack"] = map[string]any{ "deployYawolLoadBalancer": cfg.DeployYawolLoadBalancer(), - "deployCSIDriver": cfg.DeployCSIDriver(), } if cfg.DeployYawolLoadBalancer() { in["yawol-controller"] = map[string]any{ @@ -659,3 +463,18 @@ func loadChartsDir(efs embed.FS, dir string) (*chart.Chart, error) { return loader.LoadFiles(files) } + +func controlPlaneTolerations() []map[string]any { + return []map[string]any{ + { + "key": "node-role.kubernetes.io/control-plane", + "effect": "NoSchedule", + "operator": "Exists", + }, + { + "key": "node-role.kubernetes.io/master", + "effect": "NoSchedule", + "operator": "Exists", + }, + } +} diff --git a/cli/internal/helm/loader_test.go b/cli/internal/helm/loader_test.go index 0fe1266b3..03a31398f 100644 --- a/cli/internal/helm/loader_test.go +++ b/cli/internal/helm/loader_test.go @@ -56,7 +56,6 @@ func TestConstellationServices(t *testing.T) { testCases := map[string]struct { config *config.Config enforceIDKeyDigest bool - valuesModifier func(map[string]any) error ccmImage string cnmImage string }{ @@ -69,8 +68,7 @@ func TestConstellationServices(t *testing.T) { Measurements: measurements.M{1: measurements.WithAllBytes(0xAA, measurements.Enforce, measurements.PCRMeasurementLength)}, }}, }, - valuesModifier: prepareAWSValues, - ccmImage: "ccmImageForAWS", + ccmImage: "ccmImageForAWS", }, "Azure": { config: &config.Config{ @@ -91,7 +89,6 @@ func TestConstellationServices(t *testing.T) { }}, }, enforceIDKeyDigest: true, - valuesModifier: prepareAzureValues, ccmImage: "ccmImageForAzure", cnmImage: "cnmImageForAzure", }, @@ -104,8 +101,7 @@ func TestConstellationServices(t *testing.T) { Measurements: measurements.M{1: measurements.WithAllBytes(0xAA, measurements.Enforce, measurements.PCRMeasurementLength)}, }}, }, - valuesModifier: prepareGCPValues, - ccmImage: "ccmImageForGCP", + ccmImage: "ccmImageForGCP", }, "OpenStack": { config: &config.Config{ @@ -114,8 +110,7 @@ func TestConstellationServices(t *testing.T) { Measurements: measurements.M{1: measurements.WithAllBytes(0xAA, measurements.Enforce, measurements.PCRMeasurementLength)}, }}, }, - valuesModifier: prepareOpenStackValues, - ccmImage: "ccmImageForOpenStack", + ccmImage: "ccmImageForOpenStack", }, "QEMU": { config: &config.Config{ @@ -124,7 +119,6 @@ func TestConstellationServices(t *testing.T) { Measurements: measurements.M{1: measurements.WithAllBytes(0xAA, measurements.Enforce, measurements.PCRMeasurementLength)}, }}, }, - valuesModifier: prepareQEMUValues, }, } @@ -146,8 +140,7 @@ func TestConstellationServices(t *testing.T) { } chart, err := loadChartsDir(helmFS, constellationServicesInfo.path) require.NoError(err) - values, err := chartLoader.loadConstellationServicesValues() - require.NoError(err) + values := chartLoader.loadConstellationServicesValues() err = extendConstellationServicesValues(values, tc.config, []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) require.NoError(err) @@ -165,7 +158,13 @@ func TestConstellationServices(t *testing.T) { KubeVersion: *kubeVersion, } - err = tc.valuesModifier(values) + // Add provider tag + values["tags"] = map[string]any{ + tc.config.GetProvider().String(): true, + } + + // Add values that are only known after the cluster is created. + err = addInClusterValues(values, tc.config.GetProvider()) require.NoError(err) // This step is needed to enabled/disable subcharts according to their tags/conditions. @@ -179,7 +178,7 @@ func TestConstellationServices(t *testing.T) { require.NoError(err) testDataPath := path.Join("testdata", tc.config.GetProvider().String(), "constellation-services") - // Build a map with the same struct as result: filepaths -> rendered template. + // Build a map with the same structure as result: filepaths -> rendered template. expectedData := map[string]string{} err = filepath.Walk(testDataPath, buildTestdataMap(tc.config.GetProvider().String(), expectedData, require)) require.NoError(err) @@ -222,8 +221,7 @@ func TestOperators(t *testing.T) { } chart, err := loadChartsDir(helmFS, constellationOperatorsInfo.path) require.NoError(err) - vals, err := chartLoader.loadOperatorsValues() - require.NoError(err) + vals := chartLoader.loadOperatorsValues() options := chartutil.ReleaseOptions{ Name: "testRelease", @@ -234,6 +232,9 @@ func TestOperators(t *testing.T) { } caps := &chartutil.Capabilities{} + vals["tags"] = map[string]any{ + tc.csp.String(): true, + } conOpVals, ok := vals["constellation-operator"].(map[string]any) require.True(ok) conOpVals["constellationUID"] = "42424242424242" @@ -328,7 +329,8 @@ func buildTestdataMap(csp string, expectedData map[string]string, require *requi } } -func prepareAWSValues(values map[string]any) error { +// addInClusterValues adds values that are only known after the cluster is created. +func addInClusterValues(values map[string]any, csp cloudprovider.Provider) error { joinVals, ok := values["join-service"].(map[string]any) if !ok { return errors.New("missing 'join-service' key") @@ -336,184 +338,6 @@ func prepareAWSValues(values map[string]any) error { joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return errors.New("missing 'ccm' key") - } - ccmVals["AWS"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24" - - verificationVals, ok := values["verification-service"].(map[string]any) - if !ok { - return errors.New("missing 'verification-service' key") - } - verificationVals["loadBalancerIP"] = "127.0.0.1" - - konnectivityVals, ok := values["konnectivity"].(map[string]any) - if !ok { - return errors.New("missing 'konnectivity' key") - } - konnectivityVals["loadBalancerIP"] = "127.0.0.1" - - return nil -} - -func prepareAzureValues(values map[string]any) error { - joinVals, ok := values["join-service"].(map[string]any) - if !ok { - return errors.New("missing 'join-service' key") - } - - joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return errors.New("missing 'ccm' key") - } - ccmVals["Azure"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24" - ccmVals["Azure"].(map[string]any)["azureConfig"] = "baaaaaad" - - autoscalerVals, ok := values["autoscaler"].(map[string]any) - if !ok { - return errors.New("missing 'autoscaler' key") - } - autoscalerVals["Azure"] = map[string]any{ - "resourceGroup": "resourceGroup", - "subscriptionID": "subscriptionID", - "tenantID": "TenantID", - } - - testTag := "v0.0.0" - pullPolicy := "IfNotPresent" - verificationVals, ok := values["verification-service"].(map[string]any) - if !ok { - return errors.New("missing 'verification-service' key") - } - verificationVals["loadBalancerIP"] = "127.0.0.1" - - konnectivityVals, ok := values["konnectivity"].(map[string]any) - if !ok { - return errors.New("missing 'konnectivity' key") - } - konnectivityVals["loadBalancerIP"] = "127.0.0.1" - - csiVals, ok := values["azuredisk-csi-driver"].(map[string]any) - if !ok { - csiVals = map[string]any{} - values["azuredisk-csi-driver"] = csiVals - } - csiImages, ok := csiVals["image"].(map[string]any) - if !ok { - csiImages = map[string]any{} - csiVals["image"] = csiImages - } - csiImages["azuredisk"] = map[string]any{ - "repository": "azure-csi-driver", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiImages["csiProvisioner"] = map[string]any{ - "repository": "csi-provisioner", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiImages["csiAttacher"] = map[string]any{ - "repository": "csi-attacher", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiImages["csiResizer"] = map[string]any{ - "repository": "csi-resizer", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiImages["livenessProbe"] = map[string]any{ - "repository": "livenessprobe", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiImages["nodeDriverRegistrar"] = map[string]any{ - "repository": "csi-node-driver-registrar", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiSnapshot, ok := csiVals["snapshot"].(map[string]any) - if !ok { - csiSnapshot = map[string]any{} - csiVals["snapshot"] = csiSnapshot - } - csiSnapshotImage, ok := csiSnapshot["image"].(map[string]any) - if !ok { - csiSnapshotImage = map[string]any{} - csiSnapshot["image"] = csiSnapshotImage - } - csiSnapshotImage["csiSnapshotter"] = map[string]any{ - "repository": "csi-snapshotter", - "tag": testTag, - "pullPolicy": pullPolicy, - } - csiSnapshotImage["snapshotController"] = map[string]any{ - "repository": "snapshot-controller", - "tag": testTag, - "pullPolicy": pullPolicy, - } - - return nil -} - -func prepareGCPValues(values map[string]any) error { - joinVals, ok := values["join-service"].(map[string]any) - if !ok { - return errors.New("missing 'join-service' key") - } - - joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - - ccmVals, ok := values["ccm"].(map[string]any) - if !ok { - return errors.New("missing 'ccm' key") - } - ccmVals["GCP"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24" - ccmVals["GCP"].(map[string]any)["projectID"] = "42424242424242" - ccmVals["GCP"].(map[string]any)["uid"] = "242424242424" - ccmVals["GCP"].(map[string]any)["secretData"] = "baaaaaad" - - testTag := "v0.0.0" - pullPolicy := "IfNotPresent" - values["gcp-compute-persistent-disk-csi-driver"] = map[string]any{ - "image": map[string]any{ - "csiProvisioner": map[string]any{ - "repo": "csi-provisioner", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - "csiAttacher": map[string]any{ - "repo": "csi-attacher", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - "csiResizer": map[string]any{ - "repo": "csi-resizer", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - "csiSnapshotter": map[string]any{ - "repo": "csi-snapshotter", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - "csiNodeRegistrar": map[string]any{ - "repo": "csi-registrar", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - "gcepdDriver": map[string]any{ - "repo": "csi-driver", - "tag": testTag, - "pullPolicy": pullPolicy, - }, - }, - } - verificationVals, ok := values["verification-service"].(map[string]any) if !ok { return fmt.Errorf("missing 'verification-service' key %v", values) @@ -526,56 +350,40 @@ func prepareGCPValues(values map[string]any) error { } konnectivityVals["loadBalancerIP"] = "127.0.0.1" - return nil -} - -func prepareOpenStackValues(values map[string]any) error { - joinVals, ok := values["join-service"].(map[string]any) - if !ok { - return errors.New("missing 'join-service' key") - } - joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - ccmVals, ok := values["ccm"].(map[string]any) if !ok { return errors.New("missing 'ccm' key") } - ccmVals["OpenStack"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24" - ccmVals["OpenStack"].(map[string]any)["secretData"] = "baaaaaad" - verificationVals, ok := values["verification-service"].(map[string]any) - if !ok { - return errors.New("missing 'verification-service' key") + switch csp { + case cloudprovider.Azure: + ccmVals[cloudprovider.Azure.String()] = map[string]any{ + "azureConfig": "baaaaaad", + } + + autoscalerVals, ok := values["autoscaler"].(map[string]any) + if !ok { + return errors.New("missing 'autoscaler' key") + } + autoscalerVals["Azure"] = map[string]any{ + "resourceGroup": "resourceGroup", + "subscriptionID": "subscriptionID", + "tenantID": "TenantID", + } + + case cloudprovider.GCP: + ccmVals[cloudprovider.GCP.String()] = map[string]any{ + "subnetworkPodCIDR": "192.0.2.0/24", + "projectID": "42424242424242", + "uid": "242424242424", + "secretData": "baaaaaad", + } + + case cloudprovider.OpenStack: + ccmVals["OpenStack"] = map[string]any{ + "secretData": "baaaaaad", + } } - verificationVals["loadBalancerIP"] = "127.0.0.1" - - konnectivityVals, ok := values["konnectivity"].(map[string]any) - if !ok { - return errors.New("missing 'konnectivity' key") - } - konnectivityVals["loadBalancerIP"] = "127.0.0.1" - - return nil -} - -func prepareQEMUValues(values map[string]any) error { - joinVals, ok := values["join-service"].(map[string]any) - if !ok { - return errors.New("missing 'join-service' key") - } - joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - - verificationVals, ok := values["verification-service"].(map[string]any) - if !ok { - return errors.New("missing 'verification-service' key") - } - verificationVals["loadBalancerIP"] = "127.0.0.1" - - konnectivityVals, ok := values["konnectivity"].(map[string]any) - if !ok { - return errors.New("missing 'konnectivity' key") - } - konnectivityVals["loadBalancerIP"] = "127.0.0.1" return nil } diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml deleted file mode 100644 index 7b8c55b29..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml +++ /dev/null @@ -1,223 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-azuredisk-controller - namespace: testNamespace - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -spec: - replicas: 1 - selector: - matchLabels: - app: csi-azuredisk-controller - template: - metadata: - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" - app: csi-azuredisk-controller - spec: - serviceAccountName: csi-azuredisk-controller-sa - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - node-role.kubernetes.io/control-plane: "" - priorityClassName: system-cluster-critical - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/controlplane - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - effect: NoSchedule - key: node.kubernetes.io/not-ready - operator: Exists - containers: - - name: csi-provisioner - image: "csi-provisioner:v0.0.0" - args: - - "--feature-gates=Topology=true" - - "--csi-address=$(ADDRESS)" - - "--v=2" - - "--timeout=30s" - - "--leader-election" - - "--leader-election-namespace=testNamespace" - - "--worker-threads=100" - - "--extra-create-metadata=true" - - "--strict-topology=true" - - "--kube-api-qps=50" - - "--kube-api-burst=100" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - memory: 500Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-attacher - image: "csi-attacher:v0.0.0" - args: - - "-v=2" - - "-csi-address=$(ADDRESS)" - - "-timeout=1200s" - - "-leader-election" - - "--leader-election-namespace=testNamespace" - - "-worker-threads=1000" - - "-kube-api-qps=200" - - "-kube-api-burst=400" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - memory: 500Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-snapshotter - image: "csi-snapshotter:v0.0.0" - args: - - "-csi-address=$(ADDRESS)" - - "-leader-election" - - "--leader-election-namespace=testNamespace" - - "-v=2" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: "csi-resizer:v0.0.0" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - "--leader-election-namespace=testNamespace" - - "-handle-volume-inuse-error=false" - - "-feature-gates=RecoverVolumeExpansionFailure=true" - - "-timeout=240s" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - memory: 500Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: "livenessprobe:v0.0.0" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29602 - - --v=2 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: azuredisk - image: "azure-csi-driver:v0.0.0" - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29604" - - "--disable-avset-nodes=false" - - "--vm-type=" - - "--drivername=azuredisk.csi.confidential.cloud" - - "--cloud-config-secret-name=azureconfig" - - "--cloud-config-secret-namespace=kube-system" - - "--custom-user-agent=" - - "--user-agent-suffix=OSS-helm" - - "--allow-empty-cloud-config=false" - - "--vmss-cache-ttl-seconds=-1" - - "--enable-traffic-manager=false" - - "--traffic-manager-port=7788" - ports: - - containerPort: 29602 - name: healthz - protocol: TCP - - containerPort: 29604 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: AZURE_GO_SDK_LOG_LEVEL - value: - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: /csi - name: socket-dir - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - resources: - limits: - memory: 500Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml deleted file mode 100644 index 2fadf8749..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: azuredisk.csi.confidential.cloud - annotations: - csiDriver: "v0.0.0" - snapshot: "v0.0.0" -spec: - attachRequired: true - podInfoOnMount: false - fsGroupPolicy: File diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml deleted file mode 100644 index 51338dd0c..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml +++ /dev/null @@ -1,202 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-azuredisk-node - namespace: testNamespace - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: csi-azuredisk-node - template: - metadata: - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" - app: csi-azuredisk-node - spec: - serviceAccountName: csi-azuredisk-node-sa - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: Exists - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "livenessprobe:v0.0.0" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29603 - - --v=2 - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: "csi-node-driver-registrar:v0.0.0" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - timeoutSeconds: 15 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/azuredisk.csi.confidential.cloud/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: azuredisk - image: "azure-csi-driver:v0.0.0" - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29605" - - "--enable-perf-optimization=true" - - "--drivername=azuredisk.csi.confidential.cloud" - - "--volume-attach-limit=-1" - - "--cloud-config-secret-name=azureconfig" - - "--cloud-config-secret-namespace=kube-system" - - "--custom-user-agent=" - - "--user-agent-suffix=OSS-helm" - - "--allow-empty-cloud-config=true" - - "--support-zone=true" - - "--get-node-info-from-labels=false" - - "--kms-addr=key-service.testNamespace:9000" - ports: - - containerPort: 29603 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AZURE_GO_SDK_LOG_LEVEL - value: - imagePullPolicy: IfNotPresent - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /dev - name: device-dir - - mountPath: /sys/bus/scsi/devices - name: sys-devices-dir - - mountPath: /sys/class/ - name: sys-class - - name: cryptsetup - mountPath: /run/cryptsetup - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - resources: - limits: - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/azuredisk.csi.confidential.cloud - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir - - hostPath: - path: /sys/bus/scsi/devices - type: Directory - name: sys-devices-dir - - hostPath: - path: /sys/class/ - type: Directory - name: sys-class - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - - name: cryptsetup - hostPath: - path: /run/cryptsetup - type: Directory diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml deleted file mode 100644 index f6554fc6d..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml +++ /dev/null @@ -1,237 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-external-provisioner-role - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-csi-provisioner-binding - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -subjects: - - kind: ServiceAccount - name: csi-azuredisk-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: azuredisk-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-external-attacher-role - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-csi-attacher-binding - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -subjects: - - kind: ServiceAccount - name: csi-azuredisk-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: azuredisk-external-attacher-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-external-snapshotter-role - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-csi-snapshotter-binding - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -subjects: - - kind: ServiceAccount - name: csi-azuredisk-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: azuredisk-external-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-external-resizer-role - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: azuredisk-csi-resizer-role - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" -subjects: - - kind: ServiceAccount - name: csi-azuredisk-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: azuredisk-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-azuredisk-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-azuredisk-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-azuredisk-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-azuredisk-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml deleted file mode 100644 index a40ef26e4..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-azuredisk-node-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-azuredisk-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-azuredisk-node-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-azuredisk-node-role - apiGroup: rbac.authorization.k8s.io diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml deleted file mode 100644 index 442052e8a..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-azuredisk-controller-sa - namespace: testNamespace - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml deleted file mode 100644 index c455dc765..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-azuredisk-node-sa - namespace: testNamespace - labels: - app.kubernetes.io/instance: "testRelease" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/name: "azuredisk-csi-driver" - app.kubernetes.io/version: "v1.2.0" - helm.sh/chart: "azuredisk-csi-driver-v1.2.0" diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml deleted file mode 100644 index 274083de3..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - name: encrypted-rwo -parameters: - skuname: StandardSSD_LRS -provisioner: azuredisk.csi.confidential.cloud -allowVolumeExpansion: true -reclaimPolicy: Delete -volumeBindingMode: Immediate diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml deleted file mode 100644 index e95da95e5..000000000 --- a/cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - name: integrity-encrypted-rwo -parameters: - skuname: Premium_LRS - csi.storage.k8s.io/fstype: ext4-integrity -provisioner: azuredisk.csi.confidential.cloud -allowVolumeExpansion: false -reclaimPolicy: Delete -volumeBindingMode: Immediate diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml deleted file mode 100644 index b5b472dd3..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml +++ /dev/null @@ -1,308 +0,0 @@ -##### Node Service Account, Roles, RoleBindings -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-gce-pd-node-sa - namespace: testNamespace - ---- - -##### Controller Service Account, Roles, Rolebindings -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-gce-pd-controller-sa - namespace: testNamespace - ---- - -# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - # Access to volumeattachments is only needed when the CSI driver - # has the PUBLISH_UNPUBLISH_VOLUME controller capability. - # In that case, external-provisioner will watch volumeattachments - # to determine when it is safe to delete a volume. - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-gce-pd-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-attacher-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-gce-pd-attacher-role - apiGroup: rbac.authorization.k8s.io - ---- - -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: csi-gce-pd-controller -value: 900000000 -globalDefault: false -description: "This priority class should be used for the GCE PD CSI driver controller deployment only." - ---- - -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: csi-gce-pd-node -value: 900001000 -globalDefault: false -description: "This priority class should be used for the GCE PD CSI driver node deployment only." - ---- - -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - # If handle-volume-inuse-error=true, the pod specific rbac is needed - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-resizer-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-gce-pd-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-deploy -rules: - - apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - csi-gce-pd-controller-psp - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: csi-gce-pd-controller-deploy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-controller-deploy -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-node-deploy -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - csi-gce-pd-node-psp - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: csi-gce-pd-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-node-deploy -subjects: -- kind: ServiceAccount - name: csi-gce-pd-node-sa - namespace: testNamespace - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: csi-gce-pd-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-node-deploy -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: csi-gce-pd-snapshotter-role -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - # Secrets resource omitted since GCE PD snapshots does not require them - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-snapshotter-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace -roleRef: - kind: ClusterRole - name: csi-gce-pd-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-leaderelection-role - namespace: testNamespace - labels: - k8s-app: gcp-compute-persistent-disk-csi-driver -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-leaderelection-binding - namespace: testNamespace - labels: - k8s-app: gcp-compute-persistent-disk-csi-driver -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: testNamespace -roleRef: - kind: Role - name: csi-gce-pd-leaderelection-role - apiGroup: rbac.authorization.k8s.io diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml deleted file mode 100644 index 59ecc2d92..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml +++ /dev/null @@ -1,171 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-gce-pd-controller - namespace: testNamespace -spec: - replicas: 1 - selector: - matchLabels: - app: gcp-compute-persistent-disk-csi-driver - template: - metadata: - labels: - app: gcp-compute-persistent-disk-csi-driver - spec: - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - effect: NoSchedule - key: node.kubernetes.io/not-ready - operator: Exists - nodeSelector: - kubernetes.io/os: linux - node-role.kubernetes.io/control-plane: "" - serviceAccountName: csi-gce-pd-controller-sa - priorityClassName: csi-gce-pd-controller - containers: - - name: csi-provisioner - image: csi-provisioner:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--feature-gates=Topology=true" - - "--http-endpoint=:22011" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=250s" - - "--extra-create-metadata" - # - "--run-controller-service=false" # disable the controller service of the CSI driver - # - "--run-node-service=false" # disable the node service of the CSI driver - - "--leader-election" - - "--default-fstype=ext4" - - "--controller-publish-readonly=true" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22011 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-attacher - image: csi-attacher:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--http-endpoint=:22012" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=250s" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22012 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-resizer - image: csi-resizer:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--http-endpoint=:22013" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--handle-volume-inuse-error=false" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22013 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-snapshotter - image: csi-snapshotter:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--metrics-address=:22014" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=300s" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: gce-pd-driver - # Don't change base image without changing pdImagePlaceholder in - # test/k8s-integration/main.go - image: csi-driver:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=unix:/csi/csi.sock" - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/cloud-sa/key.json" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: cloud-sa-volume - readOnly: true - mountPath: "/etc/cloud-sa" - volumes: - - name: socket-dir - emptyDir: {} - - name: cloud-sa-volume - secret: - secretName: gcekey diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml deleted file mode 100644 index e5bb3fc99..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml +++ /dev/null @@ -1,112 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-gce-pd-node - namespace: testNamespace -spec: - selector: - matchLabels: - app: gcp-compute-persistent-disk-csi-driver - template: - metadata: - labels: - app: gcp-compute-persistent-disk-csi-driver - spec: - priorityClassName: csi-gce-pd-node - serviceAccountName: csi-gce-pd-node-sa - nodeSelector: - kubernetes.io/os: linux - containers: - - name: csi-driver-registrar - image: csi-registrar:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/gcp.csi.confidential.cloud/csi.sock" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: gce-pd-driver - image: csi-driver:v0.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=unix:/csi/csi.sock" - - "--run-controller-service=false" - - "--kms-addr=key-service.testNamespace:9000" - securityContext: - privileged: true - volumeMounts: - - name: kubelet-dir - mountPath: /var/lib/kubelet - mountPropagation: "Bidirectional" - - name: plugin-dir - mountPath: /csi - - name: device-dir - mountPath: /dev - # The following mounts are required to trigger host udevadm from - # container - # But we don't want that, because it breaks cryptsetup - # - name: udev-rules-etc - # mountPath: /etc/udev - # - name: udev-rules-lib - # mountPath: /lib/udev - # - name: udev-socket - # mountPath: /run/udev - - name: sys - mountPath: /sys - - name: cryptsetup - mountPath: /run/cryptsetup - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/gcp.csi.confidential.cloud/ - type: DirectoryOrCreate - - name: device-dir - hostPath: - path: /dev - type: Directory - # The following mounts are required to trigger host udevadm from - # container - # But we don't want that, because it breaks cryptsetup - # - name: udev-rules-etc - # hostPath: - # path: /etc/udev - # type: Directory - # - name: udev-rules-lib - # hostPath: - # path: /lib/udev - # type: Directory - # - name: udev-socket - # hostPath: - # path: /run/udev - # type: Directory - - name: sys - hostPath: - path: /sys - type: Directory - - name: cryptsetup - hostPath: - path: /run/cryptsetup - type: Directory - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - # See "special case". This will tolerate everything. Node component should - # be scheduled on all nodes. - tolerations: - - operator: Exists diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml deleted file mode 100644 index 3c90cd462..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - name: encrypted-rwo -parameters: - type: pd-balanced -provisioner: gcp.csi.confidential.cloud -allowVolumeExpansion: true -reclaimPolicy: Delete -volumeBindingMode: Immediate diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml deleted file mode 100644 index b1009d527..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - name: integrity-encrypted-rwo -parameters: - type: pd-ssd - csi.storage.k8s.io/fstype: ext4-integrity -provisioner: gcp.csi.confidential.cloud -allowVolumeExpansion: false -reclaimPolicy: Delete -volumeBindingMode: Immediate diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml deleted file mode 100644 index 7fed19483..000000000 --- a/cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: gcp.csi.confidential.cloud -spec: - attachRequired: true - podInfoOnMount: false diff --git a/cli/internal/helm/update-csi-charts.sh b/cli/internal/helm/update-csi-charts.sh index a6cc7f8a1..2ff8b6bc9 100755 --- a/cli/internal/helm/update-csi-charts.sh +++ b/cli/internal/helm/update-csi-charts.sh @@ -14,6 +14,11 @@ if ! command -v git &> /dev/null; then exit 1 fi +if ! command -v yq &> /dev/null; then + echo "yq could not be found" + exit 1 +fi + # download_chart downloads the Helm chart for the given CSI driver and version. # # Arguments: @@ -33,7 +38,8 @@ download_chart() { callDir=$(pwd) repo_tmp_dir=$(mktemp -d) - chart_base_path="charts/edgeless/constellation-services/charts" + csi_chart_path="charts/edgeless/csi" + chart_base_path="${csi_chart_path}/charts" cd "${repo_tmp_dir}" git clone \ @@ -55,6 +61,12 @@ download_chart() { mkdir -p "${chart_base_path}/${chart_name}" cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}/${chart_name}" + # get new version from Chart.yaml + new_version=$(yq '.version' "${chart_base_path}/${chart_name}/Chart.yaml") + + # update dependency version in parent Chart.yaml + yq -i "(.dependencies[] | select( .name== \"${chart_name}\").version) = \"${new_version}\"" "${csi_chart_path}/Chart.yaml" + return } @@ -67,4 +79,7 @@ download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-drive ## GCP CSI Driver download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.2.0" "charts" "gcp-compute-persistent-disk-csi-driver" +## OpenStack CSI Driver (cinder) +download_chart "https://github.com/edgelesssys/constellation-cloud-provider-openstack" "v1.0.0" "charts/cinder-csi-plugin" "openstack-cinder-csi" + echo # final newline diff --git a/cli/internal/helm/values.go b/cli/internal/helm/values.go index eca7ead3c..407ff89c3 100644 --- a/cli/internal/helm/values.go +++ b/cli/internal/helm/values.go @@ -6,193 +6,190 @@ SPDX-License-Identifier: AGPL-3.0-only package helm +import "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" + // Values for the Cilium Helm releases for AWS. -var awsVals = map[string]any{ - "endpointRoutes": map[string]any{ - "enabled": true, - }, - "encryption": map[string]any{ - "enabled": true, - "type": "wireguard", - }, - "l7Proxy": false, - "ipam": map[string]any{ - "operator": map[string]any{ - "clusterPoolIPv4PodCIDRList": []string{ - "10.244.0.0/16", +var ciliumVals = map[string]map[string]any{ + cloudprovider.AWS.String(): { + "endpointRoutes": map[string]any{ + "enabled": true, + }, + "encryption": map[string]any{ + "enabled": true, + "type": "wireguard", + }, + "l7Proxy": false, + "ipam": map[string]any{ + "operator": map[string]any{ + "clusterPoolIPv4PodCIDRList": []string{ + "10.244.0.0/16", + }, }, }, - }, - "strictModeCIDR": "10.244.0.0/16", - "image": map[string]any{ - "repository": "ghcr.io/3u13r/cilium", - "suffix": "", - "tag": "v1.12.1-edg", - "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", - "useDigest": true, - }, - "operator": map[string]any{ + "strictModeCIDR": "10.244.0.0/16", "image": map[string]any{ - "repository": "ghcr.io/3u13r/operator", - "tag": "v1.12.1-edg", - "suffix": "", - "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", - "useDigest": true, + "repository": "ghcr.io/3u13r/cilium", + "suffix": "", + "tag": "v1.12.1-edg", + "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", + "useDigest": true, }, - }, - "kubeProxyReplacement": "strict", - "enableCiliumEndpointSlice": true, - "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", -} - -// Values for the Cilium Helm releases for Azure. -var azureVals = map[string]any{ - "endpointRoutes": map[string]any{ - "enabled": true, - }, - "encryption": map[string]any{ - "enabled": true, - "type": "wireguard", - }, - "l7Proxy": false, - "ipam": map[string]any{ "operator": map[string]any{ - "clusterPoolIPv4PodCIDRList": []string{ - "10.244.0.0/16", + "image": map[string]any{ + "repository": "ghcr.io/3u13r/operator", + "tag": "v1.12.1-edg", + "suffix": "", + "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", + "useDigest": true, }, }, + "kubeProxyReplacement": "strict", + "enableCiliumEndpointSlice": true, + "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", }, - "strictModeCIDR": "10.244.0.0/16", - "image": map[string]any{ - "repository": "ghcr.io/3u13r/cilium", - "suffix": "", - "tag": "v1.12.1-edg", - "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", - "useDigest": true, - }, - "operator": map[string]any{ - "image": map[string]any{ - "repository": "ghcr.io/3u13r/operator", - "tag": "v1.12.1-edg", - "suffix": "", - "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", - "useDigest": true, + cloudprovider.Azure.String(): { + "endpointRoutes": map[string]any{ + "enabled": true, }, - }, - "egressMasqueradeInterfaces": "eth0", - "enableIPv4Masquerade": true, - "kubeProxyReplacement": "strict", - "enableCiliumEndpointSlice": true, - "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", -} - -// Values for the Cilium Helm releases for GCP. -var gcpVals = map[string]any{ - "endpointRoutes": map[string]any{ - "enabled": true, - }, - "tunnel": "disabled", - "encryption": map[string]any{ - "enabled": true, - "type": "wireguard", - }, - "image": map[string]any{ - "repository": "ghcr.io/3u13r/cilium", - "suffix": "", - "tag": "v1.12.1-edg", - "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", - "useDigest": true, - }, - "operator": map[string]any{ - "image": map[string]any{ - "repository": "ghcr.io/3u13r/operator", - "suffix": "", - "tag": "v1.12.1-edg", - "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", - "useDigest": true, + "encryption": map[string]any{ + "enabled": true, + "type": "wireguard", }, - }, - "l7Proxy": false, - "ipam": map[string]any{ - "mode": "kubernetes", - }, - "kubeProxyReplacement": "strict", - "enableCiliumEndpointSlice": true, - "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", -} - -// Values for the Cilium Helm releases for OpenStack. -var openStackVals = map[string]any{ - "endpointRoutes": map[string]any{ - "enabled": true, - }, - "encryption": map[string]any{ - "enabled": true, - "type": "wireguard", - }, - "l7Proxy": false, - "ipam": map[string]any{ - "operator": map[string]any{ - "clusterPoolIPv4PodCIDRList": []string{ - "10.244.0.0/16", + "l7Proxy": false, + "ipam": map[string]any{ + "operator": map[string]any{ + "clusterPoolIPv4PodCIDRList": []string{ + "10.244.0.0/16", + }, }, }, - }, - "strictModeCIDR": "10.244.0.0/16", - "image": map[string]any{ - "repository": "ghcr.io/3u13r/cilium", - "suffix": "", - "tag": "v1.12.1-edg", - "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", - "useDigest": true, - }, - "operator": map[string]any{ + "strictModeCIDR": "10.244.0.0/16", "image": map[string]any{ - "repository": "ghcr.io/3u13r/operator", - "tag": "v1.12.1-edg", - "suffix": "", - "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", - "useDigest": true, + "repository": "ghcr.io/3u13r/cilium", + "suffix": "", + "tag": "v1.12.1-edg", + "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", + "useDigest": true, }, - }, - "kubeProxyReplacement": "strict", - "enableCiliumEndpointSlice": true, - "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", -} - -var qemuVals = map[string]any{ - "endpointRoutes": map[string]any{ - "enabled": true, - }, - "encryption": map[string]any{ - "enabled": true, - "type": "wireguard", - }, - "image": map[string]any{ - "repository": "ghcr.io/3u13r/cilium", - "suffix": "", - "tag": "v1.12.1-edg", - "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", - "useDigest": true, - }, - "operator": map[string]any{ - "image": map[string]any{ - "repository": "ghcr.io/3u13r/operator", - "suffix": "", - "tag": "v1.12.1-edg", - "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", - "useDigest": true, - }, - }, - "ipam": map[string]any{ "operator": map[string]any{ - "clusterPoolIPv4PodCIDRList": []string{ - "10.244.0.0/16", + "image": map[string]any{ + "repository": "ghcr.io/3u13r/operator", + "tag": "v1.12.1-edg", + "suffix": "", + "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", + "useDigest": true, }, }, + "egressMasqueradeInterfaces": "eth0", + "enableIPv4Masquerade": true, + "kubeProxyReplacement": "strict", + "enableCiliumEndpointSlice": true, + "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", + }, + cloudprovider.GCP.String(): { + "endpointRoutes": map[string]any{ + "enabled": true, + }, + "tunnel": "disabled", + "encryption": map[string]any{ + "enabled": true, + "type": "wireguard", + }, + "image": map[string]any{ + "repository": "ghcr.io/3u13r/cilium", + "suffix": "", + "tag": "v1.12.1-edg", + "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", + "useDigest": true, + }, + "operator": map[string]any{ + "image": map[string]any{ + "repository": "ghcr.io/3u13r/operator", + "suffix": "", + "tag": "v1.12.1-edg", + "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", + "useDigest": true, + }, + }, + "l7Proxy": false, + "ipam": map[string]any{ + "mode": "kubernetes", + }, + "kubeProxyReplacement": "strict", + "enableCiliumEndpointSlice": true, + "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", + }, + cloudprovider.OpenStack.String(): { + "endpointRoutes": map[string]any{ + "enabled": true, + }, + "encryption": map[string]any{ + "enabled": true, + "type": "wireguard", + }, + "l7Proxy": false, + "ipam": map[string]any{ + "operator": map[string]any{ + "clusterPoolIPv4PodCIDRList": []string{ + "10.244.0.0/16", + }, + }, + }, + "strictModeCIDR": "10.244.0.0/16", + "image": map[string]any{ + "repository": "ghcr.io/3u13r/cilium", + "suffix": "", + "tag": "v1.12.1-edg", + "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", + "useDigest": true, + }, + "operator": map[string]any{ + "image": map[string]any{ + "repository": "ghcr.io/3u13r/operator", + "tag": "v1.12.1-edg", + "suffix": "", + "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", + "useDigest": true, + }, + }, + "kubeProxyReplacement": "strict", + "enableCiliumEndpointSlice": true, + "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", + }, + cloudprovider.QEMU.String(): { + "endpointRoutes": map[string]any{ + "enabled": true, + }, + "encryption": map[string]any{ + "enabled": true, + "type": "wireguard", + }, + "image": map[string]any{ + "repository": "ghcr.io/3u13r/cilium", + "suffix": "", + "tag": "v1.12.1-edg", + "digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b", + "useDigest": true, + }, + "operator": map[string]any{ + "image": map[string]any{ + "repository": "ghcr.io/3u13r/operator", + "suffix": "", + "tag": "v1.12.1-edg", + "genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb", + "useDigest": true, + }, + }, + "ipam": map[string]any{ + "operator": map[string]any{ + "clusterPoolIPv4PodCIDRList": []string{ + "10.244.0.0/16", + }, + }, + }, + "kubeProxyReplacement": "strict", + "enableCiliumEndpointSlice": true, + "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", + "l7Proxy": false, }, - "kubeProxyReplacement": "strict", - "enableCiliumEndpointSlice": true, - "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", - "l7Proxy": false, } diff --git a/internal/attestation/measurements/measurements.go b/internal/attestation/measurements/measurements.go index f3908bf56..981c44f3e 100644 --- a/internal/attestation/measurements/measurements.go +++ b/internal/attestation/measurements/measurements.go @@ -186,7 +186,7 @@ func (m *M) FetchNoVerify(ctx context.Context, client *http.Client, measurements ) error { measurementsRaw, err := getFromURL(ctx, client, measurementsURL) if err != nil { - return fmt.Errorf("failed to fetch measurements: %w", err) + return fmt.Errorf("failed to fetch measurements from %s: %w", measurementsURL.String(), err) } var measurements ImageMeasurementsV2 diff --git a/internal/deploy/helm/helm.go b/internal/deploy/helm/helm.go index 50ae0b2e4..3df7b79ae 100644 --- a/internal/deploy/helm/helm.go +++ b/internal/deploy/helm/helm.go @@ -21,8 +21,7 @@ type Releases struct { CertManager Release Operators Release ConstellationServices Release - SnapshotCRDs *Release - SnapshotController *Release + CSI *Release } // MergeMaps returns a new map that is the merger of it's inputs.