mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-05-07 16:55:15 -04:00
Microservice upgrades (#729)
Run with: constellation upgrade execute --helm. This will only upgrade the helm charts. No config is needed. Upgrades are implemented via helm's upgrade action, i.e. they automatically roll back if something goes wrong. Releases could still be managed via helm, even after an upgrade with constellation has been done. Currently not user facing as CRD/CR backups are still in progress. These backups should be automatically created and saved to the user's disk as updates may delete CRs. This happens implicitly through CRD upgrades, which are part of microservice upgrades.
This commit is contained in:
Otto Bittner
GitHub
parent
990cae58a5
commit
efcd0337b4
13 changed files with 498 additions and 166 deletions
|
|
@ -37,6 +37,18 @@ import (
|
|||
//go:embed all:charts/*
|
||||
var helmFS embed.FS
|
||||
|
||||
const (
|
||||
ciliumReleaseName = "cilium"
|
||||
conServicesReleaseName = "constellation-services"
|
||||
conOperatorsReleaseName = "constellation-operators"
|
||||
certManagerReleaseName = "cert-manager"
|
||||
|
||||
conServicesPath = "charts/edgeless/constellation-services"
|
||||
conOperatorsPath = "charts/edgeless/operators"
|
||||
certManagerPath = "charts/cert-manager"
|
||||
ciliumPath = "charts/cilium"
|
||||
)
|
||||
|
||||
// ChartLoader loads embedded helm charts.
|
||||
type ChartLoader struct {
|
||||
joinServiceImage string
|
||||
|
|
@ -109,7 +121,11 @@ func (i *ChartLoader) Load(config *config.Config, conformanceMode bool, masterSe
|
|||
}
|
||||
|
||||
func (i *ChartLoader) loadCilium(csp cloudprovider.Provider, conformanceMode bool) (helm.Release, error) {
|
||||
chart, values, err := i.loadCiliumHelper(csp, conformanceMode)
|
||||
chart, err := loadChartsDir(helmFS, ciliumPath)
|
||||
if err != nil {
|
||||
return helm.Release{}, fmt.Errorf("loading cilium chart: %w", err)
|
||||
}
|
||||
values, err := i.loadCiliumValues(csp, conformanceMode)
|
||||
if err != nil {
|
||||
return helm.Release{}, err
|
||||
}
|
||||
|
|
@ -119,17 +135,12 @@ func (i *ChartLoader) loadCilium(csp cloudprovider.Provider, conformanceMode boo
|
|||
return helm.Release{}, fmt.Errorf("packaging cilium chart: %w", err)
|
||||
}
|
||||
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: "cilium", Wait: false}, nil
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: ciliumReleaseName, Wait: false}, nil
|
||||
}
|
||||
|
||||
// loadCiliumHelper is used to separate the marshalling step from the loading step.
|
||||
// This reduces the time unit tests take to execute.
|
||||
func (i *ChartLoader) loadCiliumHelper(csp cloudprovider.Provider, conformanceMode bool) (*chart.Chart, map[string]any, error) {
|
||||
chart, err := loadChartsDir(helmFS, "charts/cilium")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("loading cilium chart: %w", err)
|
||||
}
|
||||
|
||||
func (i *ChartLoader) loadCiliumValues(csp cloudprovider.Provider, conformanceMode bool) (map[string]any, error) {
|
||||
var values map[string]any
|
||||
switch csp {
|
||||
case cloudprovider.AWS:
|
||||
|
|
@ -141,7 +152,7 @@ func (i *ChartLoader) loadCiliumHelper(csp cloudprovider.Provider, conformanceMo
|
|||
case cloudprovider.QEMU:
|
||||
values = qemuVals
|
||||
default:
|
||||
return nil, nil, fmt.Errorf("unknown csp: %s", csp)
|
||||
return nil, fmt.Errorf("unknown csp: %s", csp)
|
||||
}
|
||||
if conformanceMode {
|
||||
values["kubeProxyReplacementHealthzBindAddr"] = ""
|
||||
|
|
@ -152,32 +163,28 @@ func (i *ChartLoader) loadCiliumHelper(csp cloudprovider.Provider, conformanceMo
|
|||
}
|
||||
|
||||
}
|
||||
return chart, values, nil
|
||||
return values, nil
|
||||
}
|
||||
|
||||
func (i *ChartLoader) loadCertManager() (helm.Release, error) {
|
||||
chart, values, err := i.loadCertManagerHelper()
|
||||
chart, err := loadChartsDir(helmFS, certManagerPath)
|
||||
if err != nil {
|
||||
return helm.Release{}, err
|
||||
return helm.Release{}, fmt.Errorf("loading cert-manager chart: %w", err)
|
||||
}
|
||||
values := i.loadCertManagerValues()
|
||||
|
||||
chartRaw, err := i.marshalChart(chart)
|
||||
if err != nil {
|
||||
return helm.Release{}, fmt.Errorf("packaging cert-manager chart: %w", err)
|
||||
}
|
||||
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: "cert-manager", Wait: false}, nil
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: certManagerReleaseName, Wait: false}, nil
|
||||
}
|
||||
|
||||
// loadCertManagerHelper is used to separate the marshalling step from the loading step.
|
||||
// This reduces the time unit tests take to execute.
|
||||
func (i *ChartLoader) loadCertManagerHelper() (*chart.Chart, map[string]any, error) {
|
||||
chart, err := loadChartsDir(helmFS, "charts/cert-manager")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("loading cert-manager chart: %w", err)
|
||||
}
|
||||
|
||||
values := map[string]any{
|
||||
func (i *ChartLoader) loadCertManagerValues() map[string]any {
|
||||
return map[string]any{
|
||||
"installCRDs": true,
|
||||
"prometheus": map[string]any{
|
||||
"enabled": false,
|
||||
|
|
@ -241,11 +248,14 @@ func (i *ChartLoader) loadCertManagerHelper() (*chart.Chart, map[string]any, err
|
|||
},
|
||||
},
|
||||
}
|
||||
return chart, values, nil
|
||||
}
|
||||
|
||||
func (i *ChartLoader) loadOperators(csp cloudprovider.Provider) (helm.Release, error) {
|
||||
chart, values, err := i.loadOperatorsHelper(csp)
|
||||
chart, err := loadChartsDir(helmFS, conOperatorsPath)
|
||||
if err != nil {
|
||||
return helm.Release{}, fmt.Errorf("loading operators chart: %w", err)
|
||||
}
|
||||
values, err := i.loadOperatorsValues(csp)
|
||||
if err != nil {
|
||||
return helm.Release{}, err
|
||||
}
|
||||
|
|
@ -255,17 +265,12 @@ func (i *ChartLoader) loadOperators(csp cloudprovider.Provider) (helm.Release, e
|
|||
return helm.Release{}, fmt.Errorf("packaging operators chart: %w", err)
|
||||
}
|
||||
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: "con-operators", Wait: false}, nil
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: conOperatorsReleaseName, Wait: false}, nil
|
||||
}
|
||||
|
||||
// loadOperatorsHelper is used to separate the marshalling step from the loading step.
|
||||
// This reduces the time unit tests take to execute.
|
||||
func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Chart, map[string]any, error) {
|
||||
chart, err := loadChartsDir(helmFS, "charts/edgeless/operators")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("loading operators chart: %w", err)
|
||||
}
|
||||
|
||||
func (i *ChartLoader) loadOperatorsValues(csp cloudprovider.Provider) (map[string]any, error) {
|
||||
values := map[string]any{
|
||||
"constellation-operator": map[string]any{
|
||||
"controllerManager": map[string]any{
|
||||
|
|
@ -286,7 +291,7 @@ func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Ch
|
|||
case cloudprovider.Azure:
|
||||
conOpVals, ok := values["constellation-operator"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid constellation-operator values")
|
||||
return nil, errors.New("invalid constellation-operator values")
|
||||
}
|
||||
conOpVals["csp"] = "Azure"
|
||||
|
||||
|
|
@ -296,7 +301,7 @@ func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Ch
|
|||
case cloudprovider.GCP:
|
||||
conOpVals, ok := values["constellation-operator"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid constellation-operator values")
|
||||
return nil, errors.New("invalid constellation-operator values")
|
||||
}
|
||||
conOpVals["csp"] = "GCP"
|
||||
|
||||
|
|
@ -306,7 +311,7 @@ func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Ch
|
|||
case cloudprovider.QEMU:
|
||||
conOpVals, ok := values["constellation-operator"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid constellation-operator values")
|
||||
return nil, errors.New("invalid constellation-operator values")
|
||||
}
|
||||
conOpVals["csp"] = "QEMU"
|
||||
|
||||
|
|
@ -316,7 +321,7 @@ func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Ch
|
|||
case cloudprovider.AWS:
|
||||
conOpVals, ok := values["constellation-operator"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid constellation-operator values")
|
||||
return nil, errors.New("invalid constellation-operator values")
|
||||
}
|
||||
conOpVals["csp"] = "AWS"
|
||||
|
||||
|
|
@ -325,13 +330,17 @@ func (i *ChartLoader) loadOperatorsHelper(csp cloudprovider.Provider) (*chart.Ch
|
|||
}
|
||||
}
|
||||
|
||||
return chart, values, nil
|
||||
return values, nil
|
||||
}
|
||||
|
||||
// loadConstellationServices loads the constellation-services chart from the embed.FS,
|
||||
// marshals it into a helm-package .tgz and sets the values that can be set in the CLI.
|
||||
func (i *ChartLoader) loadConstellationServices(config *config.Config, masterSecret, salt []byte) (helm.Release, error) {
|
||||
chart, values, err := i.loadConstellationServicesHelper(config, masterSecret, salt)
|
||||
chart, err := loadChartsDir(helmFS, conServicesPath)
|
||||
if err != nil {
|
||||
return helm.Release{}, fmt.Errorf("loading constellation-services chart: %w", err)
|
||||
}
|
||||
values, err := i.loadConstellationServicesValues(config, masterSecret, salt)
|
||||
if err != nil {
|
||||
return helm.Release{}, err
|
||||
}
|
||||
|
|
@ -341,17 +350,12 @@ func (i *ChartLoader) loadConstellationServices(config *config.Config, masterSec
|
|||
return helm.Release{}, fmt.Errorf("packaging constellation-services chart: %w", err)
|
||||
}
|
||||
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: "constellation-services", Wait: false}, nil
|
||||
return helm.Release{Chart: chartRaw, Values: values, ReleaseName: conServicesReleaseName, Wait: false}, nil
|
||||
}
|
||||
|
||||
// loadConstellationServicesHelper is used to separate the marshalling step from the loading step.
|
||||
// This reduces the time unit tests take to execute.
|
||||
func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, masterSecret, salt []byte) (*chart.Chart, map[string]any, error) {
|
||||
chart, err := loadChartsDir(helmFS, "charts/edgeless/constellation-services")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("loading constellation-services chart: %w", err)
|
||||
}
|
||||
|
||||
func (i *ChartLoader) loadConstellationServicesValues(config *config.Config, masterSecret, salt []byte) (map[string]any, error) {
|
||||
csp := config.GetProvider()
|
||||
values := map[string]any{
|
||||
"global": map[string]any{
|
||||
|
|
@ -397,13 +401,13 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
|
|||
case cloudprovider.Azure:
|
||||
joinServiceVals, ok := values["join-service"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid join-service values")
|
||||
return nil, errors.New("invalid join-service values")
|
||||
}
|
||||
joinServiceVals["enforceIdKeyDigest"] = config.EnforcesIDKeyDigest()
|
||||
|
||||
ccmVals, ok := values["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid ccm values")
|
||||
return nil, errors.New("invalid ccm values")
|
||||
}
|
||||
ccmVals["Azure"] = map[string]any{
|
||||
"image": i.ccmImage,
|
||||
|
|
@ -431,7 +435,7 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
|
|||
case cloudprovider.GCP:
|
||||
ccmVals, ok := values["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid ccm values")
|
||||
return nil, errors.New("invalid ccm values")
|
||||
}
|
||||
ccmVals["GCP"] = map[string]any{
|
||||
"image": i.ccmImage,
|
||||
|
|
@ -460,7 +464,7 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
|
|||
case cloudprovider.AWS:
|
||||
ccmVals, ok := values["ccm"].(map[string]any)
|
||||
if !ok {
|
||||
return nil, nil, errors.New("invalid ccm values")
|
||||
return nil, errors.New("invalid ccm values")
|
||||
}
|
||||
ccmVals["AWS"] = map[string]any{
|
||||
"image": i.ccmImage,
|
||||
|
|
@ -470,7 +474,7 @@ func (i *ChartLoader) loadConstellationServicesHelper(config *config.Config, mas
|
|||
"AWS": true,
|
||||
}
|
||||
}
|
||||
return chart, values, nil
|
||||
return values, nil
|
||||
}
|
||||
|
||||
// marshalChart takes a Chart object, packages it to a temporary file and returns the content of that file.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue