mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-09-20 04:54:46 -04:00
Move CSI charts to separate chart and cleanup loader code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße
Daniel Weiße
parent
cb22a25144
commit
ea5c83587c
124 changed files with 547 additions and 2290 deletions
|
|
@ -26,12 +26,9 @@ type clusterUtil interface {
|
|||
StartKubelet() error
|
||||
}
|
||||
|
||||
// helmClient bundles functions related to microservice deployment. Only microservices that can be deployed purely via Helm are deployed with this interface.
|
||||
// Currently only a subset of microservices is deployed via Helm.
|
||||
// Naming is inspired by Helm.
|
||||
// helmClient bundles functions related to microservice deployment.
|
||||
// Only microservices that can be deployed purely via Helm are deployed with this interface.
|
||||
type helmClient interface {
|
||||
InstallCilium(context.Context, k8sapi.Client, helm.Release, k8sapi.SetupPodNetworkInput) error
|
||||
InstallChart(ctx context.Context, release helm.Release) error
|
||||
InstallOperators(ctx context.Context, release helm.Release, extraVals map[string]any) error
|
||||
InstallConstellationServices(ctx context.Context, release helm.Release, extraVals map[string]any) error
|
||||
InstallChart(ctx context.Context, release helm.Release, extraVals map[string]any) error
|
||||
}
|
||||
|
|
|
|||
|
|
@ -232,29 +232,36 @@ func (k *KubeWrapper) InitCluster(
|
|||
}
|
||||
|
||||
log.Infof("Installing Constellation microservices")
|
||||
if err = k.helmClient.InstallConstellationServices(ctx, helmReleases.ConstellationServices, extraVals); err != nil {
|
||||
if err = k.helmClient.InstallChart(ctx, helmReleases.ConstellationServices, extraVals); err != nil {
|
||||
return nil, fmt.Errorf("installing constellation-services: %w", err)
|
||||
}
|
||||
|
||||
// cert-manager provides CRDs used by other deployments,
|
||||
// so it should be installed as early as possible, but after our microservices.
|
||||
// so it should be installed as early as possible, but after the services cert-manager depends on.
|
||||
log.Infof("Installing cert-manager")
|
||||
if err = k.helmClient.InstallChart(ctx, helmReleases.CertManager); err != nil {
|
||||
if err = k.helmClient.InstallChart(ctx, helmReleases.CertManager, nil); err != nil {
|
||||
return nil, fmt.Errorf("installing cert-manager: %w", err)
|
||||
}
|
||||
|
||||
// CSI snapshot-controller requires CRDs from cert-manager. It must be installed after it.
|
||||
// CSI snapshot support should also only be deployed on clouds where we can deploy CSI drivers,
|
||||
// and the deployment was not disabled by the user.
|
||||
if helmReleases.SnapshotCRDs != nil && helmReleases.SnapshotController != nil {
|
||||
log.Infof("Installing CSI snapshot CRDs")
|
||||
if err = k.helmClient.InstallChart(ctx, *helmReleases.SnapshotCRDs); err != nil {
|
||||
return nil, fmt.Errorf("installing CSI snapshot CRDs: %w", err)
|
||||
// Install CSI drivers if enabled by the user.
|
||||
if helmReleases.CSI != nil {
|
||||
var csiVals map[string]any
|
||||
if cloudprovider.FromString(k.cloudProvider) == cloudprovider.OpenStack {
|
||||
creds, err := openstack.AccountKeyFromURI(serviceConfig.cloudServiceAccountURI)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cinderIni := creds.CloudINI().CinderCSIConfiguration()
|
||||
csiVals = map[string]any{
|
||||
"cinder-config": map[string]any{
|
||||
"secretData": cinderIni,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
log.Infof("Installing CSI snapshot-controller")
|
||||
if err = k.helmClient.InstallChart(ctx, *helmReleases.SnapshotController); err != nil {
|
||||
return nil, fmt.Errorf("installing CSI snapshot-controller: %w", err)
|
||||
log.Infof("Installing CSI deployments")
|
||||
if err := k.helmClient.InstallChart(ctx, *helmReleases.CSI, csiVals); err != nil {
|
||||
return nil, fmt.Errorf("installing CSI snapshot CRDs: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -266,7 +273,7 @@ func (k *KubeWrapper) InitCluster(
|
|||
// Constellation operators require CRDs from cert-manager.
|
||||
// They must be installed after it.
|
||||
log.Infof("Installing operators")
|
||||
if err = k.helmClient.InstallOperators(ctx, helmReleases.Operators, operatorVals); err != nil {
|
||||
if err = k.helmClient.InstallChart(ctx, helmReleases.Operators, operatorVals); err != nil {
|
||||
return nil, fmt.Errorf("installing operators: %w", err)
|
||||
}
|
||||
|
||||
|
|
@ -430,7 +437,6 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell
|
|||
"join-service": map[string]any{
|
||||
"measurementSalt": base64.StdEncoding.EncodeToString(serviceConfig.measurementSalt),
|
||||
},
|
||||
"ccm": map[string]any{},
|
||||
"verification-service": map[string]any{
|
||||
"loadBalancerIP": serviceConfig.loadBalancerIP,
|
||||
},
|
||||
|
|
@ -465,15 +471,13 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell
|
|||
return nil, fmt.Errorf("marshaling service account key: %w", err)
|
||||
}
|
||||
|
||||
ccmVals, ok := extraVals["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, errors.New("invalid ccm values")
|
||||
}
|
||||
ccmVals["GCP"] = map[string]any{
|
||||
"projectID": projectID,
|
||||
"uid": uid,
|
||||
"secretData": string(rawKey),
|
||||
"subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR,
|
||||
extraVals["ccm"] = map[string]any{
|
||||
"GCP": map[string]any{
|
||||
"projectID": projectID,
|
||||
"uid": uid,
|
||||
"secretData": string(rawKey),
|
||||
"subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR,
|
||||
},
|
||||
}
|
||||
|
||||
case cloudprovider.Azure:
|
||||
|
|
@ -487,13 +491,10 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell
|
|||
return nil, fmt.Errorf("creating ccm secret: %w", err)
|
||||
}
|
||||
|
||||
ccmVals, ok := extraVals["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, errors.New("invalid ccm values")
|
||||
}
|
||||
ccmVals["Azure"] = map[string]any{
|
||||
"azureConfig": string(ccmConfig),
|
||||
"subnetworkPodCIDR": serviceConfig.subnetworkPodCIDR,
|
||||
extraVals["ccm"] = map[string]any{
|
||||
"Azure": map[string]any{
|
||||
"azureConfig": string(ccmConfig),
|
||||
},
|
||||
}
|
||||
|
||||
case cloudprovider.OpenStack:
|
||||
|
|
@ -526,10 +527,6 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, serviceConfig constell
|
|||
"yawolNetworkID": networkIDs[0],
|
||||
"yawolAPIHost": fmt.Sprintf("https://%s:%d", serviceConfig.loadBalancerIP, constants.KubernetesPort),
|
||||
}
|
||||
cinderIni := creds.CloudINI().CinderCSIConfiguration()
|
||||
extraVals["cinder-config"] = map[string]any{
|
||||
"secretData": cinderIni,
|
||||
}
|
||||
}
|
||||
return extraVals, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -138,23 +138,7 @@ func TestInitCluster(t *testing.T) {
|
|||
},
|
||||
"kubeadm init fails when setting up constellation-services chart": {
|
||||
clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")},
|
||||
helmClient: stubHelmClient{servicesError: assert.AnError},
|
||||
kubeAPIWaiter: stubKubeAPIWaiter{},
|
||||
providerMetadata: &stubProviderMetadata{},
|
||||
wantErr: true,
|
||||
k8sVersion: versions.Default,
|
||||
},
|
||||
"kubeadm init fails when setting the cloud node manager": {
|
||||
clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")},
|
||||
helmClient: stubHelmClient{servicesError: assert.AnError},
|
||||
kubeAPIWaiter: stubKubeAPIWaiter{},
|
||||
providerMetadata: &stubProviderMetadata{},
|
||||
wantErr: true,
|
||||
k8sVersion: versions.Default,
|
||||
},
|
||||
"kubeadm init fails when setting the cluster autoscaler": {
|
||||
clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")},
|
||||
helmClient: stubHelmClient{servicesError: assert.AnError},
|
||||
helmClient: stubHelmClient{installChartError: assert.AnError},
|
||||
kubeAPIWaiter: stubKubeAPIWaiter{},
|
||||
providerMetadata: &stubProviderMetadata{},
|
||||
wantErr: true,
|
||||
|
|
@ -167,14 +151,6 @@ func TestInitCluster(t *testing.T) {
|
|||
wantErr: true,
|
||||
k8sVersion: versions.Default,
|
||||
},
|
||||
"kubeadm init fails when setting up konnectivity": {
|
||||
clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")},
|
||||
helmClient: stubHelmClient{servicesError: assert.AnError},
|
||||
kubeAPIWaiter: stubKubeAPIWaiter{},
|
||||
providerMetadata: &stubProviderMetadata{},
|
||||
wantErr: true,
|
||||
k8sVersion: versions.Default,
|
||||
},
|
||||
"kubeadm init fails when setting up verification service": {
|
||||
clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")},
|
||||
kubeAPIWaiter: stubKubeAPIWaiter{},
|
||||
|
|
@ -582,26 +558,16 @@ func (s *stubKubectl) EnforceCoreDNSSpread(_ context.Context) error {
|
|||
type stubHelmClient struct {
|
||||
ciliumError error
|
||||
installChartError error
|
||||
operatorsError error
|
||||
servicesError error
|
||||
}
|
||||
|
||||
func (s *stubHelmClient) InstallCilium(_ context.Context, _ k8sapi.Client, _ helm.Release, _ k8sapi.SetupPodNetworkInput) error {
|
||||
return s.ciliumError
|
||||
}
|
||||
|
||||
func (s *stubHelmClient) InstallChart(_ context.Context, _ helm.Release) error {
|
||||
func (s *stubHelmClient) InstallChart(_ context.Context, _ helm.Release, _ map[string]any) error {
|
||||
return s.installChartError
|
||||
}
|
||||
|
||||
func (s *stubHelmClient) InstallOperators(_ context.Context, _ helm.Release, _ map[string]any) error {
|
||||
return s.operatorsError
|
||||
}
|
||||
|
||||
func (s *stubHelmClient) InstallConstellationServices(_ context.Context, _ helm.Release, _ map[string]any) error {
|
||||
return s.servicesError
|
||||
}
|
||||
|
||||
type stubKubeAPIWaiter struct {
|
||||
waitErr error
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue