mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-05 12:51:03 -05:00
a87b7894db
* add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
211 lines
5.9 KiB
Go
211 lines
5.9 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package helm
|
|
|
|
import "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
|
|
|
// Values for the Cilium Helm releases for AWS.
|
|
var ciliumVals = map[string]map[string]any{
|
|
cloudprovider.AWS.String(): {
|
|
"endpointRoutes": map[string]any{
|
|
"enabled": true,
|
|
},
|
|
"encryption": map[string]any{
|
|
"enabled": true,
|
|
"type": "wireguard",
|
|
},
|
|
"l7Proxy": false,
|
|
"ipam": map[string]any{
|
|
"operator": map[string]any{
|
|
"clusterPoolIPv4PodCIDRList": []string{
|
|
"10.244.0.0/16",
|
|
},
|
|
},
|
|
},
|
|
"strictModeCIDR": "10.244.0.0/16",
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/cilium",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
|
|
"useDigest": true,
|
|
},
|
|
"operator": map[string]any{
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/operator",
|
|
"tag": "v1.12.1-edg",
|
|
"suffix": "",
|
|
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
|
|
"useDigest": true,
|
|
},
|
|
},
|
|
"kubeProxyReplacement": "strict",
|
|
"enableCiliumEndpointSlice": true,
|
|
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
|
},
|
|
cloudprovider.Azure.String(): {
|
|
"endpointRoutes": map[string]any{
|
|
"enabled": true,
|
|
},
|
|
"encryption": map[string]any{
|
|
"enabled": true,
|
|
"type": "wireguard",
|
|
},
|
|
"l7Proxy": false,
|
|
"ipam": map[string]any{
|
|
"operator": map[string]any{
|
|
"clusterPoolIPv4PodCIDRList": []string{
|
|
"10.244.0.0/16",
|
|
},
|
|
},
|
|
},
|
|
"strictModeCIDR": "10.244.0.0/16",
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/cilium",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
|
|
"useDigest": true,
|
|
},
|
|
"operator": map[string]any{
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/operator",
|
|
"tag": "v1.12.1-edg",
|
|
"suffix": "",
|
|
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
|
|
"useDigest": true,
|
|
},
|
|
},
|
|
"egressMasqueradeInterfaces": "eth0",
|
|
"enableIPv4Masquerade": true,
|
|
"kubeProxyReplacement": "strict",
|
|
"enableCiliumEndpointSlice": true,
|
|
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
|
},
|
|
cloudprovider.GCP.String(): {
|
|
"endpointRoutes": map[string]any{
|
|
"enabled": true,
|
|
},
|
|
"tunnel": "disabled",
|
|
"encryption": map[string]any{
|
|
"enabled": true,
|
|
"type": "wireguard",
|
|
},
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/cilium",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
|
|
"useDigest": true,
|
|
},
|
|
"operator": map[string]any{
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/operator",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
|
|
"useDigest": true,
|
|
},
|
|
},
|
|
"l7Proxy": false,
|
|
"ipam": map[string]any{
|
|
"mode": "kubernetes",
|
|
},
|
|
"kubeProxyReplacement": "strict",
|
|
"enableCiliumEndpointSlice": true,
|
|
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
|
},
|
|
cloudprovider.OpenStack.String(): {
|
|
"endpointRoutes": map[string]any{
|
|
"enabled": true,
|
|
},
|
|
"encryption": map[string]any{
|
|
"enabled": true,
|
|
"type": "wireguard",
|
|
},
|
|
"l7Proxy": false,
|
|
"ipam": map[string]any{
|
|
"operator": map[string]any{
|
|
"clusterPoolIPv4PodCIDRList": []string{
|
|
"10.244.0.0/16",
|
|
},
|
|
},
|
|
},
|
|
"strictModeCIDR": "10.244.0.0/16",
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/cilium",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
|
|
"useDigest": true,
|
|
},
|
|
"operator": map[string]any{
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/operator",
|
|
"tag": "v1.12.1-edg",
|
|
"suffix": "",
|
|
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
|
|
"useDigest": true,
|
|
},
|
|
},
|
|
"kubeProxyReplacement": "strict",
|
|
"enableCiliumEndpointSlice": true,
|
|
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
|
},
|
|
cloudprovider.QEMU.String(): {
|
|
"endpointRoutes": map[string]any{
|
|
"enabled": true,
|
|
},
|
|
"encryption": map[string]any{
|
|
"enabled": true,
|
|
"type": "wireguard",
|
|
},
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/cilium",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"digest": "sha256:fdac430143fe719331698b76fbe66410631a21afd3405407d56db260d2d6999b",
|
|
"useDigest": true,
|
|
},
|
|
"operator": map[string]any{
|
|
"image": map[string]any{
|
|
"repository": "ghcr.io/3u13r/operator",
|
|
"suffix": "",
|
|
"tag": "v1.12.1-edg",
|
|
"genericDigest": "sha256:a225d8d3976fd2a05cfa0c929cd32e60283abedf6bae51db4709df19b2fb70cb",
|
|
"useDigest": true,
|
|
},
|
|
},
|
|
"ipam": map[string]any{
|
|
"operator": map[string]any{
|
|
"clusterPoolIPv4PodCIDRList": []string{
|
|
"10.244.0.0/16",
|
|
},
|
|
},
|
|
},
|
|
"kubeProxyReplacement": "strict",
|
|
"enableCiliumEndpointSlice": true,
|
|
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
|
"l7Proxy": false,
|
|
},
|
|
}
|
|
|
|
var controlPlaneNodeSelector = map[string]any{"node-role.kubernetes.io/control-plane": ""}
|
|
|
|
var controlPlaneTolerations = []map[string]any{
|
|
{
|
|
"key": "node-role.kubernetes.io/control-plane",
|
|
"effect": "NoSchedule",
|
|
"operator": "Exists",
|
|
},
|
|
{
|
|
"key": "node-role.kubernetes.io/master",
|
|
"effect": "NoSchedule",
|
|
"operator": "Exists",
|
|
},
|
|
}
|